Unified Performance Managementfor Cisco Intelligent InfrastructureExtend the value of your Cisco infrastructure investmentwith unified performance Management

Executive Summary

Enterprises and government agencies have invested heavily in Cisco infrastructure prod-ucts each of which supply different network management intelligence. Having detailedvisibility into the activity of individual users, business applications and the network theytraverse help IT staff optimize overall performance. However, finding enterprise-widesupport for collecting, aggregating and displaying that information from all these intelli-gent data sources has often been elusive.

This paper presents a unified method for collecting network and application performanceinformation from all Cisco’s infrastructure equipment throughout the LAN, WAN andSAN. By using the nGenius® Performance Management Solution in combination withtheir existing Cisco deployments, IT organizations can view real-time metrics and utilizeautomated daily, weekly, and monthly reports that incorporate all the data sources, result-ing in broad, in-depth, and rich information for troubleshooting and capacity planning.

2

Table of Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Challenges to Analyzing Cisco Intelligent Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Cisco Intelligent Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

CDM™ Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Troubleshooting the Cisco Catalyst Switch Environment . . . . . . . . . . . . . . . . . . . . . . . .5

Analyzing User Activity through Routers with NetFlow Data . . . . . . . . . . . . . . . . . . . . .6

Monitoring Voice Traffic in Enterprises with Cisco Voice Gateways . . . . . . . . . . . . . . .7

Managing Performance in a Fibre Channel SAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Monitoring Key Consolidation Points in the Network . . . . . . . . . . . . . . . . . . . . . . . . . . .8

Historical Reporting Across All Traffic Flows in Cisco Networks . . . . . . . . . . . . . . . . . .9

The Value of One All Inclusive Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

3

Network Challenges:• Manual Analysis: Using one tool for MIBII

reporting and another for NetFlow may requirea manual comparison of the results of thebusiest ports based on separate reports fromthe two different applications.

• Time-consuming Training: Initial and ongo-ing training may be required to use both tools,which may necessitate specialization within anIT organization and/or higher training costs.

• Additional Manpower: Enterprises may needto add manpower to physically manage thehardware and servers in support of not one buttwo or more management platforms.

Business Challenges:• Higher Capital Expense: Multiple tools will

likely result in higher capital expenditures forsoftware, collection hardware, and/or serversto host the multiple databases and analysissoftware.

• Increased ongoing expenses: Ongoingexpenses are generally higher as enterprisesare forced to purchase annual maintenancecontracts on multiple network managementtools.

• Added Workload: There are additional costsassociated with the workload for an organiza-tion’s financial buyers when they must maintaincontracts, purchase agreements and creditupdates with multiple vendors.

Addressing Corporate InitiativesFor large, geographically dispersed, convergednetworks, transporting both voice and data, hav-ing dozens of NAMs and scores of NetFlowenabled routers, a more holistic solution that sup-ports real-time and historical analysis of all theintelligent network data sources would be moreeffective. This approach would address a numberof key corporate initiatives:

• Improving troubleshooting and decisionmaking – One tool can roll up all data sourcestogether and produce a single list of mostactive applications, busiest ports, and topusers.

• Reducing Total Cost of Ownership – Capitalexpense for multiple management tools andadditional servers can be minimized as well asthe ongoing maintenance expenses.

• Increasing employee productivity – IT staffdedicated to managing superfluous networkmanagement collection devices and financedepartment buyers tasked with maintainingrelationships with multiple vendors can bereduced.

First – Put all the intelligence that isavailable to workIn many networks with Cisco networking infra-structure devices, many critical traffic flow sta-tistics already exist– those that count packetsand errors like standard SNMP MIBs, thosethat track conversations, such as NetFlow, andthose that provide application layer visibility,like NAMs. All the statistics from all thesedata sources reveal important informationregarding the performance of the enterprisenetwork, and/or the applications and conversa-tions flowing through the network.

Second – Conduct a robust analysisof all those data sources with a sin-gle network and application perform-ance management solution that canextract the details from every one ofthe Cisco intelligent data sources.Collecting and analyzing NetFlow data mayprovide adequate information for helping withcapacity planning decisions in parts of the net-work. But, what if a user has called the helpdesk to report a slow response time with theCustomer Resource Manager (CRM) applica-tions? In this case, the NAM in one of theswitches might provide excellent troubleshoot-ing information. To get a complete view, organ-izations need a performance managementapplication that enables seamless movementbetween all the Cisco intelligent data sources.

