Professional Documents
Culture Documents
Integrated network analyzer overview One analyzer can uncover a multitude of information about the
of the most popular network analysis solutions offered by network and devices attached to it.
or when trying to understand how a network has changed When it is necessary to investigate device performance,
over time. Rogue devices and servers are easily uncovered such as a firewall, proxy server, switch or router, OptiView
and identified for the user. Switch MIB information is analyzer users will look at packets as they go through such
collected through discovery and provides an inside look equipment. Typically, the engineer will be looking for a
at the health and utilization levels for critical devices. change in inter-packet gaps (jitter), latency of the packets
Uncovering an over utilized or error congested switch port going through the device or even a change in the packet
will help the user quickly isolate network segments that need payload. For many organizations, packet captures also
immediate attention. provide indisputable evidence about what is occurring on
the network. This is very helpful when tackling device
Network monitoring problems with vendors or application problems with
The network monitoring capability within the OptiView development groups.
analyzer shows detailed statistics about the level and
composition of traffic on links of interest. These links
usually include critical network uplinks, internet connections
and server farm convergence points. Network monitoring
statistics include utilization levels, error counts, protocol/
application distribution, hosts by protocol and byte/packet OptiView analyzer Use/benefit
counts for the users of those applications. This information capability/use
is vital when trying to understand which protocols are using matrix
critical bandwidth. Malicious viruses or P2P applications Discovery • Network inventory and
can be uncovered and quickly shut down, leading to more change reports
network resources for true business users. • Discovery of rouge network
attached
Packet capture and protocol analysis • SNMP data gathering for
devices health and
Packet capture is the tool of choice after network health is
performance
confirmed and application or device degradation is suspected
Monitoring • Provides useful link
of causing performance problems. Packet capture and
statistics that can
analysis (often referred to as protocol analysis) is one of determine if network is
the more difficult analysis methods to master, but yields the under stress from errors
greatest understanding of how applications and packets are or utilization
actually behaving on the network. Protocol analysis entails • Application traffic analysis
can identify what’s being
capturing a copy of the network traffic in the OptiView
used on the network, how
analyzer and then analyzing the data within the built-in
much impact it is making
protocol analysis software (integrated Protocol Expert). and who is generating that
Trained users will employ capture filters to isolate only the application traffic, e.g.,
necessary traffic under investigation – typically identified by VoIP or Oracle traffic levels
IP addresses or TCP/UPD port number(s). Filtering only users • Identify malicious
applications and sources
and applications that are known to be of issue will eliminate
on network like viruses and
“noise” from the packet capture and allow the user to quickly
P2P file sharing
diagnose the root cause of application problems. Some
Packet capture and • Application analysis and
examples of application problems uncovered by protocol
analysis troubleshooting within
analysis include: the packets
• Too much data being transmitted by the application • VoIP analysis on call-by-call
basis with QoS scores
• Too many small packets being transmitted
• Provides proof of
• Consistently large inter-packet gaps
application and device
• Inconsistent large inter-packet gaps behavior to vendors
• Data retransmissions and application developers
Application Note
gains plug-and-play simplicity since no configurations need cost associated with them, are not being flooded with
to be made. non-business traffic. This location will also offer proximity
to the WAN for throughput tests that can verify a carrier
One consideration when tapping fiber links is the discovery is providing bandwidth according to contract. The network
mechanism. On copper links, the discovery packets (SNMP) edge is a location important to the network engineers who
are sent back through the tap directly onto the link. On a troubleshoot internet connectivity issues, as well as the
fiber link, a good tap utilizes a fiber splitter for fail-safe/ IT security group that must ensure malicious traffic is not
passive operation. However, fiber splitters will not allow entering or leaving the enterprise domain. Because of its
the transmission of packets back onto the network through importance, extra tap access ports should be planned to
the tapped connection. This means users need to consider accommodate both of these IT groups.
a tap that can support the placement of packets back onto
DMZ Switch
the network using a management port. Fluke Networks offers
special taps for just this purpose. Combination taps provide
configurable ports that will allow the OptiView analyzer to
receive packets from the link and send packets back onto
the network. This capability is useful for any other analysis Internet
Internet Firewall Router
Core Switch
device that needs to send packets back onto the network, Three possible tap locations for visibility into traffic entering and leaving an
but doesn’t have a separate management port. enterprise network at the edge.
An OptiView
analyzer can only Core
look at one link at Switches
a time. However,
Application
Web Server Server redundant paths
Database
Server Farm
across the mesh Switches
Test access points within the data center help the OptiView analyze application can make it nearly
performance and n-tier transactions.
impossible to get
The final location that needs consideration for the full visibility. A
deployment of permanent taps is at the distribution layer, typical scenario
between core switches and distribution layer switches. The is to use protocol
To Server Path
architecture for distribution layer switches can vary. In analysis in order
From Server Path
some models, the distribution switches are all homed to to understand
the core switch, while campus environments often employ application
campus ring architecture. In either case, test access at the transaction performance. Without dual link visibility, it
distribution layer allows OptiView analyzer users to isolate might take numerous captures in order to get a transaction
network issues that vary across different groups of end users. that starts and finishes on the same link. Another typical
If there is a problem with network degradation, network scenario is understanding the volume and make-up of
engineers can use the OptiView analyzer to evaluate the traffic between end users and servers using the monitoring
critical links that support different user groups. capability in the OptiView analyzer. Once again, the user will
only be able to see one link at time that might or might not
be representative of the whole picture.
Campus rings require permanent taps for test and monitoring access when
analysis is required at the distribution layer.
Application Note
Conclusion
The OptiView® Integrated Network Analyzer from Fluke
Networks is one the most advanced portable network
analyzers on the market. The combination of active
discovery, network monitoring, packet capture and
analysis provide multiple lenses through which you can
effectively manage your network. However, to leverage these
capabilities, network architects and engineers must ensure
proper network data access and connectivity. By combining
the OptiView analyzer with the flexibility and visibility of
in-line taps, users gain greater insight into network behavior
and application performance on critical links. Using the
power of link aggregation and regeneration, this visibility
extends to the OptiView analyzer, and any other monitoring
devices used by IT departments. For more information visit
www.flukenetworks.com/taps
N E T W O R K S U P E R V I S I O N
Fluke Networks
P.O. Box 777, Everett, WA USA 98206-0777