Network Performance Monitoring at Minimal Capex · Cisco IPSLA – WAN RTT Reports How NetFlow...

Network Performance Monitoring at Minimal Capex

Some Cisco IOS technologies you can use to create a high performance network

Don Thomas Jacob Technical Marketing Engineer

Network

Network Monitoring

NetFlow Analysis

Network Config Mgmt

Servers & Applications

Server Monitoring

Application Perf

Monitoring

End User Experience

Desktop

Desktop Management

Asset Management

Remote Control

ServiceDesk

Helpdesk

ITIL Service Desk

Software License Tracking

Windows Infrastructure

Active Directory

SQL Server

Exchange Server

Event Log & Compliance

Windows Event Logs

Syslog Management

Firewall Log Analyzer

Security

Vulnerability Analysis

Patch Management

Password Management

ManageEngine is an IT management vendor focused on bringing a complete IT management portfolio to all types of enterprises

About ManageEngine

The Webinar will discuss:

• Why network performance management • A Network Administrator’s wish list • Some Cisco technologies you can use for network

performance monitoring

And a brief on Cisco Flexible NetFlow • NetFlow Analyzer and Cisco Technologies

Why Network Performance Monitoring

• Network connectivity and business application uptime are the keywords today

• Increasing bandwidth – but more applications and

services in the network

• Save capex – Hold the extra bandwidth or the WAN optimization device you planned

• Business critical applications have to compete with rogue applications in many networks

• Planning for VoIP – Can your current links do it?

A Network Administrator’s Wish List

Manage available Bandwidth?

Need a Capacity Planning Report

Is Peer to Peer apps using bandwidth?

Can the existing link carry Voice

Traffic?

What caused the Bandwidth Spike?

Traffic Analytics

Is the Network Secure?

Network Admin

A Network Admin ’s Wish List

How will the data traffic perform?

• Bandwidth Monitoring - Analyze link usage - Visualize traffic patterns - Real-time traffic reports

• Traffic Analytics

Traffic Source and related

Conversations

Real Time Traffic Graphs

to Forever History

Traffic Destination and related Conversations

Applications and Protocols Used

WHO

• Capacity Planning - Existing link meets demand ? - Increase available Bandwidth ?


WHAT

WHEN WHERE

• Bandwidth Monitoring - Analyze link usage - Visualize traffic patterns - Real-time traffic reports

• Traffic Analytics

Traffic Source and related

Conversations

Real Time Traffic Graphs

to Forever History

Traffic Destination and related Conversations

Applications and Protocols Used

• Capacity Planning - Existing link meets demand ? - Increase available Bandwidth ?


Layer 7 Analysis and Traffic Management

• Analyze Peer to Peer application usage

• Are unwanted applications using well known ports?

• Manage, Block or Shape traffic

• Validate Quality of Service policies


Measure Link Capability for VoIP Traffic

• Switching to VoIP to carry Voice Traffic?

• Can existing link carry the additional traffic?

• Measure performance of VoIP traffic over the link

Current Usage

Available for New Traffic



Link Performance Monitoring

• How is the WAN link performance

• Is your ISP delivering as per the SLA?

• Latency, Jitter, Packet loss, Availability

?

?

?

Growing number of Security Threats

70's 80's 1990 1995 2000 2011

Threats

Threats


Growing number of Security Threats

• Is my Network Secure? Are the current firewall rules sufficient?

• Track network anomalies that may have bypasses firewalls

• Is your network under attack? Is there a virus spreading or maybe a DDoS attack?


Cisco Solutions you can leverage on

Cisco’s Flexible NetFlow

• Primary IP Traffic accounting technology

• Reports on Who, What, When and Where of traffic

• Helps understand traffic pattern, applications used, top talkers and much more

What Cisco has to help you

Used for Visualizing Traffic Patterns Helps in - Bandwidth Monitoring - Traffic Analytics - Capacity Planning Less strain on Device CPU, Memory as well as Link Bandwidth

?? ?? ?? ?? UDP TCP ?? ?? TCP

Source Interface (ifindex)

Protocol

Source IP Address

Destination IP Address

Source Port

Destination Port

ToS


A brief about Cisco Flexible NetFlow

What is Flexible NetFlow

Cisco Flexible NetFlow

• Uses NetFlow v9 - Allows user defined Key and Non-Key Fields

• Highly flexible flow export options - Customized traffic monitoring

• Ability to monitor a wide range of IP packet information which traditional NetFlow did not have