Third – Employ a solution that encom-passes a broad variety of perform-ance management activities.The most common, time consuming tasks ITorganizations perform are the multiple disci-plines of network convergence monitoring,application profiling, troubleshooting, fault pre-vention, user experience assurance, and capac-ity planning. Many point products speak to oneor two of these disciplines in a silo approachhowever, this can become both expensive andcumbersome. A complete, unified solution thatprovides elements to address all these disci-plines, using all Cisco’s intelligent data sourceswill deliver information that can answer eventhe most difficult network and application per-formance challenges.

The nGenius Performance Management Systemoffers robust analysis of all Cisco IntelligentData Sources and delivers tools to tackle themultiple network and application performancemanagement disciplines.

Real Intelligence Requires Real Analysis

On a daily basis, IT organizations are being asked to support increasingly complexapplications, more users, different network topologies, compliance initiatives, andmany other network dependent projects – all undertaken with fewer resources. Yet, ITmay have more resources than they think. A strong and stable solution for networkand application performance management requires three foundations – much like thelegs that support an old fashioned sturdy stool.

Many applications exist that facilitate the long term reporting of standard SNMP statistics orcollect NetFlow data for capacity planning, or monitor Cisco NAMs for alarming and trou-bleshooting. For modest network deployments where the only available data sources areSNMP MIBs in the switches or routers, or where there may only be one or two NAMs installedin the switches, these point tools may be sufficient. However, multiple point solutions presentsome challenges.

Challenges to Analyzing Cisco Intelligent Networks

4

Cisco Intelligent Data SourcesStandard SNMP MIBs in Infrastructure Hardware

Cisco infrastructure devices, such as routers, hubs, switches andDSU/CSUs, typically collect network information in an SNMP MIB that isin turn collected by a network management application. Some statisticstracked include:

• Traffic level details for packets sent/received, bits, bytes and utilization

• Network errors, such as CRC errors, and congestion management infor-mation, such as FECNs, BECNs, and discard eligible packets

• CPU and memory utilization

• Mini-RMON alarms based on utilization thresholds as well as packetlevel statistics

In a Cisco infrastructure environment, IT organizations are likely to findMIBII data in their routers and switches, Frame Relay MIB information inrouters with internal DSU/CSUs and miniRMON statistics in the CatalystSwitches. The statistics retained will be for both the network segmentsas well as for the associated virtual circuits, such as VLANs for Ethernetsegments and DLCIs for Frame Relay circuits.

Conversations Details in NetFlow Enabled Devices

NetFlow enabled switches and routers from industry leading vendors trackIP flows as they enter an enabled interface. A recognized value of Netflowis its ability to aggregate exchanges between a source and destination intoa single conversation session in a single NetFlow datagram record.

NetFlow information, widely available in many Cisco routers and switch-es, cost effectively provides broad, application level conversation infor-mation for making capacity planning decisions, implementing usagebased billing policies, or monitoring around MPLS environments.Transmitted in UDP datagrams, it includes a header along with one ormore flow records. The UDP NetFlow Export Packet is approximately 1500bytes and includes between 20 to 50 flow records. NetFlow records aresent to a NetFlow collector by configuring the router or switch with a des-tination address. The packets are sent with greater frequency dependingupon how busy the NetFlow enabled ports become. Popular versions ofNetFlow currently implemented in enterprise networks include NetFlowversion 1, 5, 7, 8 and 9.

A NetFlow Datagram is defined by seven unique keys.These elements define one NetFlow record from another.

1. Source IP Address

2. Destination IP Addresses

3. Source Port Number (TCP on UNP)

4. Destination Port Numbers

5. Layer 3 Protocol Type (such as IP, ICMP)

6. Type of Service (ToS) Bits

7. Input Logical Interface (ifIndex)

NAM – An Application Layer Data Source

The Network Analysis Modules (NAMs) for Cisco Catalyst 6500 Seriesswitches and Cisco 7600 Series routers are application-level, traffic mon-itoring modules and now in second generation of development. Many ITorganizations use collected NAM information to ease troubleshooting andimprove network performance.

RMON and RMON2 MIB standards are the foundation for the application-level visibility in the NAM revealing network volume and errors, applications,hosts, and conversations in use over the physical ports and associatedVLANs or DLCIs. In order to initiate troubleshooting prior to a congestionproblem affecting users, threshold alarms can be set to indicate that aport or segment has, for instance, exceeded 70% utilization. Additionally,where necessary, the NAM can be configured to analyze applicationresponse time as well as packet captures for later decoding by the man-agement application.

