Network Instruments’
Observer family of application performance troubleshooters was updated
earlier this year to give enterprises the capability to troubleshoot
multi-protocol label switching (MPLS) streams. Other new features in Observer 12
include improved multi-hop analysis, which can check performance issues, such as
high router and switch latency, and can be used to lessen excessive jitter on IP
telephony deployments, improving call quality.
Observer 12 is available in three versions offering different levels of
functionality: Standard, Expert and Suite. The Standard version is designed for
run-of-the-mill protocol analysis and troubleshooting. The Expert version
includes the multi-hop analysis feature as well as the capability to analyse the
performance of large enterprise applications, such as SQL databases, and
integrate with HP’s OpenView
enterprise management package.
Observer Expert can also process information from NetFlow- and sFlow-enabled
switches. NetFlow is a Cisco protocol for collecting IP traffic, while sFlow has
been used for similar IP traffic collection on other vendors’ network hardware,
including Alcatel, Extreme, Foundry and HP ProCurve.
The full Observer Suite adds Simple Network Management Protocol (SNMP) device
management, network trending and reporting, and a web publishing service that
can give IT managers and other technical executives network health reports on
their firm’s intranets or extranets.
The working install on a fresh Windows XP Professional system was simple,
although it required two reboots: one after the program was installed; and
another after Observer 12 allocated a user-specifiable amount of system memory
as a buffer in which to store network packet data.
A test access point (TAP) was also required to properly take network packets
from our test network. A TAP is a piece of hardware that copies traffic from
full-duplex network ports and connects to a console to give a real-time display
of all the network traffic traversing that link. Network Instruments supplied
one of its aggregator TAPs, which can be connected to a PC or operate as a
standalone system.
TAPs are taking over from Switched Port Analysers as they are much better at
dealing with Gigabit Ethernet and 10 Gigabit Ethernet (10GbE) systems, and
Network Instruments can even supply a TAP with optical fibre connections.
Although we could check performance of a local-area network (LAN) with
several servers and client systems, firms with large enterprise systems with
fast wide-area network (WAN) connections, 10GbE connections and optical
fibre-connected storage area networks (SANs) will require extra hardware.
Network Instruments can supply gigabit and 10GbE probe appliances, as well as
the GigaStor, an appliance that can capture up to 48TBs of gigabit-speed network
traffic.
After we had set up the system memory buffer, the drivers for our network
interface cards (NICs) and wireless PC cards had to be updated. The reason for
this is that although the drivers normally shipped with NICs or wireless cards
so-called network driver interface specification (NDIS) can tell you how many
error packets are seen on the network, these error packets are not processed or
passed. Observer ships with drivers that can be easily installed to pass these
error packets to the main Observer console. Observer 12 supports 802.11a/ b/g
networks, but not pre-draft 802.11n networks.
Easy troubleshooting
Starting the Observer console up, we could run a SQL query against the
Microsoft SQL Server
2005 database we set up on our Windows Server 2003 and check the response
times we obtained. As expected, these were normal, but firms using a centralised
headquarters database with branch offices downloading large chunks over WAN
connections with less than optimal bandwidth and latency should easily be able
to see problems.
The Observer 12 graphical user interface (GUI) has evolved gracefully over
time and we found it an easy and powerful system with which to record and save
packet data and then use the Observer Expert probe to analyse the file
retrospectively, if required.
Observer 12 can show standard “top talkers” statistics, the network protocol
distribution seen by the system, network packet size distribution, as well as
virtual LAN (VLAN) statistics. It can also be used to generate network traffic
to test network hardware performance and traffic flow through companies’ network
infrastructure.
Observer 12 comes with a full set of alarms and triggers that can alert users
to problems in real time or, alternatively, can be sent to admins via a paging
service that can use Ethernet or dial-up through an onboard modem. It was easy
to set up an alarm for duplicate IP addresses or unknown IP addresses. We also
set up an alarm to trigger a pager message if network utilisation averaged 50
per cent over a prescribed interval.
Overall, Observer 12 is suitable for any size or enterprise that is looking
for a comprehensive system for monitoring and troubleshooting network-attached
hardware and applications. One of the few complaints that can be levelled at it
is that a high level of technical expertise is required to set up and run the
system properly, but this also applies to all comparable systems on the market.
The systems competing with Observer 12 include
WildPacket’s
OmniAnalysis platform, NetScout’s
nGenius system, and Network General’s Sniffer and NetVigil products. The
proposed takeover of Network General by NetScout could provide even tougher
competition for Network Instruments, and
Fluke Networks’
acquisition of Crannog software earlier this year will mean further competition
in the enterprise performance management arena.
For smaller enterprises, there is also the open source
Wireshark package, which, although less
polished, offers enough features for experts to perform an excellent job of
troubleshooting less complex networks. Wireshark also runs on Linux and Unix
systems.
