Más contenido relacionado A Confluence of Flows: Keeping Your Head Above Water1. A Confluence of Flows
Keeping Your Head Above Water
Jay Botelho Show us your tweets!
Director of Product Management Use today’s webinar hashtag:
WildPackets
jbotelho@wildpackets.com #wp_omniflow
Follow me @jaybotelho with any questions, comments, or feedback.
Follow us @wildpackets
© WildPackets, Inc. www.wildpackets.com
2. There’s no debate about the need for centralized
network monitoring
The question is
HOW?
A Confluence of Flows © WildPackets, Inc. 2
3. Choices and Comprises
Data Granularity
Packet-based
Flow-based
SNMP
Data Accuracy
Overhead???
Cost???
A Confluence of Flows © WildPackets, Inc. 3
4. SNMP
© WildPackets, Inc. www.wildpackets.com
5. SNMP
• Best used to identify and describe system
configuration
• Monitor network-attached devices for high-level
conditions
‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 second granularity
• Trouble-shooting/root cause analysis not possible
A Confluence of Flows © WildPackets, Inc. 5
6. Flow-based
© WildPackets, Inc. www.wildpackets.com
7. "Go With the Flow"
• Flows, or flow records, have become the default
element used in centralized network monitoring
• A ―flow‖ is a sequence of packets that has the
following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
A Confluence of Flows © WildPackets, Inc. 7
8. Basic Flow Analysis
• Packets enter the
switch or router
• Packets sampled and
flows determined
• Flow records
compiled and
exported to flow
collector
• Flow records stored
and subsequently
analyzed by flow Source: Wikipedia
analysis software
A Confluence of Flows © WildPackets, Inc. 8
9. Flows vs. Flow Records
• Flows are a defined element
• Flow Records are analytical results that vary
by overall standard, vendor and
configuration
• The most common standards for flow
records include:
‒ NetFlow
‒ IPFIX
‒ sFlow
‒ JFlow
A Confluence of Flows © WildPackets, Inc. 9
10. Focus on NetFlow
• Packets typically 1500 Bytes each
• Packets come in spurts – up to several Mbytes
• 20 – 50 flow records per reporting interval
• Typically 1 minute reporting granularity
• Typically ―1 out of k‖ static sampling
• Overhead (bandwidth usage - # of packets in reporting period)
linearly proportional to the # of flows
• Remember the prime directive – a switch MUST perform its
primary function – forwarding packets!
• Lost reporting packets can seriously impact data reliability
• A higher number of smaller flows creates greater inaccuracies
A Confluence of Flows © WildPackets, Inc. 10
12. The Details
A Confluence of Flows © WildPackets, Inc. 12
13. Common Flow-based Technologies
Netflow IPFIX sFlow Jflow
• Developed by • Internet Protocol • RFC 3176 • Developed by
Cisco Flow Information • Statistical time- Juniper
• Proprietary eXchange based sampling • Proprietary
• Transit traffic & • Emerging IETF • Higher speed • Similar to
terminated traffic standard networks NetFlow
Limitedinfo for • Based on
• Detailed
Troubleshooting/Root-cause Analysis for
• Much less • Detailed info
each flow NetFlow common than each flow
• NO payloads • Detailed info for NetFlow • NO payloads
each flow • NO payloads
• Sampling option • Sampled per
not 100% • NO payloads • Sampled – not global rate – not
accurate 100% accurate 100% accurate
A Confluence of Flows © WildPackets, Inc. 13
15. Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
A Confluence of Flows © WildPackets, Inc. 15
18. OmniFlow and WatchPoint
• High-level, aggregated view
of all network segments
‒ Monitor per campus, per
region, per country
• Wide range of network data
‒ NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible and detailed reports
A Confluence of Flows © WildPackets, Inc. 18
21. Not All Flows Are Created Equal
Netflow IPFIX sFlow Jflow OmniFlow
• Developed by • Internet • RFC 3176 • Developed by • Developed by
Cisco Protocol Flow • Statistical Juniper WildPackets
• Proprietary Information time-based • Proprietary • Proprietary
eXchange sampling
• Transit traffic • Similar to • Analysis of
& terminated • Emerging • Higher speed NetFlow every packet
traffic IETF standard networks AND payload
• Detailed info
• Detailed info • Based on • Much less for each flow • Unrivaled info
for each flow NetFlow common than for each flow
• NO payloads
• NO payloads • Detailed info NetFlow • Layer 3 - 7
• Sampled per
for each flow • NO payloads
• Sampled global rate – • 100%
option not • NO payloads • Sampled – not not 100% accurate
100% 100% accurate • Monitor AND
accurate accurate troubleshoot
A Confluence of Flows © WildPackets, Inc. 21
22. Choices and Comprises
Data Granularity
Packet-based
Flow-based
SNMP
Data Accuracy
Overhead
Cost
A Confluence of Flows © WildPackets, Inc. 22
23. Summary
• Flow records are NOT created equal
• OmniFlow analyzes packet headers AND payloads
