Only 8.5% of organizations find it very easy to gain a global view of network operations. Tool sprawl, use of 10-20 monitoring tools, and explosive data growth (+87%) contribute to the problem, as reported by Enterprise Management Associates, Inc (EMA).

Network operations teams need help to gain full visibility and access to the modern network environment. Teams are now contending with multiple tools from different vendors, and each tool has its own interface, configuration, and data format. Tool spiral has created more challenges for teams who want to enhance network visibility. Network operations must be able to discover across traditional multi-vendor network devices such as routers, switches, and firewalls.  Teams need to visualize the network topology to understand the dependent relationships between these devices.   Adding new technologies such as software-defined networking (SDN), software-defined data center (SDDC), software-defined wide area network (SD-WAN), network function virtualization (NFV), and Wi-Fi has increased the need for an integrated end-to-end solution.

Network Observability by Broadcom gives teams complete visibility into how the network performs and behaves and allows teams to discover, configure, monitor, and maintain network components. Visibility is provided to the entire network delivery path (LAN/WAN/SD-WAN, ISP, Cloud), which turns data from any source into actionable insights to resolve network issues before users are impacted.

To learn more about how Network Observability by Broadcom helps with end-to-end network monitoring, read the whitepaper: End-to-End Network Operations Coverage.

Network Observability by Broadcom is a solution that brings together the active and passive monitoring approaches described in the End-to-End Network Operations Coverage white paper. The solution combines the multi-technology automated discovery capabilities for the internally managed network provided by DX NetOps with the active external network monitoring provided by AppNeta.

DX NetOps platform consists of a set of software components that are deployed on-premises and then integrated to power the different DX NetOps capabilities.

DX NetOps platform consists of the following software components:

• DX NetOps Performance Management provides a unified portal across the network landscape and gathers SNMP performance statistics from devices and controllers.
• DX NetOps Spectrum provides fault monitoring, proactive network change management, fault isolation, and root cause analysis.
• DX NetOps Virtual Network Assurance (VNA) provides modern network monitoring to collect data from SDN and NFV controllers and orchestrators.
• NetOps Flow provides flow monitoring to capture flow exports produced in various flow protocol definitions.

AppNeta is a SaaS platform, provisioned by Broadcom, that utilizes Monitoring Points installed strategically across the network to monitor the different aspects of the network and provide data to the AppNeta UI, and when integrated, to DX NetOps Portal.

Performance monitoring

DX NetOps Performance Management collects, stores, analyzes, and displays massive amounts of performance data to ensure holistic visibility across complex, multi-vendor network infrastructures. Designed for traditional and modern software-defined network technologies, the product enables proactive capacity planning, anomaly detection, and problem-solving through flexible dashboards and reports that unify all monitoring aspects and help optimize network operations.

DX NetOps Performance Management provides the DX NetOps Portal, a unified portal that visualizes and transforms inventory, topology, device metrics, logs, configurations, faults, and flows into actionable insights for network operations teams. The solution provides end-to-end network visibility by correlating data from various sources, delivering a unified and holistic view of the network’s health and performance at a glance. The DX NetOps Portal makes tracking issues, analyzing trends, and collaborating efficiently across teams easier.

For a detailed tour of NetOps Portal, refer to the Getting Started with DX NetOps Portal 100 (online course).

Modern network monitoring

DX NetOps Virtual Network Assurance (VNA) is a flexible and scalable software gateway that provides robust capabilities for managing modern network technologies while delivering on the promise of network agility through:

• Comprehensive coverage via scalable and heterogeneous monitoring across a large number of technology stacks of traditional, SDN, SDDC, SD–WAN, NFV, and hybrid–cloud architectures.
• Prescriptive analytics and easy health indicators enable real-time performance analysis and guided workflows for rapid triage in DX NetOps Portal.
• SDN, NFV, and cloud stack correlation that removes management complexity for healthy modern network operations.

Fault monitoring

DX NetOps Spectrum offers robust, comprehensive, and sophisticated event and network fault management for silencing network alarm noise, pinpointing issues, and fixing problems faster with superior root-cause analysis.

A comprehensive and accurate network topology is essential for making intelligent decisions about the network and infrastructure. To gain end-to-end coverage of all network components, teams must inventory internally and externally managed devices.

