NetHawk iPro – Monitor your IP network April 2010 Table of contents 1 2 3 4 5 6 IP network monitoring EXFO NetHawk solution NetHawk iPro – Capture Appliance NetHawk iPro – User Plane Analyser Summary Product structure © 2010 EXFO Inc. All rights reserved. 2 New challenges in network operations › Traditional approaches are no longer useful: › Growing amount of real-time services › Streaming services, P2P › Faster data rates: › Network evolution: from legacy Ethernet towards 100Gbps links, IP › “All-IP” does not make things any easier: › Security issues in IP, tunnelled connections › New focus in monitoring and administration: › From transmission level to Application level › Application specific QoS › Users’ QoE › SLA © 2010 EXFO Inc. All rights reserved. 3 Why monitoring and testing is needed? › Keep the Quality of Experience level good: › Less users are complaining about the poor connections › Streaming applications require good performance without delays › Monitor the application level QoS parameters such as throughput and response times › Validate the service levels, get what you’re paying for › Capacity planning: › Network is not behaving as expected, should I buy more bandwidth? › Locate the users or equipment taking most of the bandwidth › What are the applications used in the network? › Optimize according the needs › Get the real-time information, compare your SLA › ROI, troubleshooting/time (direct/indirect costs) › Security: › What is happening in the network? › Can you identify the security risks? © 2010 EXFO Inc. All rights reserved. 4 How can we help? › Flexible solutions for all network monitoring needs: › Network Monitoring & Analysis: Allow fast network testing & application level analysis with QoS measurements to ensure optimal network performance › Network Management: Enable efficient data collection › Network Security: Faster detection & identification of illegal or unwanted activities © 2010 EXFO Inc. All rights reserved. 5 NetHawk iPro boosts several applications › › › › › › Development of IP networks and applications (functional testing, deployment) Operating & maintenance of IP networks (performance, QoS/QoE) Troubleshooting IP networks (finding & fixing problems) Optimising IP networks (preventing problems, service assurance) Specific data collection for business (billing, trading) Network security investigations (Lawful Interception) © 2010 EXFO Inc. All rights reserved. 6 NetHawk iPro family › NetHawk iPro User Plane Analyser for line speed IP flow analysis - View to your network Flow level QoS & KPI graphs Detailed packet flow analysis Network visualisation Wireshark High performance Drilldown Financial iPro User Plane Analyser NetHawk M5 Protocol Analyser users (M5, Wireshark) Enterprise Network security Network troubleshooters (Operators/SSP’s) Access to preprocessed IP flow and statistical data Protocol analysis, monitoring, troubleshooting High resolution timestamping NetHawk iPro Storage Data storage Data filtering Database Multi-interface packet capture Network A Network B High performance › NetHawk iPro IP Appliance for line speed data processing - Capture your network © 2010 EXFO Inc. All rights reserved. 7 NetHawk iPro – Capture Appliance © 2010 EXFO Inc. All rights reserved. 8 NetHawk iPro overview › Network Capture Appliance for line speed data processing › Capture, Process & Record multiple Ethernet interfaces to local storage › 10/100Mbps, 1Gbps, 10Gbps Ethernet › Line rate capture & processing › 10ns timestamping › BPF filtering syntax › Up to 12 Gbps sustained recording speed to local storage › Flexible storage configurations › Up to 16 Terabytes of local storage for high speed recording › Options for external storage › Easy installation and configuration › Full remote configuration & management › Web and SSH user interfaces © 2010 EXFO Inc. All rights reserved. 9 Benefits of using NetHawk iPro › Sustained recording for line speeds – Superior performance, don’t miss anything › Open Linux based platform – Wide range of ready tools available, customise the system according your needs › Easy integration – Open interfaces allow flexible integration with other tools › Integrates with NetHawk M5 and libpcap applications – Supports standard pcap format with nanosecond timestamps › Filter out unwanted packets – Capture only interesting traffic. Save storage and decrease traffic load › Remote access over network – Start and stop capture when needed, remote system management › Network IP statistics – see connections and extract the data › Reliability with low costs – Best price per capacity ratio © 2010 EXFO Inc. All rights reserved. 