May 9 2008 12:51PM GMT
Posted by: Troy Tate
howto,
troubleshooting,
Networking,
LAN,
WAN,
forensics,
Monitoring,
metrics,
Performance,
reporting,
tools,
humor,
packet capture,
wireshark,
network analysis
I have always had an appreciation for Laura Chappel of www.packet-level.com fame and her quirky sense of … hmmmmm.. sense?? hahaha… well… she does have a great sense of humor and a heightened sense of awareness with respect to those bits and bytes flowing across our wired and wireless networks.
Laura Chappell has now gone viral after her “initial concern about being somewhat infectious”. She has launched the BitSpitters video series - fast answers to fast questions. The BitSpitters videos are hosted on YouTube right now - feel free to link to her BitSpitters page at www.wiresharktraining.com/bitspitters.html to always get the latest. After seeing the initial response from viewers, it seems more folks are interested in the humorous “How Do I Look Smarterest?” style so according to her recent Wireshark U newsletter she will be putting out some more ‘unique’ short videos for your viewing pleasure - and her newsletter has the following warning: “just wait until you see the ‘beach scene’ coming up! [Don’t even get that ‘bathing suit’ thought in your head!]“
In case you want more packet level and data networking education, I HIGHLY recommend her Master Library which you can purchase through WiresharkU. For a short time only, she is offering an dditional 50% off already discounted price. Coupon code: NLMAY Expiry: May 31, 2008.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
May 6 2008 12:47PM GMT
Posted by: Troy Tate
Networking,
LAN,
WAN,
Monitoring,
Network TAPs
I have now gotten back around to working on this activity. In case you have forgotten what I am working on, please review part 1 and part 2.
I have ordered the Datacom Singlestream SS102 Link Aggregation Tap. I placed the order last Friday. On Monday, my supplier said that it could take more than two weeks to receive this product. I was surprised by the lead time required for this device. I was first told that it could take 4 weeks for the product to ship. I am in more of a hurry than that and was about to change to a different higher-cost product to pressure the supplier to have a quicker delivery. The conversation seemed to have worked.
My alternative choice was the Network Instruments nTap. However, it was almost a 50% premium over the Datacom solution. The link I need to monitor is not a high speed link so I really do not need the memory buffer that NI’s equipment offers. I was just willing to consider it if I could receive and implement the solution quicker.
I will let you know how the product works and any issues I encounter during implementation.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Apr 29 2008 5:11PM GMT
Posted by: Troy Tate
CIO,
DataCenter,
Linux,
Microsoft Windows,
troubleshooting,
Networking,
Security,
Monitoring,
tools
My apologies to the Rolling Stones for munging their classic song.
How many times have you encountered a situation in your organization where something needs to be done yet either IT is not able or willing to support your business related efforts. There are lots of reasons for this to happen in the business world.
One division of our business is electronics manufacturing solutions where we assemble parts designed by the customer. I recently encountered a situation where a customer has some onsite testing gear to measure QA data on devices we manufacture for them. The testing gear was not for our engineers but for the customer. According to the supporting engineer, his IT department was not interested in supporting these test devices. So, the engineer was asking my organization to support the test hosts.
Well, our side of the story now… these test devices run linux as the operating system. My IT organization typically does not support linux because our focus is on Microsoft Windows systems. So, here’s the conundrum… who supports this engineer and his manufacturing requirements? The test hosts are owned and designed by the customer, yet the hosts are at my organization’s facility.
Tough situation for sure! Right now our answer is to do our best effort in supporting this engineer and the engineer is going to talk to his in-house IT department to see if they will support his requirements. It seems to be a shame that this engineer cannot find support from his own organization. He really could use this when in the end, these test systems are there to support the quality of his organization’s product.
What are your thoughts on this situation? Does your IT organization have to support third-party systems within your facility? If so, what protections have you put into place for your organization?
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Apr 23 2008 5:13PM GMT
Posted by: Troy Tate
Networking,
tools,
Data security,
LAN,
WAN
Don’t you wish that every vendor’s competitor had something similar to the Dear John (Chambers of Cisco fame) site found here.
What would a Dear Bill (Gates) letter website look like? Well a video documentary was produced and can be found here. Isn’t he a charming young man? A quick Google search for “Dear Bill Gates” turned up around 452,000 hits. Lots of folks writing with some very interesting perspectives. How about an entire book written as a letter to Bill Gates? Mark Hughes did just that and you can find his book on Amazon for $16.95 (ISBN 1412014719). I wonder if writing to Mr. Gates is like writing a letter to Santa Claus. You feel excited putting words to paper but then realize that there is little chance the letter will actually be read by the intended reader.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Apr 8 2008 2:21PM GMT
Posted by: Troy Tate
howto,
DataCenter,
LAN,
Monitoring,
VoIP,
Performance
Well, well, well, so you want to implement voice over IP or IP telephony. You have heard it is going to give you some great cost savings and make your life easier. Hmmmm… upon further thought, the idea of implementing this technology frightens you and I totally understand why.
