Managing Wireshark Packet Comments (by Tony Fortunato)
Create marketing materials that make an impact! (by John Gumas)

Top Five Ways to Optimize Performance Monitoring (by Keith Bromley)

Top Five Ways to Optimize Performance Monitoring

Network performance monitoring, and especially network optimization, is more of an art than a science because there are so many factors that figure into network and application responsiveness. In addition, while there is a plethora of data on the network, determining the right kind of data that you need and where you should you be capturing it from can become very difficult. This data collection process is then further complicated by the fact that tactical data loses up to 70% of its value after 30 minutes. This makes the speed and accuracy of data analysis critical.

The solution to these problems is to create a network visibility architecture. Network visibility is what enables you to quickly isolate and resolve performance issues; ultimately ensuring the best possible end-user experience. From there, you can use anomaly driven data flows to quickly isolate potential problems.

Here is what you need to set up a visibility architecture:

Optimized Performance 2

  • Taps, virtual taps, and bypass switches – These devices give you timely access to the data you need
  • Network packet broker (NPB) – This device gives you filtering capability to maximize the flow of relevant information to your monitoring tools. NPBs enable: data aggregation, filtering, deduplication, and load balancing of Layer 2 through 4 (of the OSI model) packet data.
  • Application intelligence functionality (within an NPB) – This functionality provides additional filtering and analysis at the application layer, i.e. Layer 7 of the OSI stack
  • The final layer is made up of your security and monitoring tools. These devices are typically special purpose tools (e.g., sniffer, NPM, APM, etc.) that are designed to analyze specific data.


Once you have the Key to further success - the visibility architecture in place, here are five of the top activities IT professionals can implement to improve their company’s performance monitoring efforts:
  1. Deploy inline and out-of-band network performance monitoring (NPM) tools to provide the objective analytics you need to optimize the network traffic flows
  2. Deploy application performance monitoring (APM) tools to provide real-time data analytics to help you manage your network. This lets you see problems before your users do.
  3. Use application intelligence to identify slow or underperforming applications
  4. Leverage application intelligence to prevent application bandwidth overloads on your network
  5. Implement proactive monitoring to create better and faster network rollouts

The first activity is to deploy NPM solutions. NPM tools can be very effective at diagnosing network issues. An NPM solution is comprised of tools that can take metrics from your baseline analysis, flow data, and information that can come directly from your network devices to give you a complete picture of your network. However, standalone deployments of these tools can run into problems like: overloaded disk space and processing, the need for different interface ports based upon network traffic speed, and the need for lots of input ports to capture data across the network. An NPB can be used to capture network data and filter that data before it goes to the NPM tool. This increases the efficiency of the tool by reducing clutter. The additional filtering of duplicate data further enhances the efficiency and also removes the storage waste associated with storing irrelevant data.

Combining an NPM solution with a virtual tap and an NPB also lets you use physical tools for the analysis of virtual data information to increase the efficiency of your NPM solution. If you combine an NPM tool with a bypass switch to insert the device inline, you can analyze your network for real-time performance problems as well.

The second activity involves APM solutions. One of IT’s main tasks is to ensure application availability across the network. This is a complicated task because of various parameters, including physical network effects, distributed employee network access, use of virtualization and cloud networks, assorted security threat controls, a multitude of device types in use, and network bandwidth limitations. According to research conducted by Enterprise Management Associates in October of 2016, 41% of IT personnel spend over 50% of their time working on network and application performance problems.

Network administrators need application monitoring tools to help them discover, isolate, and solve problems related to applications. Various parameters require analysis, including client CPU utilization, data throughput, bandwidth consumed, application memory consumed, and geographic location of problems. Some tools even allow you to drill down into the application code to get even more insight.

APM solutions allow you to understand the performance of critical transactions happening on your network and correlate the transactions and data across your network. This information can be used to solve performance and availability issues. As an example, a common blind spot for hospitals is access to application data and application performance trending. Hospitals using an electronic medical record (EMR) application often have problems correlating all of the information from their different systems. Once an NPB is deployed, it is able to aggregate data from the relevant sources, filter out the correct data, and then feed it to the hospital’s APM tool for analysis.

A third area of focus is application intelligence, which is the ability to capture application data across your network. Once you have this application data, it can be used to identify slow or underperforming applications. For instance, application information, flow data, and geographic information can be combined to show what applications are running on your network, how much bandwidth each application is using, and what the geographic usage is for the application. This solution allows you to isolate and filter traffic matching specific applications, geographies, keywords, and handset types. This data can then be exported to other applications, like a Splunk application or something, for long-term data collection and performance trending.

As a follow on, application intelligence information can be used to predict user and application performance. A fundamental benefit of this solution is that you can see if there are any bandwidth bursts or explosions happening. For instance, one mobile carrier a few years back had a situation where a new smartphone application was introduced. It was an interactive application between multiple users. Customers loved the app and usage skyrocketed. In fact, over the course of a couple weeks, the bandwidth consumed became exorbitant and the mobile carrier network actually crashed and was out of service for several hours—all because of this one application. Application intelligence would have provided an indication early on the size of the application bandwidth and the rate of growth. IT personnel could have then used this information to limit the application bandwidth or usage.

Proactive monitoring is a fifth way to improve performance. This solution uses visibility technology to actively test your solution either before rollout, during rollout, or after rollout. For instance, it can be used to provide better and faster network and application rollouts by pre-testing the network with synthetic traffic to understand how the solution will perform against either specific application traffic or a combination of traffic types. The synthetic traffic provides you the network and/or application loading of a “busy hour” and the flexibility to perform evaluations during the network maintenance window. Ops and DevOps teams can validate their solutions with less risk using proactive monitoring functionality.

Utilizing these five use allows you the ability to more easily solve some important performance problems for your network. You can also check out this ebook (The Definitive Guide to Visibility Use Cases) and a podcast from Ixia (a Keysight company) and ExtraHop to get more tips on how to strengthen your security architecture.

Keith newAuthor: Keith Bromley is a senior product marketing manager for Keysight Technologies with more than 20 years of industry experience in marketing and engineering. Keith is responsible for marketing activities for Keysight's network monitoring switch solutions. As a spokesperson for the industry, Keith is a subject matter expert on network monitoring, management systems, unified communications, IP telephony, SIP, wireless and wireline infrastructure. Keith joined Ixia in 2013 and has written many industry whitepapers covering topics on network monitoring, network visibility, IP telephony drivers, SIP, unified communications, as well as discussions around ROI and TCO for IP solutions. Prior to Keysight, Keith worked for several national and international Hi-Tech companies including NEC, ShoreTel, DSC, Metro-Optix, Cisco Systems and Ericsson, for whom he was industry liaison to several technical standards bodies. He holds a Bachelor of Science in Electrical Engineering.

Oldcommguy dubs Keith "One Of The Good Guys" in today's technology!

Please note - Keith has many other popular articles on - and on Keysight Technologies.

Cloud networking once more into the breach!












Top five ways to strengthen a security architecture