Just Two Clicks Away   Monitoring and Recording to Root-Cause                  AnalysisJay Botelho                        ...
There’s no debate about the need for centralized network monitoring and            reporting …        The question is …   ...
Agenda•   Choices and Compromises•   SNMP•   Flow-based•   Packet-based•   Company Overview•   Product Line Overview      ...
Choices and Comprises                                                                     Packet-basedData Granularity    ...
SNMP       © WildPackets, Inc.   www.wildpackets.com
SNMP• Best used to identify and describe system configuration• Monitor network-attached devices for high-level conditions ...
Flow-based             © WildPackets, Inc.   www.wildpackets.com
"Go With the Flow"• Flows, or flow records, have become the default  element used in centralized network monitoring• A “fl...
Basic Flow Analysis• Packets enter the switch or router• Packets sampled and flows determined• Flow records compiled and e...
Flows vs. Flow Records• Flows are a defined element• Flow Records are analytical results that vary by overall standard, ve...
Focus on NetFlow•   Packets typically 1500 Bytes each•   Packets come in spurts – up to several Mbytes•   20 – 50 flow rec...
On Your Network … Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPackets, Inc.   12
The DetailsJust Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPackets, Inc.   13
Common Flow-based Technologies     Netflow                    IPFIX                                     sFlow             ...
Packet-based  OmniFlow               © WildPackets, Inc.   www.wildpackets.com
Packet-based - OmniFlow• Developed by WildPackets• Analysis of every packet AND payload• Unrivaled info for each flow• Lay...
OmniFlow DataJust Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPackets, Inc.   17
Why Are Payloads Important?      Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPackets, I...
OmniFlow and WatchPoint                                        • High-level, aggregated view                              ...
Sample WatchPoint Dashboard      Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPackets, I...
Monitoring AND Detailed Analysis        Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis   © WildPac...
Not All Flows Are Created Equal    Netflow              IPFIX                          sFlow                              ...
Choices and Comprises                                                                     Packet-basedData Granularity    ...
Summary• Flow records are NOT created equal• OmniFlow analyzes packet headers AND payloads• OmniFlow is NOT statistical - ...
Company Overview               © WildPackets, Inc.   www.wildpackets.com
Corporate Background• Experts in network monitoring, analysis, and troubleshooting   ‒ Founded: 1990 / Headquarters: Walnu...
Real-World Deployments    Education                                 Financial                                         Gove...
Product Line Overview                  © WildPackets, Inc.   www.wildpackets.com
Product Line Overview              OmniPeek/CompassEnterprise Packet Capture, Decode and Analysis    • 10/100/1000 Etherne...
OmniPeek Network Analyzer• OmniEngine Manager   – Connect and configure distributed OmniEngines/Omnipliances• Comprehensiv...
Omnipliance Network Recorders•   Captures and analyzes all network traffic 24x7     – Runs our OmniEngine software probe  ...
Omnipliance Network RecordersPrice/performance solutions for every application        Portable                            ...
TimeLine• Fastest network recording and real-time statistical display — simultaneously   ‒ 11.7Gbps sustained capture with...
TimeLineFor the most demanding network analysis tasks                                   TimeLine                          ...
WatchPointCentralized Monitoring for Distributed Enterprise Networks                                                      ...
WildPackets Key Differentiators• Visual Expert Intelligence with Intuitive Drill-down    – Let computer do the hard work, ...
Q&A   Show us your tweets!      Use today’s webinar hashtag:           Follow us on SlideShare!                           ...
Thank You!WildPackets, Inc.1340 Treat Boulevard, Suite 500Walnut Creek, CA 94597(925) 937-3200                            ...
Upcoming SlideShare
Loading in …5
×

Just two clicks away - from monitoring and reporting to root-cause analysis

1,551 views

Published on

Watch the full OnDemand Webcast: http://bit.ly/JustTwoClicks

Today’s networks are high-speed, widely distributed and mission-critical, making network and application performance monitoring and troubleshooting essential, and very challenging. Oftentimes the statistical data used to compile the monitoring dashboards and reports are insufficient for performing detailed root cause analysis, driving network engineers to use multiple products from multiple vendors to perform different levels of analysis. This significantly increases the cost for IT departments to do business, in a time when budgets are already razor thin.

