www.wildpackets.com© WildPackets, Inc.
Jay Botelho
Director of Product Management
WildPackets
Follow me @jaybotelho
Show us your tweets!Use today’s webinar hashtag:
#wp_omniflowwith any questions, comments, or feedback.
Follow us @wildpackets
A Confluence of Flows
Keeping Your Head Above Water
© WildPackets, Inc. 2A Confluence of Flows
There’s no debate about the need for centralized
network monitoring
HOW?
The question is
© WildPackets, Inc. 3A Confluence of Flows
Choices and Comprises
Overhead???
Cost???
Data
Gra
nu
lari
ty
Data Accuracy
SNMP
Flow-based
Packet-based
www.wildpackets.com© WildPackets, Inc.
SNMP
© WildPackets, Inc. 5A Confluence of Flows
SNMP
• Best used to identify and describe system configuration
• Monitor network-attached devices for high-level conditions
‒ Up/Down
‒ Total traffic (bytes, packets)
‒ Number of users
• Typically polling-based – heavy bandwidth impact
• Typically 5 second granularity
• Trouble-shooting/root cause analysis not possible
www.wildpackets.com© WildPackets, Inc.
Flow-based
© WildPackets, Inc. 7A Confluence of Flows
"Go With the Flow"
• Flows, or flow records, have become the default element used in centralized network monitoring
• A ―flow‖ is a sequence of packets that has the following seven identical characteristics:
‒ Source IP address
‒ Destination IP address
‒ Source port
‒ Destination port
‒ Layer 3 protocol type
‒ TOS byte
‒ Input logical interface
• By implication, a flow is unidirectional
© WildPackets, Inc. 8A Confluence of Flows
Basic Flow Analysis
• Packets enter the switch or router
• Packets sampled and flows determined
• Flow records compiled and exported to flow collector
• Flow records stored and subsequently analyzed by flow analysis software
Source: Wikipedia
© WildPackets, Inc. 9A Confluence of Flows
Flows vs. Flow Records
• Flows are a defined element
• Flow Records are analytical results that vary
by overall standard, vendor and
configuration
• The most common standards for flow
records include:‒ NetFlow
‒ IPFIX
‒ sFlow
‒ JFlow
© WildPackets, Inc. 10A Confluence of Flows
Focus on NetFlow
• Packets typically 1500 Bytes each
• Packets come in spurts – up to several Mbytes
• 20 – 50 flow records per reporting interval
• Typically 1 minute reporting granularity
• Typically ―1 out of k‖ static sampling
• Overhead (bandwidth usage - # of packets in reporting period) linearly proportional to the # of flows
• Remember the prime directive – a switch MUST perform its primary function – forwarding packets!
• Lost reporting packets can seriously impact data reliability
• A higher number of smaller flows creates greater inaccuracies
© WildPackets, Inc. 11A Confluence of Flows
On Your Network …
© WildPackets, Inc. 12A Confluence of Flows
The Details
© WildPackets, Inc. 13A Confluence of Flows
Common Flow-based Technologies
Netflow IPFIX sFlow Jflow
•Developed by
Cisco
•Proprietary
•Transit traffic &
terminated traffic
•Detailed info for
each flow
•NO payloads
•Sampling option
not 100%
accurate
• Internet Protocol
Flow Information
eXchange
•Emerging IETF
standard
•Based on
NetFlow
•Detailed info for
each flow
•NO payloads
•RFC 3176
•Statistical time-
based sampling
•Higher speed
networks
•Much less
common than
NetFlow
•NO payloads
•Sampled – not
100% accurate
•Developed by
Juniper
•Proprietary
•Similar to
NetFlow
•Detailed info for
each flow
•NO payloads
•Sampled per
global rate – not
100% accurate
Limited Troubleshooting/Root-cause Analysis
www.wildpackets.com© WildPackets, Inc.
Packet-based
OmniFlow
© WildPackets, Inc. 15A Confluence of Flows
Packet-based - OmniFlow
• Developed by WildPackets
• Analysis of every packet AND payload
• Unrivaled info for each flow
• Layer 3 - 7
• 100% accurate
• Minimal network impact – 10’s of Kbps
• Monitor AND troubleshoot
© WildPackets, Inc. 16A Confluence of Flows
OmniFlow Data
© WildPackets, Inc. 17A Confluence of Flows
Why Are Payloads Important?
© WildPackets, Inc. 18A Confluence of Flows
OmniFlow and WatchPoint
• High-level, aggregated view
of all network segments
‒ Monitor per campus, per
region, per country
• Wide range of network data
‒ NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible and detailed reports
© WildPackets, Inc. 19A Confluence of Flows
Sample WatchPoint Dashboard
© WildPackets, Inc. 20A Confluence of Flows
Monitoring AND Detailed Analysis
© WildPackets, Inc. 21A Confluence of Flows
Not All Flows Are Created Equal
Netflow IPFIX sFlow Jflow OmniFlow
•Developed by
Cisco
•Proprietary
•Transit traffic
& terminated
traffic
•Detailed info
for each flow
•NO payloads
•Sampled
option not
100%
accurate
• Internet
Protocol Flow
Information
eXchange
•Emerging
IETF standard
•Based on
NetFlow
•Detailed info
for each flow
•NO payloads
•RFC 3176
•Statistical
time-based
sampling
•Higher speed
networks
•Much less
common than
NetFlow
•NO payloads
•Sampled – not
100%
accurate
•Developed by
Juniper
•Proprietary
•Similar to
NetFlow
•Detailed info
for each flow
•NO payloads
•Sampled per
global rate –
not 100%
accurate
•Developed by
WildPackets
•Proprietary
•Analysis of
every packet
AND payload
•Unrivaled info
for each flow
•Layer 3 - 7
•100%
accurate
•Monitor AND
troubleshoot
© WildPackets, Inc. 22A Confluence of Flows
Choices and Comprises
Overhead
Cost
Data
Gra
nu
lari
ty
Data Accuracy
SNMP
Flow-based
Packet-based
© WildPackets, Inc. 23A Confluence of Flows
Summary
• Flow records are NOT created equal
• OmniFlow analyzes packet headers AND payloads
• OmniFlow is NOT statistical - 100% accurate
• OmniFlow provides analysis for all network layers
• WatchPoint aggregates data from multiple OmniFlow data streams
• When OmniFlow data isn’t available, WatchPoint also aggregates both NetFlow and sFlow data for a comprehensive network monitoring solution
www.wildpackets.com© WildPackets, Inc.
