Network testing, 1-2-3

We look at three hardware platforms that will keep the data flowing

Network testing often is given short shrift, viewed as overly expensive and time-consuming. Network administrators with limited staff and budgets think their focus is better spent on day-to-day management. But with a little vision and the right tools, they can spend whatever time they’d like and still garner important long-term performance and budgetary benefits.

Planning appropriately for the future requires knowing not only your network’s present capacity, but also its future requirements and exactly how those will relate to specific network architectures. Only network testing can get you that information.

We took a snapshot of the market by reviewing hardware-based network testing equipment from the high-, the middle-, and the more accessible lower-end markets. On the high-end, we looked at Spirent Communications’ SmartBits TeraMetrics XD network testers. The DA-3400 Ethernet Data Network Analyzer from Acterna was our middle-end choice, and the latest iteration of Fluke Networks’ long-famous OptiView products completed the trio on the lower-end.

Our view of network testing covers three main categories. The first is validation, which is simulated testing to determine whether a proposed network architecture will function in specific environment conditions. Then there’s capacity testing, which involves using ongoing traffic monitoring numbers as well as additional traffic generation tests to accurately determine ongoing network upgrade requirements. Finally, there’s the most common form of testing, namely troubleshooting, which is testing live or test-network scenarios to determine solutions to specific problems.

The real key to successful network testing is doing your prep work and creating either a SPAN (switched port analyzer) port or a tap that examines traffic at key locations in your network. Working outward from the edge towards the external connects is the key to finding hacks like Slammer and determining which machines were infected and which were just reflecting traffic.

Spirent SmartBits TeraMetrics XD

Spirent represents the Rolls-Royce of network testing equipment, no question; but that doesn’t mean the company’s wide product line is for everyone. Spirent excels in validation and capacity planning for large networks, but SmartBits TeraMetrics XD is not designed for use as a network troubleshooting tool; there are better products available for this purpose. Not to mention that the price tag of a fully equipped Spirent chassis is enough to weed out most midsize network requirements.

InfoWorld’s testing staff, however, has a long history of using Spirent’s SmartMetrics products in its Hawaii-based high-speed enterprise switching roundups. That’s simply because they represent best-of-breed ability when it comes to accurate and flexible network and switch-testing capabilities. In time for this review, the company has made some huge strides in these areas by introducing its SmartBits TeraMetrics XD modules.

The XD product line is Spirent’s response not only to an increasing requirement for port capacity and density, but also for application intelligence. Spirent’s customers need to be able to test a much higher throughput within a denser port forest; they also need to know how specific applications and protocols will behave in these environments with an eye toward performance as well as security. Customers also want the ability to test in lower port density environments, but with high scalability and specific protocol support for advanced routing, layer 4 though 7 application traffic, and secure protocols such as IPSec and SSL.

Enter XD. These cards provide dual-media support, both copper and fibre, on a single card in multiple port configurations, which can scale to a maximum of 700 ports in a logically configured SmartBits chassis. Be advised, however, that the XD line represents a series of card-based products. These require a SmartBits chassis in order to function, and really want the newest in Spirent’s chassis line, namely the SMB 6000C. The older 6000B chassis can only accommodate six XD blades, but the 6000C can handle an entire load of XD cards thanks to its increased power and cooling capabilities.

What makes an XD card so special is its Linux-based control module. By using a full-scale operating system on every card, Spirent provides unprecedented routing and protocol testing simulations. You can even ask for customized protocol implementations, though at the moment, you’ll need to do this through Spirent’s PSA (professional services automation) arm until the company gets around to building an XD API.

Using XD enables testing scenarios utilizing both 10/100/1000 copper or Gigabit Ethernet fibre on each port with the ability to generate wire-rate traffic and then analyze that traffic on layers 2 and 3. With sufficient port density, XD can easily generate millions of simultaneous IP flows and test specific QoS, CoS (class of service), and DiffServ (Differentiated Services — an IETF working group project architecture for providing different types or levels of service for network traffic) architectures. Each port also can run multiple application or security protocols simultaneously to emulate almost any corporate traffic pattern, right along with all the routing and security protocols you’ll be using.

The embedded Linux OS also soon will allow each XD card to be used as a WebAvalanche or Reflector application traffic generator. This capability wasn’t available in time for testing, but Spirent promises its delivery in 2004.

Late last year, Spirent also announced a daughter card option to the XD line, called the SmartBits XD Security Module. These products are designed for IPSec and VPN testing and are based around a proprietary encryption chip. The chip allows each card to generate hundreds of IPSec or SSL tunnels simultaneously, allowing the testing or both IPSec- and SSL-based VPN architecture within the test lab.

Spirent’s XD capability is an awesome step forward for detailed testing of large, enterprise-class networks. The combination of TeraMetrics XD and SmartBits 6000C chassis is expensive when compared to the other products outlined here, but for managers of large networks looking to invest shrinking budgets more wisely in the future, that combination can be indispensable.

Acterna DA-3400 Ethernet Data Network Analyzer

The Acterna DA-3400 Ethernet Data Network Analyzer is a highly flexible testing solution that doesn’t offer quite the horsepower of a Spirent box when it comes to traffic generation. However it has several additional analysis features that make it a better solution for administrators wishing to mix network monitoring capabilities with strict network testing.

