How AppNeta Passive Monitoring and Deep Packet Inspection Speeds Troubleshooting

In recent months, we’ve talked a lot about how AppNeta by Broadcom offers active monitoring capabilities, and how they enable teams to rapidly troubleshoot issues across both internally managed networks and those managed by third parties, such as ISPs and cloud providers.

Once teams have identified that a given network issue is arising within the organization’s managed environment, AppNeta delivers passive network monitoring that is essential for fast, effective troubleshooting and remediation. This post looks at why passive monitoring is vital, key requirements that need to be addressed, and how AppNeta can help.

Introduction: Active and passive monitoring

To gain a complete picture for effective network operation, teams need a combination of active and passive monitoring.

Active monitoring refers to the process of continuously sending test traffic over the network and measuring the response to isolate and track performance metrics over time. In this way, users can get key insights into the user experience, including when user interactions span third-party networks.

On the other hand, passive monitoring refers to the collection of data that already exists on the network. This can include the collection of packets, flow information, and SNMP data. Passive monitoring is very useful for understanding what’s happening within internally managed networks. For external networks, such as wide area networks (WAN), passive monitoring can also include BGP data.

Ongoing challenges

IT operations teams continue to contend with unexpected issues, such as multiple users within a remote office complaining of lagging performance. IT may only find out that a user encountered a problem hours, or even days, after the issue occurred. Often, issues will appear and disappear before teams can fully understand what went wrong.

Applications are frequently the cause of these unexpected issues. It can be that new applications come online that IT doesn’t have any knowledge of. It may also be that a known application starts having a portion of traffic running across a different protocol than usual due to an update. These new applications and changes can have a significant impact, not only on the network but the user experience.

These ongoing challenges illustrate why the need for effective passive monitoring is so acute. Having strong passive monitoring is especially important in today’s “shadow IT” world. At any time, users may be running a mix of applications, some tracked and governed by IT, and some that IT has no awareness of or control over.  No matter the mix of applications in play, however, IT operations teams are ultimately responsible for following up on issues and managing service levels.

Here are just a few examples of the types of scenarios that can introduce significant changes on networks:

• A marketing manager could start using a SaaS-based remote video editing application—and start transmitting large files in the process.
• In a healthcare setting, a team could see congestion issues arise because a new backup system is transmitting large digital images, such as x-rays, during a specific time of day.
• A VP could be issued a new computer, and suddenly have their system start downloading massive amounts of data from shared storage services like Google Drive and Box.

Requirements

To contend with these evolving realities, IT operations teams need to address the following requirements:

• Isolate the issue’s domain. By leveraging active monitoring, teams can identify where the issue is located, that is, whether in the internal network or in an externally managed environment. If the issue is located in the internal network, teams must employ passive monitoring to identify where to focus troubleshooting efforts. Teams need to gain an understanding of network behavior, including anomalies and patterns. In addition, they should be able to identify “top talkers,” that is, the applications or devices accounting for the most traffic at any given time.
• Track all apps. It is important to establish complete passive monitoring coverage. Operators need to add support for any custom or internal apps that are running, so they can get a comprehensive view of all the sources of network traffic.
• Focus on end-user experience. Teams should assess how apps are performing for specific locations, hosts, and users. When balancing multiple issues, it is especially critical to understand how users are affected, and to have these insights help guide prioritization. It is important to be able to look back at the time an issue initially arose, and see what was happening on the network at that specific time. This can be invaluable in helping engineers determine the cause of the problem.
• Establish visibility across locations. When managing networks across multiple geographic locations, it is important to track these different sites in a consistent manner. Particularly when different locations have similar application profiles, this can form a very useful basis for establishing baselines and means of comparison. For example, an operator can see that two locations are experiencing an issue with the same SaaS application, and quickly deduce the issue is arising at the application provider. On the other hand, they can quickly see if there’s a location-specific problem, which can help streamline issue identification.

How AppNeta can help

AppNeta offers both active and passive monitoring capabilities that address the key requirements of today’s IT operations teams. With the solution, teams can efficiently and intelligently monitor their modern, dynamic network environments. AppNeta offers the coverage needed to enable fast troubleshooting across four error domains: user environments, external ISP networks, transit networks, and application service provider environments. The solution offers these key advantages:

Complete packet analysis

With its passive monitoring, AppNeta does deep packet inspection (DPI) of network data. The solution looks at 100% of raw packets, stripping out headers and keeping important metadata, but removing the secure payload. This allows the solution to provide excellent analysis, but limit any unnecessary strain on the network when the results are analyzed.  

Flexible deployment

AppNeta employs purpose-built hardware. Systems are available in a range of sizes and form factors to accommodate a wide spectrum of networks and organizations. Customers can choose 1GB desktop devices for residential locations as well as rack-mountable, 100GB systems. In addition, these devices offer support for multiple wireless interfaces and they can be deployed inline or via SPAN or mirror ports.

Comprehensive application support

AppNeta features comprehensive application support, delivering prepackaged coverage of more than 2,000 applications, including SaaS, public cloud, and on-premises offerings. Also, the solution comes with custom application definitions, and it is easy for teams to add support for any applications that may be running in their organization. To add a new application, administrators simply need to enter such basic information as name, description, and some combination of protocol and port. Users can also assign categories, such as whether it’s business-critical, recreational, or some other type of application.

Conclusion

For today’s IT operations teams, visibility continues to get obscured. User services increasingly rely upon external networks that these internal teams can’t monitor or manage. Further, the applications that users rely upon can change network demands dramatically, with little or no advance notice. It is for these reasons that AppNeta’s active and passive monitoring capabilities are so important today. To learn more about AppNeta’s passive monitoring, including a demo of the solution in action, be sure to watch our Small Bytes session, How to Isolate Application Performance via DPI Traffic Analysis.

In addition, visit our Small Bytes page to see a complete list of upcoming and on-demand presentations in the series.