A number of articles these days are talking about high speed networks. Look at some of the news and discussions.

11th Oct 2011: ETT, Ciena deploy 100G network in Eastern Europe

28th Oct 2011: Huawei to launch 100G network in Russia

1st Nov 2011: US energy agency demos blazingly fast network

They all point to one thing – The advent of 100 Gigabit Ethernet in the commercial segment. Many hardware vendors have announced commercial 100G Ethernet supported devices like Alcatel-Lucent, Cisco, Huawei and Brocade. A look at the ‘Analyst Note’ in a PR by Infonetics Research points that more vendors will soon join the 100G bandwagon.

“Also of note were very strong shipment trends in 100GBase LR4 modules, demonstrating the widespread prototyping and trial activity now underway among 100 Gbps vendors and service providers,” notes Andrew Schmitt, directing analyst for optical at Infonetics Research.

Why move to 100G networks?

We consistently come across articles predicting bandwidth usage shoot up and doubling of video and VoIP traffic within a few years. Cisco makes the following observations in one of their reports:

  • Annual global IP traffic will reach the zettabyte threshold (966 exabytes or nearly 1 zettabyte) by the end of 2015. In 2015, global IP traffic will reach 966 exabytes per year or 80.5 exabytes per month.
  • Global IP traffic has increased eightfold over the past 5 years, and will increase fourfold over the next 5 years. Overall, IP traffic will grow at a compound annual growth rate (CAGR) of 32 percent from 2010 to 2015.
  • In 2015, the gigabyte equivalent of all movies ever made will cross global IP networks every 5 minutes. Global IP networks will deliver 7.3 petabytes every 5 minutes in 2015.
  • Business video conferencing will grow sixfold over the forecast period. Business videoconferencing traffic is growing significantly faster than overall business IP traffic, at a CAGR of 41 percent from 2010-2015.

If you are among those interested in the numbers game, check the Cisco Visual Networking Index from HERE.

As we can see, within the next few years, traffic will increase exponentially. It is not just the Internet traffic generated by home segment consumers that will increase. There is increase in telecommuting and business localization is everywhere. Be it for business discussions with remote customers or for communication between remote users or inter-branch connectivity, voice and video is the solution. More enterprises are now using voice and video conferencing and have added real time, high definition, high quality, etc. as immediate wish lists. All this requires huge bandwidth capacity.

There are also factors like increase in the number of business applications, more users in the enterprise due to business localization, need for efficient datacenter connectivity and being future ready, skipping the 40G network and thus a possible dual migration. If not this or the next, 100G will be widely used in a couple of years.

The need for network performance monitoring

Since we know that the 100G networks are here to stay, there is one thing that every network admin should be ready with – a comprehensive plan for network performance monitoring which involves bandwidth monitoring, traffic analytics and anomaly detection.

Network performance monitoring is an absolute necessity in any
type of network, be it a small enterprise who wants to save their bandwidth only for business applications or a large enterprise with high speed bandwidth for high volume traffic. The reason to monitor needs no explanation. Enterprises depend on Internet connectivity for their business functions and so a bandwidth choke or network downtime can lead to huge revenue losses. Constant monitoring helps ensure optimal bandwidth usage, keep out unwanted applications, find root cause of issues as soon as they occur, measure performance of business applications, find VoIP and video traffic usage and measure its performance, mitigate network threats and most importantly ensure that the Internet connectivity is at its best.

What type of monitoring?

Monitoring a high speed network is not the same as monitoring a low bandwidth, low traffic, low numbers of devices and users, single office network. The number of branches (be it offices, datacenters or server farms) will be higher, the number of devices used at different network layers will have increased considerably and there definitely will be an exponentially higher volume of traffic than ever before, after all one wouldn’t upgrade to a 100G network just for the sake of being technologically advanced.

With a 100G network, network admins can no longer be satisfied with just SNMP based reports on in and out bandwidth usage. In most probability, users may not even be too concerned about link utilization as the available bandwidth itself is high. The important question in a network administrator’s mind will be WHO ON EARTH is using all that bandwidth and thus a technology that can show the WHO, WHAT, WHEN and WHERE of traffic is needed.

The era of high speed networks may also signal the end of packet inspection tools that cannot scale up to handle the huge volumes of data and the ones that do scale up are reaLLLy expensive. Further, packet inspection requires a huge volume of storage space and thus continuous packet capture and long term storage is not undertaken. For example, a continuous packet capture from a 25% utilized 100Gbps link will end up generating 11250GB of data in an hour1. Such implications leads to starting packet capture for analysis only after a problem is reported. And the downside? When you start doing a packet capture and analysis after a problem is reported, in most probability the packets captured may not be the problematic ones and thus a root cause analysis becomes impossible. The solution needed is a continuous network monitoring system which will keep a track of the all network activities with no impact on storage and the network.

Out there is the technology called NetFlow or whatever other name it is known by. NetFlow (or sFlow or IPFIX and all related flow formats) captures specific IP packet information from your device interfaces with no significant overhead on its performance or bandwidth. At the same time it gives visibility into the WHO, WHAT, WHEN and WHERE of traffic. You get information about traffic and application details, network conversations, traffic time stamp, the network path and traffic route, QoS values, MPLS labels, VLAN id, etc. Another advantage of NetFlow is that the volume of data involved is not huge as it captures only specific header information from IP traffic. This allows you to do a continuous NetFlow capture but with no impact on storage and thus go back in time to analyze network issues. This very reason makes NetFlow the most apt technology for traffic analytics in high speed networks.