What if you could move from monitoring dashboards and summary level reports to detailed, root cause analysis, with just a few clicks, using a single solution from a single vendor? No longer would you need a separate SNMP monitoring solution for device status, a NetFlow monitoring solution for conversation-based network statistics and a packet-based network analysis solution for detailed, root-cause analysis. With a single solution you could access all of this information from an integrated, web-based dashboard, saving time and money. Please join us to see how WildPackets can meet this challenge and simplify your network monitoring and analysis infrastructure.

In this web seminar, we will cover:

Best uses for various network monitoring and reporting technologies
Limitations in SNMP and flow-based monitoring solutions
Advantages of using a packet-based solution for all monitoring, reporting and troubleshooting needs
What you will learn:

When to use various technologies for network monitoring and reporting
How to employ a single solution that spans simple reporting to detailed, root-cause analysis
How to quickly move from monitoring to troubleshooting with just a few clicks
How an integrated solution can save time, money, and your sanity

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Just two clicks away - from monitoring and reporting to root-cause analysis

  1. 1. Just Two Clicks Away Monitoring and Recording to Root-Cause AnalysisJay Botelho Show us your tweets! Use today’s webinar hashtag:Director of Product ManagementWildPackets #wp_visibilityjbotelho@wildpackets.com with any questions, comments, or feedback.Follow me @jaybotelho Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
  2. 2. There’s no debate about the need for centralized network monitoring and reporting … The question is … HOW? Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 2
  3. 3. Agenda• Choices and Compromises• SNMP• Flow-based• Packet-based• Company Overview• Product Line Overview Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 3
  4. 4. Choices and Comprises Packet-basedData Granularity Flow-based SNMP Data Accuracy Overhead??? Cost??? Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 4
  5. 5. SNMP © WildPackets, Inc. www.wildpackets.com
  6. 6. SNMP• Best used to identify and describe system configuration• Monitor network-attached devices for high-level conditions ‒ Up/Down ‒ Total traffic (bytes, packets) ‒ Number of users• Typically polling-based – heavy bandwidth impact• Typically 5 minute granularity• Trouble-shooting/root cause analysis not possible Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 6
  7. 7. Flow-based © WildPackets, Inc. www.wildpackets.com
  8. 8. "Go With the Flow"• Flows, or flow records, have become the default element used in centralized network monitoring• A “flow” is a sequence of packets that has the following seven identical characteristics: ‒ Source IP address ‒ Destination IP address ‒ Source port ‒ Destination port ‒ Layer 3 protocol type ‒ TOS byte ‒ Input logical interface• By implication, a flow is unidirectional Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 8
  9. 9. Basic Flow Analysis• Packets enter the switch or router• Packets sampled and flows determined• Flow records compiled and exported to flow collector• Flow records stored and subsequently analyzed by flow analysis software Source: Wikipedia Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 9
  10. 10. Flows vs. Flow Records• Flows are a defined element• Flow Records are analytical results that vary by overall standard, vendor and configuration• The most common standards for flow records include: ‒ NetFlow ‒ IPFIX ‒ sFlow ‒ JFlow Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 10
  11. 11. Focus on NetFlow• Packets typically 1500 Bytes each• Packets come in spurts – up to several Mbytes• 20 – 50 flow records per packet• Typically 1 minute reporting granularity• Used for “accounting”• Overhead (bandwidth usage - # of packets in reporting period) linearly proportional to the # of flows• Remember the prime directive – a switch MUST perform its primary function – forwarding packets!• UDP-based: lost reporting packets can seriously impact data reliability Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 11
  12. 12. On Your Network … Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 12
  13. 13. The DetailsJust Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 13
  14. 14. Common Flow-based Technologies Netflow IPFIX sFlow Jflow• Developed by • Internet Protocol • RFC 3176 • Developed by Cisco Flow Information • Statistical time- Juniper• Proprietary eXchange based sampling • Proprietary• Transit traffic & • IETF standard • Higher speed • Similar to terminated traffic• Based on networks NetFlow Limited Troubleshooting/Root-causeDetailed info for• Detailed info for NetFlow • Less common • Analysis each flow • Detailed info for than NetFlow each flow• NO payloads each flow • NO payloads • NO payloads• Sampling option • NO payloads • Sampled – not • Sampled per not 100% always 100% global rate – not accurate accurate 100% accurate Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 14
  15. 15. Packet-based OmniFlow © WildPackets, Inc. www.wildpackets.com
  16. 16. Packet-based - OmniFlow• Developed by WildPackets• Analysis of every packet AND payload• Unrivaled info for each flow• Layer 3 - 7• 100% accurate• Minimal network impact – 10’s of Kbps• Monitor AND troubleshoot Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 16
  17. 17. OmniFlow DataJust Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 17
  18. 18. Why Are Payloads Important? Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 18
  19. 19. OmniFlow and WatchPoint • High-level, aggregated view of all network segments ‒ Monitor per campus, per region, per country • Wide range of network data ‒ NetFlow, sFlow, OmniFlow • Web-based, customizable network dashboards • Flexible and detailed reports Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 19
  20. 20. Sample WatchPoint Dashboard Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 20
  21. 21. Monitoring AND Detailed Analysis Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 21
  22. 22. Not All Flows Are Created Equal Netflow IPFIX sFlow Jflow OmniFlow• Developed by • Internet • RFC 3176 • Developed by • Developed by Cisco Protocol Flow • Statistical Juniper WildPackets• Proprietary Information time-based • Proprietary • Proprietary eXchange sampling• Transit traffic • Similar to • Analysis of & terminated • IETF standard • Higher speed NetFlow every packet traffic • Based on networks • Detailed info AND payload• Detailed info NetFlow • Less common for each flow • Unrivaled info for each flow • Detailed info than NetFlow • NO payloads for each flow• NO payloads for each flow • NO payloads • Layer 3 - 7 • Sampled per• Sampled • NO payloads • Sampled – not global rate – • 100% option not 100% not 100% accurate 100% accurate accurate • Monitor AND accurate troubleshoot Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 22
  23. 23. Choices and Comprises Packet-basedData Granularity Flow-based SNMP Data Accuracy Overhead Cost Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 23
  24. 24. Summary• Flow records are NOT created equal• OmniFlow analyzes packet headers AND payloads• OmniFlow is NOT statistical - 100% accurate• OmniFlow provides analysis for all network layers• WatchPoint aggregates data from multiple OmniFlow data streams• When OmniFlow data isn’t available, WatchPoint also aggregates both NetFlow and sFlow data for a comprehensive network monitoring solution Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 24
  25. 25. Company Overview © WildPackets, Inc. www.wildpackets.com
  26. 26. Corporate Background• Experts in network monitoring, analysis, and troubleshooting ‒ Founded: 1990 / Headquarters: Walnut Creek, CA ‒ Offices throughout the US, EMEA, and APAC• Our customers are leading edge organizations ‒ Mid-market, and enterprise lines of business ‒ Financial, manufacturing, ISPs, major federal agencies, state and local governments, and universities ‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000• Award-winning solutions that improve network performance ‒ Internet Telephony, Network Magazine, Network Computing Awards ‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 26
  27. 27. Real-World Deployments Education Financial GovernmentHealth Care / Retail Telecom Technology Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 27
  28. 28. Product Line Overview © WildPackets, Inc. www.wildpackets.com
  29. 29. Product Line Overview OmniPeek/CompassEnterprise Packet Capture, Decode and Analysis • 10/100/1000 Ethernet, Wireless, WAN, 10G • Portable capture and OmniEngine console • VoIP analysis and call playback Omnipliance / TimeLine Distributed Enterprise Network Forensics • Packet capture and real-time analysis • Stream-to-disk for forensics analysis • Integrated OmniAdapter network analysis cards WatchPoint Centralized Enterprise Network Monitoring Appliance • Aggregation and graphical display of network data • WildPackets OmniEngines • NetFlow and sFlow Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 30
