State of Networks: Faster, but Under Attack


Two recent studies that look at the state of mobile and fixed networks show that while networks are getting ever faster, security is a paramount concern that is taking up more time and resources.

Akamai recently released its fourth quarter 2014 State of the Internet report. Among the findings:

  • In terms of network security, high tech and public sector targets saw increased numbers of attacks from 2013 to 2014, while enterprise targets had fewer attacks over the course of the year – except Q4, where the commerce and enterprise segment were the most frequently targeted.

“Attacks against public sector targets reported throughout 2014 appear to be primarily motivated by political unrest, while the targeting of the high tech industry does not appear to be driven by any single event or motivation,” Akamai added.

  • Akamai customers saw DDoS attacks up 20% from the third quarter, although the overall number of such attacks held steady from 2013 to 2014 at about 1,150.
  • Average mobile speeds differ widely on a global basis, from 16 megabits per second in the U.K., to 1 Mbps in New Caledonia. Average peak mobile connection speeds continue to increase, from a whopping 157.3 Mbps in Singapore, to 7.5 Mbps in Argentina. And Denmark, Saudi Arabia, Sweden and Venezuela had 97% of unique IP addresses from mobile providers connect to Akamai’s network at speeds faster than the 4 Mbps threshold that is considered the minimum for “broadband.”

Meanwhile, Network Instruments, part of JDSU, recently completed its eighth annual survey of network professionals. It found that security is an increasing area of focus for network teams and that they are spending an increasing amount of time focused on security incidents and prevention.

NI reported that its survey found that the most commonly reported network security challenge is correlating security issues with network performance (reported by 50% of respondents) – meanwhile, the most common method for identifying security issues are “syslogs” (used by 67% of respondents). Other methods included simple network management protocol and tracking performance anomalies, while long-term packet capture and analysis was used by slightly less than half of the survey participants – 48%. Network Instruments said that relatively low utilization of long-term packet capture makes it “an under-utilized resource in security investigations” and that “replaying the events would provide greater context” for investigators.

NI also found that “application overload” is driving a huge increase in bandwidth use expectations, due to users accessing network resources and large files with multiple devices; real-time unified communications applications that require more bandwidth; as well as private cloud and virtualization adoption. See Network Instrument’s full infographic below:

Network Instruments' State of the Network infographic

Thanks to RCR Wireless News for the article.


Enterprises- Ensure Application Performance and Security Resilience

Ensure Application Performance and Security ResilienceFor most every enterprise, the network is your business. Your network and applications are what connects you to your customers. Maintaining network vitality for an optimal user experience is key to business growth and profitability. But today’s networks are under tremendous pressures. User expectations for high performance and innovative applications are ever-increasing. So too are the frequency, magnitude, and sophistication of security attacks that your adversaries are launching to attempt to infiltrate your network, steal data, or disrupt operations.

To achieve a secure network that is resilient to attack requires the selection and deployment of security devices such as firewalls and intrusion prevention. To meet the expectation for application performance, devices such as load balancers, application controllers and performance monitoring tools are also deployed in the network. Ixia is focused on helping to ensure security resilience and application performance in your network.

Security Resilience

The demands on the network are constant and your security must have resilience to maintain its effectiveness as it comes under attack, is challenged to maintain visibility to traffic and events across the network, or just needs an operational change to deploy the latest threat updates. Ixia’s portfolio of security solutions allow enterprises to:

  • Optimize security device investments such as IPS, Firewall, NGFW or DDoS Mitigation by helping you select the best technology with the right performance and deploying it in the network most effectively with network visibility and optimal load balancing.
  • Minimize downtime and improve operational change control for security upgrades by validating security updates and changes and providing the inline deployment tools to ensure that these changes are not disruptive to network operations.
  • Train and prepare for realistic cyber security exercises with systems that can create the real-world application loads and attack traffic required for a cyber range and also provide the visibility required to stream high volumes of events to SOC tools to monitor the exercises.

