Post on 19-Jan-2015
description
www.wildpackets.com © WildPackets, Inc.
Jay Botelho
Director of Product Management
WildPackets
jbotelho@wildpackets.com
Follow me @jaybotelho
Your Applications Are Distributed
How About Your Network Analysis Solution?
Show us your tweets! Use today’s webinar hashtag:
#wp_distributed with any questions, comments, or feedback.
Follow us @wildpackets
© WildPackets, Inc. 2 Your Applications Are Distributed – How About Your Network Analysis?
Agenda
• Current Trends in Application Distribution
• Monitoring Application Performance
• Network Analysis Architecture in a Distributed World
• Network Analysis – Proactive vs. Reactive
• Using Network Analysis for Application Performance
Monitoring
• Company Overview
• Product Line Overview
www.wildpackets.com © WildPackets, Inc.
Current Trends in Application
Distribution
© WildPackets, Inc. 4 Your Applications Are Distributed – How About Your Network Analysis?
First, Back to Basics
• Cloud – it’s all the rage ‒ Public
‒ Private
‒ Hybrid
• ―… as a Service‖ ‒ Software aaS
‒ Infrastructure aaS
‒ Platform aaS
• Application Service Providers
• Virtualization
• Grid computing
© WildPackets, Inc. 5 Your Applications Are Distributed – How About Your Network Analysis?
Let’s Focus
• Cloud – it’s all the rage ‒ Public
‒ Private
‒ Hybrid
• “… as a Service” ‒ Software aaS
‒ Infrastructure aaS
‒ Platform aaS
• Application Service Providers
• Virtualization
• Grid computing
© WildPackets, Inc. 6 Your Applications Are Distributed – How About Your Network Analysis?
Cloud Computing Characteristics1
• Providing applications to end users vs. just
computer cycles
• Scalability
• Elasticity – compute power grows and shrinks
• Simple, web-based provisioning
• Integration and ease-of-use
• Simple cost structure
• Worldwide data recovery
• Device independence
• Example – Hosted corporate email ala Google
© WildPackets, Inc. 7 Your Applications Are Distributed – How About Your Network Analysis?
ASPs vs. Cloud Computing
• Most ASP vendors were start-ups ‒ Limited resources
‒ Unknown pedigree
‒ Short life spans
‒ Flexible application choices
• Cloud computing vendors are big companies ‒ Resources for enormous data centers
‒ Vast amounts of storage
‒ Computing capacity to service millions of users
‒ Experience with large-scale web-based applications
‒ Google, Dell, Amazon, IBM, etc.
‒ Less application choice but more economy of scale
© WildPackets, Inc. 8 Your Applications Are Distributed – How About Your Network Analysis?
―aaS‖ vs. Cloud Computing
• ―aaS‖ ‒ Flexibility
‒ Little to no integration between services (stovepipes)
• Cloud Computing ‒ All applications 100% integrated on the Web
‒ No install, no IT, no human intervention by the vendor
© WildPackets, Inc. 9 Your Applications Are Distributed – How About Your Network Analysis?
Current Trends2
• 69% of US Internet users are using some form of
Internet-based computing (Pew Research Center)
• 40% of IT infrastructure purchases by early
technology adopters are ―as a service‖
• By 2013, 12% of world software market will be
Internet-based computing (Merrill Lynch)
• 78% of IT managers believe economic uncertainty
makes Cloud Computing more appealing (ScanSafe)
© WildPackets, Inc. 10 Your Applications Are Distributed – How About Your Network Analysis?
Does It Really Matter?
Forget what you call it – focus
on the changing network
management equation
www.wildpackets.com © WildPackets, Inc.
Monitoring Application
Performance
© WildPackets, Inc. 12 Your Applications Are Distributed – How About Your Network Analysis?
It’s All About The User
Application Response Time – The time it takes an
application to respond to a specific user request,
measured from the user’s perspective
3 Performance Levels of User Satisfaction
© WildPackets, Inc. 13 Your Applications Are Distributed – How About Your Network Analysis?
A Bit More Precisely …
Application Response Time =
Network Response Time + Transaction Response Time
© WildPackets, Inc. 14 Your Applications Are Distributed – How About Your Network Analysis?
Network Response Time
• Network Response Time (R): Time between a user’s action and
the network’s response to that action
• Payload: Information content in bytes
• Bandwidth: Minimal link speed between client and server
• AppTurns: Number of interactions needed between the client
and server to provide a response to the user
• Round Trip Response Time (RTT): Propagation time for data
between the client and server
Network Response Time (R) ~
(payload/bandwidth) + [AppTurns*RTT]
Adapted from Peter Sevcik and
Rebecca Wetzel of NetForecast
© WildPackets, Inc. 15 Your Applications Are Distributed – How About Your Network Analysis?
