Leveraging Your Infrastructure for
Performance Management
ip route-cache flow
please?
Ward Cobleigh
[email protected]
Because your network has so much it wants to tell you
�Todays Agenda
Fluke Networks overview
Evolution of network management and infrastructure
technologies
Leveraging embedded technologies for performance
management:
Flow data
IP SLAs
Performance Routing
Open forum discussion
2
�Who Is Fluke Networks?
Began as an exploratory business unit within
Fluke Corporation in 1992
Fluke Corporation has 60 years as world-leader of
electronic test tools
In 2000, growth and market conditions caused
Fluke Networks to become a separate business
DSP-100
Fluke Networks
First Cable Tester
Fluke Networks and Fluke Corporation are
separate and distinct entities
Both are part of the Danaher family of companies
(NYSE:DHR)
Fluke Networks
First Handheld
Network Analyzer
3
�Danaher, a diversified technology leader, designs, manufactures, and markets innovative
products and services with strong brand names and significant market positions over 6
strategic platforms
Test & Measurement
Environmental Hand Tools
Motion
Medical
Product ID
�Fluke Networks Today
Part of a $11B premiere global enterprise
Continuously profitable company since its inception
Total annual sales exceed $340M
Over 800 associates worldwide
Worldwide Headquarters: Everett, WA
Major research & development facilities: Colorado Springs, CO; Austin, TX;
Dallas, TX; Duluth, GA; Cincinnati, OH; Bridgewater, NJ; Rockville, MD;
Dublin, Ireland; Bangalore, India; Shanghai, China
Sales Offices & Associates Worldwide: Extensive operations in Europe,
Asia, Australia, South America and North America
Technical Assistance Centers: Everett, WA; Watford, UK; Rockville, MD
5
�Fluke Networks Core Customers
Enterprise
Managers
Datacom
Installers
Communication
Service Providers
Distributed and handheld
LAN and WAN
test and analysis solutions
Copper & fiber cable
certification and troubleshooting
Communication networks testing
xDSL qualification
Process improvement
Access management and testing
�Fluke Networks
Performance Management (PfM)
Overview
Manage application performance and network
performance in a converged voice/data network
Broad enterprise visibility, deep analysis and
detailed troubleshooting capability
Value to our customers
Maximize the value of IT by delivering
superior IT services
Provide quality end user experience
through:
Proactive monitoring and management
Reactive troubleshooting and recovery
7
�Network Management &
Infrastructure Technologies Milestones
�Early Network Management Milestones
Network
General
Sniffer
1986
SNMP v1
RFCs
Published
1988
NetScout
RMON
Probe
1992
Visual
Networks
ASE
1995
Ganymede
Chariot
1996
Hardware probes
Software agents
Primarily focused on reactive troubleshooting
9
�Things Were Changing
Evolution from shared to switched media (first Ethernet
switch introduced in 1989)
Faster speeds and feeds becoming more commonplace
(Gigabit Ethernet standardized in 1998)
Data volumes and network configurations began to
challenge the capture and analyze everything philosophy
(MPLS standardized in 2001)
Processing power of infrastructure devices increasing
Routers and switches could do more than just route and
switch
10
�Embedded Technologies Milestones
NetFlow v1
1996
Response
Time
Reporter
(RTR)
1996
Service
Assurance
Agent
(SAA)
sFlow
RFC
3176
IETF
IPFIX
Draft
1999
2001
2002
Optimized
Performance
Edge
Routing IP SLAs Routing
(PfR)
(OER)
2005
2006
2007
Embedded functionality
No probes or agents required
Better suited for proactive performance management
11
�Cisco IOS NetFlow
IPFIX
Flow-based technologies
�What Is NetFlow?
NetFlow is a protocol for a router or Layer 3 switch to
quantify the traffic passing through it
Traffic statistics are locally
stored (cached)
Traffic statistics can be
exported to other devices
or applications for analysis
and reporting
Applications for NetFlow: Troubleshooting, forensic traffic
analysis, intrusion detection, capacity planning, usage
based accounting, etc.