In typical deployments, the NAM occupies one slot in the chassis of theCisco Catalyst 6500 and uses the switch port analyzer feature for span-ning to another port on the switch for troubleshooting purposes. PortSpanning does not build an additional copy of the frame; rather it adds theNAM’s port address to the frame’s destination address list, much like mul-ticast. This results in all traffic sent or received through the mirrored portbeing seen by the NAM port as well as by the original addressees, whichprovides the necessary visibility to the application layer traffic.

Network Data Made Available from Flows through Cisco Devices

Cisco Catalyst Cisco Cisco Cisco MDSLAN Switches Routers Voice 9000 SAN

Gateways Switches

SNMP MIBs MIBII, MIBII, MemoryminiRMON & CPU statistics

NetFlow 7500 and 6500 Yes(?) if enabled

NAM NAM1 and NAM2 WAN NAM

Voice Protocols Yes Yes Yesand Statistics

Fibre Channel YesProtocol Stats

Troubleshooting the CiscoCatalyst Switch EnvironmentTroubleshooting network switches continually challenges network man-agers. Because switches play a critical role in reliable network connectiv-ity, three levels of information are available from a Cisco Catalyst switchto assist with more intelligent problem analysis and resolution:

• SNMP data – MIBII and mini-RMON

• NetFlow Data (see NetFlow Monitoring Section in this White Paper)

• Integrated NAM

5

Unified Performance Management for Cisco Intelligent InfrastructureExtend the value of your Cisco infrastructure investment with unified performance management

Combining the mini-RMON found on Catalyst switch ports with an inte-grated NAM to rove for application level analysis provides an effectivemethod of more intelligently troubleshooting complex problems in theirswitched networks.

Proactive Alarming and Spanning

Switch troubleshooting on Fast Ethernet or Gigabit Ethernet Catalystswitches requires a series of important steps. First, the nGenius Solutioncontinuously collects mini-RMON statistics for traffic utilization anderrors. The nGenius Performance Manager server sends a trap (aka alarm)to the nGenius Console when port utilization thresholds have beenreached, for example, a port has exceeded 80% utilization.

When the nGenius Server receives an alarm, it can configure the Catalystswitch with the integrated NAM to span full application layer analysis tothe trouble port for viewing all the port mirrored traffic. The nGeniusPerformance Manager displays the NAM in real-time with intelligent drilldowns to help IT managers identify the applications, talkers and conver-sations as well as the VLANs being used at the time. It also displays portsin the Catalyst switches simultaneously, which is the most efficient wayto see the overall use and health of the switch. This allows quick obser-vation of a port with no utilization, or a port with high throughput,enabling a potential problem to be rapidly addressed.

Figure a: The nGenius Performance Manager displays views of all theports on a switch or the ports and all VLANs over the port simultaneously.In this case, the graphs show link layer, network layer and applicationlayer information from a switch NAM spanning one port and three VLANsflowing through that port.

Packet Capture and Decode

When necessary, IT staff can configure the NAM to perform a packet cap-ture on a troublesome switch port to decode for further analysis.Sophisticated pre- and post-capture filters available in nGeniusPerformance Manager can segregate the packets suspected of contribut-ing to the problem being researched at the time. With support for up to 450protocol families and up to 1300 discrete protocols, nGenius PerformanceManager can analyze some of the most difficult and complex packet levelproblems that may occur within Catalyst Switch environments.

CDM Architecture andthe Elements of NetworkPerformance

NetScout’s Common Data Model Architecture provides astructure to collect and display up to seven categories of net-work and application information:

• Statistics – basic network usageinformation such as traffic utiliza-tion, packets, bytes, bits sentand received, and throughput

• Errors – network errors such asjabbers or CRC errors

• Packet Trace – packet capture anddecode analysis across any network topology

• Alarms – threshold alarms based on configurable events foroverall segment utilization or for application utilization in a seg-ment

• Conversations – the source and destination addresses thatidentify who is talking to whom in networked applications

• Talkers – analysis of top hosts utilized for networked applica-tions

• Response Time – a mechanism that analyzes conversationdetails for determining, in milliseconds, the responsiveness ofparticular networked applications

This information is collected from the following primarycategories of data sources:

• Standard SNMP data sources, such as MIBII , Frame RelayMIB, and mini-RMON, provide statistics and error information

• NetFlow enabled data sources, such as infrastructure routersand switches, provide IP conversation information

• Network Analysis Modules (NAMs), provide RMON1 andRMON2 based statistics, errors, packet trace, alarms, conversa-tion, and talkers

• nGenius Probe data sources, provide statistics, errors, packettrace, alarms conversations, talkers, and response time.

