• United States
by Steve Taylor and Joanie Wexler

The many faces of network management

Jan 13, 20042 mins
Data ManagementNetworking

* Monitoring the WAN from the LAN

It can be challenging to distinguish among the many available network management and monitoring products. However, most do have a specific niche.

Some offer a broad yet shallow status report as to whether network devices are live. These SNMP-based “manager of managers” include the traditional likes of HP OpenView, Computer Associates Unicenter and IBM’s Tivoli software.

Then there are the quality-of-service (QoS) appliances we covered extensively last year. These devices focus on prioritizing WAN traffic to control application performance.                                                                

Then there are monitoring-only products that help you to determine what is causing network slowdowns, how much bandwidth you need to accommodate new applications, how a recent virus affected a certain application’s performance and so forth.

For example, there’s now an appliance that reportedly monitors most WAN traffic flows up through Layer 4 without requiring a device in every WAN access segment, as is the case with the managed DSU/CSUs and stand-alone probes we’ve often written about. Instead, Network Physics’ NP-2000 appliance connects directly to core LAN switches in data centers and regional aggregation points.

The company says that appliances installed in these major “choke points” monitor all traffic passing through major network interchanges, which constitutes about 80% to 85% of all network traffic. This is intended to create a baseline of traffic patterns to strengthen network troubleshooting and flag traffic-pattern anomalies, which could indicate the presence of a virus or worm.

The NP-2000 attaches to a mirrored (or “span”) port on a core LAN switch and continually analyzes individual IP, TCP, and UDP flows in real time. It can identify applications inasmuch as applications are associated with specific ports. In this respect, this type of product is less granular than the QoS appliances mentioned, which identify applications at Layer 7. 

Instead, the NP-2000 focuses on establishing detailed performance and utilization measurements on 50 performance metrics in one-minute intervals. This granularity can be helpful for troubleshooting very dynamic WANs. When an NP-2000 notes a problem, for example, it can send out a traceroute command and examine the BGP parameters, thus nailing the network condition at the moment the problem occurs.