- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
IT managers need visibility into the traffic flowing through their networks. Without this insight, they rely heavily on guesswork for performance problem resolution and capacity planning. Legacy measurement tools are also usually prohibitively expensive, lack scalability to today's gigabit speeds, drain network hardware productivity, and increase software and hardware ownership costs.
A new IETF draft standard, RFC 3176, addresses all these limitations to traditional traffic monitoring and forensic network analysis through network packet sampling. The informational RFC also is marketed under the name "sFlow" by the industry trade organization sflow.org.
RFC 3176 lets administrators reliably and statistically measure their networks' performance and traffic impact of all connected applications, users, servers, switches, routers and storage switches. SFlow monitors and proactively helps administrators adjust network traffic patterns in complex enterprise, metropolitan service provider and high-performance computing environments with thousands of nodes and significant bandwidth requirements.
Instead of deploying cost-prohibitive probes throughout the network, the sFlow agent is embedded in the network switch or router ASIC and samples the network traffic. The sFlow management information base controls the sFlow agent, which captures, formats and forwards the packet samples to a central RFC 3176 data collector creating a datagram. By statistically sampling network traffic, network administrators gain a system-wide view of the traffic, network security and application traffic sources throughout the network.
With typical data gathering, RFC 3176 doesn't add significant network load, which is in contrast to software-based proprietary vendor approaches to traffic monitoring. The only sFlow packet sampling work done in software on the device is a few simple lookups, marshalling data into a datagram and queuing the datagram for transmission.
When a packet is sampled, its header is extracted and placed into an sFlow datagram or detailed map of the packet's network journey, which includes header, I/O source, destination and interface statistics. This datagram then is sent immediately to the sFlow Collection Server, a central data collector and analyzer.
One collection server can gather datagrams from more than 20,000 switch ports, decoding the packet headers and other information to present detailed Layer 2 to Layer 7 usage statistics.
Because the datagram immediately is sent to the collection server, memory requirements are extremely small and bounded, meaning that complex memory management software is unnecessary. This lets the sampling standard be implemented in simple Layer 2 switches to high-end core routers without requiring additional memory or CPU.
SFlow fundamentally changes network traffic management. Configuration and control decisions are driven from statistical, quantitative and detailed information on which applications and users are using the network and for what purpose. RFC 3176 also can help eliminate rogue traffic from entering the growing number of wireless access points or combine with FreeBSD intrusion-detection systems such as Snort to offer yet another level of traffic monitoring for keeping a network secure from edge to edge and not just in select areas.
Partner Content
Blue Stripe Software
www.bluestripe.com/
Improving Application Performance Troubleshooting
Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.
Download Whitepaper
Virtual Vigilance: Managing Application Performance in Virtual Environments
This paper highlights the impact of virtualization on application performance. "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."
Download Whitepaper
Application Service Requests: The Missing Link for Pragmatic ITSM
Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.
Register for Webcast
Comment