NetHawk iPro – Monitor your IP network

April 2010

2© 2010 EXFO Inc. All rights reserved.

1 IP network monitoring2 EXFO NetHawk solution3 NetHawk iPro – Capture Appliance4 NetHawk iPro – User Plane Analyser5 Summary6 Product structure

Table of contents

3© 2010 EXFO Inc. All rights reserved.

› Traditional approaches are no longer useful:› Growing amount of real-time services

› Streaming services, P2P

› Faster data rates:› Network evolution: from legacy Ethernet towards 100Gbps links, IP

› “All-IP” does not make things any easier:› Security issues in IP, tunnelled connections

› New focus in monitoring and administration:› From transmission level to Application level

› Application specific QoS› Users’ QoE› SLA

New challenges in network operations

4© 2010 EXFO Inc. All rights reserved.

› Keep the Quality of Experience level good:› Less users are complaining about the poor connections› Streaming applications require good performance without delays

› Monitor the application level QoS parameters such as throughput and response times

› Validate the service levels, get what you’re paying for› Capacity planning:

› Network is not behaving as expected, should I buy more bandwidth?› Locate the users or equipment taking most of the bandwidth› What are the applications used in the network?

› Optimize according the needs › Get the real-time information, compare your SLA› ROI, troubleshooting/time (direct/indirect costs)

› Security:› What is happening in the network? › Can you identify the security risks?

Why monitoring and testing is needed?

5© 2010 EXFO Inc. All rights reserved.

› Flexible solutions for all network monitoring needs:› Network Monitoring & Analysis: Allow fast network testing & application level

analysis with QoS measurements to ensure optimal network performance› Network Management: Enable efficient data collection› Network Security: Faster detection & identification of illegal or unwanted activities

How can we help?

6© 2010 EXFO Inc. All rights reserved.

› Development of IP networks and applications (functional testing, deployment)› Operating & maintenance of IP networks (performance, QoS/QoE)› Troubleshooting IP networks (finding & fixing problems)› Optimising IP networks (preventing problems, service assurance)› Specific data collection for business (billing, trading) › Network security investigations (Lawful Interception)

NetHawk iPro boosts several applications

7© 2010 EXFO Inc. All rights reserved.

NetHawk iPro family

Enterprise

› NetHawk iPro IP Appliance for line speed data processing - Capture your network

FinancialNetwork security

Protocol Analyser users(M5, Wireshark) Network troubleshooters

(Operators/SSP’s)

High performance

Detailed packet flow analysis

Flow level QoS & KPI graphs

Network visualisation

High performance

Access to preprocessed IP flow and statistical data

High resolution timestamping

Data storage

Data filtering

Multi-interface packet capture

› NetHawk iPro User Plane Analyser for line speed IP flow analysis - View to your network

Wireshark

Network A

Network B

NetHawk iPro

Protocol analysis, monitoring, troubleshooting

NetHawk M5

iPro User Plane Analyser

Drilldown

Storage

Database

8© 2010 EXFO Inc. All rights reserved.

NetHawk iPro – Capture Appliance

9© 2010 EXFO Inc. All rights reserved.

› Network Capture Appliance for line speed data processing› Capture, Process & Record multiple Ethernet interfaces to local storage

› 10/100Mbps, 1Gbps, 10Gbps Ethernet› Line rate capture & processing

› 10ns timestamping› BPF filtering syntax

› Up to 12 Gbps sustained recording speed to local storage

› Flexible storage configurations› Up to 16 Terabytes of local storage for high speed recording› Options for external storage

› Easy installation and configuration› Full remote configuration & management

› Web and SSH user interfaces

NetHawk iPro overview

10© 2010 EXFO Inc. All rights reserved.

› Sustained recording for line speeds – Superior performance, don’t miss anything › Open Linux based platform – Wide range of ready tools available, customise the

system according your needs › Easy integration – Open interfaces allow flexible integration with other tools› Integrates with NetHawk M5 and libpcap applications – Supports standard pcap format

with nanosecond timestamps› Filter out unwanted packets – Capture only interesting traffic. Save storage and

decrease traffic load› Remote access over network – Start and stop capture when needed, remote system

management› Network IP statistics – see connections and extract the data› Reliability with low costs – Best price per capacity ratio

Benefits of using NetHawk iPro

11© 2010 EXFO Inc. All rights reserved.

