Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and Troubleshooting

www.wildpackets.com © WildPackets, Inc.

Show us your tweets! Use today’s webinar hashtag:

#wp_highspeed with any questions, comments, or feedback.

Follow us @wildpackets

Jay Botelho Director of Product Management WildPackets [email protected] Follow me @jaybotelho

40G/100G Networks for Real-time and Post Capture Analysis

© WildPackets, Inc. #wp_highspeed WildPackets Omnipliance – Powerful, Precise, Affordable

Administration

• All callers are on mute ‒ If you have problems, please let us know via the Chat window

• There will be Q&A ‒ Feel free to type a question at any time

• Slides and recording will be available ‒ Notification within 48 hours via a follow-up email

2


Agenda

• The State of High Speed Networks • Faster Networks Requires New Management

Approach • Network Analysis and Forensics for Any Network

3


The State of High Speed Networks

4


10/40/100G Adoption

5

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-696667.html


40/100G Growth

6


Higher Speed Deployments

7

Enterprise Management Associates, Oct 2013

177 Participants Company size: 33% - Large organizations 33% - Medium 33% - Small

Functional Breakdown 54% - Executive 46% - IT Staff


Faster Networks Require New Approaches

8


Challenges at High Speed

9

The State of Faster Networks, WildPackets, Oct 2013


Short Comings of Current Solutions

TRAC Research, Inc

34%

40%

41%

51%

59%

Inability to collect packets at all networklocations

Lack of capabilities for analyzing / searchingrecorded network traffic

Inability to support 10Gb networks

Reliability of captured data

Number of dropped packets


Choices and Comprises D

ata

Gra

nula

rity

Data Accuracy

SNMP

Flow-based

Packet-based

Log Files


SNMP


SNMP

• Best used to identify and describe system configuration

• Monitor network-attached devices for high-level conditions ‒ Up/Down ‒ Total traffic (bytes, packets) ‒ Number of users

• Typically polling-based – heavy bandwidth impact • Typically 5 minute granularity • Trouble-shooting/root cause analysis not possible


Log Files


Log Files – Performance Monitoring and Network Troubleshooting

• The most popular choice per recent EMA survey: http://research.enterprisemanagement.com/network-management-megatrends2014-webinar.html

• Provide a very wide range of data and information ‒ Server health ‒ Network, application performance ‒ Security events

• Collection, management, analysis quickly improving • Strong indication of problems and their source, but

not the root cause or the extent

15

http://research.enterprisemanagement.com/network-management-megatrends2014-webinar.html

http://research.enterprisemanagement.com/network-management-megatrends2014-webinar.html


Flow-based


"Go With the Flow"

• Flows, or flow records, are the default element used in centralized network monitoring

• A “flow” is a sequence of packets that has the following seven identical characteristics: ‒ Source IP address ‒ Destination IP address ‒ Source port ‒ Destination port ‒ Layer 3 protocol type ‒ TOS byte ‒ Input logical interface

• By implication, a flow is unidirectional


Basic Flow Analysis • Packets enter the switch or

router • Packets sampled and flows

determined • Flow records compiled and

exported to flow collector • Flow records stored and

subsequently analyzed by flow analysis software

• The most common standards for flow records include:

- NetFlow - sFlow - IPFIX - JFlow

Source: Wikipedia

http://en.wikipedia.org/wiki/File:Netflow_architecture_en.svg


Common Flow-based Technologies Netflow IPFIX sFlow Jflow

•Developed by Cisco

•Proprietary •Transit traffic & terminated traffic

•Detailed info for each flow

•NO payloads •Sampling option not 100% accurate

• Internet Protocol Flow Information eXchange

• IETF standard •Based on NetFlow


•NO payloads

•RFC 3176 •Statistical time-based sampling

•Higher speed networks

•Less common than NetFlow

•NO payloads •Sampled – not always 100% accurate

•Developed by Juniper

•Proprietary •Similar to NetFlow


•NO payloads •Sampled per global rate – not 100% accurate

Limited Troubleshooting/Root-cause Analysis


Packet-based


Packet-based

• Data generated by DPI systems • Analysis of every packet AND payload • Unrivaled info for each flow • Layer 2 - 7 • 100% accurate • Minimal network impact – 10’s of Kbps • Monitor AND troubleshoot


Network Analysis and Forensics for Any Network


A Solution for Every Network

23


10G Network Data Capture

24


10/40/100G Network Data Capture


Omni Distributed Analysis Platform Software and Turnkey Solutions

• Enterprise monitoring and reporting ‒ WatchPoint Server ‒ OmniFlow, NetFlow, and sFlow Collectors

• Network Analysis and Recorder Appliances ‒ Omnipliance CX, MX, TL ‒ Optional OmniStorage ‒ OmniAdapter analysis cards

• Distributed analysis software ‒ OmniPeek – Enterprise, Professional, Basic, Connect ‒ OmniPeek Remote Assistant ‒ OmniEngine Enterprise

• Portable solutions ‒ OmniPeek network analyzer ‒ Omnipliance Portable


WildPackets Network Analysis Recorder Appliances Price/Performance Solutions for Every Application

Portable Omnipliance CX Omnipliance MX Omnipliance TL

Ruggedized Troubleshooting

Less Demanding Networks Remote Offices

Datacenter Workhorse Easily Expandable

Enterprise, Highly-Utilized Networks

Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis

24GB RAM 16GB RAM 32GB RAM 64GB RAM

2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots

2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports

6TB Storage 4/8/16TB Storage 16/32TB Storage 32/48/64TB Storage Optional OmniStorage: 32/48/64TB Up to 128TB total Storage

OmniAdapter 1G and 10G OmniAdapter 1G/10G MX OmniAdapter 1G/10G MX OmniAdapter 1G/10G/40G

6.5Gbps CTD 3.8Gbps CTD 8.8Gbps CTD 20Gbps CTD with OmniStorage


Omnipliance TL Industry Leading Network Analysis and Recorder Appliance

• Sets a new standard in capture-to-disk speeds ‒ 25Gbps sustained capture to disk rate with zero packet drop

• Best price/performance Network Analysis Appliance in the market ‒ 25Gbps with only one Omnipliance TL + OmniStorage ‒ Consuming less rack space, less cooling, less electrical power

• Most flexible network interface offering ‒ 1G/10G/40G interfaces supported in a single unit eliminates

additional unit requirement

• Most accurate real-time analytics ‒ Packet-based processing and analysis vs. inaccurate sample-

based calculation


Powerful

‒ Fastest network recorder in its class! Captures traffic up to 25Gbps of real-world traffic (all size packet distribution)

‒ Scales up to 128 TB of storage ‒ Provides simultaneous real-time analysis and a comprehensive Forensic

Search that rapidly searches through terabytes of captured traffic for the details relevant to an investigation

Precise ‒ Captures complete network traffic, so you can analyze everything, not just

samples or high-level statistics ‒ Doesn’t drop packets or sacrifice accuracy for speed ‒ Supports rich, detailed analysis, including VoIP and video-over-IP traffic

Affordable ‒ Delivers outstanding price/performance (lower price; half the rack space) ‒ Allows mix of 1G/10G/40G interfaces without buying extra appliances ‒ Solutions start at $16,995

Your network is bigger and faster. Now your analysis solution is, too.


Thank You!

WildPackets, Inc. 1340 Treat Boulevard, Suite 500 Walnut Creek, CA 94597 (925) 937-3200

Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and Troubleshooting

Software

Transcript of Visibility into 40G/100G Networks for Real-time and Post Capture Analysis and Troubleshooting