10 Use Case – iPro as Recorder Control Data Client PC Web Browser NetHawk iPro iPro / Web UI Terminal HTTP/HHTPS/SSH Packet Capture .rec .pcap smb/FTP Protocol Analyser or other 3rd party application © 2010 EXFO Inc. All rights reserved. 11 iPro as Analyser Probe Optional External Database Control Data iPro NetHawk iPro Flow Analyser Client SQL Network Monitoring System Flow DB Packet Capture pcap SNMP iPro / Web UI snmp Clients HTTP/HTTPS/SSH Smb: for optional Drilldown iPro receives packets from GbE interface iPros Packets can be recorded to local storage in pcap format Simultaneously, iPro generates flow records from received packets and stores those to open MySQL database © 2010 EXFO Inc. All rights reserved. 12 NetHawk iPro web UI – Configuration Create new recording session Manage your capture files Select the capture interface Choose the record format Set file limits and round robin recording if needed Use standard BPF syntax to set filter rules © 2010 EXFO Inc. All rights reserved. 13 NetHawk iPro web UI – Statistics Check the recording session statistics See your network flows and extract the interesting ones Find the recorded files from iPro’s storage over network Or use WebUI © 2010 EXFO Inc. All rights reserved. 14 Use Case – iPro as a capture device in multi-user protocol Analyser environment › Supports multiple users simultaneously: › Each user can define their own capture sessions with different filtering rules › Users can have access only to data they are really interested about 194.100.156.13 194.100.156.11 User A request data from 194.100.156.11 Processes capture file A 194.100.156.12 Capture file A has filter rule 194.100.156.11 Capture file B has filter rule 194.100.156.12 & .13 User B request data from 194.100.156.12 and 194.100.156.13 Processes capture file B A B © 2010 EXFO Inc. All rights reserved. 15 NetHawk iPro Technical summary iPro Number of interfaces Memory Processor Local storage Size 2x1G 2 x 10/100Mbits / 1Gbits Ethernet 4GB Intel Xeon 5520 Dualcore 2.26GHz 4TB (4 x 1TB SATA2) 1U 4x1G 4 x 10/100Mbits / 1Gbits Ethernet 8GB Intel Xeon 5520 Dualcore 2.26GHz 8TB (8 x 1TB SATA2) 2U 2x10G 2 x 10Gbits Ethernet 16GB 2 x Quadcore Intel Xeon 5540 2.53GHz 16TB (16 x 1TB SATA2) 3U Optional items Flow Analysis DB Internal MySQL database solution for storing generated enhanced flow records and KPIs iPro User Plane Analyzer Windows SW client for detailed flow analysis, network visualisation and QoS/SLA graphs External storage Additional storage options GPS synchronisation GPS time synchronisation module © 2010 EXFO Inc. All rights reserved. 16 NetHawk iPro – User Plane Analyser © 2010 EXFO Inc. All rights reserved. 17 NetHawk iPro User Plane Analyser introduction › › › iPro iPro User Plane Analyser is a stand alone Windows application for IP network analysis › Flow analysis & troubleshooting tool with line speed performance All data is queried from iPro’s DB => Post processing application Flow Analyser consists of different views: › Timeline view = Overview of data amount in database › Map view = Geographic map of the connections › Flow views = Flows, end points and sessions in table view › Graphs = Session or Flow based QoS/KPI like throughput graphs iPro Flow Analyzer client iPro M5 LAN/Internet/VPN/… © 2010 EXFO Inc. All rights reserved. 18 Product Benefits › Analyse your network performance, functionality and QoS/QoE: › Find and locate information from your network by versatile sorting and filtering methods › Visualise your network traffic to the world map › See the endpoints of communication geographically › Identify the root causes of problems in your network › Develop your network security based on the flow analysis › Improve ROI of your production network - optimise your network capacity › User Plane Analyser is a monitoring application for operators looking for specific user or application level data or measuring throughput values © 2010 EXFO Inc. All rights reserved. 