Application Performance Management - Deployment Best Practices Using Ixia- Anue Net Tool Optimizer



Similar documents
Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Enabling a Converged World. Are Duplicate Packets Interfering with Network Monitoring?

Solving Monitoring Challenges in the Data Center

WHITE PAPER. Best Practices for Eliminating Duplicate Packets

Are Duplicate Packets Interfering with Network Monitoring? White Paper

Best Practices for Network Monitoring

White Paper. Simplify Network Monitoring

Five Steps to Building Visibility and Security Into Your Network

Tool Optimization. Benefits. Introduction. Technical Brief. Extend the usage life of tools and avoid costly upgrades

Multi Stage Filtering

White Paper. Optimizing Visibility, Control and Performance of Network Traffic

Cisco Bandwidth Quality Manager 3.1

WHITE PAPER. Extending Network Monitoring Tool Performance

Cisco NetFlow Generation Appliance (NGA) 3140

NetFlow/IPFIX Various Thoughts

Administrator Guide. CA Multi-Port Monitor. Version 10.2

Observer Probe Family

Flow Analysis Versus Packet Analysis. What Should You Choose?

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

4G Aggregation Network Monitoring (ANM) Switch

Network Agent Quick Start

Detecting rogue systems

Architecture Overview

Enhancing Cisco Networks with Gigamon // White Paper

Network Instruments white paper

Cisco and Visual Network Systems: Implement an End-to-End Application Performance Management Solution for Managed Services

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

Analyzing Full-Duplex Networks

Secure Access Complete Visibility

Secure Networks for Process Control

HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES

WHITE PAPER. Static Load Balancers Implemented with Filters

Cover. White Paper. (nchronos 4.1)

Net Optics xbalancer and McAfee Network Security Platform Integration

Integration with CA Application Delivery Analysis

BroadCloud PBX Customer Minimum Requirements

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Development of 10 Gbits/s Traffic Shaper

Application Note Gigabit Ethernet Port Modes

Observer Probe Family

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

Intelligent Data Access Networking TM

Question: 3 When using Application Intelligence, Server Time may be defined as.

White Paper. Intrusion Detection Deploying the Shomiti Century Tap

Deployment Guide Microsoft IIS 7.0

Integration with CA Transaction Impact Monitor

Cisco Integrated Services Routers Performance Overview

Configuring NetFlow-lite

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

SiteCelerate white paper

Best Practices for Security Monitoring

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

VXLAN: Scaling Data Center Capacity. White Paper

Choosing Tap or SPAN for Data Center Monitoring

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

Network Instruments white paper

Monitoring Traffic manager

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Testing L7 Traffic Shaping Policies with IxChariot IxChariot

FIREWALL CLEANUP WHITE PAPER

HP IMC User Behavior Auditor

Observer Analysis Advantages

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

Load balancer (VPX) Manual

Web Traffic Capture Butler Street, Suite 200 Pittsburgh, PA (412)

FortiDDos Size isn t everything

Network Simulation Traffic, Paths and Impairment

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

hp ProLiant network adapter teaming

How Network Transparency Affects Application Acceleration Deployment

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Network Instruments white paper

Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

B&B ELECTRONICS WHITE PAPER. Managed Ethernet Switches - Key Features for a Powerful Industrial Network

IP Filter/Firewall Setup

Cisco Performance Visibility Manager 1.0.1

What s New in VMware vsphere 5.5 Networking

Network Performance Management Solutions Architecture

Integration Guide. EMC Data Domain and Silver Peak VXOA Integration Guide

Securing Networks with PIX and ASA

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Avaya P330 Load Balancing Manager User Guide

Barracuda Load Balancer Online Demo Guide

Networking Topology For Your System

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

Layer 3 Network + Dedicated Internet Connectivity

Service Description DDoS Mitigation Service

IP SAN Best Practices

TIME TO RETHINK PERFORMANCE MONITORING

How To Make A Network Safer With Stealthwatch

pc resource monitoring and performance advisor

Active Visibility for Multi-Tiered Security // Solutions Overview

NfSen Plugin Supporting The Virtual Network Monitoring

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Isilon OneFS. Version OneFS Migration Tools Guide

Quality of Service (QoS): Managing Bandwidth More Effectively on the Series 2600/2600-PWR and Series 2800 Switches

Configuring WCCP v2 with Websense Content Gateway the Web proxy for Web Security Gateway

Transcription:

Application Performance Management - Deployment Best Practices Using Ixia- Anue Net Tool Optimizer Purpose: Overview on how to use Ixia s Anue Network Tool Optimizer (NTO) to provide the CA Application Performance Management (APM) full access to all needed traffic from SPAN/Tap network access points. This document also describes how quick turn loaner NTO units can be requested from Ixia-Anue to eliminate common POC deployment obstacles such as SPAN/Taps shortages, excessive traffic and port shortages. Content: Overview... 1 Requesting loaner units for POCs... 1 SPAN/Tap Port Shortages... 2 Port Aggregation... 2 10G/40G ports to 1g Tools... 3 load balancing Across Multiple APM Devices... 3 dynamic filtering... 4 De-duplication... 5 Clean up Dirty SPANs... 5 Alert based packet capture... 6 OVERVIEW Ixia s Anue Net Tool Optimizer (NTO) works in concert with CA s APM tools to monitor the customer s network. The Anue NTO passively directs out-of-band network traffic from multiple access points (SPANs or TAPs) in the network to the CA APM packet based tools such as TIM, Multi-Port Collector, and Gigator. Traffic is aggregated from all needed access points in the network to provide comprehensive visibility and to address shortages in monitoring access points. The NTO helps the APM work at peak efficiency by filtering out unneeded traffic and removing duplicate packets. The NTO allows traffic from a single network access point to be shared with multiple monitoring tools. This eliminates the SPAN/TAP shortages that occur when another tool is attached to a needed access point. REQUESTING LOANER UNITS FOR POCS Quick turn Anue NTO loaner units are available to eliminate POC SPAN/Tap shortages, excessive traffic, and port shortage issues. Please email your request or questions to ca@ixiacom.com with your contact information and requested delivery date. Ixia-Anue will contact you promptly to work out the logistics of delivering the unit to the POC site and retrieving it after completion. Ixia-Anue is also happy to help install the unit. IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 1

SPAN/TAP PORT SHORTAGES Problem: CA APMs packet based tools use traffic from network router/switch SPAN Ports or Taps. Since most routers/switches support only 2 SPAN sessions, and since many enterprise customer have more than two monitoring tools which they want to send packets to, this creates a contention bottleneck which can hinder a CA APM deployment or POC Ixia-Anue NTO copies SPAN packets to multiple tools using simple GUI With an easy to use GUI, connections are drawn to which ever tools need to receive a copy of the network SPAN traffic. No complex router/switch configuration or CLI work is needed. SPAN and Tap shortages are overcome, allowing deployment APM to be deployed, even when other tools are already using the required network access points. PORT AGGREGATION Problem: CA APM tools may need to receive traffic from multiple SPAN/TAP sources. Making connections from multiple SPAN/Taps to the APM can be a challenge due to APM port availability constraints. Ixia-Anue NTO merges traffic from multiple sources into one APM port With an easy to use GUI, connections are drawn from which ever Network sources which the CA APM needs to see. Increased visibility because one APM port can monitor multiple network access points. The Anue NTO s drag-and-drop control panel is used to direct traffic to the APM probe port(s). In this example, the APM is monitoring four links in an asymmetric network. Traffic is being filtered so that the 1G APM can monitor multiple 4G of traffic. The distribution switch SPAN traffic is being shared with the APM and an IDS IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 2

10G/40G PORTS TO 1G TOOLS Problem: The CA APM may be mismatched with the network in terms of throughput capacity; e.g. multiple 1G network ports sent to a single 1G APM probe or 10G/40G network ports sent to a 1G APM port. These mismatches cause packet drops which negatively impact APM results. Ixia-Anue NTO optimizes un-needed traffic to alleviate capcity mismatch The NTO has a number of features to remove reduce un-needed, redundant and excess traffic; - Burst-Protection for 1G Tool Ports short bursts (up to 200 MB) of traffic can be queued when connected network throughput exceeds 1Gbps - Un-needed network traffic can be filtered out using a variety Layer 2,3,4 plus Custom offset criteria - Traffic can be load balanced between multiple APM tools (more on this later) - Redundant packets can be removed using De-Duplication (more on this later) With the help of Ixia-Anue, CA APM can monitor mismatched network/tool capacity with fewer drops, increasing APM accuracy and effectiveness LOAD BALANCING ACROSS MULTIPLE APM DEVICES Problem: Large deployments often require that multiple APM devices or ports are deployed in order to keep up with high bandwidth requirements. Manually distributing traffic to each APM device or port is difficult and inefficient because sessions need to remain intact to each APM port. As a result, some ports can be over utilized and dropping packets, while other ports are underutilized. Ixia-Anue NTO Load Balancing can be used to spread load across APM probes The NTO allows session-aware load balancing of network traffic across multiple APM ports/tools. APM Tools can be easily grouped using the Ixia-Anue GUI Connect Load Balance Group(s) to any desired combination of network ports and traffic filters. The load balancing algorithm uses layer 2, 3 and 4 criteria to keep intact sessions going to any particular APM tool for accurate reporting Traffic is balanced evenly across the APM tools and statistics are available to view loads Example of traffic being evenly load balanced across 3 APM ports while keeping sessions intact With the help of Ixia-Anue, CA APM can easily be deployed in a load balanced architecture, to provide sufficient capacity to monitor all the customers transactions IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 3