DX NetOps Spectrum can discover and map layer 2 and layer 3 devices and topologies. With the solution, teams can easily see an accurate depiction of the network infrastructure, including devices from different vendors, and how they are connected logically and physically. The solution can scan the network using protocols such as SNMP, LLDP, CDP, ARP, BGP, and more. It can gather information about devices, such as hostname, IP address, model, OS version, serial number, and interface details. The solution can also find the links between devices, such as port-to-port connections, VLANs, subnets, and routing tables. The solution can also discover software-defined topology. Discovery enables teams to gain complete visibility of both traditional and modern networks. By building a detailed and interactive network map that displays the devices and their relationships, teams can quickly identify the scope of the issue for faster problem resolution.

Flow monitoring and deep packet inspection

Network Observability by Broadcom implements two flexible ways to gain insights into application usage of network resources: NetOps Flow and AppNeta’s Deep Packet Inspection (DPI).

NetOps Flow ingests and analyzes flow data to deliver actionable intelligence and real-time visibility into network behavior. The product provides deep visibility into network traffic, identifying the source, destination, and volume of data flows. With intuitive visualizations and customizable dashboards that map traffic to applications using NBAR2 or user-defined application mapping, network specialists can easily interpret complex data, identify potential bottlenecks, and effectively manage network resources.  

AppNeta’s Deep Packet Inspection (DPI) enables network operations teams to passively monitor and identify application traffic on the network and monitor how bandwidth is consumed by particular applications, hosts, and users. DPI provides network operations teams with proactive visibility into new cloud-hosted applications running on the network and with application performance indicators such as latency and TCP retransmit rate.

DPI requires an AppNeta Monitoring Point deployed at the network edge. The Monitoring Point generates traffic flow records in real-time (every five minutes) and passes them to AppNeta. The application identification library contains over 2,000 application definitions to identify and categorize application traffic. The library can be customized with user-created application definitions.

Active network monitoring for Layer 3 network performance visibility

Active network monitoring with AppNeta is accomplished through the TruPath™ packet train dispersion technology. TruPath sends and receives many varied short sequences of packets, which are referred to as packet trains. Packet trains are transmitted using Internet Control Message Protocol (ICMP) or User Datagram Protocol (UDP). Packets are sent to defined end hosts or targets, which can be any endpoint that can respond to an ICMP-based ping or can send back a Transmission Control Protocol (TCP) or UDP packet.

Using this technology, TruPath can build up a complete set of network statistics very quickly, in many cases, in just tens of seconds. TruPath uses special patterns designed to detect if instrumentation packets are interfering with each other. If that happens, it takes more varied samples over a longer time scale to ensure that the resulting statistics are clean.

By sending multiple sets of distinct packet sequences, TruPath can analyze a wide range of traffic conditions a user on a network path might experience. By probing the path repeatedly with the packet sequences, TruPath collects a statistically significant number of responses for each type. TruPath will detect when samples are captured during rapidly changing conditions and adjust its measurement patterns accordingly.

Unlike packet flooding technologies available on the market, this approach delivers high accuracy without requiring an intrusively high instrumentation load on the network path. With the technology’s low-overhead approach, network operations teams can run TruPath in production and through third-party networks for end-to-end visibility.

Configuring the solution for end-to-end coverage typically involves the following procedures:

• Work with Broadcom Services or a certified Broadcom partner to design and install DX NetOps.
• Discover devices with DX NetOps to obtain a device topology, process network faults, and gather performance statistics.
• Group network items in DX NetOps to align with critical business functions for alarming and reporting.
• Customize dashboards in DX NetOps to create visual workflows for reporting performance and drill-downs into problem areas.
• Create relevant threshold monitoring profiles.
• Use plugins to integrate data sets from vendors in SDN, SDDC, SD-WAN, NFV, and Wi-Fi into a single alert and reporting solution.  
• Discover and map layer 2 and layer 3 topologies to visualize device dependencies and use those dependencies in root cause analysis.
• Configure active network monitoring to eliminate blind spots in external networks
• Configure flow monitoring and deep packet inspection separately or together to identify applications and gain insight into network utilization.

For an overview of Broadcom’s experience-driven approach to network observability, refer to the online course: Experience-Driven NetOps: Overview 100.

Prepare the environment

Behind the scenes, Network Observation by Broadcom comprises AppNeta and DX NetOps.  AppNeta, a SaaS platform, is provisioned by Broadcom for the environment. DX NetOps comprises a set of software components that work together to monitor the different aspects of the network.

A typical environment to achieve end-to-end network operations coverage includes the following integrated software components:

• DX NetOps Performance Management to provide performance monitoring
• DX NetOps Virtual Network Assurance to provide modern network monitoring
• DX NetOps Spectrum to provide fault monitoring
• NetOps Flow to provide flow monitoring
• AppNeta to provide active network monitoring and deep packet inspection

Typically, the design and implementation of DX NetOps is installed and configured for the critical technologies by Broadcom Services or a certified Broadcom partner.

To learn more about DX NetOps architecture, installation, configuration, and integration, including how to integrate AppNeta, refer to the learning path: DX NetOps Installation and Configuration.

Discover devices and performance metrics

Discovery is the process of finding, linking, and monitoring devices on the network. In a fully deployed DX NetOps installation, discovery will start in DX NetOps Spectrum. Spectrum will discover the devices and their layer 2 and 3 relationships, which will be used for fault management and root cause analysis.

To learn more about fault monitoring and isolation, refer to the following resources:

• Fault Monitoring (DX NetOps Documentation)
• DX NetOps 23.3.x: Fault Isolation and Alarm Notification for Spectrum 200 (online course)

Through integration with DX NetOps Portal, the inventory from the Spectrum discovery will be used to seed performance discovery.  Performance discovery uses discovery profiles to specify a list of SNMP profiles that DX NetOps Portal uses during discovery.  After discovery, polling for metrics defined in monitoring profiles will start.

The following video covers how to run a new discovery configuration in DX NetOps Spectrum OneClick to discover and model network items for fault monitoring.

The following video covers how to create and run a discovery profile to determine what is polled for performance metrics.

The following video covers how to verify the status of discovered devices.

To learn more about fault monitoring discovery, refer to the following:

• DX NetOps 23.3.x: Discover and Model Networks for Fault Monitoring 200 (online course)
• Discovering and Modeling Your Network (DX NetOps Documentation)

To learn more about performance discovery, refer to the following:

• DX NetOps 23.3.x: Discover Devices for Performance Monitoring 200 (online course)
• DX NetOps 23.3.x: Configure Device Monitoring for Performance Monitoring 200 (online course)
• Manage Monitoring Profile (DX NetOps Documentation)

Group network items

Grouping network items into business-related groups creates a focus on critical network infrastructure and allows troubleshooting by business impact.

Groups define relationships, policies, and dependencies among your organization's services, devices, applications, and users. Organize your group structure according to business and reporting needs. Use Site Groups to create a regional structure representing regions, countries, and locations. Use custom groups for other organizations, such as customers, services, or technologies.

The following video covers defining and populating groups.

To learn more about group management, refer to the following resources:

• Manage Groups (DX NetOps Documentation)
• DX NetOps 23.3.x: Configure Groups for DX NetOps Portal 200 (Online Course)

Customize dashboards

Dashboards provide high-level information about managed items, such as the average performance of monitored items in a group. Most are composed of views of summary data, such as hourly rollups or averages from a group of items. You can use them to view the polled data as meaningful information and to generate reports. Views often provide a drill-down path to a context page.

Context pages within the DX NetOps Portal provide performance and status data scoped to a specific managed item, such as a single router or server. They resemble dashboards with a fixed context.

The following video demonstrates how to customize dashboards in DX NetOps Portal.

The following video demonstrates how to customize DX NetOps Portal context pages. 

For more detailed information on dashboards and context pages, refer to the following section of the DX NetOps documentation: Dashboards.

Configure threshold profiles

Threshold profiles raise or clear threshold violation events when specified event conditions occur in associated groups. The event rule defines the conditions that raise or clear a threshold violation. When metrics violate the threshold, a violation alarm is raised.  When metrics meet the threshold, the alarm is cleared.

The following video demonstrates how to configure threshold profiles:

To learn more about threshold profiles, refer to the following resources:

• Configure Threshold Profiles (DX NetOps Documentation)
• DX NetOps 23.3.x: Configure Performance Thresholds and Notifications 200 (Online Course)

Configure VNA plug-ins to collect data from virtual networks

DX NetOps Virtual Network Assurance (VNA) bridges existing and new network management capabilities to meet the needs of software-defined networking (SDN), network functions virtualization (NFV), software-defined data centers (SDDC), and software-defined wide area networks (SD-WAN). The solution provides a gateway for performance monitoring, topology, and fault management for DX NetOps for all the network components and layers within the virtual network stack and application service chains.

Configure an instance of a plug-in for each technology in your virtual network environment. VNA uses the configuration details to connect to the virtual network and collect performance and inventory data from it.

The following videos demonstrate configuring a VNA Plug-In using the DX NetOps Portal. 

To learn more about configuring VNA plug-ins for modern network monitoring, refer to the following resources:

• Modern Network Monitoring (DX NetOps Documentation)
• DX NetOps 23.3.x: Install and Integrate Virtual Network Assurance 200 (Online Course)
• DX NetOps 23.3.x: Configure Virtual Network Assurance Plug-Ins 200 (Online Course)

Configure active network monitoring with AppNeta

​​Configure active network monitoring with AppNeta for visibility into the performance of externally managed networks, such as cloud and transit networks.

