|
NETWORK From the March 2006 issue of Communications News |
Tool set improves performance by Cathy Fulton End-to-end performance monitoring enables network engineers to view performance as the user experiences it across the entire network infrastructure, providing end-user application response time and problem isolation to the network, server or application. Two types of end-to-end performance monitoring exist: Active monitors. Active agents use a form of robot to periodically perform one or more defined business transactions typical of key applications. The robots follow a script, a sequence of timed commands, in their interactions with the server. Active monitors eliminate uncertainty about what is measured and provide a check for loss of service. When placed on dedicated platforms, any significant deviations in performance measurements will almost certainly be due to changes in network or server behavior. Active monitors, however, have three main disadvantages: the script they follow may bear little resemblance to how actual clients are using the application; without careful planning, active monitors have been known to congest network links and poorly written scripts can bring servers to their knees; and for geographically distributed organizations, deploying large numbers of active agents presents a costly configuration and maintenance challenge. Passive monitors. Passive monitoring approaches measure real user traffic and behavior, accommodating variations in user behavior, systems, Web browsers and networks. They can provide an unlimited view of performance in terms of different transactions, network segments, servers and application tiers. The server-side passive measurement of end-user response time can measure and report on the experience of all end-users when accessing key enterprise applications, without adding a significant load to the network or application servers. Passive monitors, however, may not provide the flexibility to define a desired custom business transaction, and their measurements include the variability inherent in real user behavior. Network data-gathering tools provide insight into network behavior, such as real-time traffic volume and rate by application protocol, host, and conversation; traffic sources that are grouped by business unit, geography, or subnets; and filtering traffic in order to see anomalies. There are two main types of network data-gathering tools: RMON2 network probes are dedicated instruments that monitor data packets as they cross the network at certain key aggregation points. By observing and measuring RMON2 data packet behavior on the network, network probes gather protocol and application performance-related data. The main advantages of deploying probes are: real-time traffic data captured; no additional load introduced on the network; and information is gathered on a wide range of protocols, such as TCP/IP, UDP/IP, ICMP, IPX and NetBEUI. RMON2 probes, however, can be expensive–capital investment, ongoing labor, disruptive installation, setup and lifecycle maintenance costs. In addition, for parts of a network that are already instrumented with probes, an extensive polling and reporting solution for network management may be required to leverage existing hardware. The second tool is IP flow information export (IPFIX), which gives routers and switches the ability to collect IP network traffic data. Using a router as a probe to gather IPFIX data does not require capital investment, has low deployment costs, provides measurements and reports automatically on all IP traffic, and has no lifecycle maintenance. IPFIX typically increases CPU utilization on the configured devices, but on average by only 1% to 2%. In addition, IPFIX only provides statistics for traffic coming into an interface and only IP traffic is supported. Finally, handling the high volume of IPFIX information requires a robust, scalable analysis engine with broad reporting capabilities. Once link-to-link traffic analysis is done, network engineers can drill down even further and focus on individual devices. Simple network management protocol information provides a rich data set to understand the complex interaction of equipment, applications and services making up the corporate network. The SNMP product, however, should do more than just collect and report on raw data. For optimum value, information presented by the reporting solution should be actionable. The product should support setting thresholds, and should send and receive alerts and notifications when thresholds are crossed. Cathy Fulton is chief technology officer for NetQoS, Austin, Texas. For more information: |