249 posts categorized "Application Performance" Feed

Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet, by covering a few key points, we can dramatically cut the time needed to analyze any diagnostic data.

In my previous post we looked at the importance of a basic understanding of the topology of the system under investigation. In this blog I'll cover the use of markers; a ridiculously simple, but amazingly powerful, concept.  A marker places a distinctive packet in network packet trace data that we can easily find with Wireshark.

The RPR manual contains six pages of information on markers, covering suggested markers and what to use them for.  If you haven't used markers before you are in for a real treat.  Once you get the hang of them, you'll wonder how you ever did without them.

Let's imagine you've been investigating an intermittent slow response time problem for a bunch of users.  Nobody is quite sure what's causing the problem, although the application and platform teams insist it's not them.  You know the drill; if the cause isn't obvious it must be the network, right?

Billions_of_packets

Luckily, a user experienced the problem this morning, and you had packet traces running.  The bad news is that you have 500 GB of trace data (about 5 billion packets) and the user is vague about the time of the problem.

The first strategy ...

Continue reading "Network Troubleshooting Tip - Using Markers to Cut Trace Analysis Time (by Paul Offord)" »


LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet)



Yx_X0tC2Security is top of mind for most IT departments. Once the subject comes up, everyone has their own ideas about what security tools (IPS, IDS, DLP, WAF, etc.) and what defense strategies (black list, white list, defense in depth, etc.) should be put in place. But what about the functionality that enables the security solutions? How do you create the visibility into the network that you need to create a truly adequate security solution? Join us for the final podcast in this Best Practice series to learn about what a visibility architecture is and how you can use it to create your inline and out-of-band network security solutions.

Continue reading "LMTV LIVE | Visibility Architectures - Understanding Security Solutions (with Keith Bromley of IXIA and John Jacobs of Fortinet) " »


Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)

It’s all about time.

Alarm-2165710_640

When it comes to network monitoring, NetFlow and Metadata-based tools allow engineers to get a handle on traffic usage, statistics, capacity, and even security attacks. They quickly help us visualize the conversations and applications involved in congestion, as well as hone in on strange traffic behavior. It would be difficult (and overkill at times) to use packet data to show the same traffic statistics.

So then, why are packets necessary for analysis and monitoring?

In most cases, NetFlow and Metadata do not show us packet timing, which is critical when isolating the root cause of performance issues, and some security issues. To better understand why, let’s look at how NetFlow works.

NetFlow 101

Continue reading "Got NetFlow and Metadata – Why do I need packets? (by Chris Greer)" »


LMTV LIVE | Visibility Architectures - Understanding NPM and APM (with Keith Bromley of IXIA and Jason Suss of Dynatrace)



YouTube Live Event starts at 9:00 AM PST, Wednesday, March 3, 2017


Yx_X0tC2Most everyone in IT has heard about network performance monitoring (NPM) and application performance monitoring (APM). But what are the real benefits? For instance, what kind of information do I really get and is it worth the investment? Also, what about the complexity involved with these types of solutions? Join us for the third of several discussions to learn what a visibility architecture is, the real benefits of NPM and APM, and how you can optimize your network to take advantage of these solutions.

Continue reading "LMTV LIVE | Visibility Architectures - Understanding NPM and APM (with Keith Bromley of IXIA and Jason Suss of Dynatrace)" »


LMTV LIVE | What Can I Really Do With A Visibility Architecture? (with Keith Bromley of IXIA and Mike Canney of Viavi)



Yx_X0tC2Network visibility is an often overlooked but critically important activity for IT. The real question people often ask is, what can I really do with a “Visibility Architecture?” The short answer is that it enables you to quickly isolate security threats and resolve performance issues. The long answer is that there are over 50 different monitoring and visibility use cases that are either enabled and/or improved by implementing a Visibility Architecture. This is our second of several discussions to learn what a visibility architecture is and how it can help you optimize network data capture and analysis.

Key Points to Comment on:

Continue reading "LMTV LIVE | What Can I Really Do With A Visibility Architecture? (with Keith Bromley of IXIA and Mike Canney of Viavi)" »


Network Troubleshooting Tip - Understand the System (by Paul Offord)

When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet by covering a few key points can dramatically cut the time needed to analyze any diagnostic data.

In my previous post I covered the selection of a single symptom for investigation. In this blog we'll discover the need to understand more than just the network connectivity.

I remember visiting a third party data center and chatting to a network engineer who had been leading the investigation into a Citrix performance problem. He had spent months looking at this issue and I was shocked to discover how little he understood about the system he was analyzing. I asked him to draw a rough diagram showing the main components of the system and how they talked to each other. He couldn't and didn't see the need. As far as he was concerned, packets went into one switch port and they came out of another. "I don't need to know what connected to those ports", he informed me.

This may be an extreme example, but I have attended many meetings with teams that have been investigating a performance problem and nobody is able to draw the system on a whiteboard.

Ipt_diag

Modern systems are very complex, and so we need to sketch out the system with enough detail to provide everyone with an understanding of how it works, but not so much that it's overwhelming.  Advance7 has found ...

Continue reading "Network Troubleshooting Tip - Understand the System (by Paul Offord)" »