Network performance monitoring is not only about traffic analytics using NetFlow technology. You need to include deep packet inspection to find peer to peer application usage and use CBQoS policies to manage the traffic over your WAN links. It is also necessary to measure the link performance when carrying different types of traffic like VoIP, video and data or even measure performance with UDP and TCP protocols.

What should the monitoring tool offer?

A good NetFlow analyzer tool should let you store raw NetFlow data for a considerable time period or as per your requirements and also store the data in an aggregated format for an infinite period. This way you can analyze each network activity till you decide to discard them and later view the ‘Top N’ activities from history.

Something else to keep in mind when monitoring a high speed network is that you may now be managing more branches, all interconnected. Use a tool that can work in the distributed network model and handle time zone differences. A distributed model ensures monitoring goes on at other locations even if a data (flow) collector goes down somewhere else and the time zone reports lets you view reports in your time zone instead of an unrelated time zone.

A third factor to consider when choosing a flow analyzer is how adaptable the tool is. Networks no longer are made of single vendor, similar type of devices where admins make do with whatever available. Today and in the 100 Gigabit era, networks are and will consist of devices selected from various vendors catering to different requirements. The datacenter switch, the core switch, the distribution layer device, the firewall, the edge router, the WAN optimization device – each from different vendors, chosen based on cost, capability and most of all, the user’s network requirement. So when selecting your monitoring tool, analyze if the tool can scale to handle different volumes of flow data, if more data collectors can be added as and when the network grows, is it capable of reading new information fields available in the latest Net
Flow version like Flexible NetFlow or support multiple flow formats from the device vendors who may be using NetFlow or sFlow or even a proprietary flow design.

The last couple of years have seen a rise in the number of malwares and attacks. NetFlow data that you use for bandwidth monitoring and traffic analytics is also rich in information about network anomalies. Network behavior anomaly detection can be achieved by additional processing of the NetFlow data with complex pattern matching and rule based algorithms. When you chose a flow analyzer, remember to select one which can leverage on NetFlow data for behavior anomalies.

There are various technologies available which can add a lot more value to traffic analytics. There is NBAR for deep packet inspection, CBQoS monitoring for validating QoS policy performance, Cisco IPSLA to measure network performance of VoIP and data traffic, Cisco Medianet for video traffic monitoring and Cisco WAAS reports for traffic optimization visibility. As can be seen, Cisco leads in providing performance monitoring technologies for free to users through their device IOS. Users making the most out of such monitoring technologies should prompt other market players in bringing support for similar technologies into their devices.

Conclusion

To get the best out of the 100G network you are investing in, leverage on the technologies available at disposal. Go for a tool whose features can meet the demands of a high speed network and also includes all or most of the additional monitoring technologies available. A proactive monitoring solution will not only help in quicker drill down to root cause of issues but can also help prevent small issues from turning into a network showstopper.

Something to note and remember is that a performance monitoring system is not only for the 100G network. Any network, be it 1G, 10G, 40G or 100G, requires performance monitoring as long as the priority factors are network uptime and application delivery. And thus the set of rules that apply when selecting a performance monitoring system for 100G networks applies when selecting a monitoring tool for any enterprise network.

ManageEngine NetFlow Analyzer

ManageEngine NetFlow Analyzer is a tool that includes most of what was outlined. The product, which supports multiple flow formats and stores both raw and aggregated NetFlow data, has a distributed edition, is capable of reporting in different time zones and can detect network anomalies. It supports Cisco Flexible NetFlow and features like Cisco NBAR, Cisco CBQoS, Cisco IPSLA, Cisco Medianet and Mediatrace and Cisco WAAS reports.

Evaluate the fully features trial for 30 days and decide if it meets the requirements of your network. ManageEngine also provides free technical support during evaluation.

Regards,
Don Thomas Jacob

Download | Interactive Demo | Product overview video | Twitter | Customers | Let Tech Support call you?


Reference and Notes:

1. Calculation of 25% utilized 100Gbps link generating 11250GB of data in an hour:

A 25% utilization of 100Gbps link means data speed is 25Gbps. This means data was transmitted at the rate of 25Gb per second. Thus, an hour leads to (25Gb x 60 secs x 60 mins) 90,000Gb which is 11250GB. For those argue that 25Gbps of data transfer may never happen in real world, my point is that even 5% of that volume is huge.

http://www.networkworld.com/news/2011/102411-ethernet-planning-guide-251837.html

http://www.ethernetsummit.com/English/Collaterals/Proceedings/2011/20110223_T2A_Barry.pdf

http://www.fiercetelecom.com/press_releases/optical-transceiver-market-35-1h11-over-1h10-100g-ramp-will-be-faster-40g#ixzz1d05dCDkL

http://www.advaoptical.com/en/innovation/efficient-100g-transport.aspx

http://en.wikipedia.org/wiki/100_Gigabit_Ethernet#Routers_and_switches_with_100GE_interfaces

http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.html

http://blog.advaoptical.com/can-100g-tame-the-network/