I have implemented VOIP at four of my sites now. One in Europe that is a small office serviced by a Cisco CallManager Express implementation. My Asian site is a full CallManager cluster solution. My two sites in North America are implemented in a different configuration yet. One of the North American sites has the CallManager cluster like Asia and the second North American site is a SRST (Survivable Remote System Telephony) managed by the other North American site.
So, as you can see, my organization has a good amount of experience in this area and I hope to share some of that with you and help you through this process if you should require this technology in your environment.
Let’s start with some of the reasons some folks say IPT should be implemented.
- Capital investment costs: This really depends on the solution that you choose. Remember all of the necessary infrastructure elements that are required to support IPT. IPT implementations may add 30% or more in infrastructure equipment replacement or additions.
- Voice service costs savings: The home consumer may see some cost savings (think Vonage), but the enterprise may already be receiving long distance rates in the two cents per minute or less range. However, other operational costs may offset the savings that IPT appears to offer. More to follow on other costs/issues in a future blog entry.
- Operational savings: This may be the “real deal” when it comes to cost savings to an organization. IT becomes the owner/operator of the system as it shares the data network infrastructure and operational management.
Some future elements to follow in our discussion will include capacity planning, troubleshooting, partner selection. The volume of information to share is almost endless.
Your continued interest is greatly appreciated. Thanks for your time. Let’s be good network citizens together & practice safe networking!
Apr 2 2008 6:22PM GMT
Posted by: Troy Tate
LAN,
Performance,
Networking,
WAN,
Monitoring,
Network TAPs
As expected there are several different manufacturers and models that can handle this task. The reseller I spoke with suggested three different devices from two different manufacturers.
Network Instruments nTAP - This is the particular device that initially captured my interest in this type of solution. More information can be found here
Datacom Systems Singlestream aggregation tap - More information on the 10/100 aggregation tap can be found here. Details on a gigabit tap can be found here.
The prices I received on these devices went from around $1000 to $1500 to $2000. As you can see, there are lots of choices. I have requested a demo model of the $1000 device and will see if it will meet my needs. More to come!
Thanks for your time. Let’s be good network citizens together & practice safe networking!
Mar 20 2008 1:09PM GMT
Posted by: Troy Tate
Networking,
Monitoring,
WAN,
Network TAPs
What is the best means of watching data network traffic at the edge? My need: watch traffic inbound and outbound at the edge of the LAN and be able to remotely view reports. The reports would show information such as: current traffic flow volume & conversations; historic traffic flow volume; netflow data; latency from LAN to remote hosts.
So, some questions need to be asked and some answers given.
Where to place potential solutions:
- In the router or “cloud”.
- In the edge LAN switch.
- Between the router and the edge LAN switch.
What are the potential issues with sensor location:
- Router or “cloud” - network address translation (NAT) may hide actual source address information. What load would this service put on the router? Would there be any costs for implementing this on the router and/or in the cloud? We use managed data network services so this could be a concern.
- LAN edge switch - is port spanning or “mirroring” a valid option? What other monitoring services can the switch provide? SNMP or RMON? How would the monitor be remotely accessed if there is only one NIC and it is in listening mode only? Note that placing a destination switch port in span mode does not permit any outbound traffic to occur on that interface.
- Between the LAN & WAN - is another switch needed with port spanning/mirroring? Would a hub work with it creating a half-duplex link for inbound/outbound traffic?
What hardware provides potential solutions:
- Router or “cloud” - not the preferred method since not under my control and may have change request or monthly service costs involved.
- LAN edge switch - monitoring system would require dual NIC’s; one to listen/monitor and one for remote access. Port spanning or mirroring could place a load on the switch. SNMP or RMON queries can add traffic to the network link and impact the monitoring accuracy.
- Between the LAN & WAN - a hub is not desirable due to the fact mentioned above. It causes a full-duplex link to go to half-duplex and creates a bottleneck even though the WAN link is usually much smaller than the LAN. There is an alternative to the hub. That device appears to be called a network TAP or port aggregator. This is the solution I plan on investigating further.
Has anyone else had experience with implementing a network TAP or port aggregator for network monitoring? I will also discuss what applications I plan on using to monitor network traffic in a future post.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
