Geek Speak

2 Posts authored by: emilie

DPI - A True Love Story

Posted by emilie Oct 21, 2014

Esteemed Geek Speak readers -


Recently, a valued customer shared the following story with us. We thought it was so good, we wanted to share. They asked to remain anonymous but the story remains the same:

Long ago, in a data center far, far away...
It’s the question that every support team dreads
"is it the network or is it the application?" When faced with this challenge recently, we turned to SolarWinds® and the Deep Packet Inspection technology embedded in Network Performance Monitor v11.  During a SWOT analysis of a series of business critical applications it was determined that we needed a way to monitor network traffic focused on applications; a different view than the existing NPM (volume) and NTA (volume by applications between discrete endpoints) could provide.  We needed a way to determine how the application was performing and whether the issue truly was the underlying network or the application itself.

So, where to begin with this mountain of a task?

The challenge of sorting out which components needed attention was further complicated by the lack of tools in the new data center.  Neither a dedicated WireShark® server nor a standard Gigastore appliance was in place to help gather packets for analysis.  Enter SolarWinds DPI. Drawing the network, server, virtualization, monitoring and data center teams together, a plan to build and deploy a DPI NPAS (network packet analysis sensor) server in the remote data center was hashed out. Leveraging a Gigamon appliance that would act as the filter for the 10GB links, we built a Windows® 2008 R2 server on top of a VMware® host to house the NPAS agent.  The virtualization team configured host affinity so the guest OS didn’t get vMotioned away from the host with the physical cable in this proof-of-concept build.  With cabling in place, a promiscuous port configured, host affinity set, and a NPAS agent deployed from an additional polling engine that was local to the data center, we were then prepared to start parsing traffic at the application level.

Time was of the essence.

The alternative solution simply required too much lead time for the timeline we had to work with in this troubleshooting effort.  Ordering a Gigastore appliance or building a dedicated WireShark server would have taken weeks from order to delivery and installation.  By leveraging existing hardware and virtual servers, we were able to execute on this proof of concept in under a week.  In spite of having never deployed DPI in a lab environment, not socializing the idea of doing packet-level application monitoring with any of the other support teams, or defining a clear set of objectives, we were able to rapidly go from proposal to deployed solution with minimal effort. 

And on top of all that...

Along the way we discovered the DPI may also save time and money.  While Gigastore and Gigamon appliances are in no danger of being pushed out of core data centers, we’re now considering a Gigamon with DPI to do the ‘app vs network’ discernment for smaller data centers where the interesting traffic is less than 1 Gbps and unique application monitors are less than 50.  The networking team is eyeing DPI in hopes that it can reduce the number of manual packet analysis requests in their future and improve analysis time by targeting the specific part of an application that’s performing poorly. In turn, allowing them to focus on other mission-critical tasks.  


Thank you for sharing your story, IT hero and valued customer (you know who you are).


And for you other heroes out there, we love to hear from you too. Don't ever hesitate to contact any one of us SWI employees. Or just say it loud and proud any where on thwack, particularly on Spread the Word.

Take a look at Google's doodle from June 23, 2014. How many of us have been guilty of this during the past couple of weeks?


Chances are, many of your end-users are consuming bursts of network traffic to discreetly stream USA games during the FIFA World Cup (true confession – I am guilty as charged). CNET reported a record-breaking 1.7M concurrent viewers using the WatchESPN video-streaming services during the US v. Germany game last week, exceeding 6 Tbps when combined with viewers streaming the simultaneous Ghana v. Portugal game. The previous record was 3.5 Tbps for the US v. Canada men's hockey semifinal during the 2014 Winter Olympics. While colleagues and cohorts are coming together to cheer their country’s team on, IT professionals and upper management have some justifiable concerns.


Typically, business-critical applications or services such as SaaS applications, email, database, file sharing, storage, remote backup, and other revenue generating traffic accounts for around  70% of available bandwidth.  Video and other non-essential activity must duke it out for the remainder. This leaves little precious overhead, especially on your expensive WAN links, for hundreds of surprise pop-up HD streams spread by chat clients. Even with great QoS maps in place, instead of saying GOOOOOOAL!, your network admin yells NOOOOOOO!


While business-critical applications could be put at risk during World Cup games, President Teddy Goalsevelt and Will Ferrell be devastated to hear that corporations are restricting employees from streaming the World Cup games altogether.


To help you manage this risk while still fulfilling your patriotic duty, we figured we could remind you of some best-practices when it comes to network performance management during popular live streaming events such as the World Cup:


  1. Monitor your current traffic profile
    There are numerous hardware and software tools that allow you to monitor and profile current network traffic to identify when and how bandwidth is being consumed, as well as by whom and by what applications. This way, you can gain real-time visibility into who and what is consuming your bandwidth and whether you need to take action.
  2. Establish traffic management or quality of service (QoS) policies
    Various network traffic management tools allow a business to establish QoS policies to ensure that non business applications are policed or throttled. They can also ensure business-critical traffic such as VoIP or those to your data center or cloud takes priority over non-essential traffic. If video streaming reaches a certain threshold, you can limit the network traffic it consumes in order to leave room for the business-critical applications.
  3. You may not have to add more bandwidth just yet
    Purchasing additional bandwidth is not the only way to increase your capacity. In addition to QoS, technologies such as WAN acceleration and optimization will effectively help improve your WAN performance.


So time to 'fess up: How many of you are watching the game at work? Are you worried about bandwidth consumption?


p.s. If you want to see just how much the FIFA World Cup is slowing your network traffic, you can download a free trial of Netflow Traffic Analyzer for real-time network bandwidth monitoring and traffic analysis.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.