Application Performance

It has become critical to assess applications and their performance not only before going live to ensure they are customer-ready, but that performance is maintained over time by monitoring the network — ensuring visibility into key application flows, anywhere on the network. Ixia’s portfolio of application performance solutions allow enterprises to:

Thanks to Ixia for the article. 

Making the Most of Public WAN for Private Cloud Applications

Sometimes clouds mean storms. The enterprise cloud is no different.

Cloud-hosted applications create a number of challenges for network administrators, especially when they run over a public wide area network, as most do. Today’s delivery chain for applications is somewhat decoupled, with the WAN carrying data from enterprises to apps housed in offsite data centers outside of the enterprises’ purview. The public WAN’s performance is absolutely crucial to application delivery, but the public WAN doesn’t provide much visibility into those applications.

Further compounding the challenges, even small changes in the network can magnify application performance problems. And poor network performance is more than just a nuisance for business-critical applications like video, VoIP, unified communications and virtual desktops, all of which are creeping ever more into the cloud.

How do you detect and resolve issues in the network if it’s not actually your network?

The WAN Plays a Critical Role in Application Delivery

Packet loss within a WAN can occur for many reasons, including network congestion or protection events such as route reconvergence and network misconfigurations. Furthermore, most WANs are oversubscribed and leverage network statistics to maximize available capacity. Data traffic is unpredictable, so wide area networking equipment, such as switches, routers and gateways, can react to network congestion by selectively discarding certain packets.

And don’t be fooled by low packet loss numbers. Even in the 1 to 2 percent range, packet loss’s effects on application performance are often disproportionately large, causing effects ranging from jitter on a phone call to the crash of a virtual application. Packet loss often equals application throughput decrease or outright failure. It’s further compounded by a significant increase in latency.

Getting ahead of the curve is critical. Administrators must be able to pinpoint the location and source of latency and determine beforehand what the implications to specific applications could be.

The chart below shows the effect of packet loss and application latency for applications using TCP/IP.

WAN Emulation

The Situation Today

Full network visibility and understanding of the innards of an application require more than simply keeping an eye on bandwidth consumption per protocol. HTTP traffic has very diverse levels of business priority. Without sufficient application-level visibility, it’s difficult for enterprises to make sure their available network resources are, for example, bolstering ROI sufficiently.

But today there exists no simple way to measure user-application response times end-to-end throughout the entire service delivery network, since the network involves both proprietary and external networks. In order to understand and manage user experiences, isolate the sources of performance impairments, and make the necessary adjustments to network settings and policies in real time, enterprises need to employ new strategies.

Distributed applications require distributed data-capture strategies in order to be able to isolate issues. Although an increasing number of network devices provide embedded traffic classification and monitoring capabilities, the implementations often result in performance-impacting consequences, cost more, and often lack the ability to look beyond packet headers.

An effective solution must look deep into the content within the applications. The growing mobile-user presence and the increased complexity of network environments means that users typically pick up IP addresses dynamically. For this reason, a user could have several IP addresses during a single session. This evolution of the network makes it nearly impossible to monitor, secure, and manage solely by IP address.

Requirements for New WAN Monitoring Solutions

A truly network-wide monitoring solution, extending to remote branch offices, must provide access to key performance information, including

  • Measurement and analysis of application performance for all transactions
  • Comparisons of response times against intelligent baselines and thresholds
  • Identification of abnormal latencies in the network
  • Isolation of a problem to a specific link or application server, or the application itself
  • Delivery of alerts on any performance deterioration

An effective monitoring solution must also provide a scalable approach to pervasive monitoring, management, and troubleshooting, with an architecture that decouples data collection from management, aggregation, and analysis. This approach allows a highly scalable, distributed, cost-effective method to add visibility throughout the network, reducing the complexity of capturing rich intelligence from the network, the content, and the end-user experience.