Use Case – iPro as Recorder

.rec.pcap.rec

.pcap

NetHawk iPro

Client PC

iPro /Web UI

ControlData

Packet Capture

Web Browser Terminal

Protocol Analyser or other 3rd party application

smb/FTP

HTTP/HHTPS/SSH

12© 2010 EXFO Inc. All rights reserved.

iPros

iPro as Analyser Probe

pcappcap

NetHawk iPro

Flow DB

Optional External Database

Network Monitoring System

iPro /Web UI

SNMPsnmp

Clients

HTTP/HTTPS/SSH

Smb: for optional Drilldown

ControlData

PacketCapture

SQLSQL

iPro receives packets from GbE interface

Packets can be recorded to local storage in pcap format

Simultaneously, iPro generates flow records from received packets and stores those to

open MySQL database

iPro

Flow Analyser Client

13© 2010 EXFO Inc. All rights reserved.

NetHawk iPro web UI – Configuration

Create new recording session

Select the capture interface

Choose the record format

Set file limits and round robin recording if needed

Use standard BPF syntax to set filter rules

Manage your capture files

14© 2010 EXFO Inc. All rights reserved.

NetHawk iPro web UI – Statistics

Check the recording session statistics

Find the recorded files from iPro’s storage over networkOr use WebUI

See your network flows and extract the interesting ones

15© 2010 EXFO Inc. All rights reserved.

› Supports multiple users simultaneously:› Each user can define their own capture sessions with different filtering rules› Users can have access only to data they are really interested about

Use Case – iPro as a capture device in multi-user protocol Analyser environment

User Arequest data from

194.100.156.11Processes capture file A

User Brequest data from

194.100.156.12 and 194.100.156.13

Processes capture file B

194.100.156.11

194.100.156.13

194.100.156.12

BCapture file B has filter rule

194.100.156.12 & .13

ACapture file A has filter rule

194.100.156.11

16© 2010 EXFO Inc. All rights reserved.

NetHawk iPro Technical summary

iPro Number of interfaces Memory Processor Local storage Size

2x1G 2 x 10/100Mbits / 1Gbits Ethernet

4GB Intel Xeon 5520 Dualcore 2.26GHz

4TB (4 x 1TB SATA2) 1U

4x1G 4 x 10/100Mbits / 1Gbits Ethernet

8GB Intel Xeon 5520 Dualcore 2.26GHz

8TB (8 x 1TB SATA2) 2U

2x10G 2 x 10Gbits Ethernet 16GB 2 x Quadcore Intel Xeon 5540 2.53GHz

16TB (16 x 1TB SATA2)

3U

Optional items

Flow Analysis DB Internal MySQL database solution for storing generated enhanced flow records and KPIs

iPro User Plane Analyzer Windows SW client for detailed flow analysis, network visualisation and QoS/SLA graphs

External storage Additional storage options

GPS synchronisation GPS time synchronisation module

17© 2010 EXFO Inc. All rights reserved.

NetHawk iPro – User Plane Analyser

18© 2010 EXFO Inc. All rights reserved.

NetHawk iPro User Plane Analyser introduction

M5

› iPro User Plane Analyser is a stand alone Windows application for IP network analysis› Flow analysis & troubleshooting tool with line speed performance

› All data is queried from iPro’s DB => Post processing application› Flow Analyser consists of different views:

› Timeline view = Overview of data amount in database› Map view = Geographic map of the connections› Flow views = Flows, end points and sessions in table view› Graphs = Session or Flow based QoS/KPI like throughput graphs

LAN/Internet/VPN/…

iProiProiPro Flow Analyzer client

19© 2010 EXFO Inc. All rights reserved.

› Analyse your network performance, functionality and QoS/QoE: › Find and locate information from your network by versatile sorting and filtering

methods › Visualise your network traffic to the world map › See the endpoints of communication geographically › Identify the root causes of problems in your network › Develop your network security based on the flow analysis › Improve ROI of your production network - optimise your network capacity

› User Plane Analyser is a monitoring application for operators looking for specific user or application level data or measuring throughput values

Product Benefits

20© 2010 EXFO Inc. All rights reserved.

› With User Plane Analyser, customers can easily see the network flows & sessions and use the information for detailed QoS/SLA troubleshooting or monitoring› Flow view presents the connections and the parameters:

› Filter, sort and find the data to find the needed information› Identify individual IP flows, aggregate flows based on any flow values like IP addresses, VLAN

Ids, MPLS tags, locations etc.› Support for tunnelled IP connections (GTP-u)

› More performance and statistics compared to traditional Analysers:› QoS and KPI graphs› Throughput for individual, tunnelled

or aggregated flows

› More detailed data via drilldown options: › Fast drilldown from network level statistics

to root causes (M5, Wireshark)

Key features

21© 2010 EXFO Inc. All rights reserved.

