This week I spent some time gaining an update on network analysis with Network Instruments, a privately owned company formed in 1994. The session was held at the National Motorcycle Museum, in Birmingham. The turnout was excellent which is probably indicative of the credit crisis where companies are looking to make the most of, and improve, what they have. The session included a combination of presentations and demonstrations by James Dunn, UK sales manager, and James Kerr, sales engineer.

We often look for a solution only after we experience a problem.

Network analysis can often fall by the wayside when things are going well but, at the very least, a  good network monitoring system can mean the difference between having a fire alarm and a fire extinguisher. The areas covered during the session were:

• Network analysis
• Networking monitoring
• Network management
• Network troubleshooting

In an world of ever-increasing web-based services, all too often when a problem occurs the finger of blame can point toward the network before the application, so it can be useful to identify and distinguish issues between application payloads and pure network issues. Several aspects are required to work together to provide a fuller picture for network analysis:

• Performance monitoring & reporting (alerts and high-level reporting, risk management)
• Data capture & data mining (going back in time at a packet level)
• Troubleshooting & analysis tools (drill down and filtering, reducing the MTTR)
• Device & resource monitoring (is my mail server running?)

Networking monitoring plays a vital part in identifying problems as they arise. The Network Instruments GigaStor product, which builds on this idea, was clearly the focus of the sessions as James presented it as the Sky+ device of computer network monitoring and analysis with its ability to record and playback network monitoring activity – at packet level. If the likes of Sainsbury's have employed the services and tools provided by Network Instruments then this as good a recommendation as you can get these days.

According the the Network Instruments State of the Network Global Study 2008, of 592 networking professionals, 73% said their primary concern when troubleshooting is “identifying the source of the problem” and 59% spend 25 days or more simply trying to recreate a network issue.

The Gigastor is a relatively large beast somewhat akin to an HP Storage Array – it needs to be big to store between 2TB and 28TB of historic packet information. However, a more portable version is available (which is a probe and a console), storing up to 2TB, which seems a much handier proposition (and lighter). Tools such as this, which collect historic information about the network, can radically decrease the resolution time involved with retrospective network analysis. Many a network analyst's and application fault finding analyst's time has probably been spent “trying to get it to happen again”. Back-in-time analysis and problem recreation can save a lot of time when network troubleshooting, I can think of a number of occasions when a tool like this would have saved a lot of time.

In addition to the Gigastor, two other products were demonstrated – Observer and Link Analysis. The Observer product provides for troubleshooting & analysis (Interestingly the product can also analyse by MPLS label), while the Link Analysis product provides for high level resource and device monitoring – if you have used PacketTrap or Spiceworks you will already be somewhat at home with this type of application. I have written in the past about PacketTrap who are working with Network Instruments to build-in support to their network management tools.

Two other products were also highlighted:

• A “Net Live” web-based snapshot which can be updated every 20 seconds to give a NOC-type experience on a big screen.
• A new Virtual TAP product providing an interface for more detailed traffic information between virtual hosts – achieved by installing an additional virtual session.