Outsourcing WAN Monitoring and Management

Unfortunately, many enterprises lack the funds to deploy a sophisticated, ubiquitous WAN monitoring strategy to each remote branch office. Others lack the in-house expertise. That’s where outsourcing comes in. Providing enhanced WAN traffic visibility creates opportunities for service providers and options for enterprise IT administrators.

It’s a win-win for service providers and enterprises. The enterprise gets better network visibility and response to network issues. The service provider becomes a more trusted and valuable resource for the enterprise, rather than a simple middleman between application and end user.

Outsourcing eliminates hardware maintenance and support staff costs associated with on-premises technology. The managed service provider can also take advantage of economies of scale to use the most sophisticated WAN monitoring and management products on the market and employ people with the expertise to more effectively assess the data collected. To deliver these types of services, network operators need to have visibility into their network’s capacity use, application performance, and bottleneck locations.

Service providers must be able to quickly isolate the sources of issues, indemnify their services should problems arise, and provide the information enterprise IT administrators require about network performance. Some questions enterprises should consider when assessing managed network services include:

  • Does the service provider possess the necessary technical and business expertise to adapt to the enterprise’s evolving needs?
  • Are the provider’s services customizable to the enterprise’s specific needs?
  • Does the service provider offer a real-time network view?
  • Is application and/or network performance backed with specific service level agreements?

The Value of Effective Monitoring

Industry studies show that just a half-second delay in generating search results worsens the user experience and, in effect, sheds a significant portion of a company website’s traffic. Poor business-critical application performance can also hinder productivity and damage reputations and relationships. Clearly, proactive and real-time monitoring to improve the quality of the end-user experience offers huge benefits.

With effective monitoring, those dark stormy enterprise clouds will begin to lighten.

Thanks to Enterprise Networking Planet for the article.

7 Steps to Multi-Tiered App Success

Network Instruments

Multi-tiered applications are no longer the exception but the rule. In the past, assessing application performance meant monitoring response time and health on a single server hosting one application. Now, with the applications increasingly becoming virtualized, utilizing multiple protocols, and operating over multiple servers, the approach to tracking overall application performance needs a reboot.

So how do you effectively track the health and conversations involved in a service comprised of multiple frontend web servers interfacing with middleware servers and backend database systems? Here are 7 steps for a monitoring strategy that ensures visibility and analysis into tiered applications.

1. Map out how data flows between the different application tiers.

One of the key things is being able to identify what conversations are occurring between different tiers within the application to fulfill a user’s request. For example, when a user is signing up for an online service and presses the submit button on a web form, what happens behind the scenes? Likely an HTTP web request has been issued from a client to a web server. The web server then sends that request to the middle-tier server, which converts that request from HTML to SQL so that the database server is able to interpret what the request is. When the request is processed successfully, the result is communicated back through the same set of components, and a confirmation message appears on the client’s screen.

2. Identify devices involved in sending and receiving client/server requests and responses.

For components involved in the delivery of the service, track the conversations between the devices including the ports used for communications. With large or legacy systems, manually mapping these relationships can be very time-consuming. Monitoring solutions like Observer Reporting Server streamline this process through application dependency mapping which automatically discovers and diagrams devices involved in multi-tiered applications based on how they communicate with each other.

In addition to the routers and servers, it’s critical to identify other components in the communications path, such as firewalls, load balancers, or proxy servers that can impact application performance. Having this map, you can then locate the points to visibility that will allow you to best assess application performance. For example, to assess the potential impact of a firewall on an application, capture and correlate traffic on both sides of the device.

3. Understand application-specific metrics.

Tracking performance across a multi-tiered application involves more than monitoring response times. An application can respond quickly, but be returning error codes. For example, with your web servers, are they returning 200 OK messages or 500 Internal Server Errors? Tracking and understanding specific errors will allow you to find points of application failure quicker.

