Network Time MachineFirst All-In-One, 100% Packet Capture Appliance with Instant Identification of Server vs. Network Problems
July 2011 v1
2
Contents
• Summary – One Slide• Why Network Time Machine?
– Business Value• Product Features• Network Time Machine and OptiView XG• About Fluke Networks
3
Network Time Machine - SummaryFirst All-In-One, 100 Percent Packet Capture Appliance with Instant Identification of Server vs. Network Problems
• Provides high performance stream-to-disk 100% packet capture at sustained rates up to 10Gbps+
• Continuous real-time performance analysis which quickly isolates the problem domain to Client,? Server or Network
• Application-Centric Analysis simplifies and speeds root cause analysis without looking at packets.
• Single plug-and-play appliance for capture, storage, analysis and reporting
4
WHY NETWORK TIME MACHINE?
5
Managing today’s networks requires deep packet analysis• Delivering consistent user experience at
any traffic load is job #1
• Application performance consistency requires system-wide collaboration, from cable to application
• Just knowing that it is not the network is not enough – Engineers need to get to the root cause and solve the problem – Fast.
• Deep packet analysis reveals all of the data required to get to the root cause of application problems
6
Traditional software-based protocol analyzers offer decodes and statistics…• Provide decode of content of each packet
stored in disk (trace file) or in memory (buffer)
• Traffic Statistics– Top Host table, Conversation Matrices
• Advanced protocol analyzers offer some tools to analyze IP Flow statistics on demand– Window Size– Response Time– Ladder View– VoIP Metrics
Memory(Capture Buffer)
CaptureFile stored
on disk
Decodes
7
…but are limited in visibility
• Limited by the size of the capture buffer (in Gigabytes)
• Difficult for most network engineers to use - storage usually lasts in minutes, and to store the right packets, triggering, slicing and filtering are commonly required
• Time consuming – need to store the content of capture buffer to disk in chunks and/or send to analysis engine by bits
• Not real-time - Some software protocol analyzers can conduct real-time packet analysis or trend analysis but are limited by hardware performance on slow links (<100Mbps)
Memory(Capture Buffer)
CaptureFile stored
on disk
Decodes
8
Why Network Recorders? Storing all packets enables back-in-time root cause analysis
• Capture/Store packets directly to disk, at beyond 10Gbps throughput with specialized hardware– Custom Network Interface Card– RAID controlled Hard-disk Array– Packet storage with indexed database
• Capture continuously for hours (usually no trigger or filter)
• Provide statistic & trending data of packets collected over time
• Data retrieved by time index & filter to analysis engine
9
The problem with using typical stream-to-disk appliances • Many solutions require separate appliances – one for capture/storage, another for
storing trend data and reporting.
• These require elaborate configuration to model application and server infrastructure
• When monitoring in real-time, many solutions fail to keep up with line-rate traffic, resulting in lost packets.
• The lack of clear, visual guidance to fault identification requires more time or more highly skilled analysts to solve performance problems.
Result: – Higher TCO (total cost of ownership)– Potential loss of critical analysis data– Long MTTR (mean time to repair) of critical
performance problems.
10
NETWORK TIME MACHINE OVERVIEW
Back-in-time analyzer with visual problem domain isolation
11
The Network Time Machine Back-in-time analyzer with visual problem domain isolation
•Core NTM Capabilities:– 100% stream-to-disk capture at up to 10Gbps+
even while monitoring real-time metrics– Continuously records all network traffic and
analyzes performance so that you can go back-in-time to investigate important events
– Application-centric analysis gets to root cause without looking at packets
– Gets to the packets quickly to offer evidence for collaboration with peers and partners to fix issues
– Unified Communications analysis with call-by-call analysis
NTM records packets as they transverse through the
network
12 12
Multiple Hardware Platforms To Suit Every Application and Environment
• Portable – capture and go, 1G/10G– For field troubleshooting/debugging of application
issues, easy to move as needed. Capture intermittent events on location.
• Express & Standard – up to 4G– For low to medium network traffic environments,
and remote sites
• Premium – High-speed, 10Gbps+– For large scale network traffic environments, data
center and R&D and Lab environments
13
Applications for Network Time Machine
What:– Network Operations & Maintenance – at Data Centers, Remote Sites, Critical Links– Field Troubleshooting
For:– Application / Network performance analysis– Unified Communications Service Assurance– Data Center/Virtualization– Technology Refresh– Application deployment & performance– Load-balancer & firewall issues
Value:– Efficiency – Faster mean-time-to-repair– Line of Business Satisfaction– Enable/Accelerate growth initiatives
14
NTM v8 - Delivering customer value
Operational Efficiencies (CIO Issues)
• Budget / Time• People (skills/efficiency)• LoB satisfaction
Successful Growth Initiatives(CIO Spending Priorities)
• UC Service Assurance• Data Center/Virtualization• Technology refresh• Application deployment /
performance
Key Capabilities:
• Quickly determine problem domain (network / server)
• Verify Video/Voice quality.
• Quickly determine root cause
• Deliver the evidence for team collaboration
Allow users to… Delivering…
• Real-time data, video & voice over IP quality and status analysis.
• High performance stream-to-disk with Performance Bottleneck Analysis
• Synchronized video & voice playback.
• Application-centric analysis without looking at packets
• Multi-segment analysis
15
The Network Time Machine V8.0 Back-in-time analyzer with visual problem domain isolation
Key Capabilities added in v8:–Continuous analysis of application
performance with little configuration
–Application Performance Health problem detection & reporting
–Stops finger pointing with instant visual fault isolation between server/network
–Extensive on-board performance reports
• Automatic app & server awareness• Flow time aware metrics w/TCP KPIs• Integrated Monitor/Alarm/Analyze/Report
16
Performance Bottleneck Analysis (PBA) - Quickly isolates and visually shows problem domain
Site A
Site B
Site C
TCP Flow
Patent-pending Measurement Approach - For each TCP Flow,
determines the time spent on server, network and client
- Only 1 NTM needed (Formerly required two capture points)
- Aggregated by Application, Server, App-Site and Site
- Detail TCP/IP Health Metrics available for drill down
Data Center
Sever Ti
me
Networ
k Tim
e
Client Ti
me
Flow Ti
me
Up to 30 sites(5 subnet ranges each)
17
Dashboards show key application performance metrics by Application, Server, and Site
Quick access to key performance metrics without time-consuming configuration or a separate server
18
Dashboard shows performance of applications, servers and sites with drill down into the problem domain
Benefits:
Continuous application performance analysis
Easy to configure & maintain
Long-term historical trends
19
Change in network or server time indicates problem domain
Most flows take 4 sec to complete
No ComplaintsMost flows now take 7 sec with large increase in time spent on server.
User Complained
Time spent on network
Time spent on Server
Benefits
Visually correlates change in user experience to changes in network time or server time
Lower-layer metrics refine fault domain isolation
20
Detailed metrics verify root cause
Trend tab– Client time / Network
time / Server timeServer Metrics– Server time– Connections– Throughput– Data volume– TCP resets – Zero windows
Client Metrics– Client time– Data volume – TCP reset – Zero window
Network Metrics– Network time– Network latency– Data volume– Re-transmissions– DLC utilization
zoom in/ zoom out
Identify performance bottlenecks with intelligently grouped TCP/IP metrics
21
Integrated Application Centric Analysis gets to root cause without reading packet decodes
• Summary view quickly identifies problems with applications
• Flow-based analysis with automatic ladder views quickly identifies performance issues
• Intuitive drill down makes problem isolation fast
• Compatible with WireShark decode engine
Drill-downDrill-down
Automatic Flow
Analysis
Automatic Flow
Analysis
multi-segment
ladder view
22
Isolate unified communications issues quickly
Benefits
Track quality & call status for each call
Quick time to root cause
Unique Video Analysis Simultaneous Video/Voice Playback
Ensure user quality & optimize network performance by continuous assessment of service delivery with detail analysis
Video/Voice Call detail assessment Call setup & RTP stream extraction and analysis
23
Alarm history indicates health trends
Benefits
Alarm report shows health trends
Provides Server, Site and Application health perspective
# and severity of alarms
Description of alarms
Metrics that triggered the alarm
24
REPORTING ON NETWORK TIME MACHINE
Back-in-time analyzer with visual problem domain isolation
25
Comprehensive reporting in all-in-one appliance:Communicate with managers and collaborate with peers
V8 Reports Key Uses
Problem Trend & Status Report Is the # of severe problems decreasing?How frequently have problems been occurring?
