Wide Area Networks, Observer Management and Monitoring Tools

Abstract

In this report the concepts of different network management principles will be explored with a view to demonstrating how Observer manages wide area networks. The report will explore the issues with WAN and how Observer overcomes these problems.

Introduction

Wide area networks are becoming far more complex and far wider spread than ever before, this of course leads to some big problems for the network managers of these large scale networks. Most of these networks are huge in size and can easily encompass an entire city, whereas most of them are transcontinental. This poses the first of many problems for a network manager, they may not be in the same continent as a large proportion of their network. This makes the use of network management software essential, such as Observer. Using network management software means the network manager would not have to leave their desk to find any fault in the network whether it was in the next room or half way across the globe.

Literary Review

The most useful literary text the author found was from the new owners of Observer, the software used in this report. The new owners ViaviSolutions have published a white paper on using  Observer Analyser, their latest version of the observer suite as a security tool. (anon, 2014)

The journal by Liu et al. (2014) provided a lot of insight into where wide area networks are going, and their optimisation. It contains interesting formulae for network optimisation using the Gauss-Newton method of nonlinear least squares. This principally agrees with the first text in this review about the nature and make up of a wide area network.

Ahmed & Boutaba, (2014) goes on to agree in part with the rest of the journals about the nature of a WAN but goes on to discuss the fact that traditional controllers can cause bottle necks in the network and that opting for SDN (Software Defined Network) allows for a faster network and a higher level of quality overall.

Ahmedi & Mitrevski, (2014) looks at possibly the only real area of disagreement with regards to WANs and that is how much they cost. The relative cost of implementing and the monthly upkeep of a network seems to be the only area where professionals disagree about these networks.

Anon (2008). This seminar outlined the principles of network management that are considered as industry standard.

Cahn, (1998). This journal looks at the design of WANs and their benefits, and this also agrees with the principles outlined in the previous articles mentioned, including the ambiguous nature of the costing of a network. It outlines there are only three important numbers when considering a WAN, these are the cost, either monthly up keep, total set up cost or a mixture of both, the reliability and the response times, and goes on to say these are all directly proportional to each other, as in if you reduce the amount of money spent the response time goes up which brings the reliability down.

Dian Septama et al., (2015). In this journal there is lots of information regarding providing a high quality of service, one of the main areas a network manager faces the biggest struggles and can cause the biggest issues aside from security.

Feng et al.,( 2014) this journal explores the real world application of a WAN and covers the issues in using traditional methods against new technologies which are opting for more automation and utilising programs and algorithms to manage the trivial day-to-day running of a network which frees up the “human element” to focus their time on more important tasks.

Geer,( 2013)this journal focuses more on the security and current state of the internet, but in essence the internet is just a very large WAN and so its management and security are relevant here

(Langer et al., 2010) this journal uses the example of a healthcare organisation utilising the fast and secure delivery methods of a WAN to transport confidential patient files and details across the WAN to remote geographical locations, the main example used is radiology images. These are now digital images and are large in size due to the resolutions required to accurately use them for medical diagnosis.

Malhotra et al., (2011) this journal replicates closely the experiment that was carried out by the author of this report, the main differences are this journal experiments with a LAN and uses OPNET to generate the usage.

Shin et al., (2007) this journal agrees with Ahmed & Boutaba, (2014) and Feng et al.,( 2014) in so much as they state that a network should be monitored and managed by an algorithm based on the existing SNMP framework.

Tiropanis et al., (2015)this journal explores the development of networks and their respective sciences and how these have evolved, specifically into internet science and web science. And how each of these areas are evolving in their own areas and how each of them has an impact on the others.

Travostino et al., (2006) this journal outlines another real world application of WANs for the distribution of virtual machines and how they can be utilised to compute large tasks aver the network instead of only using local resources.