  30. 30. OmniPeek Network Analyzer• OmniEngine Manager – Connect and configure distributed OmniEngines/Omnipliances• Comprehensive dashboards present network traffic in real-time – Vital statistics and graphs display trends on network and application performance – Visual peer-map shows conversations and protocols – Intuitive drill-down for root-cause analysis of performance bottlenecks• Visual Expert diagnosis speeds problem resolution – Packet and Payload visualizers provide business-centric views• Automated analytics and problem detection 24/7 – Easily create filters, triggers, scripting, advanced alarms and alerts Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 31
  31. 31. Omnipliance Network Recorders• Captures and analyzes all network traffic 24x7 – Runs our OmniEngine software probe – Generates vital statistics on network and application performance – Intuitive root-cause analysis of performance bottlenecks• Expert analysis speeds problem resolution – Fault analysis, statistical analysis, and independent notification• Multiple Issue Digital Forensics – Real-time and post capture data mining for compliance and troubleshooting• Intelligent data transport – Network data analyzed locally – Detailed analysis passed to OmniPeek on demand – Summary statistics sent to WatchPoint for long term trending and reporting – Efficient use of network bandwidth• User-Extensible Platform – Plug-in architecture and SDK Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 32
  32. 32. Omnipliance Network RecordersPrice/performance solutions for every application Portable Edge Core Ruggedized Small Networks Datacenter Workhorse Troubleshooting Remote Offices Easily Expandable Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon Two Quad-Core Intel Xeon X3460 2.80Ghz E5530 2.4Ghz 4GB RAM 4GB RAM 6GB RAM 2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 500GB and 2.5TB SATA 1TB SATA storage capacity 2TB SATA storage capacity storage capacity Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 33
  33. 33. TimeLine• Fastest network recording and real-time statistical display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss ‒ Network statistics display in TimeLine visualization format• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding ‒ Several pre-defined forensics search templates making searches easy and fast• A natural extension to the WildPackets product line• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 34
  34. 34. TimeLineFor the most demanding network analysis tasks TimeLine 10g Network Forensics 3U rack mountable chassis Two Quad-Core Intel Xeon 5560 2.8Ghz 18GB RAM 4 PCI-E Slots 2 Built-in Ethernet Ports 8/16/32TB SATA storage capacity Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 35
  35. 35. WatchPointCentralized Monitoring for Distributed Enterprise Networks • High-level, aggregated view of all network segments – Monitor per campus, per region, per country • Wide range of network data – NetFlow, sFlow, OmniFlow • Web-based, customizable network dashboards • Flexible detailed reports • Omnipliances must be configured for continuous capture Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 36
  36. 36. WildPackets Key Differentiators• Visual Expert Intelligence with Intuitive Drill-down – Let computer do the hard work, and return results, real-time – Packet / Payload Visualizers are faster than packet-per-packet diagnostics – Experts and analytics can be memorized and automated• Automated Capture Analytics – Filters, triggers, scripting and advanced alarming system combine to provide automated network problem detection 24x7• Multiple Issue Network Forensics – Can be tracked by one or more people simultaneously – Real-time or post capture• User-Extensible Platform – Plug-in architecture and SDK• Aggregated Network Views and Reporting – NetFlow, sFlow, and OmniFlow Just Two Clicks Away – Monitoring and Recording to Root-Cause Analysis © WildPackets, Inc. 37
  37. 37. Q&A Show us your tweets! Use today’s webinar hashtag: Follow us on SlideShare! Check out today’s slides on SlideShare #wp_visibility www.slideshare.net/wildpacketswith any questions, comments, or feedback. Follow us @wildpackets © WildPackets, Inc. www.wildpackets.com
  38. 38. Thank You!WildPackets, Inc.1340 Treat Boulevard, Suite 500Walnut Creek, CA 94597(925) 937-3200 © WildPackets, Inc. www.wildpackets.com

×