13
�Flow Flavors
Cisco IOS NetFlow v9: www.cisco.com/go/netflow
IPFIX Working Group: http://www.ietf.org/html.charters/ipfix-charter.html
sFlow: http://www.sflow.org/
Alcatel-Lucent
Allied Telesis
Extreme Networks
Foundry Networks
H/P
J-Flow:
http://www.juniper.net/techpubs/software/erx/junose82/swconfig-ip-services/html/ip-jflow-stats-config.html
14
�What you can learn watching network
traffic
In advanced networks, the flow and analysis tools become
a big deal.
Responsibility for network performance falls on the
network team tools that provide deep behavioral analysis,
traffic analysis and NetFlow analysis will become more
critical.
Whether is network behavior analysis or application traffic
flows, the key to understanding business issues such as
end user experience lies in monitoring traffic.
George Hamilton, director of Yankee Groups enabling technologies enterprise group (3/08)
15
�Flow Data Evolution
Great data source, but
How do you keep the data for a
meaningful amount of time at a
useful level of granularity?
How can you easily manipulate this
data to quickly get to what you
need?
How do you present the data in a
simple, intuitive manner?
Source Addresses
Destination Addresses
Protocols
Source Ports
Destination Ports
Type of Service
Differentiated Service
AS Source
AS Destination
Source Network
Destination Network
In Interfaces
Out Interfaces
Next Hop
Traffic Classes
Identified Applications
Traffic Count
Packet Count
16
�What Top N Doesnt Tell You
Top hosts,
conversations,
protocols
My servers are busy
Voice
Whats really
happening on
my network
Virus
Hacking
Multicast
DNS
Peer-to-peer
Worms
17
�How MySpace Is Hurting Your Network
Social networking sites drive up DNS traffic, bandwidth
Increasingly popular social-networking sites such as MySpace, YouTube and Facebook are
accounting for such huge volumes of DNS queries and bandwidth consumption that carriers,
universities and corporations are scrambling to keep pace.
Social-networking sites create large volumes of DNS traffic because they pull content from all
over the Internet. Most of these sites use content-delivery networks to extend the geographical
reach of their content so users can access it closer to home.
"A single MySpace page can have anywhere from 200 to 300 DNS lookups, while a normal news
site with ads might have 10 to 15 DNS lookups," Tovar says. "It's an exponential increase.
"They're making use of an awful lot of short TTLs [time to live values]," Oborn says. "That
increases the load on the DNS servers. The same thing would happen for an enterprise customer as
you see happening on a service provider network.
The impact of social-networking sites is primarily on carrier and university networks today, but it
is likely to affect more corporations as they add social-networking features to their e-commerce
and intranet sites.
By Carolyn Duffy Marsan, Network World, 06/22/07
19
�MS-SQL Slammer
22,772
Conversations in
ONE MINUTE!
Less than 900KB
20
�Questions To Consider
How will we use flow data to:
Solve a current problem?
Achieve an organizational goal?
Satisfy an identified need?
What depth, breadth, coverage is required?
Is flow data available everywhere we need it?
How long will we need to retain the data?
Who will use the information?
There is no one-size-fits-all solution for flow data analysis
21
�NetFlow Tracker
Supports all major flow types
All of the flows, all of the time:
Not Top-N limited (Top-N-y)
Keep real time data at one minute
resolution indefinitely
User-defined data retention and granularity
Sweep and swoop from high-level
summaries right down to individual flows
100% web-based, fully URL controllable
Available as an appliance or software only
22
�NetFlow Tracker Demo
�Cisco IOS IP Service Level Agreements
(IP SLAs)
�What Are IP SLAs?
Formerly known as the Service Assurance Agent (SAA) or
Response Time Reporter (RTR)
Active traffic generation in a continuous, reliable,
predictable manner for measuring network, application,
and voice performance
Generated traffic simulates network applications like VoIP
and collects performance information in real-time.