6

Analyzing User Activity throughRouters with NetFlow DataCisco routers provide valuable traffic details from standard SNMP MIBs,such as MIBII or the Frame Relay MIB in WAN routers with integralDSU/CSUs. Application-level data may be available if the Cisco 7600Series router has a NAM installed in one of the slots. Much of the sameperformance management information described in the SwitchTroubleshooting section of this white paper applies to the NAM in therouter as well.

Figure b: nGenius Performance Manager collects standard SNMP MIBinformation from Cisco routers and switches for analysis and viewing. For a particular network router, the workspace displays a spike in trafficvolume for one DLCI, which contributed to an overall increase in link traffic volume and router CPU utilization.

To give them the necessary insight for capacity planning and billing proj-ects, many IT organizations have cost-effectively used the conversation-level details in NetFlow Data. The CDM™ architecture provides the under-lying structure for collecting and managing NetFlow information and map-ping it to the powerful real-time and historical analysis views and reportsavailable in nGenius Performance Manager.

NetFlow datagrams gathered from Cisco routers and/or switches are sentto nGenius NetFlow Collectors where they are mapped into the CDMframework for display in the common format views of the nGeniusPerformance Manager. The powerful combination of NetFlow data withnGenius Performance Manager analysis capabilities extends the conver-sation information to yield:

• top hosts or “top talkers”

• application recognition and utilization

• QoS levels

• autonomous system numbers

The resulting detailed traffic information supports challenging networkmanagement tasks including real-time monitoring, in-depth troubleshoot-ing, and historical reporting.

Conversations and Talkers

When an nGenius NetFlow Collector receives a NetFlow datagram itdecodes the Flow record and reveals the IP source and destinationaddress and well known TCP or UDP port information for the applicationin use. The nGenius NetFlow Collector populates the application layerconversation tables from the NetFlow records. The ability to see who istalking to whom in the network, who the top users or “talkers” are, atwhat time of the day, and for what applications, are the primary benefitsof the conversation information. This conversation-level detail revealshow valuable network resources are being consumed, which, in manyenterprises and government agencies, can then be used for other activi-ties such as usage based billing projects.

Managing and Optimizing TrafficFlows through Catalyst Switches

The application-aware NAM and mini-RMON in Catalystswitches, when combined with the sophisticated analysisand in-depth views offered by nGenius PerformanceManager, provide the pertinent details organizations needto research and resolve problems plaguing Catalyst Switchenvironment. They:

• Use real-time views of switch-port utilization from mini-RMON statistics for ensuring balanced use throughout theswitch

• Set threshold alarms for high and low utilization on switchports for forewarning of potential port outages or congestionin parts of the switch

• View port level activity simultaneously with associated VLANtraffic for pinpointing high and low utilization impacting portutilization

• Track packet level utilization through application layer detailsto pinpoint top applications in use, over what ports/VLANs,at any given time of the day for evaluating business servicesin use throughout the network

• Identify users and conversations throughout the switchedenvironment for highlighting top consumers of networkedbusiness applications and bandwidth

• Analyze converged services, such as RTP voice and video,alongside VoIP call set-up protocols, simultaneously with allother data applications, such as CRM and ERP, for ensuringthat latency intolerant and delay sensitive applications arenot degrading.

• Capture, decode, and analyze traffic traversing problem portsto uncover packet level problems

• Provide ongoing statistics for use in historical reports (seeReporting section of white paper)

7

Unified Performance Management for Cisco Intelligent InfrastructureExtend the value of your Cisco infrastructure investment with unified performance management

agement activities, e-mail, or patient treatment approvals, as well asdetails for Cisco enabled VoIP are all analyzed and mapped to the commonreal-time and historical views and reports available in nGeniusPerformance Manager. This approach enables NAMs in Cisco Catalyst6500 switches or Cisco 7600 Series Routers to collect and deliver detailson voice application utilization simultaneously with data applications forproactively monitoring faults, managing mixed application traffic environ-ments, rapidly troubleshooting problems, and deterministically planningcapacity.

nGenius Performance Manager can incorporate the details of VoIP relatedapplication activity simultaneously with all other monitored data applica-tions resulting in the following benefits:

• Application layer analysis of call set-up protocols, such as Cisco SCCP,SIP, H.323, and MGCP for in-depth examination of call set-up anomaliesbefore they impact end-users, reducing MTTR.

• Detailed visibility into voice and video applications, RTP video and RTPvoice, for evaluating the impact on performance of data applications onthe same segments.