Create an AppNeta Monitoring Plan

Network monitoring in AppNeta is configured using monitoring policies. Policies are the most effective and easiest way to manage with clear, simple rules to define where to monitor from. To ensure clear, simple rules, we recommend creating a plan for what you want to monitor and where you want to monitor it. In the plan, put each Monitoring Point that will monitor a target into logical groups and determine how the groups of Monitoring Points will be selected in the policy. Monitoring Point selection in a policy can be based on Monitoring Point tags, such as Monitoring Point type, geographic location, or any custom tags assigned to Monitoring Points, and on network rules, such as the subnet.

The following diagram represents an example monitoring plan to provide end-to-end network visibility between relevant end users and an internally managed, cloud-hosted web application.

In this example monitoring plan, Monitoring Points will be installed alongside the application end users at a corporate headquarters and branch offices, and on workstations of users who work remotely.

Since the cloud host is managed internally, a Monitoring Point will also be installed alongside the web application.

Dual-ended network monitoring between the Monitoring Points representing end users and the Monitoring Point installed in the cloud host will provide bidirectional visibility into the outbound and inbound network performance to and from the cloud environment. Additionally, the plan includes web performance monitoring of the web application from the perspective of end users.

Deploy AppNeta Monitoring Points

Before configuring active network monitoring, deploy Monitoring Points at strategic locations in the network. Typically, native Monitoring Points (NMP) are recommended for user workstations, r1000 physical Monitoring Points are recommended for data centers, and physical or virtual Monitoring Points are recommended for offices. Monitoring Points are also available for deployment to customer premise equipment, such as a Cisco Catalyst 9300/9400 switch.

To learn more about deploying Monitoring Points, refer to the AppNeta documentation article and select the model from the Set up a Monitoring Point section: Getting Started.

Configure network monitoring policies

Use monitoring policies in AppNeta to carry out the plan for which applications and networks to monitor, and from where. Dynamic policy rules enable you to automatically set up monitoring from new Monitoring Points that match the policy rules.

In the example monitoring plan for a cloud migration scenario, the network administrator would create a monitoring policy that targets a container-based Monitoring Point deployed in the same cloud environment as the host and customize the monitoring preferences for dual-ended monitoring.

The following video demonstrates how to configure a monitoring policy in AppNeta to monitor network performance. 

To learn more about configuring AppNeta for visibility into cloud networks, refer to the Validate Cloud Connections learning path.

For an online course on how to set up active network monitoring, refer to AppNeta: Set up Network Monitoring.

To learn more about DX NetOps Portal Dashboards to harness the power of AppNeta, refer to the blog: Using DX NetOps Dashboards To Harness the Power of AppNeta Data.

The following video demonstrates the DX NetOps Portal and AppNeta integration:

Configure flow monitoring

The NetOps Flow dashboards capture flow data using a version of flow protocol. NetOps Flow stores data alongside performance data, allowing you to combine performance and flow in custom charts.

Enable NetFlow on each network router. You can configure routers to export any of the following flow protocols:

• NetFlow v5, v7, v9
• sFlow version 5
• IPFIX, J-Flow, cFlow, and NetStream flow that complies with the standards for NetFlow v5, v7, or v9

Configure flow from each source to be exported to the NetOps Flow collector.  NetFlow provides a broad view of your network packet streams by creating flow records for all packets. The data from these flow records represents all packets. Sampled NetFlow. IPFIX and sFlow take samples from your packet streams, producing fewer flow records and lessening the impact on a collector. The lower your sampling rate, the less precise the data will likely be.

For data from non-sampled flows to appear in reports of 15-minute (historical) data, the following minimum fields are required:

• One of the following: 1 - IN_BYTES, 85 - IN_PERMANENT_BYTES, 231 - FW_INITIATOR_OCTETS, or 232 - FW_RESPONDER_OCTETS
• 4 - PROTOCOL
• 7 - L4_SRC_PORT
• 8 - IPV4_SRC_ADDR
• 10 - INPUT_SNMP
• 11 - L4_DST_PORT
• 12 - IPV4_DST_ADDR
• 14 - OUTPUT_SNMP

Suggested workflow for enabling flow.

1. Back up the current router configuration.
2. Configure NetFlow export for each interface individually:
   1. Set the flow-export version.
   2. Set the flow source IP address. It is recommended that you configure a loopback source interface. The IP addresses of non-loopbacked interfaces can change.
   3. Set the flow destination IP address and set the destination port to match the NetOps Flow collector for that protocol.  These ports are available after NetOps Flow is installed and configured.
3. Configure SNMP index persistence on each router that supports this feature.

The following video walks through preparing to deploy NetOps Flow:

The following video walks through NetOps Flow deployment:

To learn more about network flow monitoring, refer to the following resources:

• NetOps Flow (DX NetOps Documentation)
• DX NetOps 23.3.x: Install and Configure NetOps Flow 200 (Online Course)

Set up deep packet inspection with usage monitoring

In environments that do not have a NetFlow collector or the flows can not be sent out to a remote collector, Usage monitoring in AppNeta can be instrumented by deploying a Monitoring Point with a capture interface, also referred to as the Usage port, either connected to a SPAN or mirror port or the bypass ports connected inline.  

Usage monitoring provides a view of the traffic passing through your network. It provides traffic volume information on the applications and application categories being used (determined through Deep Packet Inspection (DPI)) and on the hosts using those applications.

To learn more about deploying Monitoring Points, refer to the AppNeta documentation article and select the model from the Set up a Monitoring Point section: Getting Started.

To learn more about setting up deep packet inspection in AppNeta, refer to the following resources:

• Configure Traffic Analysis with AppNeta Usage (Online Course)
• Set Up Usage (AppNeta Documentation)

Network Observability by Broadcom offers information to all levels of the network team to help monitor and maintain the critical network infrastructure.

Operations are responsible for responding to faults and performance issues in the network. An operator is presented with an alarm in the NetOps Portal that links to detailed context for the network item in error. The error can be observed in a historical context to determine the following action that should be taken. An incident ticket can be initiated to get network services working to resolve the issue.

Network services use the solution to review dashboards to understand the impact of the network error.  Resolving the error could be replacing hardware, upgrading a circuit, changing network configurations, or contacting an ISP and directing them to where a bottleneck is being observed.

Example workflow: Validate a network change

After a circuit update has been completed, a technician has been asked to verify the impact of the change on the Houston site. 

The technician starts on the site context page for the Houston site.  The available sites can be found from a search or the Inventory: Sites menu. The site view summarizes all network items assigned to the Houston site group.

The technician should review the Interface Utilization Scorecard and Interface Utilization Trend Scorecard to validate that metrics are within an acceptable range.

The technician will continue the research by navigating to network health. Review the interface trend charts for any significant changes in interface utilization. To determine if there was a performance improvement after the circuit update, adjust the timeframe of the view to show the trend before the circuit update.

Since the SD-WAN is used in this network, navigate to the SD-WAN tab and review the tunnel scorecard. Verify the tunnels are performing as expected, in this case all are green.

For more insights into the Houston site performance, navigate to Network Delivery. Review the list of all the network paths being monitored by the local AppNeta Monitoring Point.  Verify that all benchmarks are being met.  

The Dynamic Trend View: SDN Path: Round Trip Time: Maximum view above shows how the view can be customized to show data in a relevant view.

To learn more about customized views, refer to Customize Views.

The technician can drill into a specific path to view specific trend performance. This test is conducted over the SD-WAN tunnel. After the circuit upgrade, IN/OUT Utilization can be reviewed for improvements. 

Navigating back to the Houston Monitoring Point, the technician can observe the trends for all Houston network paths. The paths shown are all the underlay of the SD-WAN from Houston. Effectively, the traffic is expected to take a parallel path to the SD-WAN, but the Monitoring Point traffic traverses the ISP routes directly instead of through the tunnel. The technician observes the circuit upgrade correlates to improvements in used capacity, round trip time, and jitter.

To examine the underlay further, the technician can select one of the paths using it. The technician can review performance metrics, such as utilization, over time and see the trend alongside an automatically created baseline. Baseline trends for each path enable any skill level to identify where the performance is normal.

The technician confirmed the Houston site's operation after the circuit upgrade by reviewing its end-to-end performance through the DX NetOps Portal. 

Broadcom helps address the challenge of achieving end-to-end network operations coverage by providing a solution that collects, stores, analyzes, and visualizes performance data from complex, multi-vendor, multi-technology network infrastructures. With the Broadcom solution, network operations teams gain a global view of network operations. For more information on how to implement Network Observability by Broadcom for other use cases, explore other learning paths.

For technical documentation for Network Observability, refer to DX NetOps and AppNeta. Visit our Small Bytes page for a complete list of upcoming and on-demand presentations in the Network Observability series.

For more information, contact Broadcom.