The DA-3400 is a purple rack-mountable box that contains dual PC card slots for management connectivity as well as either Ethernet or WAN-oriented interfaces. Hardware is only half the purchase, though; you’ll need Acterna’s Java-based management software to make real use of the appliance. The Java client’s software is nice and thin, too, so it won’t eat up too many resources on your dedicated management box or your mobile troubleshooting notebook.

As a traffic generator or monitor, the DA-3400 has some differentiators from similar devices. For one thing, this is a completely passive device unless you specifically activate traffic generation. Similar products like the Fluke Networks’ OptiView utilize query packets to gather data. In a high-security operation, this can make the OptiView undesirable even though query packets enable some more in-depth troubleshooting capabilities.

The Acterna’s trending tools allow zooming in on a rather large archive of past events. The unit has a 5GB hard disk attached, which allows for quite a bit of historical data that the unit can access and compare at any time. For long-term monitoring, this is a very nice setup. You can access these trending statistics from the box itself or send trending data to a local machine running the Java client for even greater trending-data storage.

The DA-3400’s strong suit, however, is network analysis. The unit manages real-time, wire-rate packet analysis up to Gigabit Ethernet and OC-12 throughput. It further classifies all traffic by VLAN, IP subnet, PVC (permanent virtual circuit), or VCC (virtual channel connections) for even quicker identification by administrators. It also supports advanced routing protocol analysis, including error events and long-term routing statistics. Finally, with the right options, it’s even capable of analyzing VoIP (voice over IP) or VoATM (voice over ATM) packets for performance and service quality metrics.

As a network tester, the unit is aimed primarily at verification testing. Its traffic generation capabilities are solid, but not nearly as powerful as what you could get with the right amount of bucks from Spirent. Then again, traffic generation and analysis are the XD’s sole purpose for living, whereas the Acterna has multiple missions in life.

First and foremost of these is still long-term monitoring and network troubleshooting. Its software monitoring capabilities include some very impressive screens, especially the Data Link Detail screen, which is a graph that quickly shows throughput and broadcast traffic across any IP subnet on the network.

The DA-3400 makes it relatively simple to identify any number of network problems, including machines infected with echoing viruses. The machine identifies these boxes instantly via their traffic patterns and can verify whether or not they’ve been cleaned in the same manner.

If we had any wishes for the DA-3400, they’d probably start with the ability to separate subnets on two interfaces. We’d love to have a Gigabit Ethernet SPAN interface coming off our routers while the Fast Ethernet interface was monitoring a completely different segment. This would give us an excellent way to look at both internal as well as external links to compare streams during an attack from viruses such as Blaster or Slammer. Acterna assures us this is in the works.

Although not as a strong a testing powerhouse as the Spirent box, the Acterna DA-3400 wasn’t designed for this task in any case. Instead, it’s built as a long-term network monitoring and troubleshooting aid with verification testing capabilities. In this mission, it’s second to none.

Fluke Networks OptiView Analyzers

A long-time master in network diagnostics, Fluke Networks’ latest OptiView release shows the company still has an edge. However, it’s important to note that although we’re billing the OptiView as the lowest-end network tester in the roundup based on its being the least expensive of the bunch, this is by no means a trivial purchase. Even the lowest end OptiView product will still run you well over $10,000, and Fluke Networks makes sure it’s worth every penny. We looked at two different versions of the OptiView tool, the Integrated Network Analyzer (INA), which is a dedicated mobile unit, and the Workgroup Analyzer, a rack-mount unit. Both are self-sufficient Windows-based PCs running the same software.

The INA comes in the familiar yellow proprietary tablet format, but contains a PC card slot for wireless or wired connectivity as well. Our yellow brick is running the latest OptiView release, but its underlying operating system is still Windows 98. Buy the same box today and you’ll be running Windows XP Tablet PC Edition. The box also comes with a variety of interface connections, each affecting price; ours was the high-end containing dual Gigabit Ethernet fiber connections in addition to 10/100/1000 copper. What you won’t find on the INA, however, are WAN or ATM link capability such as that on the Acterna.

Also unlike the Acterna DA-3400, the OptiView product is a troubleshooting tool designed to fix problems. As such, it’s not a passive device at all, but capable of making changes, including altering MAC addresses, changing QoS profiles, changing TTL (Time to Live) settings, to the network directly from its OptiView console. The machine has excellent support for SNMP; it identifies and even sets multiple communities with a detailed information view and a great MIB (management information base) browser with drill down. Neither the Acterna nor the Spirent is designed to manage SNMP. The capability allows OptiView to act as a hardware analyzer capable of scanning specific devices right down to stats such as switch fan speed or server CPU utilization.

A key feature in the OptiView software is the Problem Discovery Pane. Lots of intelligence is incorporated here, including summaries of errors, warnings, and alerts with drill-down to specific root causes from multiple angles. Sort devices or problems via top talkers or top conversations, and set and populate a traffic filter automatically as long as you point it at a conversation and then sniff that conversation.

As a capacity or verification tester, the OptiView product has limited strength but enough muscle to easily test specific scenarios on single segments. The box generates point-to-point or point-to-multipoint traffic streams in multiple frame sizes. This capability doesn’t match the application spoofing of the Spirent machines, but it’s enough to get a good idea of how a network or application change is going to affect a segment or to verify whether a new change will work in production.

1 2 Page 1
Page 1 of 2