Deploying an nGenius Probe in strategic locations throughout the enter-prise collects added VoIP related network and call errors, as well as VoIPconversations. nGenius Performance Manager can then track quality met-rics including jitter, call set ups, call aborts, packet loss, and failed callsfor evaluating call-quality as well as validating that voice configurationsand services are being delivered as designed. Additionally, nGeniusPerformance Manager can analyze conversation level details and providea summary of IP addresses, phone extensions, and connect times.

Identifying Critical Applications from NetFlow

NetFlow supports IP and its well known TCP and UDP based applications,such as Lotus Notes, HTTP, or Telnet, as identified by their TCP or UDPports and the nGenius Performance Manager maps their conversation sta-tistics. However, there are a number of applications that are more com-plex in nature, such as SAP or Exchange, which can be transported onmultiple ports, making it difficult to track them for many monitoring tools.

To foster more informed decisions, NetScout has implemented the CDMPort for use with complex applications. For example, the range of portsused by SAP can be configured and assigned to a single CDM Port num-ber for monitoring and tracking purposes. The nGenius Solution can thenmove packets that would otherwise have been in a “TCP or UDP Other”bucket, and properly classify them as SAP. Further, the SAP activity cannow be tracked and monitored by talkers and conversations, providing richdetails on the activity of this valuable business application.

Figure c: nGenius Performance Manager using NetFlow data analyzesand displays the activity for Lotus Notes and SAPr3. The CDM port helpsto isolate all the SAP port traffic for aggregation into the singular viewshown in this graph.

QoS Monitoring

NetFlow records include the Type of Service (ToS) bit used to prioritizeapplications within a particular Quality of Service class. For example,when organizations implement a QoS policy and want to prioritize rev-enue applications over web surfing, they use ToS. The nGenius solutionidentifies the ToS bit and categorizes traffic with its associated QoS class.This allows granular views of a NetFlow interface to be displayed simul-taneously with all the QoS levels discovered in that segment. Further, thenGenius solution can identify and track the applications assigned withineach QoS level. Whether it is a QoS level that should not exist or an appli-cation that may have been assigned to a wrong QoS class, this level ofdetail lets IT staff quickly uncover configuration errors.

Monitoring Voice Traffic in EnterpriseNetworks with Cisco Voice GatewaysAmong the tasks in converging Voice over IP traffic with existing businessapplications, are its planning, testing, implementation, and ongoing useas well as its added -- yet unavoidable -- management complexity.

Through CDM Technology, the nGenius Solution can identify and trackspecific IP-based voice and video traffic flow measurements simultane-ously with business data applications. Details related to standard busi-ness services, such as credit card authorizations, customer resource man-

Making Use of All Data Sourcesin Cisco Router Networks

While many IT organizations leverage NetFlow informationavailable in Cisco Routers, other network performanceinformation is available and useful depending on the net-work layout and corporate IT requirements. Some possiblescenarios could include:

• Networks with Cisco WAN Routers having integral NAMs,when deployed at central locations in a Frame Relay hub andspoke configuration, can track application layer details asthey are sent over expensive WAN circuits. nGeniusPerformance Manager displays this information in real-timefor quickly identifying non-business use of the networkand/or for trending application usage patterns for more pre-cise capacity planning.

• Cisco WAN Routers in remote locations provide MIBII statis-tics or those with integral DSU/CSUs provide Frame RelayMIB information to track utilization, network layer errors,such as CRC or congestion management information, such asDiscard Eligible Tags. This information can be collected bynGenius Performance Manager to supplement bandwidth-planning activities.

8

Figure d: nGenius Performance Manager can isolate and report on all the voicerelated protocols in a Cisco VoIP environment. This figure displays RTP Voice inand out and SCCP, Cisco’s Skinny call set up protocol tracked over time.

Managing Performancein the Fibre Channel SANEnterprises today are using a combination of SAN, NAS, and IP storagesolutions to address their critical needs for data management. But thishas come with a set of unique challenges. Where different applicationscan transfer storage data throughout the enterprise network, IT profes-sionals face complex performance issues and they question if delaysusers report in application responsiveness are actually the fault of theirStorage Area Networks (SANs).

These newly designed and deployed Fibre Channel SANs are the futurefor high availability storage of critical customer information, corporateinventory records, and financial ledger histories. Cisco’s MDS 9000 FibreChannel Switches in SANs offer connectivity between the ApplicationServers on one side and the Storage Arrays on the other. The challengenow is managing performance in this part of the network.

nGenius Performance Manager, used in combination with nGenius SANprobes, provides rich details of how the network performs in real-time andhistorically. IT professionals can conveniently access the tools required totroubleshoot problems and plan bandwidth changes in the Fibre ChannelSAN while guaranteeing the efficient delivery of storage applicationsthroughout the enterprise network.

In storage environments, the nGenius Solution can:

• Monitor key SAN protocols such as Fibre Channel Protocol (FCP) as well as Extended Link and Basic Link Services

• Monitor SAN specific symptoms such as Port Rejects and Aborts,Frame Rejects and Aborts, Zero Credits and Initializations

• Provide details on Fibre Channel specific errors including loss of syncand CRC errors

• Deliver analysis on FCP upper layer protocol session layer activitiessuch as volume of SCSI Reads and SCSI Writes

• Track SCSI initiator to Target LUN conversations.• Alarm on traffic utilization across the Fibre Channel segments

Support for Fibre Channel Switch Spanning and VSANs

Innovative features and functions in the Cisco MDS 9000 Fibre Channelswitches include span ports for roving troubleshooting devices to troubleports and Virtual SANs (VSANs) which, like their counterpart VLANs inEthernet networks, enhance the switch’s scalability and availability.

For the Cisco MDS 9000 switches supporting a SPAN port, the nGeniusFibre Channel Probe can attach and rove to any port in the switch eitherfor troubleshooting a difficult problem or for the ongoing monitoring of atrunk port on the switch. Further, the nGenius Fibre Channel Probe canautomatically identify VSANs configured between two Cisco MDS 9000s.The Fibre Channel Probes collect all the same key performance statisticsfor each VSAN interface that are collected for Fibre Channel segments,including traffic statistics (such as number of packets), Fibre Channelsymptoms, protocols (such as FCP), high level protocol activity (such asSCSI reads and writes), and SCSI conversations.

nGenius Performance Manager displays enterprise VSANs by presentingthe Fibre Channel trunks or ports and their associated VSANs simultane-ously. This method presents the most efficient means of seeing the effectof the individual VSANs on each other and the amount of bandwidthresources they each consume from the link itself.

Figure e: nGenius Performance Manager displays traffic activity in theFibre Channel segments and VSANs. Over and under-utilization of a par-ticular VSAN is displayed side-by-side with all other VSANs for quickidentification of potential problem areas.

Monitoring Key ConsolidationPoints in the NetworkWhether it is from the volume of traffic due to numbers of users and appli-cations or from bandwidth intensive applications like VoIP, streamingvoice and video or electronic imaging applications for healthcare, demandon the network is exploding. IT organizations are responding to thisdemand with creative configurations that increase bandwidth or share the

9

Unified Performance Management for Cisco Intelligent InfrastructureExtend the value of your Cisco infrastructure investment with unified performance management

load across key network consolidation points resulting in FastEtherchannel and Gigabit Etherchannel configurations and high speed OC-3/STM-1 and OC-12/STM-4 WAN links that are located in corporate cam-puses and data centers. In the wake of highly publicized telecommunica-tion carriers’ network outages, along with widespread power companybrown outs and failures, many IT organizations are protecting their widearea networks with redundancy, i.e., two WAN links connected to twomajor providers.

The network designs of this new era challenges how and where to effec-tively monitor traffic flows. As previously mentioned, Cisco VoiceGateway traffic may need to be monitored by a dedicated nGenius Probefor troubleshooting, fault prevention, and capacity planning purposes. Inthe Fibre Channel SAN, as described in the previous section, nGeniusProbes are the only way, today, to collect and track key statistics for eval-uating SCSI activity and traffic engineering across the SAN. Additionally,for Fast Etherchannel, Gigabit Etherchannel, load-balanced LANInterswitch Links, and high-speed redundant WAN links, nGenius Probesoffer a wide variety of flexible multi-port options to support the majorityof network interfaces. A unique link aggregation feature provides the flex-ibility to take individual link statistics for circuits in redundant and loadshare configurations and group the information together for nGeniusPerformance Manager to display in its detailed screens and reports.

nGenius Probe data collection combined with nGenius PerformanceManager analysis provide the traffic details of key consolidation pointsthroughout the network for monitoring voice and data convergence, eval-uating the impact of new business services, troubleshooting applicationdegradations, and planning traffic engineering changes which are allbased on evidence collected from the network and users directly.

Historical Reporting Across theTraffic Flows in Cisco NetworksWhether mini-RMON in switches, MIBII in hubs and routers, Netflow inrouters, NAMs in switches, voice traffic and call setup protocol trafficthroughout the enterprise, VSANs between MDS 9000 Fibre Channelswitches, or nGenius Probes, the ability to collect and analyze the datafrom all the data sources in one holistic reporting tool has eluded mostorganizations. And, manually comparing and aggregating results fromseparate NetFlow and other SNMP data tools is extremely inefficient.