Wang et al., (2014) this journal documents an experiment into the future of how security of a WAN could be implemented. It outlays an idea of sending the authentication key across the network securely but not via mathematical encoding to deter eavesdroppers but by quantum physics. The system uses high frequency lasers beamed down fibre optic cables which are encoded by the transmitter and then decoded by a receiver, the encryption is encoded into the specific frequency of the lasers architecture and photon length. Each transmitter and receiver contain sophisticated monitoring circuitry which monitor the incoming traffic and actively scan for Trojan horse photons from the channel.

Observer and wide area networks

For the purposes of this report the author created a simulated WAN to utilise the software Observer to implement network management. The network simulated three terminals situated in three cities around the world. The “console” was simulated as being in London, one was in Paris and the other was in New York

20151216_150749

Fig 1: Showing Simulated Geographical Location of “Console” (Circled)

C:UsersHelenAppDataLocalMicrosoftWindowsINetCacheContent.Word20151216_150735.jpg

Fig 2: Showing Simulated Geographical Location of Second PC (Circled)

20151216_150837

Fig 3: Showing Simulated Geographical Location of Third PC (Circled)

Once the author had set up the WAN they opened Observer on each of the machines connected to the virtual WAN. The machine simulated as London was selected as the machine to be the “console” for the purpose of managing the network and so was configured to collate the data generated by the network. The other two machines utilised the inbuilt traffic generation tool in Observer. Although the software produces traffic this is of a CBR style and so the data received is evidently simulated but for the purpose of this report this is acceptable. The traffic generator in Observer comes with a plethora of options. The default option sends a small group of packets through on a broadcast channel (ff:ff:ff:ff:ff:ff) the author altered this setting to generate the top talkers and pair matrix graphs as on a broadcast channel all the traffic appeared to be generating and received by the switch’s MAC address which wasn’t the case. The size of the packet and the transmission length were also altered to give a larger test sample. The author also tried to generate random traffic which is one of the options but this seemed to have no effect on the traffic generated as it was constant bit rate style simulation traffic.

mac15

Fig 4: observer running on first PC (Simulated location Paris)

mac16

Fig 5: Observer running on third PC (simulated location New York)

C:UsersHelenAppDataLocalMicrosoftWindowsINetCacheContent.Wordtraffic15.bmp

Fig 6: Traffic Generation on second PC (Paris)

traffic16

Fig 7: Traffic Generation on third PC (New York)

On the console PC observer was running several of its functonal windows, first of which was the top talkers windows. This window is utilised to identify the staations on the network with the highest traffic volumes. This is particularly usefull from a management perspective as to monitor the “personality” of the network in order to maintain smooth operation, and identify potential security threats. (Anon, 2016) the top talkers screen provides a huge amount of information about the different stations attached to the network, including the amount of traffic generated and received by the node in both packets and bytes, its MAC address, its IP address . From this screen the network manager can monitor all the nodes on the network and diagnose issues as they happen. If a node suddenly starts generating large amounts of traffic for no apparent reason the network manager can have observer set up an alert and even have it send a SMS message or email reporting the issue. This ensures the network manager can stay on top of all aspects of the network regardless of time or location. If any issues arise the network manager can deploy a resource from the technical team to resolve the problem swiftly so as not to impact upon the quality of service.

toptalkers15

Fig 8: Observer Top Talkers window with “Paris” PC selected

toptalkers16

Fig 9: Observer Top Talkers window with “New York” PC selected

Looking at the top talkers window identifies that the two Traffic generating PCs were indeed the ones with the heaviest traffic flow, followed by the swiches and hub that connected them all together. A network manager looking at this screen can monitor all machines connected to the network regardless of geographical location, even wireless connections are shown and can be monitored. (Liu et al., 2014)

Another window on the “console” pc is the paired matrix screen. With this tool the network manage can monitor the pathways the network traffic is taking on the network. Through this analysis the network manager can optimise the network through routing manipulation. If a particular router is getting the brunt of the network traffic a second router can be installed to share the traffic burden and reduce the utilisation of the initial router and theoretically improve the quality of service. (Anon, 2016), (Anon, 2008)

pairstat14

Fig 10: the Pair Matrix window showing traffic from the “Paris” PC the the “New York” pc and then to “conslole”PC

pairmatrixaftertrafficgeneration14

Fig 11: “Paris” and “New York” PCs traffic going straight to “ConsloePC

The final tool used by the author is the packet capture window. The first attempts at packet capture by the author demonstrated the need for checking the settings thouroughly as the buffer for capture was very small and so the “captured” line on the graph was tiny to start with untill this was increased by the author. After increasing the buffer size the graphs look much better and the data far more usable.