Some Platforms and IOS with Flexible NetFlow


• Cisco ISR G1 - From 12.4(20)T IOS

• Cisco ISR G2 - All CCO Images

• Cisco 7200 - From 12.2(33)SRE

• Cisco ASR1K - From XE3.1 15.0(1)S

• Cisco CAT 4000 series - SUP Engine 7E

• Cisco CAT 6000 series - SUP 2T Earl8

NetFlow Performance Impact

CPU Utilization

• 10,000 active flows – 7.14 % additional CPU

• 65,000 active flows – 22.98 % additional CPU

Bandwidth Usage Estimate

• Around 2% to 3% additional bandwidth on the NetFlow enabled device


Application

Presentation

Session

Transport

Network

Data Link

Physical Data

Network Based Application Recognition - NBAR

Bitorrent, eDonkey, FTP, Kazaa, Skype, SIP


Network Based Application Recognition - NBAR

• Layer 7 traffic analytics

• Intelligent Application Categorization

• Detect Peer to Peer and dynamic port using applications

• Can work with CBQoS for custom traffic management


FTP

VoIP

Peer to Peer

Web

Class Based Quality of Service - CBQoS


Internet Link

Web

FTP

Class Based Quality of Service - CBQoS

• Prioritize, limit, block or shape IP traffic

• Drop unwanted traffic – Peer to Peer, IM, etc

• Ensure delivery of business critical applications


Cisco IPSLA – IP Service Level Agreement

• Monitor performance – packets reach destination, link performance, availability ?

• RTT, latency, jitter, packet loss, etc

• Verify if the ISP is delivering as promised

• Can the link can deliver your data to the destination

• Can the link carry VoIP traffic ?


Cisco NetFlow For Security Analytics

• Valuable information about IP traffic patterns

• Identify network anomalies, DDoS attacks, spread of malware or viruses

• Details of attack – Offender, Target, Path…

• Helps mitigate attacks that surpasses firewalls and IDS


NetFlow Analyzer and Cisco

NetFlow Analyzer leverages on Cisco

• Uses NetFlow data for bandwidth and traffic analysis.

• Visualize traffic pattern with real time graphs.

• Traffic analytics with application and conversation report.

• Trend analysis for Capacity Planning.

Comprehensive understanding of the Network using Cisco NetFlow


• Uses NetFlow data for bandwidth and traffic analysis.

• Visualize traffic pattern with real time graphs.

• Traffic analytics with application and conversation report.

• Trend analysis for Capacity Planning.


NBAR – Network Based Application Recognition


• Deep packet – Layer 7 Traffic Analysis

• NBAR reporting via SNMP as well as Flexible NetFlow

• Identify hosts involved in Peer to Peer Traffic

NBAR reporting via Flexible NetFlow


NBAR reporting via SNMP


Class-Based QoS reporting


• Validate QoS polices

• Monitor Class based pre and post policy traffic usage Class based drops Class based queuing

• Reports for each Match Statement

Class-Based QoS reporting


Cisco IPSLA – VoIP Monitoring

How NetFlow Analyzer leverages on Cisco

• VoIP performance analysis using Cisco IPSLA

• Reports on : Jitter Latency Packet Loss Mean Opinion Score - MoS

• Compare VoIP reports and Interface level NetFlow reports

• Identify reason for VoIP quality degradation

Cisco IPSLA – VoIP Monitoring


Cisco IPSLA – WAN RTT Reports


• Link performance analysis using Cisco IPSLA

• For data packets, reports on : Jitter and Latency Packet Loss and Round Trip Time Link Availability

• View least performing paths and find which of your links do the worst

• Prevent possible network issues from becoming an outage

Cisco IPSLA – WAN RTT Reports



Flow based security analytics

• Network anomaly detection leveraging on NetFlow data

• Detect anomalies that surpass firewalls and IDS

• Anomaly classification based on Offender, Target, Path and Problem

• Real time threat detection using Continuous Stream Mining Engine


Flow based security analytics

Conclusion

• Throwing more bandwidth does not always improve performance

• Utilize technologies available on your Cisco device

Find bandwidth used by business critical applications

NBAR – A hidden technology with wide uses

Use QoS to the fullest and ensure they work as expected

IPSLA monitoring to measure performance of data and voice

Get a 3rd layer of security beyond firewalls and IDS

• Use a tool that can leverage on all these technologies – ManageEngine NetFlow Analyzer is one

Questions?

ManageEngine NetFlow Analyzer is used by over 4000 customers worldwide. Visit our website for details:

www.manageengine.com www.netflowanalyzer.com [email protected] [email protected]

mailto:[email protected]

mailto:[email protected]

Network Performance Monitoring at Minimal Capex · Cisco IPSLA – WAN RTT Reports How NetFlow...

Documents

Transcript of Network Performance Monitoring at Minimal Capex · Cisco IPSLA – WAN RTT Reports How NetFlow...