The nGenius Performance Manager solves this problem with a solutionthat collects, analyzes, and reports on all the statistics from all the datasources discussed in this white paper in the form of the nGeniusNewsPaper. The nGenius NewsPaper is a customizable report that userscan publish to other users remotely via a web-based repository called aNewsStand. NewsPapers include sections and articles (categories andreports) containing information relating to network performance, amongthem: the Front Page, Executive Summary, Capacity Planning, PredictiveAnalysis (Situations To Watch) and Response Time.

These reports can be scheduled for daily, weekly, or monthly publicationautomatically, and customized for the appropriate audience, such as an“Executive Times” NewsPaper for the CIO and VP of IT, or RegionalNewsPapers for Europe, Asia, and North American audiences.

Figure f: nGenius Performance Manager offers automated daily, weeklyand monthly NewsPaper style reports. The Front Page of this NewsPaperReport displays enterprise wide statistics from router ports, switch ports,NAMs and NetFlow as analyzed to report on most utilized segments, cir-cuits, applications and VLANs.

The Value of One All InclusiveReporting ToolIT organizations will find value in the nGenius Performance ManagerNewsPapers because they incorporate details from every intelligent datasource in the Cisco network. The analysis provided allows for flexiblegroupings and articles to pinpoint information pertinent to different audi-ences and departments. With nGenius Newspapers organizations can:

• Collect historical data from all the sources of information, SNMP MIBs,NetFlow, Voice, NAM, nGenius Probes, IOS IP SLAs, and Fibre ChannelSwitches for viewing in one convenient set of reports

• Analyze all the data collectively for a true representation of most uti-lized segments, virtual circuits, and applications enterprise-wide

• Customize the nGenius NewsPaper reports to include most utilizedsegments enterprise-wide, most active applications LAN, least utilizedVLANS - engineering, or top n conversations – for giving business andIT staff audiences information tailored for them

• Identify slowly degrading application, server, and host performancebefore they impact the end users

• Plan network and budget changes for wide area network links based onapplication utilization trends, not just volume trends

• Evaluate the current assignment of applications within QoS classes tomaximize performance for business services

• Publish customized NewsPapers for finance, sales, and manufacturingto foster communication across multiple departments.

Trending and reporting network activity supplies a wide range of informa-tion for changing internal infrastructure, prioritizing network and routingchanges, as well as upgrading budget and telecommunications carrierbandwidth, all with evidence based on the daily activity in their network.The nGenius Performance Manager uses intelligence from every datasource, analyzes it all, and provides easy to understand NewsPaperreports from which to make real decisions and changes.

10

Summary

The nGenius® Performance Management System collects rich, detailedinformation from all Cisco Intelligent Infrastructure devices and providesthe analysis needed to perform a wide variety of IT tasks and disciplinesthat are essential for delivering business services to users and employeesin a prompt and continuous manner. Global organizations with geograph-ically distributed, converged networks transporting both voice and data,have dozens of NAMs and scores of NetFlow enabled routers. A single,holistic solution that incorporates support for real-time and historicalanalysis of all the intelligent network data sources for network and appli-cation monitoring, troubleshooting, fault prevention, service level man-agement, and capacity planning is what is required in those environ-ments. Why? – because using one network and application performancemanagement system satisfies a number of key corporate initiatives:

• Improving troubleshooting and decision-making – One tool can rollup all data sources together and produce a single list of most activeapplications, busiest ports, and top users

• Reducing Total Cost of Ownership – Capital expense for multiplemanagement tools and additional servers can be minimized as wellas the ongoing maintenance expenses

• Increasing employee productivity – IT staff dedicated to managingunneeded network management collection devices and financedepartment buyers tasked with maintaining relationships with mul-tiple vendors can be reduced.

In most organizations today, the enterprise network is a strategic compo-nent for conducting day-to-day business. Comprised of fully integratedand connected application servers, databases, network infrastructureequipment, interswitch LAN links and WAN circuits operating together, itprovides content to end users. As business professionals increase theirdependency on the applications and services delivered through that net-work, it is imperative that the IT organization, who is tasked with its effi-cient and consistent operation, have a solution that can evaluate, trou-bleshoot, and trend networked application performance across the enter-prise.