After increaseing the buffer hugely the traffic was restarted and the capture began again. The packet capture showed the traffic being generated as it monitors all traffic on the network, but will only capture a certain amount for analysis.

packetcapture14

Fig 12: Packet Capture window showing the current traffic on the network (yellow line shows packets captured, blue line is total packets on network)

packetcapture increased buffer14

Fig 13: Packet cature after buffer increased

packetscaptured14

Fig 14: Dialogue box from Observer detailing total packets and ability to save the range for later reference

Through the packet capture the network manager can observe the networks “personality” again to monitor for threats and general maintenance of the network. (Anon, 2016)

Results

After running the experiment the data collected showed exactly how powerful the observer tool can be, although there was only three machines the scope of observers abilities is evident and can easily be imagined for a network of three thousand machines. The interface can be “de-cluttered” to show only relevant information so the network manager wouldn’t get bogged down with an information overload.

Looking at the paired matrix graphs there are several lines on the screen all of which are communiqués between nodes on the network, not all of these are PCs most of them are routers and switches along which the WAN is established. The thickness of each line denotes the amount of traffic it has “dealt” with. These lines show both incoming and outgoing traffic and the lines connect the source to its destination address. The labels are a

combination of the assigned name, normally the name assigned in the NIC and its MAC address EG. Broadcom[5A:7C:09] the label for the “console” PC.

As shown in fig 11 the packets do not have to be routed to or even through the “console” PC for Observer to pick the packets up and display them.

The data collected from the packet capture can be used to manually calculate the utilisation of the network, although this can also be worked out by Observer automatically. The packet capture screen is in a graph format with time across the bottom and the amount of packets per second up the side. There are three coloured lines on the graph blue which denotes the total packets on the network, yellow which are the packets captured by Observer and red which denotes the amount of dropped packets. In the data captured there were no dropped packets, and a peak of approximately 500 packets per second. This flow rate lasts for five minutes with no dropped packets, showing the networks utilisation was within acceptable ranges. if there had been dropped packets it would show that the network was “working” too hard and there for would mean it had a high utilisation and would prompt the network manager to address the utilisation, and to optimise the efficiency of the network.

Looking at the top talkers table in fig 9, in this data it is evident which nodes on the network receive the most and also which transmit the most. This information is highly important to the network manager as these are essential to the security and effective maintenance of the network. For example if there was an employee using the company’s network to watch movies on their workstation the network manager would see within Observer a radical change to the stoichiometry of the network and its “personality” would change. Once this change had been brought to the network managers attention they could look on Observer at the top talkers and paired matrix charts and identify which terminal was using an abnormal amount of the networks bandwidth and then take action against the offending party in line with the company’s IT policy.

Conclusion

This report has looked at the management techniques used in applying wide area networks, their future, their application in the real world and their design and deployment, it is the opinion of the author that the general consensus is that the IT community seem to be in agreement about most concepts of wide area networks, apart from the cost of them, and how to control them. Although the majority of newer reports (Shin et al., 2007), (Ahmed & Boutaba, 2014), and (Feng et al., 2014) are swayed towards having the majority of the control handed over to algorithms and evolution programs, there is also still call for there to be a human element to be involved in the management process.   After looking through the papers used in the research for this report it is the opinion of the author that the application of a well managed WAN is far more beneficial than any other communication option, considering the internet is in reality just a huge WAN its self, a WAN can run everything in a business or academic environment, from physical security like door locks and fire alarms through to phones (Dian Septama et al., 2015) and lighting, there are even applications to control environmental conditions. With the introduction of automated network managers, the buildings air conditioning could be being controlled by a computer thousands of miles away.