• OmniFlow is NOT statistical - 100% accurate
• OmniFlow provides analysis for all network layers
• WatchPoint aggregates data from multiple OmniFlow
data streams
• When OmniFlow data isn’t available, WatchPoint also
aggregates both NetFlow and sFlow data for a
comprehensive network monitoring solution
A Confluence of Flows © WildPackets, Inc. 23
25. Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998
• Different approach to maintaining availability of network services
A Confluence of Flows © WildPackets, Inc. 25
26. What We Do
• Provide network visibility and intelligence …
‒ WatchPoint, OmniPeek, OmniEngines
• Expert systems – we find the problems for you
• Superior drill-down capability – trouble-shoot from anywhere
• Flexible, customizable, extensible – leverage your investment
‒ Professional services, training, best practices
• For all network segments …
‒ Data center to desktop to remote office
‒ LAN, WAN, Wireless …
‒ HTTP, Email, Database, VoIP, Video …
• To …
‒ Network engineers; IT Management; Developers
A Confluence of Flows © WildPackets, Inc. 26
27. Real-World Deployments
Education Financial Government
Health Care / Retail Telecom Technology
A Confluence of Flows © WildPackets, Inc. 27
29. Product Offerings
Software and Turnkey Appliances
• Enterprise Monitoring and Reporting
‒ WatchPoint Server
‒ OmniFlow, NetFlow, and sFlow Collectors
• Network Probes & Recorders
‒ Omnipliance Network Recorders – Edge, Core
‒ TimeLine Network Recorder
‒ OmniAdapter Analysis Cards
• Distributed Analysis Software
‒ OmniPeek – Enterprise, Professional, Basic, Connect
‒ OmniEngine – Enterprise, Desktop, OmniVirtual
• Portable Solutions
‒ OmniPeek software
‒ Omnipliance Portable
A Confluence of Flows © WildPackets, Inc. 30
30. WatchPoint
Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated view
of all network segments
‒ Monitor per campus, per
region, per country
• Wide range of network data
‒ NetFlow, sFlow, OmniFlow,
SNMP
• Web-based, customizable
network dashboards
• Flexible and detailed
reports
A Confluence of Flows © WildPackets, Inc. 31
32. Omnipliance Network Recorders
• Captures and analyzes all network traffic at the source 24x7
‒ Runs our OmniEngine intelligent probe software
‒ Generates vital statistics on network and application performance
‒ Intuitive root-cause analysis of performance bottlenecks
• Intelligent data transport
‒ Network data analyzed locally
‒ Detailed analysis passed to OmniPeek on demand
‒ Summary statistics sent to WatchPoint for long term trending and
reporting
‒ Efficient use of network bandwidth
• Expert analysis speeds problem resolution
‒ Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
‒ Real-time and post capture data mining for compliance and
troubleshooting
A Confluence of Flows © WildPackets, Inc. 33
33. TimeLine Network Recorder
11.7Gbps Sustained Capture
• Fastest network recording and real-time statistical
display — simultaneously
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval
‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution
A Confluence of Flows © WildPackets, Inc. 34
34. Omnipliance Network Recorders
Price/performance solutions for every application
Portable Edge Core TimeLine
Ruggedized Small Networks / Regional Offices / Datacenter
Troubleshooting Remote Offices Small Datacenter Workhorse
Chassis 1U 3U 3U
Memory 2 GB / 8 GB 4 GB / 8 GB 6 GB / 24 GB 18 GB / 24 GB
Expansion 1 PCI-E / 2 PCI-X 1 PCI-E or 1 PCI-X 4 PCI-E 4 PCI-E
Storage 500 GB / 2.5 TB 1 TB 8 TB 8 TB / 16 TB / 32 TB
A Confluence of Flows © WildPackets, Inc. 35
35. OmniPeek Network Analyzer
• OmniEngine Manager
‒ Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
‒ Vital statistics and graphs display trends on network and application
performance
‒ Visual peer-map shows conversations and protocols
‒ Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
‒ Packet and Payload visualization provide business-centric views
• Automated analytics and problem detection 24/7
‒ Easily create filters, triggers, scripting, advanced alarms and alerts
A Confluence of Flows © WildPackets, Inc. 36
36. Key Differentiators
• High-level network monitoring to root-cause analysis
• Single solution for today’s converged networks
‒ Wired, Wireless, 1GB, 10GB, VoIP, Video, TelePresence, IPTV
• Reduce and even eliminate network downtime
‒ Automated monitoring 24x7
‒ Speedy resolution of network bottlenecks
• Improve network and application performance
• Uniquely Extensible Platform – tailored to your needs
‒ Plug-ins and APIs for integration and customization
A Confluence of Flows © WildPackets, Inc. 37
37. Q&A
Show us your tweets!
Use today’s webinar hashtag: Follow us on SlideShare!
Check out today’s slides on SlideShare
#wp_omniflow www.slideshare.net/wildpackets
with any questions, comments, or feedback.
Follow us @wildpackets
© WildPackets, Inc. www.wildpackets.com