|
SPECIAL FOCUS: From the January 2006 issue of Communications News |
Probe your network The distributed analyzer is a flexible, economical method of analyzing and monitoring switch-based networks. It consists of any number of probes reporting back to a central console, providing visibility of the different segments on the network. Probes observe and collect the data traversing links, similar to traffic cameras. The most efficient probes do analysis on site and only send display updates to the console to minimize network overhead. Without probes, you would have to connect a dedicated analyzer to multiple switches, and even then you would have no way of seeing all of the data in a comprehensive view. Deploying probes across every segment of the network for complete visibility, however, is not practical. Realistically, probes should be deployed on heavily utilized or business-critical links. Ultimately, the architecture of a particular network and where visibility is required determines the best location to deploy probes. Placing probes on the full-duplex links that connect servers or server farms to core switches, for example, lets you see all traffic between servers and their clients. Connecting additional probe appliances at the edge of the network will let you focus in on select segments or stations on the network for detailed problem resolution. Deploying a specialized probe on a WAN link makes WAN frames visible, in addition to showing all traffic flowing in and out through the link. The following are examples of probe placement on a “common” network. Every network is different, so these examples may not look like your network but the concepts demonstrated should be applicable in most situations. Ethernet probe. Connected to a switch SPAN or port mirror, an Ethernet probe can show you top network users connected to that switch, help enforce corporate usage policies and aid in troubleshooting station connections. WAN probe. Deployed via a test access port (TAP) on a WAN link, a WAN probe can help to verify service-level agreements, monitor for intruders and aid in troubleshooting branch office connections. Gigabit trunk probe. A trunk-aware probe deployed via a TAP on a trunk can show server, link and application performance, as well as aid in tweaking and troubleshooting trunk performance, and troubleshooting station connections. Wireless probe. A wireless probe helps to detect security threats, detect and shut down rogue access points and troubleshoot 802.11 connections. Deploying probes at key areas on the network should give you sufficient visibility and the confidence that you are getting a comprehensive and accurate picture of the network. Failing to deploy probes in critical places on the network can result in blind spots, leading to inefficient troubleshooting and expensive mistakes. Even if probes are deployed at the most effective places on a network, however, they only show your analyzer the data that is visible to those probes. An Ethernet probe, for example, is limited to what a particular switch’s SPAN can deliver. SPAN ports do not report errors and will drop information on highly utilized links. Using a TAP on designated links will provide access to all data–including errors–that traverse that link, even if bandwidth is running at maximum capacity. So TAPs are essential on critical links, while using a SPAN port may be sufficient on less-critical links. Deploying probes that work with switches or TAPs across the network gives you the visibility to effectively monitor the network and boost troubleshooting power to ensure optimal traffic patterns across the network. Deploying probes the right way can arm you with the information needed to keep your network up and moving along. This article was provided by Charles Thompson, senior
systems engineer for Network Instruments, Minneapolis. |