Más contenido relacionado La actualidad más candente (20) Similar a Don't Let History Repeat Itself – Network Monitoring and Reporting with WatchPoint (20) Don't Let History Repeat Itself – Network Monitoring and Reporting with WatchPoint1. Don’t Let History Repeat Itself
Network Monitoring and Reporting with
WatchPoint
Show us your tweets!
Use today’s webinar hashtag:
Jay Botelho
Director of Product Management #wp_watchpoint
WildPackets with any questions, comments, or feedback.
jbotelho@wildpackets.com Follow us @wildpackets
© WildPackets, Inc. www.wildpackets.com
2. Agenda
• Key Technologies in Network Reporting
• Limitations in Single Technology Approaches
• Why WatchPoint
• WatchPoint v2.0 Demo
‒ Determining long-term trends using WatchPoint
‒ Troubleshooting ongoing issues with WatchPoint
‒ Generating detailed, scheduled reports
‒ Linking directly from high-level reporting to detailed packet
analysis
• Company Overview
• Product Line Overview
WatchPoint v2.0 © WildPackets, Inc. 2
4. Choices and Comprises
Packet-based
Data Granularity
Flow-based
SNMP
Data Accuracy
Overhead???
Cost???
WatchPoint v2.0 © WildPackets, Inc. 4
5. SNMP
• Best used to identify and describe system
configuration
• Monitor network-attached devices for high-level
conditions
‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 second granularity
• Trouble-shooting/root cause analysis not possible
WatchPoint v2.0 © WildPackets, Inc. 5
6. "Go With the Flow"
• Flows, or flow records, have become the default
element used in centralized network monitoring
• A ―flow‖ is a sequence of packets that has the
following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
WatchPoint v2.0 © WildPackets, Inc. 6
7. Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
WatchPoint v2.0 © WildPackets, Inc. 7
9. Not All Data Sources Are Created Equal
Netflow sFlow OmniFlow Packets
• Developed by • RFC 3176 • Developed by • RFC 1122
Cisco • sFlow agents WildPackets
• Transit and • Statistical • Analysis of every • Every packet
terminated traffic sampling packet AND recorded
• Higher speed payload • Detailed
networks troubleshooting
• Detailed info for • Time-based • Unrivaled info for • Layer 2 - 7
each flow sampling of each flow • Apdex, Latency,
interface counters Reconstruction, …
• NO packets • NO packets • Links to packets • Packets with
network forensics
• Sampled – not • Sampled – not • 100% accurate • 100% accurate
100% accurate 100% accurate
WatchPoint v2.0 © WildPackets, Inc. 9
10. It’s All In The Packets
Detailed errors
automatically
identified, with
alerts
One click identifies
the user and
application
One more click
identifies the root
cause of the issue
WatchPoint v2.0 © WildPackets, Inc. 10
12. WatchPoint v2.0 Delivers
• 100% data accuracy
‒ Stop wondering if your monitoring solution is missing key results
• Detailed network history
‒ No loss of granularity for historical data
• Complete visibility
‒ From global network usage to detailed packet analysis for root-
cause analysis in a single solution
‒ SNMP, NetFlow, sFlow, OmniFlow integrated into a single
solution
• Immediate access to worldwide network data
‒ Monitor network usage and drill-down into specifics at the speed
of a click
WatchPoint v2.0 © WildPackets, Inc. 12
15. WatchPoint Benefits
• For CIOs
‒ High-level, instantaneous view of entire enterprise-wide network
‒ Quickly identify anomalistic network behavior
‒ Network usage, compliance, SLA reporting
• For IT Managers
‒ Centrally managed monitoring solution
‒ Configure access based on role and usage
‒ Modify reports on-the-fly to see the data you need
• For Network Engineers
‒ Find and fix network issues before they become major problems
‒ Correlate WatchPoint data with OmniEngine packet files for
detailed, post-capture analysis
WatchPoint v2.0 © WildPackets, Inc. 15
16. What’s New in WatchPoint v2
• Comprehensive network monitoring via SNMP,
NetFlow, sFlow and OmniFlow
• Pre-built and custom reports
• SLA monitoring of key network elements
‒ Alerts, Alarms, Notifications
• Detailed drill-down into utilization, flows, and
conversations
• OmniFlow enhancements
‒ Direct access to packets
‒ Aggregated reporting of Expert events
‒ Aggregated reporting of VoIP statistics
WatchPoint v2.0 © WildPackets, Inc. 16
18. WatchPoint 2.0 At-A-Glance
• Detailed, precise, conversation-based analysis
‒ Eliminates inaccuracies from polling/sampling-based solutions
• 1 minute history – ALWAYS
‒ Never time-averaged historical data
• Tight integration into packet analysis – one solution
• Global reporting of Expert and VoIP analysis for
investigation of real-time or historical problems
WatchPoint v2.0 © WildPackets, Inc. 18
20. Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998
• Different approach to maintaining availability of network services
WatchPoint v2.0 © WildPackets, Inc. 20
21. Real-World Deployments
Education Financial Government
Health Care / Retail Telecom Technology
WatchPoint v2.0 © WildPackets, Inc. 21
23. Product Line Overview
OmniPeek/Compass
Enterprise Packet Capture, Decode and Analysis
• 10/100/1000 Ethernet, Wireless, WAN, 10G
• Portable capture and OmniEngine console
• VoIP analysis and call playback
Omnipliance / TimeLine
Distributed Enterprise Network Forensics
• Packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards
WatchPoint
Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
WatchPoint v2.0 © WildPackets, Inc. 24
24. OmniPeek Network Analyzer
• OmniEngine Manager
– Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and Payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms and alerts
WatchPoint v2.0 © WildPackets, Inc. 25
25. Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs our OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-Extensible Platform
– Plug-in architecture and SDK
WatchPoint v2.0 © WildPackets, Inc. 26
26. Omnipliance Network Recorders
Price/performance solutions for every application
Portable Edge Core
Ruggedized Small Networks Datacenter Workhorse
Troubleshooting Remote Offices Easily Expandable
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis
Quad-Core Xeon 2.5GHz Quad-Core Intel Xeon Two Quad-Core Intel Xeon
X3460 2.80Ghz E5530 2.4Ghz
4GB RAM 4GB RAM 6GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
500GB and 2.5TB SATA 1TB SATA storage capacity 2TB SATA storage capacity
storage capacity
WatchPoint v2.0 © WildPackets, Inc. 27
27. TimeLine
• Fastest network recording and real-time statistical
display — simultaneously
‒ 11.7Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval
‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution
‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
WatchPoint v2.0 © WildPackets, Inc. 28
28. TimeLine
For the most demanding network analysis tasks
TimeLine
10g Network Forensics
3U rack mountable chassis
Two Quad-Core Intel Xeon 5560 2.8Ghz
18GB RAM
4 PCI-E Slots
2 Built-in Ethernet Ports
8/16/32TB SATA storage capacity
WatchPoint v2.0 © WildPackets, Inc. 29
29. WatchPoint
Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Omnipliances must be
configured for continuous
capture
WatchPoint v2.0 © WildPackets, Inc. 30
30. WildPackets Key Differentiators
• Visual Expert Intelligence with Intuitive Drill-down
– Let computer do the hard work, and return results, real-time
– Packet / Payload Visualizers are faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated Capture Analytics
– Filters, triggers, scripting and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple Issue Network Forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-Extensible Platform
– Plug-in architecture and SDK
• Aggregated Network Views and Reporting
– NetFlow, sFlow, and OmniFlow
WatchPoint v2.0 © WildPackets, Inc. 31