27
Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

  • View
    216

  • Download
    1

Embed Size (px)

Citation preview

Page 1: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Network Monitoring: A Practical Approach

Philip Smith/IT Services

University of Windsor

March 21, 2003

Page 2: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Agenda

• Campus Structure

• Benchmarking on Campus

• Tools on Campus

• Benchmarking off Campus

• Tools off Campus

• Questions and Answers

Page 3: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Campus Structure

• Core Router (Nortel Networks Passport 8610)

• 60+ Building Subnets (student + faculty)

• Computer Science and Engineering have their own networks

• Have two external connections

• Internet (Telus) at 15Mb/s + over subscription

• CAnet*4 (AT&T) at 155Mb/s

• Both connections use ATM

Page 4: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Campus Structure (Block Diagram)

Page 5: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Campus Structure (Graphical)

Page 6: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarking on Campus: Benchmarks

• FTP (TCP/IP download performance)

• TTCP (TCPIP upload performance)Need to consider both upload and

download because you could have a duplex problem.

• PERFORM3 (Novell performance)

Page 7: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarking on Campus: FTP

• FTP is a disk to disk transfer protocol theoretically this could & does affect

performance. We drop the first FTP test to each server

because the file is not cached.• FTP benchmark is run against 3 servers at or

near the network core. • Key servers are: Admin1 (administrative server/AIX-IBM UNIX) Pdomain (campus FTP server/IRIX-SGI UNIX) Zeus (Lotus Notes server/AIX)

Page 8: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarking on Campus: TTCP

• TTCP is a memory to memory transfer protocol disk is NOT involved. • TTCP benchmark is run against 4 servers at or

near the network core. • Key servers are: Admin1 (administrative server/AIX-IBM UNIX) Cronus (Lotus Notes server/NT) Pdomain (campus FTP server/IRIX-SGI UNIX) Zeus (Lotus Notes server/AIX)

Page 9: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarking on Campus: PERFORM3

• PERFORM3 is Novell’s benchmark for networks that are 10Mb/s or more.

• While Novell is not used very frequently in Computer Science it is used a great deal elsewhere on campus.

• At one point (circa 2000) Novell traffic was 2/3 of our Network.

• Modified PERFORM3 to run faster; limit is to twelve operations at 16K intervals instead of at each 4K interval.

• Modified test takes 1-2 minutes compared to 5 minutes.• Run PERFORM3 benchmark against all available Novell

servers.

Page 10: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks on Campus: Methodology

• Using Work Study labour, annually run all three benchmarks from each subnet in each building using a common laptop.

• Run 4 TTCP tests against each of the 4 TTCP server (4*4=16)

• Run 3 FTP tests against each of the 3 FTP servers (3*3=9); remember first test is discarded

• Run 2 PERFORM3 tests against each Novell server (2*~9=18)

Page 11: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks on Campus: Summary

• Results of annual building tests available on line.

URL: http://www.uwindsor.ca/netperfClick on Benchmark Database from left

hand menu.

• Also contains benchmarks from some faculty and staff that have complained about their performance.

Page 12: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus

• Protocol Analyzer

• WhatsUp

• MRTG

• MRTG-UFFE

• NMS

Page 13: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: Protocol Analyzer

• Device that lets you see packets on the wire

• Our tool is a Network Associates’ Sniffer

• Primarily a troubleshooting tool• However, by capturing the

data on a connection (e.g. uplink) over time you can collect key network statistics

• Flaw: It only does ONE connection at a time

• Protocol Analyzer measures packets

Page 14: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: WhatsUp

• Monitors network devices (e.g. switches & routers) servers & server applications

• uses ICMP (ping) and TCP/IP ports• If device responds server is deemed to be up• Flaw: Just because the web server port opens

on port 80 this does not necessarily mean the web server is working properly; it just means that the web server is up

• WhatsUp measures availability• Uses drill down method (example to follow)

Page 15: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: WhatsUp

Page 16: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: WhatsUp

• Drilling down into Memorial Hall, there is something wrong with the UPS (top diagram)

• It looks like the UPS management is down (bottom diagram)

Page 17: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: MRTG• MRTG = Multi Router Traffic Grapher• Monitors bits in and out of a network device (eg. Switch port, router

port, NIC card)• Using SNMP it queries the switch for port activity once every five

minutes• Keeps daily, weekly monthly and yearly statistics on that port• Flaw 1: If there is a lot of usage then the device(s) attached to the

port are running well. If usage is low then ????• Flaw 2: It monitors amount of bits not the number of packets. If you

had a Denial of Service attack with a large number of small packets MRTG would not indicate a problem

• MRTG measures bandwidth• Like WhatsUp, MRTG uses drill down method

Page 18: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

MRTG example: Fully drilled down view of Passport to CS SSR Router

Page 19: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: MRTG-UFFE

• MRTG-UFFE = MRTG’s User Friendly Front End

• Add on to MRTG• Homegrown utility that

documents the important (special, unusual, busy) connections on campus

• Hyperlinks to MRTG• MRTG-UFFE measures

connections

Page 20: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools on Campus: NMS

• NMS = Network Management System

• MRTG only measures bits in (received) and out (transmitted)

• Only 2 of 34 parameters on the switch port

• Future Project

Page 21: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks off Campus

• Mostly a new area of focus

• Have been monitoring using Protocol Analyzer, WhatsUp & MRTG

• Size of Internet Pipe growing yearly by about 2Mb.

• Recently we have also been monitoring using BroadBandReports.com

Page 22: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks off Campus: WhatsUp

Page 23: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks off Campus: MRTG

Page 24: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Benchmarks off Campus: BroadBandReports.Com

Page 25: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools Off Campus

• Protocol Analyzer

• WhatsUp

• MRTG

• BroadBandReports.com

• Internet Monitors

Page 26: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Tools Off Campus: Internet Monitors

• Internet Health Report http://www.internethealthreport.com/ Measures Latency (TCP Open) Between Major U.S.

carriers.• Internet Traffic Report http://www.internettrafficreport.com/ Measures Latency (ICMP Echo) & Packet loss between

selected routers world wide.• Internet Average http://average.matrixnetsystems.com/ Measures Latency, Packet Loss, and Reachability

between thousands of servers and routers around the world. (Most Comprehensive)

Page 27: Network Monitoring: A Practical Approach Philip Smith/IT Services University of Windsor March 21, 2003

Question & Answers

• Thanks for your attendance

• Philip Smith’s Network Performance site: http://www.uwindsor.ca/netperf

• Email: [email protected]