Company Overview
© WildPackets, Inc. 25A Confluence of Flows
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Our customers are leading edge organizations
‒ Mid-market, and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, and universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing Awards
‒ United States Patent 5,787,253 issued July 28, 1998• Different approach to maintaining availability of network services
© WildPackets, Inc. 26A Confluence of Flows
What We Do
• Provide network visibility and intelligence …‒ WatchPoint, OmniPeek, OmniEngines
• Expert systems – we find the problems for you
• Superior drill-down capability – trouble-shoot from anywhere
• Flexible, customizable, extensible – leverage your investment
‒ Professional services, training, best practices
• For all network segments …‒ Data center to desktop to remote office
‒ LAN, WAN, Wireless …
‒ HTTP, Email, Database, VoIP, Video …
• To …‒ Network engineers; IT Management; Developers
© WildPackets, Inc. 27A Confluence of Flows
Real-World Deployments
Education
Health Care / Retail
Financial
Telecom
Government
Technology
www.wildpackets.com© WildPackets, Inc.
Product Line Overview
© WildPackets, Inc. 30A Confluence of Flows
Product OfferingsSoftware and Turnkey Appliances
• Enterprise Monitoring and Reporting‒ WatchPoint Server
‒ OmniFlow, NetFlow, and sFlow Collectors
• Network Probes & Recorders‒ Omnipliance Network Recorders – Edge, Core
‒ TimeLine Network Recorder
‒ OmniAdapter Analysis Cards
• Distributed Analysis Software‒ OmniPeek – Enterprise, Professional, Basic, Connect
‒ OmniEngine – Enterprise, Desktop, OmniVirtual
• Portable Solutions‒ OmniPeek software
‒ Omnipliance Portable
© WildPackets, Inc. 31A Confluence of Flows
WatchPointCentralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated view
of all network segments
‒ Monitor per campus, per
region, per country
• Wide range of network data
‒ NetFlow, sFlow, OmniFlow,
SNMP
• Web-based, customizable
network dashboards
• Flexible and detailed
reports
© WildPackets, Inc. 32A Confluence of Flows
© WildPackets, Inc. 33A Confluence of Flows
Omnipliance Network Recorders
• Captures and analyzes all network traffic at the source 24x7
‒ Runs our OmniEngine intelligent probe software
‒ Generates vital statistics on network and application performance
‒ Intuitive root-cause analysis of performance bottlenecks
• Intelligent data transport
‒ Network data analyzed locally
‒ Detailed analysis passed to OmniPeek on demand
‒ Summary statistics sent to WatchPoint for long term trending and
reporting
‒ Efficient use of network bandwidth
• Expert analysis speeds problem resolution
‒ Fault analysis, statistical analysis, and independent notification
• Multiple Issue Digital Forensics
‒ Real-time and post capture data mining for compliance and
troubleshooting
© WildPackets, Inc. 34A Confluence of Flows
TimeLine Network Recorder11.7Gbps Sustained Capture
• Fastest network recording and real-time statistical
display — simultaneously‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution
© WildPackets, Inc. 35A Confluence of Flows
Omnipliance Network RecordersPrice/performance solutions for every application
Portable Edge Core TimeLineRuggedized
Troubleshooting
Small Networks /
Remote Offices
Regional Offices /
Small Datacenter
Datacenter
Workhorse
Chassis 1U 3U 3U
Memory 2 GB / 8 GB 4 GB / 8 GB 6 GB / 24 GB 18 GB / 24 GB
Expansion 1 PCI-E / 2 PCI-X 1 PCI-E or 1 PCI-X 4 PCI-E 4 PCI-E
Storage 500 GB / 2.5 TB 1 TB 8 TB 8 TB / 16 TB / 32 TB
© WildPackets, Inc. 36A Confluence of Flows
OmniPeek Network Analyzer
• OmniEngine Manager
‒ Connect and configure distributed OmniEngines/Omnipliances
• Comprehensive dashboards present network traffic in real-time
‒ Vital statistics and graphs display trends on network and application
performance
‒ Visual peer-map shows conversations and protocols
‒ Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
‒ Packet and Payload visualization provide business-centric views
• Automated analytics and problem detection 24/7
‒ Easily create filters, triggers, scripting, advanced alarms and alerts
© WildPackets, Inc. 37A Confluence of Flows
Key Differentiators
• High-level network monitoring to root-cause analysis
• Single solution for today’s converged networks‒ Wired, Wireless, 1GB, 10GB, VoIP, Video, TelePresence, IPTV
• Reduce and even eliminate network downtime‒ Automated monitoring 24x7
‒ Speedy resolution of network bottlenecks
• Improve network and application performance
• Uniquely Extensible Platform – tailored to your needs‒ Plug-ins and APIs for integration and customization
www.wildpackets.com© WildPackets, Inc.
Q&A
Show us your tweets!Use today’s webinar hashtag:
#wp_omniflowwith any questions, comments, or feedback.
Follow us @wildpackets
Follow us on SlideShare!Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
www.wildpackets.com© WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200