Routers and switches are configured to be IP SLA agents
or IP SLA responders (agents initiate tests)
Agent test results stored in Cisco RTTMON-MIB
25
�IP SLA Operations, Metrics, Functions
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_white_paper0900aecd8017f8c9.shtml
26
�Why use Cisco IP SLAs?
IP SLAs is an Embedded IP Application Service in the Network
Service Level Agreement (SLA) Monitoring and validation.
Performance and Availability validation testing of the Networks
Additional Trend Monitoring to NMS
Network Baselines Prepare for New Services
Aid Troubleshooting & Fault Analysis
Performance Issue Isolation @ or between Any two Network Nodes
Change Control Impact Verify Performance and Health impacts.
Ubiquity IP SLAs is on nearly every Cisco platform and OS
20070424.IPSLAs
2006 Cisco Systems, Inc. All rights reserved.
27
�UDP Jitter with VoIP MOS Score
Introduced in Cisco IOS 12.3(4)T
This enhanced UDP Jitter operation reports both Mean
Opinion Score (MOS) and Calculated Planning
Impairment Factor (ICPIF)
The results estimate the users VoIP experience through
the network and should be used as part of reporting in
conjunction and comparison with passive measurement
technologies as well.
Supported Codecs:
G.711 A Law (g711alaw: 64 kbps PCM compression method)
G.711 mu Law (g711ulaw: 64 kbps PCM compression method)
G.729A (g729a: 8 kbps CS-ACELP compression method)
20070424.IPSLAs
2006 Cisco Systems, Inc. All rights reserved.
28
�Questions To Consider
How can we effectively utilize IP SLAs for:
VoIP pre-assessment testing?
Network/Application/VoIP troubleshooting?
Monitoring server availability and responsiveness?
How do IP SLAs fit with our existing tool set and network
management approach?
Do we have adequate coverage?
What additional visibility will we need?
Who will use the information?
29
�Fluke Networks ResponseWatch
Can monitor any Cisco IP SLA test type
Reporting presentation by response times and SLA
compliance
Internal and External SLA monitoring
Performance visibility for business-critical applications
Network performance monitoring
Network operation troubleshooting
IP service (e.g., VoIP) network health readiness or
assessment
Edge-to-edge network availability monitoring
Alerting (Syslog output)
100% web enabled (no console)
30
�ResponseWatch Demo
�Reference
Cisco IP SLAs on Cisco.com:
http://www.cisco.com/go/ipsla
32
�Cisco IOS Performance Routing
�Cisco Empowered Branch offerings
(9/26/07 announcement)
Cisco 1861 Integrated Services Router (ISR)
Cisco Catalyst 2960 Series Switches with LAN Lite Cisco IOS Software
Cisco Intrusion Prevention System Advanced Integration Module (IPS AIM)
Cisco IOS Performance Routing (PfR) and High-End Cisco
Wide Area Application Services (WAAS) Network Module.
Accelerates business-critical applications and minimizes
WAN bandwidth expenses with application-aware routing
and WAN traffic optimization
Wireless LAN Controller support for IEEE 802.11n
Cisco Unified Messaging Gateway
Cisco's 'Empowered Branch' Drives Business Productivity, Collaboration, Operational Simplicity with New Routing and Switching Platforms
34
�Best Path Selection, Two or More Paths
WAN Access Links Are Biggest
End-to-End Bottleneck!
SP C
SP B
SP A
Remote
Office
Headquarters
By Default BGP Chooses
Best Path Based on
Fewest AS-Path Hops!
Bottlenecks!
SP D
SP E
Telecommuter
Shortest Path Is Not Always the
Best Path in Terms of Performance
BRKRST-2364
13806_05_2007_c1
2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
�PfR Best Path
PfR Path
SP A
SP C
SP B
Headquarters
Remote
Office
MC/BR
BR
BR
MC
Bottlenecks!