4. Baseline to determine normal application performance.

Specific components and metrics to track in a multi-tiered application include:

  • Application performance and response times
  • Network delay
  • Conversations between tiers (examples: track response times and network delay from client to web servers, web tier to middleware tier, and middleware tier to database tier)
  • Traffic and usage patterns (understand how demand changes based on time of day, week, and month)

As a rule of thumb, if users are content with current performance, these metrics can serve as benchmarks for application health.

5. Set up alert thresholds to indicate degrading performance.

Thresholds can either be dynamic and based on past performance, or fixed if you have service level agreements (SLAs) to meet. Examples of thresholds and alerts to set include tracking significant network delay, slow application performance, excessive application errors.

6. Configure reports and real-time performance indicators.

Consider how you want to organize the data for effective monitoring and share with other IT teams. Here are key questions to consider when configuring reports:

  • Do you need to organize the data by client location?
  • Do you have multiple remote locations requiring their own reports?
  • Do you need to track performance by business unit or department?
  • Are there reports and indicators being used by other IT teams that require access to specific errors and metrics?
  • Is it better to view multi-tiered application performance as a map or grid?

7. Track long-term application changes.

As application usage grows, it’s critical to understand when additional devices will be added to handle increased application traffic. Stay on top of whether portions of the multi-tiered application are being virtualized. Baselines, reports, and alerts all need to be actively updated to account for these changes.

Through effective mapping, monitoring, and reporting of the many moving parts within a multi-tiered application, you’ll be able to ensure successful performance now and in the future.

Thanks to Network Instruments for the article.

EMA and IXIA Webinar: “Best Practices for Building Scalable Visibility Architectures”

EMA IXIA WebinarNetwork performance, application performance, and security disciplines have reached mission-critical status for enterprises of all sizes and industries. While each certainly has its own unique technical aspects, all three disciplines share at least one common technology need – flexible, scalable access to network packet streams for monitoring and analysis purposes. A growing number of IT organizations are turning towards visibility architectures to meet the need, by deploying network visibility controllers (NVCs, a.k.a. network monitoring switches or network packet brokers) as means of controlling and assuring effective and cost-efficient assurance of networks and applications.

Join EMA Vice President of Research, Jim Frey, and Ixia Senior Director, Product Management, Scott Register, for a Webinar presentation and discussion where you will learn:

  • Key goals and objectives of a visibility architecture
  • Ways in which NVCs are being used, both today and in the future
  • NVC features and capabilities having the broadest impact and delivering the most value
  • Architectural and administrative qualities that are making the most difference
  • Impact of server and network virtualization technologies on technology and product choices
  • Gain deep and valuable insight about your network

Live Analyst Webinar: “Best Practices for Building Scalable Visibility Architectures”

Net Optics an Ixia Company

Network performance, application performance, and security disciplines have reached mission-critical status for enterprises of all sizes and industries. While each certainly has its own unique technical aspects, all three disciplines share at least one common technology need – flexible, scalable access to network packet streams for monitoring and analysis purposes. A growing number of IT organizations are turning towards visibility architectures to meet the need, by deploying network visibility controllers (NVCs, a.k.a. network monitoring switches or network packet brokers) as means of controlling and assuring effective and cost-efficient assurance of networks and applications.Join EMA Vice President of Research, Jim Frey, and Ixia Senior Director, Product Management, Scott Register, for an interactive Webinar presentation and discussion where you will learn:

  • Key goals and objectives of a visibility architecture
  • Ways in which NVCs are being used, both today and in the future
  • NVC features and capabilities having the broadest impact and delivering the most value
  • Architectural and administrative qualities that are making the most difference
  • Impact of server and network virtualization technologies on technology and product choices
  • Gain deep and valuable insight about your network, join us in our upcoming webinar.

