Next Level Performance Monitoring – Part I

Posted by on Jun 20, 2017 in NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

Network traffic keeps becoming more and more heterogeneous. In many cases, it is not enough to monitor a system as we have done in the past. Here I will present the key ingredients according to Würth Phoenix for successful state of the art performance monitoring and proactive analysis of those applications that are critical for your business.

Combining User Experience and Performance Metrics for new Insights

User experience is a very important factor. If your measurements seem in the right range, BUT end users complain about slow applications, you need to act. For this reason, user experience combined with an overview of all the servers being put under monitoring is the right place to start. In our opinion it is of vital importance to know when critical business applications begin to slow down before your users start to complain. You can achieve this by running continuous checks via Alyvix – our active user experience monitoring solution. Test cases can be written specifically for the most vital parts of your applications, and the functionality and speed of those very parts can be checked as often as needed. The outcome in terms of performance of each individual user interaction tested is then saved into the same central time series data base as the performance metrics registered from all original sources of interest (such as Perfmon data, ESX performance data, etc.) It is then possible to perform a multiserver zoom and with a single click to navigate to the most interesting servers during time periods where Alyvix detected problems.

Screenshot from 2017-05-29 10:42:58

Read More

Find out who is eating your bandwidth with ntopng

Posted by on Apr 27, 2017 in Network Traffic Monitoring | 0 comments

Who is eating my bandwidth

Who really knows what are the protocols used in the local network? Usually with netflow you can distinguish traffic per l4 port (80=http,443=https,..) but this is no more sufficient. Some applications use dynamic ports (see nfs, ftp, routed sap, …), several applications use the same ports, how can we distinguish them?

Applications grow and change really fast (like all stuff in IT world) and it is not easy to keep your netflow analysis tool aligned with this evolution.

Ntopng is able to automatically detect the applications that are generating the traffic without having to define and use filters.

Read More

How to use anomaly detection to create smarter alerts

Posted by on Nov 11, 2016 in Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

Alarms and monitoring go hand in hand. Whenever an algorithm or threshold is used to decide whether the current value of a registered KPI should rise an alarm or not the result can be a hit, a correct reject, a miss or a false alarm.

threshold

The standard way to rise alarms is studying standard traffic – which should not rise alarms – and deciding on a static threshold based on the historic standard traffic (For example see Figure 1) and experience. Everything below the threshold is than considered as standard traffic and everything above rises an alarm. This kind of threshold-based alarm creation is robust to many outliers and might be sufficient if the mean of the standard traffic does not change dynamically (in that case the threshold needs to be adapted dynamically, too). Signals might contain also anomalies that are quite useful for problem detection that look very different from classic (more or less extreme) outliers. For example a change in the distribution or similar (see Figure 2, red area on the right) can be a first sign of instability and taking an immediate counter-action can prevent the anomaly turning into a real problem.

median

For this reason the study of alternative more sophisticated alerting mechanisms is a useful addition to current common practice.

Read More

Congratulations to the winners of the NetCla Challenge

Posted by on Oct 5, 2016 in NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

More than 100 Teams were competing, more than 25 sent in a solution, the best reaching a Macro-F1 scorse higher 0.88.

Last Friday, after six long weeks, the time had finally come. During ECML-PKDD conference at Riva del Garda the best of the competing approaches have been described and discussed. The participants had the possibility to get answers directly from the organizers and last but not least Iryna Haponchyk – leader of the winning team – was awarded 1000 Euro for the solution with the highest macro-F1 score, or better for having created a model capable of producing such a score. Here you can see the beaming winner during the discovery callenge prize ceremony.winners

Iryna explained her team trained a standard multi-class linear SVM classifier, having preliminarily enriched the presented attribute set with features generated using a random forest and features encoding the notion of interdependency between the examples that go close to each other in time.

Read More

Why does my local network latency increase during working hours?

Posted by on Sep 22, 2016 in Capacity Management, NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

Sometimes you get a higher network latency during certain periods of the day.

Network section of a datacenter (1 Gigabit Ethernet) with normal, constant latency throughout the day

Network section of a datacenter (1 Gigabit Ethernet) with normal, constant latency throughout the day. Please consider that the typical latency for 1 Gigabit Ethernet connections is minor than 5ms.

 

Network section of a datacenter (1 Gigabit Ethernet) with increased latency during working hours

Network section of a datacenter (1 Gigabit Ethernet) with increased latency during working hours. Please consider that the typical latency for 1 Gigabit Ethernet connections is minor than 5ms.

Read More

Automatic Network Management – A Challenging Goal

Posted by on Aug 17, 2016 in NetEye, Network Traffic Monitoring, Real User Experience Monitoring | 0 comments

2016-08-17 17_06_49-European Conference on Machine Learning and Principles and Practice of Knowledge

Würth Phoenix – Research News

Currently researchers around the world are competing to bring automatic network management to the next level. Würth-Phoenix S.r.l. has recently released a dataset and is currently organizing one of this year’s ECML-PKDD discovery challenges together with The H2020 EU 5G-Cognet project and the University of Trento.

The challenge consists in a multi-class single label classification task of network traffic, as it could be generated by a small company on an average working day. The goal is to predict which application sent which of the requests of the day, while only metrics that do not directly contain this information are available. This challenge is one of the first explorations of ML for automatic network analysis exposed to the public.

Read More