Real network performance intelligence already exists in the Cisco intelli-gent infrastructure, let the nGenius Performance Manager use that intel-ligence to supply real, in-depth, and comprehensive network and applica-tion performance.

nGenius NewsPaper Sections

• The Front Page is typically enterprise-wide, high-levelarticles designed to attract the reader to examine othersections of the NewsPaper. It is configured to report onup to four items of interest, such as most utilized seg-ments enterprise-wide, most utilized segments WAN,most utilized applications enterprise-wide, and most uti-lized switch ports.

• The Executive Summary section is oriented towardsSr. IT or Business executives who want to view onlyenterprise wide information. Two key categories of infor-mation are provided in this section 1.) The ResourceSummary, which includes an Application UtilizationSummary and Breakdown, Network Volume Summary andBreakdown, Peak Usage Summary and Breakdownthroughout the network; and 2.) Application Volume,which provides details on inbound and outbound applica-tion breakdowns, most active applications, and top con-versations and hosts, enterprise-wide.

• The Capacity Planning section can be customized toinclude articles on most and least utilized segments bytopology (WAN or ATM) or by part of the network(Finance vs. New York Data Center); most utilized switchports, virtual circuits by type – DLCI, VLAN, PVC; Qualityof Service, or sites enterprise wide or by parts of the net-work. Articles can also be published for data sourcehealth, as well as most utilized network protocols andapplications.

• The Response Time section reports on response timeanalysis for particular networked applications, highlight-ing such things as worst performing applications, loca-tions and servers.

• The Situations to Watch section provides analysis onthe historical information collected to forecast futuretrends in segment, circuit, and application utilization,such as days to capacity of a segment. Articles reportingthreshold, time over threshold, and device alarms canalso be found in this section.

• The Assets section lists in detail, reported devices,interfaces and virtual circuit interfaces, helping to keepan inventory of monitored elements.

• The Custom Layout section lets IT staff create an areathat is meaningful to them or to another business unit.For instance, an IT manager may want to view MostUtilized Segments (a Capacity Planning article), withSegment Utilization Forecast (a Situations to Watch arti-cle) alongside a Device Detailed listing (an Asset article).

You have real intelligence

We have real analysis

NetScout Systems, Inc.310 Littleton RoadWestford, MA 01886-4105

Tel. +1 978-614-4000 +1 888-999-5946 US onlyFax +1 978-614-4004E-mail info@netscout.comWeb www.netscout.com

NA

Ms

Route

rs

NetF

low

Voic

e G

ate

ways

Call M

anagers

Eth

ern

et S

witc

hes

Fib

reC

hannel S

witc

hes

NA

Ms

Route

rs

NetF

low

Voic

e G

ate

ways

Call M

anagers

Eth

ern

et S

witc

hes

Fib

reC

hannel S

witc

hes

12

NetScout Systems, Inc.Corporate Headquarters310 Littleton RoadWestford, MA 01886 USATelephone (978) 614-4000Fax (978) 614-4004Web: www.netscout.com

Europe188 Bath RoadSlough, Berkshire SL1 3XEUnited KingdomTelephone +44 1753 690200Fax +44 1753 690201

Asia/PacificRoom 105, 17F/B, No. 167Tun Hua N. RoadTaipei, TaiwanTelephone +886 2 2717 1999Fax +886 2 2547 7010

©2005 NetScout Systems, Inc. All rights reserved. NetScout and the NetScout logo, and nGenius are registered trademarks of NetScout Systems, Inc. CDM and the CDM logo,Universal Response Time, Power Alarms, Workspaces and MasterCare and the MasterCare logo, are trademarks of NetScout Systems, Inc. Other brands, product names and trade-marks are property of their respective owners. NetScout reserves the right, at its sole discretion, to make changes at any time in its technical information and specifications, andservice and support programs.CC-0182-05

The nGenius® Solution is comprisedof nGenius® Performance Manager,nGenius® Probes and for specializedsituations, additional appliancesincluding nGenius® Flow Collectorand nGenius® Flow Recorder.

nGenius Performance Manager is a softwareapplication that analyzes the informationcollected by nGenius Probes as well as othernetwork devices, and delivers the featuresand functions of multiple performancemanagement disciplines in a single product.

nGenius Probes are hardware monitoringdevices that are the industry’s most advancedsources for identifying, collecting and analyzingapplication-level traffic data across theenterprise.

nGenius Flow Collectors are dedicated hard-ware devices optimized for collecting appli-cation conversation data via NetFlow recordsproduced by leading network infrastructuredevices.

nGenius Flow Recorder is an appliance thatcouples storage for large packet trace cap-tures and graphics-based data mining soft-ware. It continuously records all traffic andproduces a network audit trail for post-eventforensics requiring full packet payloaddetails.