BR
SP D
SP E
MC/BR
Optimize by:
Reachability, Delay, Loss, Jitter*, MOS*,
Throughput, Load, and/or $Cost
Telecommuter
PfR Components
BRBorder Router
MCMaster Controller (decision maker)
BRKRST-2364
13806_05_2007_c1
2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
�Selecting Best Traffic-Class Path
BRKRST-2364
13806_05_2007_c1
Link
Utilization
Delay (ms)
Priority 1
Jitter (ms)
Priority 2
Serial1
89%
100
30
Serial2
50%
113
30
Serial3
60%
119
32
Serial4
40%
150
20
2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
�Cisco PfR and Cisco WAAS Integration
Adaptive WAN-Optimized Network
Cisco Wide Area Application Services (WAAS) optimizes the TCP
session
Reduction in latency and data on the wire
Cisco PfR monitors and optimizes WAN path selection
Not all WAN paths are equal: latency, loss, throughput, etc.
Cisco WAAS network transparency allows individualized session
placement by Cisco PfR over best WAN path
Cisco WAE
Cisco PfR Places SQL Traffic on
Best-Performing WAN Path
MPLS-VPN
Cisco WAE
BR
MC
Client
IPSec over
Internet
Master Controller
or Border Router
BR
Servers
Cisco WAE
Branch Office
BRKRST-2364
13806_05_2007_c1
2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco PfR
Domain
Data Center
38
�Questions To Consider
Are we making optimal use of all available bandwidth and
paths?
Would it be advantageous to route around network
congestion or service provider performance problems?
Are there business-critical applications that should receive
priority treatment?
Do we know how the network is performing under normal
circumstances?
Will leveraging PfR, NetFlow, and IP SLAs help IT deliver
better service to the business and to our customers?
39
�Fluke Networks PfR Manager
�What is Fluke Networks PfR Manager?
Developed in partnership with Cisco over an 18-month
period
Browser-based Windows application
Complete, intuitive graphical user interface for:
PfR Traffic Class and Policy configuration
Real-time analysis, status updates, troubleshooting
Historical reporting
The only PfR management system available today
41
�Fluke Networks PfR ManagerWhy?
PfR Manager provides a graphical user interface for:
PfR Traffic Class and Policy configuration
Real-time analysis, status updates, troubleshooting
Historical reporting
PfR Manager reduces learning curve, time, and costs
associated with PfR testing, configuration, implementation,
and administration
PfR Manager helps you understand and demonstrate the
impact of changewhat value is PfR providing?
42
�How PfR Manager Works
PfR Manager communicates directly with the Master
Controllers via secure API link
PfR Manager sends Traffic Class and Policy configuration
data to the Master Controllers
PfR Manager receives:
Performance statistics
Status of classes and exits
Events
Web-based interface,
URL-accessible reporting
Role-based security
43
�Configuring PfR with PfR Manager
Define Traffic Classes
Addresses, ports,
protocols, DSCP values
Configure policy thresholds
Choose modes of operation
Observe or Control
Good or Best
Passive or Active
Create security policies
44
�PfR ManagerStatus Reporting and Navigation
Aggregated view of vital statisticssingle view of PfR Domains
Traffic Class and Exit Link listing with current status
At-a-glance status and performance data
Problems on the network are immediately evident
45
�History of Traffic Class Performance
46
�Reference
Cisco PfR on Cisco.com:
http://www.cisco.com/go/pfr/
2007 Cisco Systems, Inc. All rights reserved.
47
�Leveraging Embedded Technologies for
Performance Management
Unleash the full power of your infrastructure by utilizing
embedded capabilities and data sources
Flow data
IP SLAs
Performance Routing
Numerous applications: Troubleshooting, forensic analysis,
capacity planning, VoIP pre-assessment testing, SLA
management, proactive performance management
Not a panacea; complements existing tools and
technologies
What problem are you trying to solve?
48
�Bringing It All Together
Visual Performance Manager provides an integrated
view of critical network data to deliver an unrivaled depth
and breadth of information so that enterprises can more
effectively manage end-to-end quality of experience
�Thank You!
[email protected]
www.flukenetworks.com/cisco
