Printer Friendly

Overcome IP network challenges: deep-packet inspection offers a unified approach to incident, problem and performance management.

Today's enterprises are engaged in 10-Gigabit Ethernet upgrades, migrations from Frame Relay to MPLS wide-area networks, as well as data center consolidations. So what do these evolutions mean for the way today's IT infrastructure, and the applications that run over them, are managed?

Some enterprises require WAN connectivity to support unified communications and telepresence. Others have relocated data centers to support ultra-time-sensitive transactions, such as automated electronic trading, while others have increased connectivity speeds to improve the performance of bandwidth-hungry applications.


Investments in faster servers, better protocols, high-speed backbones and virtualized services have turned yesterday's low-speed, data-only networks into information technology platforms supporting a multitude of business services. The redundancy and rerouting designed into these networks has mostly hidden actual hardware or circuit outages from endusers. The bigger challenge, however, is how to address the often-persistent intermittent application degradations that represent a threat to revenue, customer service and reputation.

The packets transporting business applications throughout a global network can be leveraged for analysis in such a way as to achieve the highest level of a network operations maturity process. The reward for using these packets as evidence and implementing a mature management process for troubleshooting will be dramatic reductions in mean time to restore (MTTR) application services.

There are five easily identifiable challenges to overcome in support of managing the modern IT enterprise network.

Lack of high-definition visibility. Most mainstream management technologies are designed to operate at five-minute or even greater intervals of granularity. A minute is an eternity for applications like automated market trading, and waiting for medical images to appear can impact treatment options. Real-time views and historical analysis with one-minute granularity are essential elements of any enterprise management solution.

A unified network can no longer be managed as multiple traffic silos. Yesterday's enterprises had separate networks for analog voice and business data applications. Hence, separate management tools were traditionally used for voice and data, often from multiple vendors. In the modern, fully converged IP network, voice, video and data compete for common resources and can affect the performance of one another, even though individual applications are seemingly working fine. A best practice approach would suggest that if the network is converged, end-users should employ a converged, services-aware management solution to make troubleshooting more efficient.

You cannot manage what you cannot see. The modern IP network allows each application to be deployed across a virtual service network, similar to a virtual machine on a server. Traditional management tools, including many umbrella management solutions, are designed to work at the physical network level and can fail to detect problems in these virtual silos. When dealing with service-oriented architecture-based applications, troubleshooting must start at the virtual service network level rather than the physical network level to deliver MTTR reduction.

Monitoring health of infrastructure elements is helpful, but more is needed. The productivity and performance of an enterprise network is not only dependent on the health and status of individual devices (e.g., switches, load balancers, application servers) but also the interaction and communications between the elements. The majority of the emerging and complex problems are now found to be associated with the health of relationships, not the individual elements.

Must be able to identify business use versus recreational use versus security threats. Finally, to catch unintended use and security threats proactively requires deep inspection of all traffic content and user behavior in real time. Recreational use often presents itself as legitimate traffic from users to a legacy management tool. Web traffic, often obscured by xFlow monitoring tools, requires tools complete with granular, sub-second analysis. Deep-packet inspection and user behavior monitoring in real time is necessary in order to distinguish between software as a service and on-line gaming, between streaming sports events and multimedia training, and between Internet radio and Skype traffic.

Packet data collected from application flows in the enterprise network is a source of operational intelligence for performing passive, real-time monitoring and deep-packet forensics analysis, solving performance problems and reducing MTTR. xFlow data (e.g., NetFlow and sFlow) is limiting, with VoIP, call setup protocols, FIX-based applications, specific URLs, custom applications all potentially blind in xFlow datagrams. Packet flows can provide more complete analysis and forensics details with packets retained in storage.

In order to overcome the challenges associated with enterprise business services and productivity, such an approach or process needs to address not only individual situations and broader systemic problems that arise, but also overall network performance. A service-aware management system can provide system-wide visibility of network and application performance and proactive problem management, and have the ability to react quickly to incidents as they occur.

A service-aware network-management system needs to span all three levels of process maturity: incident management, problem management and performance management.

In the network operations maturity process model, incident management refers to the intermittent, situational degradations--one-offs, typical fire-fighting activities--and is best known as reactive management. Focused on reactive troubleshooting--events are typically reported by an end-user--IT needs a way to rapidly and definitively diagnose the source of the performance degradation. One response is to establish continuous recording of packet streams flowing through the network and implement sophisticated data mining and back-in-time forensics decode analysis to uncover the source of the most challenging issues.

Who has not had a WAN link reach capacity and become a bottleneck for end-users? This is problem manage ment, also referred to as proactive management, a more systemic approach that focuses on broader views of activities and reduction of incidents by recognizing and addressing potential problems via better visibility, planning and forecasting. Passive, packet-monitoring instrumentation and sophisticated realtime analysis play an important role in providing application-flow visibility that ultimately helps resolve problems faster.

The highest level of attainment in the maturity model is performance management, often identified as service-aware management. In this phase, performance issues are tracked and understood in terms of their specific business impact, as reflected by the health of the network-delivered applications and services that are essential enablers for business processes.

The focus at this level goes well beyond proactive to preventative, where incidents can be avoided by implementing solutions that deliver intelligent early warnings and offer better performance planning throughout the lifecycle of an application or service. By providing advanced notice of growing service-quality issues, as well as a service-oriented dashboard for rapid problem recognition and focus, organizations can respond to issues that represent the greatest threat to revenue, customer service and employee productivity.

When modern IP networks fail, the risks are greater than ever. The challenges to keep the network and applications traversing them at optimal performance are significant, yet, solutions leveraging packet flow data and providing analysis through all three essential levels of the network operations maturity process are available to mitigate and rapidly respond to these threats.

Eileen Haggerty is director of product marketing for NetScout, Westford, Mass.


Check out our new online white paper library for more information on this and many other topics.
COPYRIGHT 2008 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Network Performance
Author:Haggerty, Eileen
Publication:Communications News
Geographic Code:1USA
Date:Jul 1, 2008
Previous Article:Airline plays a hunch: WestJet's William Lee helps keep fares low by using an intelligent application delivery appliance for WAN traffic over an MPLS...
Next Article:WAN acceleration 'virtualized': take steps to optimize application performance and disaster recovery in a virtual server environment.

Related Articles
QoS for IP videoconferencing.
The distributed system option.
Deliver on the UC promise.
The data center paradox: increasing security at the expense of network performance or compliance is not acceptable.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters