When we get to the point in an investigation where we are about to break out Wireshark, the complexity of the packet analysis can seem quite daunting. And yet by covering a few key points can dramatically cut the time needed to analyze any diagnostic data.
In my previous post I covered the selection of a single symptom for investigation. In this blog we'll discover the need to understand more than just the network connectivity.
I remember visiting a third party data center and chatting to a network engineer who had been leading the investigation into a Citrix performance problem. He had spent months looking at this issue and I was shocked to discover how little he understood about the system he was analyzing. I asked him to draw a rough diagram showing the main components of the system and how they talked to each other. He couldn't and didn't see the need. As far as he was concerned, packets went into one switch port and they came out of another. "I don't need to know what connected to those ports", he informed me.
This may be an extreme example, but I have attended many meetings with teams that have been investigating a performance problem and nobody is able to draw the system on a whiteboard.
Modern systems are very complex, and so we need to sketch out the system with enough detail to provide everyone with an understanding of how it works, but not so much that it's overwhelming. Advance7 has found ...