19 Key features › With User Plane Analyser, customers can easily see the network flows & sessions and use the information for detailed QoS/SLA troubleshooting or monitoring › Flow view presents the connections and the parameters: › Filter, sort and find the data to find the needed information › Identify individual IP flows, aggregate flows based on any flow values like IP addresses, VLAN Ids, MPLS tags, locations etc. › Support for tunnelled IP connections (GTP-u) › More performance and statistics compared to traditional Analysers: › QoS and KPI graphs › Throughput for individual, tunnelled or aggregated flows › More detailed data via drilldown options: › Fast drilldown from network level statistics to root causes (M5, Wireshark) © 2010 EXFO Inc. All rights reserved. 20 List of iPro User Plane Analyser KPIs › Throughput and delay calculated for › MAC and IP layers (SRC/DST) › All transmission level protocols (ICMP, IGMP, TCP, EGP, IGP, UDP, DCCP, RSVP, GRE, ESP, OSPF, SCTP etc.) › Application level protocols (HTTP, FTP, TELNET, SMTP, DNS, DHCP, POP3, IMAP4, SNMP, RIP2, RTSP, DIAMETER, PING, SIP etc.) › Tunnelled connections (GTP TEID, tunnelled IPs, protocols, ports etc.) › Transmission level identifiers (VLAN, MPLS, QinQ) › Packet counters for above level and additional KPIs such as* › Packet counters for TCP Resent Only, TCP No Resent, TCP Dropped, SCTP Dropped, GTP-C, GTP-U › TCP Round Trip Time, TCP Round Trip Jitter, TCP Retransmission ratio © 2010 EXFO Inc. All rights reserved. 21 Use case – Application level performance analysis Drilldown to packet content (pcap) iPro DataPacket TimeStamp Capture iPro User Plane Analyser IP Data to show IP Sessions and KPIs Flow Generator KPI/QoS Calculation Graph window will present the KPI for selected flows Flow DB 1. iPro generates flow records from received packets and stores those to open MySQL database 2. User Plane Analyser fetches the records from database User can select any flow record and have related KPI graphs 3. User just sorts or filters the flow records based on application, performance, VLANs etc. to locate the wanted sessions © 2010 EXFO Inc. All rights reserved. 22 Use case – Real-time high-speed Signalling and UP analysis together with NetHawk M5 M5 iPro TimeStamp DataPacket LTE L3 S1- AP IP Filter Protocol UserPlane Stack Protocol Signalling Stack Real-time Detailed Decoding SCTP Port Filter IP IP L2/L1 Real-time Detailed analysis LTE Session analysis Signaling Traffic GTP-U UDP IP L2/L1 UserPlane Data User Plane Analyser KPI/QoS Calculation Flow Generator to show Session or interface Level KPIs/QoS counter DB © 2010 EXFO Inc. All rights reserved. 23 Summary › Together NetHawk iPro and User Plane Analyser will offer complete high-speed Ethernet network monitoring & troubleshooting solution for Vendors, Operators, Service Providers, Security and Enterprises › 1G to 10G Capture platform with ultimate performance that boost protocol Analysers, lawful interception or other pcap applications. › Stores the network and gives easy access to pre-processed data › Flow Analyser is a fast client to read ready records from iPro and to present the network functionalities and behaviour in different visual ways › Fastest way to locate specific IP sessions and main parameters of connections © 2010 EXFO Inc. All rights reserved. 24 NetHawk iPro product structure Central Management system Drilldown 3rd party applications CLI NetHawk M5 WebGUI User Plane Analyser (integrated to M5) User Plane Analyser (standalone) Runs @ iPro HW Control pcap Flow Analysis DB option Open interfaces NetHawk iPro Appliance Software Core Capture Extractor Processing NetHawk iPro Hardware 2*1G,1U 4*1Gb, 2U 10 Gb, 3U LC or 1000B-LX TAP GPS option Storage on board up to 16 TB External storage up to 156 TB © 2010 EXFO Inc. All rights reserved. 25 Flow records, Fast way to study User Plane eNB UE Application TCP/UDP u IPv6/v4 PDCP RLC PDN S5 Server SGi GW Application TCP/UDP ENC PDCP RLC MAC MAC Radio S-GW S1-U Radio IPv6/v4 GTP-U GTP-U GTP-U GTP-U UDP UDP UDP UDP IP IP IP IP L2 L2 L2 L2 L1 L1 L1 L1 › Flow record contains the IP session details: › IP connection information, transmission and application protocols, location details, KPIs and other main parameters L2 L2 L2 L1 L1 L1 iPro’s MySQL DataBase: -Flows records -QoS/KPIs © 2010 EXFO Inc. All rights reserved. 26 Thank You! © 2010 EXFO Inc. All rights reserved. 27