Register now

EMA logoIxia LogoNet Optics an Ixia Company register now

Date: Wednesday, February 12, 2014


9:00 a.m. Pacific

12:00 p.m. Eastern

5:00 p.m. GMT time (London, GMT)

Duration: 1 hour

Featured Speakers:

EMA Jim Frey

Jim Frey

VP of Research, EMA

Ixia Scot Register

Scott Register

Senior Director, iXIA


We lacked visibility into network and app performance, so we chose Visual TruView to proactively manage our network

Our IT department is responsible for maintaining key systems and applications for all corporate locations, more than 500 stores across the U.S., and the e-commerce retail websites. Not having insight into these key applications and the underlying network infrastructure that supports them meant teams were always in a reactive mode when isolating and fixing problems.

As a member of the networking team, we’re responsible for monitoring performance of more than 100 custom applications, store circuit performance, database applications, key business applications like Exchange and Lync, client access, vendor networks and more. If we can’t access the needed network and application performance data, we can’t isolate and fix the problem. Teams just finger point and the guesswork begins to try and isolate root cause. And the worst part, while this is happening, the business is being negatively impacted.

As a matter of fact, during the holiday season, our online retail site experienced sporadic performance issues. Without solutions in place to proactively monitor performance, the IT department struggled to isolate what was causing the problem.

We knew this could never happen again, and it was the tipping point for us to find a solution to help solve the problem. We needed complete insight into the application performance layer so we could identify if it was a network or application issue. We also needed the ability to generate hourly reports for key executives and managers so they could monitor site performance.

In a nutshell, our company lacked visibility into network and application performance. If you can’t see it, you can’t manage, which means when problems happen, you can’t easily fix them. This creates a big problem for IT and a bigger problem for the business. We needed to take off the blinders so IT could become a strategic resource.

To meet these challenges, we selected Fluke Networks’ Visual TruView, a unified application and network performance monitoring and troubleshooting appliance. It leverages key data sets such as stream-to-disk packet storage, application response time, transactional decode, NetFlow and SNMP, to present performance analytics through a single visual dashboard view. It eliminates the need for swivel chair correlations and gives teams the ability to quickly drill down into packet-level details if needed. With intuitive guided workflows, we’re never more than a few clicks from isolating performance problems.

There are only two solutions I keep up and running at all times, and Visual TruView is one of them. It gives me complete visibility into the application layer and when problems emerge, I can identify the source and work to fix it before it has an impact on the business. We can monitor all of our key sites and applications easily, immediately see if and where a problem is occurring, drill down into extensive details if needed, and isolate and fix the issues in real-time. It’s our eyes and ears for the network, and it’s made the engineering team shine.

Since deploying Visual TruView, our IT team now has complete visibility into application performance and can proactively manage the network.

TruView has allowed us to completely revamp site performance for the website. We use the full map view to manage all sites and can easily see when performance is degrading or if there is an outage – and immediately identify if it’s an application or networking issue. The information is easy to process and the search function allows us to quickly get graphs for usage, top conversations and more.

To make sure the networking team keeps on top of all performance issues, we created custom monitors and hourly reports that automatically get pushed to key team members and executives. This helps track everything from general performance data for key business applications to site transactions associated with e-commerce. If an issue emerges, the teams can instantly work to remediate.

From the moment TruView went live we had instant visibility into pressing issues and were able to immediately fix problems and do application rollups. And while the networking team owns access, we also provide access to the application team so they can instantly work on response time issues and drill down into individual connections that may be causing the problems. No more finger pointing, just data that helps isolate and fix a problem.

We also find Visual TruView simple to use. I can easily set alarms for application performance, site performance, network performance and more. There’s no need to manually correlate data and I can instantly prove or verify if a problem was the result of a networking issue.

The workflow is very logical and easy to use, and because it pulls all the data sources we need, we can get as granular as needed to isolate an issue. Every night it seems some issue occurs, whether that’s a server failure or a sales query, and TruView makes it easy to log in, put in a source destination and get results on any activity and how it impacted performance. It’s a critical tool for our day-to-day management of performance.

I can’t imagine doing my job without Visual TruView. Previously we couldn’t provide concrete answers on performance issues. Now we can…and with extensive detail, which allows us to prove the ‘what’ and ‘why’ of a problem.

Thanks to IT Central Station for the article.