Network Physics NP-2000 appliance

Collects useful network-performance stats, but user interface is sluggish.

Fantasy league sports enthusiasts use player and team statistics as a key factor in knowing which players to trade to gain an edge over other enthusiasts. A winning – or losing – season can often be traced back to the right – or wrong – set of statistics. Similarly, useful network performance measurement depends on obtaining the right statistics.

Archive of Network World reviews

Subscribe to the Product Review newsletter

We recently tested Network Physics’ NP-2000, along with Version 3.0.4 of its central console software. Its superior statistics, charts and graphics, and its ability to relate business functions to specific network links, impressed us. We were dismayed, however, by its glacially slow user interface and its inability to monitor server CPU, process, memory and disk resources. We also wished it automatically could resolve problems via scripts or external programs, as some monitoring tools do.

The physical universe

The NP-2000 is a complex tool for traffic analysis, reporting and alerting. Listening passively via an Ethernet tap or mirrored switch port, it captures up to 750M bit/sec of network traffic, then slices and dices the results several ways to produce a plethora of graphs, charts, tables and alerts. The NP-2000’s Traffic Group Table, one of its principal reports, shows inbound and outbound traffic levels, both in megabit-per-second and total volume. Another report displays a multi-metric time series chart.

We could tell the NP-2000 to group the Traffic Group Table information by IP protocol, IP address, total traffic levels or one of several other options. The Business Group feature let us associate a cost center, business function or company department with one or more IP addresses. We then hierarchically linked those business groups. At our option, the NP-2000 organized its reports, such as the Traffic Group Table, by Business Group and Business Group Link. Simulating a portion of a large insurance company, we set up actuarial, agency administration, claims and collections groups, each with a set of IP addresses. Impressively, the NP-2000 let us indicate the sharing of an IP address among the agency administration and claims groups.

The appliance generates alerts when it detects a traffic condition that crosses a user-defined threshold. The traffic condition might be inbound or outbound Packet Throughput, Packet Traffic, Total Throughput or Total Traffic greater than a specified value, such as 50M bit/sec. The NP-2000 distinguishes between three levels of alerts: minor, major and critical.

For the error conditions we created in the lab, the unit logged the errors and, optionally, sent us e-mail notes and issued SNMP alerts. However, the NP-2000 lacks the ability to perform corrective actions, such as sending a port reset command to a switch or telling a server to reboot.

Several other monitoring tools offer this feature. Furthermore, the NP-2000 included alert thresholds that related to increases in specific types of network activity. When a decrease occurred in our tests – such as an outage – the NP-2000 ignored the error situation.

Understanding some of the NP-2000’s statistics might require some extra study of network technologies. For example, the NP-2000 defines Server Reset Rate as the number of TCP sessions terminated with a TCP reset by a server per second over the selected time interval. Similarly, it defines Connection Request Rate as the number of attempted TCP connections per second over the selected time interval, with an attempted connection occurring when the client sends a TCP SYN request to the server, regardless of whether the server responds. (Both these statistics relate to traffic management. An unusually high Connection Request Rate, for instance, might signal the onset of a denial-of-service attack.)

Ease of use

The NP-2000’s primary interface, which you download from within the appliance, is a Java-based central management console for configuring and viewing statistics, charts, graphs and reports. The unit also has a Web server that emits browser pages for viewing some (but not all) reports and performing some basic configuration tasks. A one-time-use serial port ASCII terminal interface lets you assign the unit an IP address at installation time.

Unfortunately, all too often we found the management console interminably sluggish, and so almost unusable. While drilling down through the Traffic Group Table window’s IP addresses, we experienced delays from 40 seconds to nearly 5 minutes before the table displayed the sub-items for the entry we were expanding. Clicking ahead to indicate the next table entries we wanted didn’t work, because the console didn’t keep up with our selections.

Similarly, clicking the Update toolbar item caused the status message “Accessing Top Group Data . . .” to appear, and the console became unresponsive, with no hourglass cursor, for nearly 3 minutes. When we asked the vendor about this, we learned the software performs database queries and sometimes performs DNS lookups when a user clicks on Traffic Group Table entries.

Moreover, after minimizing and then restoring the console window, it would sometimes come up empty, appearing completely gray with no menus, no interior windows and no response to keypresses and mouse clicks. We’d have to tell Windows to kill the task. We were also disappointed the software did not let us create a new “adaptive alert,” defined by Network Physics as a threshold exceeded by the moving average of the metric value over the latest time interval, known as the time window.

Installing the NP-2000 and its console software was straightforward. The documentation consists of Adobe Acrobat PDF files, online help and a brief, printed installation manual.

The NP-2000 uses moving averages, standard deviations and other quantifications to produce a wealth of charts, graphs and tables to help you manage your network. It could be a statistics lover’s dream – and we’d recommend it wholeheartedly – if it was more responsive, had a corrective action feature and gathered performance metrics from servers.