Other Network Response Time
Considerations
• NRT is dynamic, never a constant
• DNS response time is a common source of
performance issues
• Proxy servers – TCP connection is not end-to-end to
the server
• Multi-tier designs – network latency between each
tier
© WildPackets, Inc. 16 Your Applications Are Distributed – How About Your Network Analysis?
Transaction Response Time
• Server Response Time (SRT): Processing time required by the
server
• Client Response Time (CRT): Processing time required by the
client
Transaction Response Time (TRT) ~
Server Response Time (SRT) + Client Response Time (CRT)
Adapted from Peter Sevcik and
Rebecca Wetzel of NetForecast
© WildPackets, Inc. 17 Your Applications Are Distributed – How About Your Network Analysis?
Transaction Response Time Factors • Server Latency: Time for the server to process a
request - memory, disk system, CPU, and usage
dependent
• Application Latency: Time for the application itself to
process the request – mostly software design
dependent
• Database Latency: Database design factors that
contribute to overall processing time – eg.
fragmentation, indexing, etc.
• Browser/Workstation Latency: The client side of the
equation
• Protocol Usage: Some protocols outperform others
© WildPackets, Inc. 18 Your Applications Are Distributed – How About Your Network Analysis?
It’s All About The User
Application Response Time ~ (payload/bandwidth) +
[AppTurns*RTT] + SRT + CRT
3 Performance Levels of User Satisfaction
www.wildpackets.com © WildPackets, Inc.
Network Analysis Architecture in a
Distributed World
© WildPackets, Inc. 20 Your Applications Are Distributed – How About Your Network Analysis?
Where To Look?
© WildPackets, Inc. 21 Your Applications Are Distributed – How About Your Network Analysis?
Different Approaches, Different Results • Server-side or Client-side?
‒ Client side • Closest to what the user sees
• Difficult to troubleshoot delays
• Monitoring equipment at all remote sites – expensive
‒ Server-side • RTT harder to determine
• Consolidation of monitoring equipment
• Better able to assess server response time
• Active or Passive?
‒ Active • Challenging to accurately simulate user traffic patterns
• Predictable
• Better for ongoing monitoring
‒ Passive • Closer representation of the user experience
• Somewhat unpredictable
• Best for pre-deployment application profiling
© WildPackets, Inc. 22 Your Applications Are Distributed – How About Your Network Analysis?
Network Analysis Example
IDS/IPS System
1. Attack
bypasses firewall
3. Event logged, attack
partially tracked by IDS
2. Data Recorder records
and aggregates data
throughout attack
4. Post event analysis reveals
attacker, method, damage!
Serv
ers
© WildPackets, Inc. 23 Your Applications Are Distributed – How About Your Network Analysis?
The Cloud Changes Very Little
Clo
ud
Pro
vid
er
www.wildpackets.com © WildPackets, Inc.
Network Analysis – Proactive vs.
Reactive
© WildPackets, Inc. 25 Your Applications Are Distributed – How About Your Network Analysis?
Network Analysis: Not Just Reactive!
• Network analysis and troubleshooting has
traditionally been implemented only when there’s a
problem
• But proactive troubleshooting identifies troubles
when they are small and are having minimal impact!
• The concept is simple…
Proactive
Troubleshooting
Reactive
Troubleshooting =
© WildPackets, Inc. 26 Your Applications Are Distributed – How About Your Network Analysis?
Know Your Network
• Traffic levels per
segment
‒ Mbps?
‒ Packets per
second?
‒ Packet size
distribution?
• Traffic level per
application
‒ Average rates
‒ Peak rates
‒ Weekly patterns
• Baselines
‒ Establish and re-establish
‒ Use Expert events for further
classification
www.wildpackets.com © WildPackets, Inc.
Using Network Analysis for
Application Performance
Monitoring
© WildPackets, Inc. 28 Your Applications Are Distributed – How About Your Network Analysis?
User’s Perspective
© WildPackets, Inc. 29 Your Applications Are Distributed – How About Your Network Analysis?
Analyst’s Perspective
© WildPackets, Inc. 30 Your Applications Are Distributed – How About Your Network Analysis?
Application Performance Monitoring
Doesn’t Change in the Cloud
• All the same goals apply ‒ Monitoring/alarms
‒ Real-time analysis
‒ Post-capture analysis
‒ Network performance
‒ Application performance
‒ Service level assessments
• Only the implementation is different
© WildPackets, Inc. 31 Your Applications Are Distributed – How About Your Network Analysis?
A Case Study
• April, 2011 – Amazon’s EC2 Web Service outage
lasts nearly 24 hours and takes brand-name websites
down with it
• Highlights the need to ―design for failure‖
• Lessons: ‒ Monitoring remains highly valuable in the Cloud
‒ Cloud providers must do a better job of making service
uninterrupted to attract customers
‒ Determining when the interruption is in your network or from
your service provider
© WildPackets, Inc. 32 Your Applications Are Distributed – How About Your Network Analysis?
Getting It All In One Place
Payload Turns
~ RTT
~ SRT, CRT
© WildPackets, Inc. 33 Your Applications Are Distributed – How About Your Network Analysis?
SRT, CRT Highly Variable
© WildPackets, Inc. 34 Your Applications Are Distributed – How About Your Network Analysis?
The Network Or The Application?
Possible Issues on the Network
Possible Issues with the Application
© WildPackets, Inc. 35 Your Applications Are Distributed – How About Your Network Analysis?
Expert Analysis Leads The Way
Network may be at fault
System or Application is at fault
© WildPackets, Inc. 36 Your Applications Are Distributed – How About Your Network Analysis?
What To Look For
• Primary events are anything related to ―slow‖ ‒ Depending on what events we see, we will know who is at fault
• Typical application events: ‒ HTTP slow response time
‒ Oracle slow response time
‒ Inefficient client
• Typical network events: ‒ TCP SLOW segment recovery
‒ Slow retransmissions
‒ Slow acknowledgements
‒ Low throughput
© WildPackets, Inc. 37 Your Applications Are Distributed – How About Your Network Analysis?
Visual Expert Provides Proof Two requests for data, two quick TCP Acks, but then a long delay
before the server sends the requested data
Requests and
Acks
Then the Data
gets returned
much later
ACK fast = Network fast
Data slow = System slow
www.wildpackets.com © WildPackets, Inc.
Company Overview
© WildPackets, Inc. 39 Your Applications Are Distributed – How About Your Network Analysis?
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998 • Different approach to maintaining availability of network services
© WildPackets, Inc. 40 Your Applications Are Distributed – How About Your Network Analysis?
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
www.wildpackets.com © WildPackets, Inc.
Product Line Overview
© WildPackets, Inc. 43 Your Applications Are Distributed – How About Your Network Analysis?
OmniPeek/Compass Enterprise Packet Capture, Decode and Analysis
• 10/100/1000 Ethernet, Wireless, WAN, 10G
• Portable capture and OmniEngine console
• VoIP analysis and call playback
Omnipliance / TimeLine Distributed Enterprise Network Forensics
• Packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
Product Line Overview
© WildPackets, Inc. 44 Your Applications Are Distributed – How About Your Network Analysis?
OmniPeek Network Analyzer
• OmniEngine Manager
– Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms and alerts
© WildPackets, Inc. 45 Your Applications Are Distributed – How About Your Network Analysis?
Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs our OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-Extensible Platform
– Plug-in architecture and SDK
© WildPackets, Inc. 46 Your Applications Are Distributed – How About Your Network Analysis?
Omnipliance Network Recorders Price/performance solutions for every application
Portable Edge Core
Ruggedized
Troubleshooting
Small Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis
Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon
X3460 2.80Ghz
Two Quad-Core Intel Xeon
E5530 2.4Ghz
4GB RAM 4GB RAM 6GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
500GB and 2.5TB SATA
storage capacity
1TB SATA storage capacity 2TB SATA storage capacity
© WildPackets, Inc. 47 Your Applications Are Distributed – How About Your Network Analysis?
TimeLine
• Fastest network recording and real-time statistical
display — simultaneously ‒ 11.7Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
© WildPackets, Inc. 48 Your Applications Are Distributed – How About Your Network Analysis?
TimeLine For the most demanding network analysis tasks
TimeLine
10g Network Forensics
3U rack mountable chassis
Two Quad-Core Intel Xeon 5560 2.8Ghz
18GB RAM
4 PCI-E Slots
2 Built-in Ethernet Ports
8/16/32TB SATA storage capacity
© WildPackets, Inc. 49 Your Applications Are Distributed – How About Your Network Analysis?
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Omnipliances must be
configured for continuous
capture
© WildPackets, Inc. 50 Your Applications Are Distributed – How About Your Network Analysis?
WildPackets Key Differentiators
• Visual Expert Intelligence with Intuitive Drill-down
– Let computer do the hard work, and return results, real-time
– Packet / Payload Visualizers are faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated Capture Analytics
– Filters, triggers, scripting and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple Issue Network Forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-Extensible Platform
– Plug-in architecture and SDK
• Aggregated Network Views and Reporting
– NetFlow, sFlow, and OmniFlow
www.wildpackets.com © WildPackets, Inc.
Q&A
Show us your tweets! Use today’s webinar hashtag:
#wp_distributed with any questions, comments, or feedback.
Follow us @wildpackets
Follow us on SlideShare! Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
www.wildpackets.com © WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200