Application and Application-by-site status and trend report
Are key applications operating as expected? How are the applications supporting my sites?
Site status and trend Are sites operating as expected?
Server by application status and trend report
Are the servers supporting the application?
VoIP Quality Report Track QoS of VoIP by MOS
Application & IP Protocol distribution and trend
How traffic volume is trending over time
Flow-based report from CSA Troubleshooting summary reports
If you see it on the user-interface, you can see it in a report.
26
Problem Reports show application health trends
Problem Overview Report
Problem Trend ReportsAvailable for Servers, Applications and Sites
27
Site by Application Performance Reports
Site Performance Trend Reports
Slowest Site PerformanceBy Network Latency
28
Application-Server Health Report
29
Traffic Volume Report
Traffic volume by channel
IP traffic statistics
30
NETWORK TIME MACHINE &OPTIVIEW XG
31
OptiView XG - SummaryDedicated tablet for automated network and application analysis – the fastest way to root cause
• Connect, capture and generate to 10Gig on copper and fiber
• Detect and solve security, coverage, and interference problems on Wi-Fi Networks
• Intelligent guided problem solving• Troubleshoot application problems without looking
at packets• Unique “Path Analysis” pinpoints network
performance problems • Real-time, granular data help diagnose intermittent
problems that network management systems miss • Detailed, fast network discovery• Portable: 5 lbs. / 2.2kg; 2+ hour battery life
32
NTM & OptiView XG
• NTM performs problem domain isolation – Client, Server, or Network
• XG identifies the source of network problems• NTM & XG perform root cause analysis via ClearSight
Client ServerNetwork
33
OptiView XG & NTM v8
• OptiView XG Strengths– Application Infrastructure
Analysis– Key Devices– Router & Switch Health
• NTM v8 Strengths– Application performance
analysis and trending – Back in time analysis– PBA for quick fault isolation
to Server or Network
• Full Time Application Centric Analysis– NTM finds abnormal application flow times– Quickly isolate to Network or Server– OptiView finds Application Infrastructure &
Network Health problems
34
Application Infrastructure Analysis
• Data Center Servers and Switches– Server Host Resources– Switch Interface Utilization & Errors
35
Key Devices
• Remote Site Routers– Site Availability & Performance– Router Interface Utilization & Errors
36
Router & Switch Health
• Monitors all routers & switches
37
End-to-End Network Health with OptiViewKey DevicesApplication InfrastructureRouter & Switch Health
38
XG alone can rule out network problems
Key DevicesApplication InfrastructureRouter & Switch Health
It’s not the network
39
The power of XG and NTM combined:• XG monitors network health• NTM monitors application flows• NTM identifies change in server times• Provide Bounce Chart & Trace files as evidence
It’s the Application
Server
40
ABOUT FLUKE NETWORKS
41
Fluke Networks…
• Fluke Networks is an operating company of Danaher Corporation (DHR)
• 2010 Revenue: $13B
• Over 500 employees worldwide • Approximately 45% of revenue from outside the U.S.• #1 Provider of Ethernet test sets• Used by 98 of the Fortune™ 100
• Worldwide Headquarters: Everett, WA– Major Facilities: Colorado Springs, CO; Santa Clara, CA;
Duluth, GA; Beijing and Shanghai China
42
Questions?