With the development of encrypted laser communications utilised in QKD making networks virtually completely secure the control of more sensitive systems may fall under the control of larger WANs and possibly a large central, global WAN to control all the mundane systems around the globe.

To conclude this report the author believes in view of the huge advances in using automated network management options and the amount of non communications based areas controlled by nodes on the network, coupled with the advancements made in artificial intelligence the role of the human network manager could become extinct as we know it. The role could progress to either being an overseer of the AI or completely redundant altogether.

Bibliography

Ahmed, R. & Boutaba, R. (2014) Design considerations for managing wide area software defined networks. IEEE Commun. Mag., 52 (7), pp.116-123.

Ahmedi, B. & Mitrevski, P. (2014) On The Development of Methodology for Planning and Cost-Modeling of A Wide Area Network. IJCNC, 6 (3), pp.71-90.

Anon (2008) 10th IEEE/IFIP Network Operations and Management Symposium (NOMS2008). IEICE Communications Society Magazine, 2008 (7), pp.7_12-7_15.

Anon (2014) USING A NETWORK ANALYZER AS A SECURITY TOOL. 1st ed. Minnetonka. Available from: <http://www.viavisolutions.com/sites/default/files/technical-library-items/using-network-analyzer-security.pdf> [Accessed 17 December 2015].

Cahn, R. (1998) Wide area network design. San Francisco, Calif., Morgan Kaufmann.

Dian Septama, H., Ulvan, A., Hlavacek, J. & Bestak, R. (2015) High Available VoIP Server Failover Mechanism in Wide Area Network. TELKOMNIKA (Telecommunication Computing Electronics and Control), 13 (2), p.739.

Feng, Y., Cui, D., Li, Y., Zhang, J. & Li, J. (2014) Contrasting Meteorological Wide-Area Networks and Evolutionary Programming. AMM, 687-691, pp.2557-2560.

Geer, D. (2013) Resolved. Communications of the ACM, 56 (6), p.48.

Langer, S., French, T. & Segovis, C. (2010) TCP/IP Optimization over Wide Area Networks: Implications for Teleradiology. Journal of Digital Imaging, 24 (2), pp.314-321.

Liu, L., Ling, Q. & Han, Z. (2014) Decentralized Gauss-Newton method for nonlinear least squares on wide area network. IOP Conf. Ser.: Mater. Sci. Eng., 67, p.012021.

Malhotra, R., Gupta, V. & K. Bansal, R. (2011) Simulation and Performance Analysis of Wired and Wireless Computer Networks. International Journal of Computer Applications, 14 (7), pp.11-17.

Shin, K., Jung, J., Cheon, J. & Choi, S. (2007) Real-time network monitoring scheme based on SNMP for dynamic information. Journal of Network and Computer Applications, 30 (1), pp.331-353.

Tiropanis, T., Hall, W., Crowcroft, J., Contractor, N. & Tassiulas, L. (2015) Network science, web science, and internet science. Communications of the ACM, 58 (8), pp.76-82.

Travostino, F., Daspit, P., Gommans, L., Jog, C., de Laat, C., Mambretti, J., Monga, I., van Oudenaarde, B., Raghunath, S. & Yonghui Wang, P. (2006) Seamless live migration of virtual machines over the MAN/WAN. Future Generation Computer Systems, 22 (8), pp.901-907.

Wang, S., Chen, W., Yin, Z., Li, H., He, D., Li, Y., Zhou, Z., Song, X., Li, F., Wang, D., Chen, H., Han, Y., Huang, J., Guo, J., Hao, P., Li, M., Zhang, C., Liu, D., Liang, W., Miao, C., Wu, P., Guo, G. & Han, Z. (2014) Field and long-term demonstration of a wide area quantum key distribution network. Opt. Express, 22 (18), p.21739.