› Throughput and delay calculated for› MAC and IP layers (SRC/DST)› All transmission level protocols (ICMP, IGMP, TCP, EGP, IGP, UDP, DCCP, RSVP,

GRE, ESP, OSPF, SCTP etc.)› Application level protocols (HTTP, FTP, TELNET, SMTP, DNS, DHCP, POP3,

IMAP4, SNMP, RIP2, RTSP, DIAMETER, PING, SIP etc.)› Tunnelled connections (GTP TEID, tunnelled IPs, protocols, ports etc.)› Transmission level identifiers (VLAN, MPLS, QinQ)

› Packet counters for above level and additional KPIs such as*› Packet counters for TCP Resent Only, TCP No Resent, TCP Dropped, SCTP

Dropped, GTP-C, GTP-U› TCP Round Trip Time, TCP Round Trip Jitter, TCP Retransmission ratio

List of iPro User Plane Analyser KPIs

22© 2010 EXFO Inc. All rights reserved.

Use case – Application level performance analysis

User can select any flow record and have related KPI graphs

Graph window will present the KPI for selected flows

iPro

DataPacket TimeStamp

iPro User Plane Analyser

to show IP Sessions and KPIsIP Data

Flow GeneratorKPI/QoS

Calculation

Flow DB

Capture

1. iPro generates flow records from received packets and stores those to open MySQL database

2. User Plane Analyser fetches the records from database

3. User just sorts or filters the flow records based on application, performance, VLANs etc. to locate the wanted sessions

Drilldown to packet content (pcap)

23© 2010 EXFO Inc. All rights reserved.

Use case – Real-time high-speed Signalling and UP analysis together with NetHawk M5

iPro M5

DataPacket TimeStamp

IP Filter

Port Filter

Signaling Traffic

Real-time Detailed Decoding

Real-time Detailed analysisLTE Session analysis

UserPlane Data

Flow GeneratorKPI/QoS

Calculation

DB

User Plane Analyser

to show Session or interface

Level KPIs/QoS counter

L2/L1

IP

SCTP

S1- AP

LTE L3Protocol

SignallingStack

L2/L1

IP

UDP

GTP-U

IP

ProtocolUserPlaneStack

24© 2010 EXFO Inc. All rights reserved.

› Together NetHawk iPro and User Plane Analyser will offer complete high-speed Ethernet network monitoring & troubleshooting solution for Vendors, Operators, Service Providers, Security and Enterprises› 1G to 10G Capture platform with ultimate performance that boost protocol

Analysers, lawful interception or other pcap applications. › Stores the network and gives easy access to pre-processed data

› Flow Analyser is a fast client to read ready records from iPro and to present the network functionalities and behaviour in different visual ways› Fastest way to locate specific IP sessions and main parameters of connections

Summary

25© 2010 EXFO Inc. All rights reserved.

NetHawk iPro product structure

User Plane Analyser(standalone)

NetHawk iPro Hardware

NetHawk iPro Appliance Software Core

2*1G,1U 10 Gb, 3U

Extractor

Flow Analysis DB option

3rd partyapplications

Central Management system

Storage on boardup to 16 TB

Open interfaces

GPS optionExternal storage

up to 156 TB4*1Gb, 2U

LC or 1000B-LX

TAP

Capture Processing

CLI

WebGUI

Runs @ iPro HW

NetHawk M5

User Plane Analyser(integrated to M5)

Control pcap

Drilldown

26© 2010 EXFO Inc. All rights reserved.

Flow records, Fast way to study User Plane

› Flow record contains the IP session details:› IP connection information,

transmission and application protocols, location details, KPIs and other main parameters

S-GWeNB ServerUEUE

RadioRadio

MACMAC

PDCPPDCP

IPv6/v4u

ApplicationApplicationTCP/UDP

RLCRLC

L1L1

L2L2

IP

UDPUDP

GTP-UGTP-U

L2L2

L1L1

IPv6/v4

TCP/UDPApplication

L1L1

L2L2

L1L1

L2L2

S1-US1-U SGiSGi

IP

UDPUDP

GTP-UGTP-U

L2L2

L1L1

IP

UDPUDP

GTP-UGTP-U

L2L2

L1L1

S5S5PDN

GW

IP

UDPUDP

GTP-UGTP-U

L2L2

L1L1RadioRadio

MACMACRLCRLCPDCPPDCP

ENCENC

iPro’s MySQL DataBase:-Flows records

-QoS/KPIs

27© 2010 EXFO Inc. All rights reserved.

Thank You!