Earlier this week, yours truly and Mike Patterson (president of network performance vendor Plixer International) were discussing Jimmy Ray Purser’s excellent blog story – network management sucks, when suddenly, totally out of left field, Mike starts complaining about why spaghetti sauce outsells network management systems (NMS). What, spaghetti sauce and NMS? Well, according to Mike, there are 4 reasons why spaghetti sauce outsells network management systems: 1. Thick (i.e. Inventory) 2. Rich (i.e. Aggregation) 3. Authentic Italian (i.e. Correlation) 4. Zesty (i.e. Ease of Adds, Moves and Changes) As I began to wrap the telephone cord tightly around my neck with thoughts of committing Japanese harakiri spaghetti style, Mike saved my life by suggesting that I watch the following video: Malcolm Gladwell – What we can learn from spaghetti sauce
For over 15 years, network monitoring for most companies meant using a utility which pings all of the critical devices on the network. If the device doesn’t respond, a notification is sent out. Since the early ’90s these utilities have become increasingly sophisticated, using synthetic transactions to ensure the actual application is running. Response time and availability reports can also be generated from the polled data and most network monitoring applications are even providing SNMP trends.
IT always seems to be caught in the middle of the WAN-performance battle: On one hand, users never seem to be happy with an application’s performance; on the other, the bean counters won’t budget for bigger pipes. If more bandwidth isn’t the answer to end-users’ performance problems, then what is?
Although the means to, motives for and targets of a DoS attack may vary, it generally comprises the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Collections of compromised systems used in some types of DDoS attacks are known as botnets.
Hopefully, this Q & A with Plixer CEO Michael Patterson will provide us with a better understanding on what Plixer’s Flow Analytics strategy is all about. What is Flow Analytics and is it better than NBA (Network Behavior Analysis)? It isn’t necessarily better, it is a different approach to flow analysis. Based on feedback from customers, we felt we could catch 90% of issues using a few behavior algorithms and then focus on specific areas. Specifically, Flow Analytics focuses on collecting data across hundreds of routers and switches and displaying status windows on:
Welcome to the first in a three-part series on network behavior analysis through the eyes of Plixer International. The second part in the series focused on NetFlow analytics vs. network behavior analysis, while the third focused on network behavior analysis and DoS attacks.
International will help us outline what is involved when setting up IP SLA jitter monitors on Cisco routers. We will also discuss how to create IP SLA reports through SNMP using a typical SNMP trending tool.
The Enterasys switch supports NetFlow v9 and the Extreme switch supports sFlow v5. They cranked up the sampling rate on the Extreme to sample every packet. Plixer wasn’t confident that the Extreme Summit switch can sample every packet but, the switch didn’t bark at after they entered the command. For flow collection, they used Scrutinizer NetFlow and sFlow Analyzer v6.0 which is pictured below. PLXRSW3 (sFlow) is the Extreme Summit switch and PLXRSW1 (NetFlow) is the Enterasys Switch: