Slow Transfer, Packet Losses, Congestion Avoidance, Shaping and Policing (by Phil Storey)
LMTV LIVE | Troubleshooting Tesla Model S Connectivity (with Jonathan Whiteside, Darrin Roach and Paul Offord)

Some Easy Ways To Improve Network Troubleshooting (by Keith Bromley)

Some Easy Ways To Improve Network Troubleshooting

Author:  Keith Bromley, Senior Solutions Marketing Manager, Keysight Technologies 

According to the Enterprise Management Associates report, Network Management Megatrends 2016, IT teams already spend around 36% of their daily efforts on reactive troubleshooting efforts. This is for good reason. Network and application troubleshooting can be one of the most high-profile and aggravating activities there is for IT personnel. Pressure increases exponentially on IT personnel as problem resolution times increase, since this directly correlates to network and application slowness and downtime.

This blog post, a video podcast, and an ebook provide suggestions on how you can improve your troubleshooting activities. The first thing you will want to do to reduce your troubleshooting time is to implement a visibility architecture. A visibility architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security. Improved visibility is what allows you to optimize your network data capture and analysis techniques. A visibility architecture typically yields immediate benefits such as the following:  eliminating blind spots, improving data flow to security tools, and maximizing network and tool availability

Specifically, there are three layers to a visibility architecture. The first layer is data access. This is where you will want to insert taps into the network between the network data flow and your monitoring tools (or network packet broker) to improve the quality of monitoring data and time to data acquisition. Once the tap is installed into the network, it is a permanent and passive device that gives you data access. This means you don’t have to ask the Change Board for permission to touch the network again. You touch it once to install the tap and then you are done.

The second layer is the monitoring data manipulation layer. This is where you will want to deploy network packet brokers (NPBs) between those taps and the security and monitoring tools to optimize the data sent to the tools. After that, you can perform data filtering, deduplication, packet slicing, header stripping, and many other functions to optimize the data before it is sent to your tools. Just by implementing taps and NPBs, it is possible to reduce your mean time to repair (MTTR) by up to 80%. A significant portion of that time reduction comes by the reduction (and probable elimination) of Change Board approvals.

The third layer consists of the monitoring and security devices. Examples include Wireshark, packet capture (PCAP) solutions, network analysis tools like Riverbed’s SteelCentral application, and a multitude of other devices.

Once you have your visibility architecture in place, there are several possible ways to optimize your troubleshooting activities. Here are some examples:

  • Deploy NPBs that support floating filters to further decrease the time to data acquisition. Floating filters are preconfigured filters. They can be configured to capture specific types of data and feed that data to specific tools, like Wireshark. Since the filter is preconfigured, the time it takes to activate the filter can be on the order of only one minute. This means a significant reduction in the time for data captures.
  • Use NPBs that support adaptive monitoring, which speeds up the data filter deployment process by using automation to replace manual intervention. Automation using a RESTful interface to devices like a SIEM can minimize the time for data captures.
  • Implement proactive troubleshooting with application intelligence to create a macroscopic troubleshooting approach that reduces fault localization time. Application level information can be used to localize geographic and macroscopic network issues.

Network visibility solutions allow you to get a clearer picture (in a faster way) as to what is happening on your network. This allows you to reduce your MTTR performance.

Once you read the book, you will have a very good idea of what you can do and how to go about improving network operations. It shows you how to combine taps, bypass switches, network packet brokers, application intelligence, and security and monitoring tools to achieve your security and monitoring goals.

If you want more information on this topic, click here to see a list of resources that also might help you, especially if you want more details of the various use cases described in the book. You can also view a podcast on troubleshooting tips.