Demystifying network analytics

Understanding how analytics should work is key to the future of network operations

mystery universe night stars

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Network analytics is key to helping IT proactively deliver great user experiences, but analytics for the enterprise access network is complicated. Besides the array of connectivity options, the heterogeneous mix of client devices and the different application models to accommodate, there are volumes of relevant input data that can be used, such as:

  • Actual data packets generated by real clients
  • Synthetic data packets generated by simulated clients
  • Real-time metrics and traps from infrastructure
  • Logs/configuration from infrastructure and servers
  • Flow data from infrastructure
  • APIs from application servers
Figure 1. How network data is used today.  Is this really analytics? Nyansa

Figure 1. How network data is used today. Is this really analytics?

Real analytics tools should be able to analyze this network data and compare it to or correlate it with other data from the network to reveal or pinpoint a specific problem or trend that can be actively addressed. After all, for analytics to be useful, the tools must show what action to take to fix a problem or enhance an experience.

The vast majority of today's IT monitoring solutions don’t do this. These solutions tend to be siloed, revealing only one aspect of the user experience like wireless connectivity, DHCP response times or application performance.  What you’re left with is lots of graphs of raw data that you must study and correlate with other things going on in the network to get any kind of actionable answer.

Some new systems go a few steps further and interpret the data and visualize it to generate topology maps, heatmaps and scatterplots, but still fall short of the real role and value of analytics. Another class of solutions are simply log processing/indexing engines that enable you to efficiently query log data from network elements and look for specific keywords. You can take this data and visualize it as well, but you’re still responsible for the correlation and analysis to come to some useful conclusion

The ideal network analytics tool should be able to answer complex questions, automatically surface insights and recommend actions, and provide a feedback mechanism.  Let’s dig deeper on these critical capabilities:

* Analytics needs to answer complex questions

Most user experience issues involve complex questions that cut across different dimensions or parts of the infrastructure.  For example, if users on the 9th floor of building 5 are having poor Skype for Business performance, is it because of the wireless, or is it because of the application?  Or, if users simply can’t connect to the network, is it an issue with RADIUS? DHCP? ARP? DNS? 

Figure 2. Next gen network anaytics need to provide actionable insights Nyansa

Figure 2. Next gen network anaytics need to provide actionable insights

Modern analytics must be able to answer these types of questions to help you resolve incidents more quickly and before users even see them.  To answer these questions, true network analytics needs to start with the relevant time-series data from disparate data sources. Next, the solution needs to correlate that data in real time. 

Here are some practical examples:

At 12:00 p.m. and 12:28 p.m., John could not connect to the wireless network using his laptop. But at 12:15 he could.  Why?

At 1 p.m., Gloria’s tablet was on VLAN 100, and it experienced DHCP timeouts. But at 2:15 she was on VLAN 200 and its DHCP transactions were successful.

These single client, protocol, time instance data points (and many others gleaned from live client network traffic inspection) serve as excellent examples of some of the necessary building blocks of input data for true network analytics.  

The hard part is analyzing how this data looks across hundreds of thousands of clients, longer periods of time, different protocols, different VLANs, different physical locations, different client operating systems, etc.  

To generate answers to complex network questions, analytics must efficiently correlate and query data across a range of dimensions and then quickly translate the result back into a plain English, useful, actionable answer to the user.  

For instance, if clients experienced slow Internet performance in buildings 20 and 21, what were the main root causes?”

The answer in this case was that the root cause that affected 90% of the client hours of slow Internet performance in building 20 was poor wireless performance, specifically poor coverage. In building 21, it was also poor wireless performance, but specifically high co-channel interference on channel 11.

This is the precise level of detail that analytics should provide for it to be useful. Think how long it would take to figure this out without analytics technology that constantly and automatically performs such analysis.

* Analytics must automatically surface insights and recommend actions

A common request from network operations: “I don’t want to wait for users to phone us about problems, nor do I have time to sift through mounds of data. Tell us who’s having a problem and how to fix it.”  

True analytics needs to automatically surface insights and recommend useful actions that IT can take to proactively improve user experience.  What’s more, the tools should be able to suggest what actions to take to deliver the biggest bang for the buck relative to improving the users’ network experience. With so many different data points from clients, network services, and applications, highly sophisticated algorithms, optimized to automatically search every aspect, layer or network dimension, are essential to discovering where the juiciest insights lie. 

But what comes out of the machine learning algorithm must be translated back into a plain English recommendation, such as:  “By removing the rogue access points interfering with the 5GHz radio of a certain access point you can effectively mitigate 400 client hours of poor client Wi-Fi performance.” 

Analytics now becomes truly actionable with tangible value that can be quantified.

* Analytics requires a feedback mechanism

Whether its answering complex questions or surfacing interesting actions that can improve user experience, verifying and quantifying the actual result is essential. 

Consider Netflix’ recommendation engine. The feedback mechanism for verifying correctness is cusomters being able to rate the movie they just saw.  In the case of network analytics, an important feedback mechanism is automatically looking at the baseline of user experience before and after the action.  

For networkers, it might look like this:  By enabling DFS channels for access points in building 5, the before/after baseline comparison showed a 9% reduction in clients experiencing poor Wi-Fi performance there. This results in the reduction of 3,000 client hours of poor Wi-Fi performance for clients in that building.

This is how analytics should work.

Technology advances changing the nature of analytics

Access to new open source Web-scale technologies and big data processing platforms (e.g. Apache Spark), coupled with Web-scale software architecture that incorporates databases optimized for the task at hand ( e.g. Apache Cassandra), now makes real analytics possible.

Legacy analytics only examining one aspect of the network or not built on this modern software architecture have no way of scaling to the problem at hand or providing any meaningful answers that can translate into quantifiable time and money savings, increased user productivity and improved user performance. This why network operations continue to be viewed as a cost center.  Modern analytics helps change this.

We use the results of analytics every day when we watch Netflix, shop on, get traffic predictions from Google maps, and in countless other consumer examples.  Network analytics, separate from traditional IT monitoring, can bring the same types of useful, actionable insights towards improving user experience on enterprise access networks. This comes at a good time given the explosion of complexity due to the expansion of wireless and arrival of BYOD, cloud and IoT.

What differentiates true network analytics from other solutions is enabling IT to answer complex questions, automatically surface insights and recommend useful actions even in the absence of a question, and then provide a feedback mechanism to verify the results.

The next time a vendor offers an ‘analytics’ solution, a good rule of thumb is to ask yourself the question: “Is this like Netflix?  Is this like Google?”  If the answer is no, then look elsewhere.

Anand Srinivas, Co-Founder and Chief Technical Officer, Nyansa

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022