DYNAMIC FILTERING Problem: In some cases the APM may only need to see certain type of traffic e.g. (Web, Critical VLAN). Sending unneeded traffic to the APM device can cause packet drops as well as decrease APM performance. Different traffic may need to be sent to different tools or ports (e.g. HTTP only to some, ALL traffic to others) Ixia-Anue NTO Dynamic Filtering can limit and re-direct traffic as needed The NTO Dynamic Filtering feature provides a rich set of filtering criteria and options to limit and/or redirect network traffic to monitoring tools; Pass by Criteria, Deny by Criteria Layer 2 Criteria; MAC, VLANs, Ethertype IPv4 Layer 3 Criteria; IP Addressing, DSCP, IP Protocol IPv6 Layer 4 Criteria; IP Addressing, Traffic Class, Next Header Layer 4 Criteria; Port, TCP Control Combined Criteria (AND, OR) Create your own re-usable Filter Libraries Easy Filter Configuration from GUI, no complex CLI rules or dealing with rule overlaps Filters can be easily defined from the GUI. No CLI is needed.one click accessible statistics show how much traffic the filters are inspecting and matching. Reduce impact of tool overload by filtering out un-needed traffic Direct different types of traffic to different CA tool ports for distinct analysis Flexibility to use CA APM in diverse and specialized monitoring scenarios IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 4

DE-DUPLICATION Problem: In SPAN monitoring environments it is not uncommon for 20-50% or more of packets to be duplicates, such duplicates can cause several problems; overutilization of network connections to APM tool ports, excess load and performance degradation on the APM tool itself (CPU, Storage), erroneous statistics in the APM tool. Although it may be possible to configure the APM tool to deal with some of these issues, this comes at a performance impact to the APM tool. Ixia-Anue NTO De-Duplication efficiently removes duplicate packets before they reach monitoring tools Using its high-performance Advance Feature Module (AFM) card the NTO analyzes all packets passing through the AFM and looks for duplicates, if found these are discarded before being send out the links connected to the monitoring tools. De-Duplication looks for any exact bit-for-bit packet duplicates within a specified number of microseconds (default 500 microseconds), when found these are discarded In certain scenarios header information can be ignored to avoid false negatives. This allows the APM to disgard unneeded SPAN dupilcates, but receive valauble multi-hop duplicates. o e.g. in certain monitoring architectures the same packet may be monitored before and after a router, in this case the packet would have different MAC addresses but the payload would be the same in such cases you can choose to configure the NTO to ignore the MAC header before deciding if the packet is a duplicate o VLAN, and IP headers can also be ignored (e.g. NAT d enviroments) Reduced Bandwidth Contention on Network links connected to the CA APM tool(s) Reduced CPU and Storage load on the APM tool Ixia-Anue s High-Performance purpose built AFM card offloads de-duplication task for CA APM tool so that it can focus on its core processing, analysis and reporting tasks CLEAN UP DIRTY SPANS Problem: Customers must complete very precise and complicated SPAN configurations in their switches to ensure that the right traffic gets to CA APM for monitoring. SPANs should be configured to allow the needed traffic, while avoiding too many un-needed or duplicate packets (i.e. Clean up the SPAN), however it is not uncommon for SPANs to be incorrectly configured due to complex CLI access lists and other criteria. Ixia-Anue NTO can be used to Clean-Up Dirty SPANs The Anue NTO can be used to clean-up un-necessary and burdensome SPAN traffic post Switch, thereby improving the performance of CA APM, while freeing the customer from having to undertake complex SPAN optimization on the switches themselves. Customer can maintain a relatively simple SPAN configuration on their switches Anue NTO can be used to offload complex filtering tasks from the switch SPANs Anue NTO can remove duplicate packets, which is a common problem in all but the simplest of SPAN monitoring environments. The CA APM isn t burdened by un-necessary SPAN traffic The customer doesn t need to spend un-due time figuring out complex SPAN filtering and access list rules POCs and deployments go faster due to less network configuration complexity IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 5

ALERT BASED PACKET CAPTURE Problem: In some less critical portions of the customer network, it may be impractical or too expensive for the customer to capture all packets all the time, however they may still wish to be able to send packets for select events to analysis tools such as CA Observer/Gigastor. Solution Ixia-Anue NTO has Integration available with CA Spectrum, enabling event driven packet capture Anue Integration scripts are available for CA Spectrum. When a specified event is seen in CA Spectrum, this triggers the integration which in turns automatically configures the Anue NTO to send a filtered packet stream to the CA analysis tool. Customer can right click an alert in Spectrum, instructing the Anue to send only packets for the affected device to the analyzer Spectrum Alert Notification Manager can be configured to automatically trigger the Anue integration for select specific alerts, thus only sending the most relevant packets to the CA analysis tool. (Automated Incident Remediation) The Anue Integration maintains a log of packet capture events, making it easier for the troubleshooter to conduct retrospective root cause analysis Similar Integration could be built for other CA tools. The customer has full root cause analysis available, from CA Spectrum event, to log, to packet analysis Packet storage requirements reduced, in non-core deployments that might not justify always-on recording Have a business case to stretch CA packet based tool deployments outside traditional critical core For Further Information, please contact ca@ixiacom.com IXIA 2013 APM Deployment Best Practices with Ixia-Anue Net Tool Optimizer 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information