In a recent survey of enterprise networking and IT professionals from Sirkin Research, 35% of respondents struggled with poor visibility into performance across all fabrics of the network. But as network transformation initiatives like SD-WAN, SDN, and public/private clouds become more widespread, hybrid networks are quickly becoming a fact of life for IT and NetOps professionals. Without visibility into these networks, IT can’t troubleshoot the business-critical applications that organizations rely on.
Monitoring hybrid network can be challenging, but here are four techniques IT and NetOps can use to gain visibility into today’s complex networks:
1) Ad-hoc wireless sniffing: In my opinion, monitoring all wireless traffic isn’t realistic for most organizations – it requires too many capture points spread throughout the wireless network. A better solution is to supplement flow data and packet data from wired network segments with ad-hoc wireless packet capture for issues that can’t be resolved based on the flow data alone. Sending a network engineer on-site to conduct a packet capture is one option, but it’s extremely expensive. It’s possible, with the right setup, to use a nearby AP as a sensor to sniff wireless traffic between a client and an access point for a short time. This isn’t a common capability today, but I believe organizations need to start designing this into their networks.
As personal devices and IoT becomes more common in the workplace, wireless issues are only going to increase. If you can’t track performance across the entire end-to-end network, then you can’t truly ensure end-user performance. Therefore, having visibility into the wireless network is key to understanding hybrid networks and meeting service levels.
2) Go to the packet data when needed: There’s an “80/20 rule” in networking that says 80% of issues can be resolved using flow data. But for the 20% that can’t, organizations will need to dig into packet data, since these problems could have many different causes. For example, an end user complains that an application is running slowly. Maybe it’s the network, but the application could also be at fault. Perhaps it wasn't perfectly designed, and it's letting multiple users try to change an element of its database simultaneously, resulting in longer processing times. Without quick access to packet data, these difficult application issues can’t be resolved successfully.
There are several free packet capture and analysis tools like Wireshark, Tcpdump, and Kismet, but larger organizations with complex networks may need to invest in a packet capture and analysis product that offers features like network mapping, customizable reports, and visualizations to speed up troubleshooting.
3) Supplement flow data with deep packet inspection: NetFlow and similar types of network telemetry all have limits. For example, when using NetFlow or IPFIX to troubleshoot VoIP calls, this data includes IP addresses, but not phone numbers. Customers calling to complain about VoIP will know their number, but probably not their IP address, so IT has no way to looking up the flows they need to hunt down the problem! Network monitoring solutions that are integrated with deep packet inspection (DPI) provide the flexibility to “add” new data elements into flow data, such as the phone number of a VoIP call, and this can significantly reduce troubleshooting time. TCP retries is another useful data point that could be added to quickly identify network problems before they become obvious to end users. By adding selective data points to NetFlow, flow-based monitoring tools become much more useful for new situations that hybrid networks create.
4) Gather data to plan, verify and optimize SD-WAN rollouts: To ensure successful application performance during a transition to SD-WAN, enterprises need visibility into their existing network devices to determine the baseline of current application performance and decide which sites and application policies need to be developed. Planning should also include how the SD-WAN edge device(s) will interface to the existing infrastructure, especially in the case of a hybrid WAN, where some traffic will remain on the existing WAN infrastructure. Real-time visibility is also required into the new SD-WAN once it’s running to verify that it’s performing as expected. Although the SD-WAN itself can provide performance data, integrated flow/packet-based monitoring will provide more granular visibility into the complete, end-to-end application path, allowing network engineers to determine if a problem is in the SD-WAN, with the carrier or in another portion of the network. By monitoring the entire network through all three of these phases, IT can ensure a new SD-WAN project doesn’t negatively affect business-critical applications.
Troubleshooting on hybrid networks isn’t easy, but it’s essential for IT and NetOps to have these capabilities to support network transformation projects. With the techniques outlined above, IT will be well-positioned to respond to application issues quickly and effectively, no matter what fabric of the network they come from.