Some products introduced for testing today’s high-speed, broadband networking technologies, such as asynchronous transfer mode (ATM) and gigabit Ethernet, offer only off-line, detailed analysis with very limited real-time statistics, testing, and analysis. Appreciating the effects of these shortcomings and the reasons why new solutions are needed will help you select equipment most suitable for broadband network analysis.
Deployment of broadband networks forces protocol analyzer users to retool for the new challenges of network testing and analysis. Adapting existing local area network (LAN) and low-speed wide area network (WAN) products for high-speed broadband analysis will not provide satisfactory results. Protocol analysis tools will continue to be software driven but techniques must be introduced to match the performance of networks designed to operate at gigabit speeds and beyond.
While many vendors offer broadband analysis products adapted from legacy LAN and WAN analyzers, they generally focus on off-line review and provide very limited on-line (real-time) statistics. These adaptations also may not provide accurate results because of fundamental differences between the legacy systems and the newer broadband technology.
The first difference is obvious: Legacy systems such as 10 Mb/s Ethernet operate at relatively slower speeds. These speeds have remained relatively stable while the performance capabilities of monitoring and analysis equipment have increased by orders of magnitude.
The second difference is between network architectures for LAN and broadband systems. LANs operate over a shared-medium, and designs try to achieve the lowest usage or fewest collisions. WAN/broadband primarily has point-to-point connections, and the network design takes in every effort to achieve the theoretical maximum throughput rate.
Troubleshooting Methodology
Typical activities required for network analysis include:
Monitor statistics for errors.
Identify area of focus.
Set filters for area of focus.
Capture filtered data.
Perform analysis of data.
Product design affects each step of this process.
Network analysis is based on measuring and compiling statistics. Traditional LAN and WAN analyzers provide both extensive real-time and off-line (post capture) analyses. Especially with intermittent problems, only by conducting a review of network statistics (real-time analysis) can the search be narrowed to a reasonable probability. Then data can be captured and examined (off-line, if necessary) to precisely identify the source of a problem.
Statistics and RAM
To fulfill its role, a network analyzer must monitor the network and collect statistics about its current operating state. This applies to troubleshooting or measuring performance against a benchmark.
The primary requirement in network analysis is to capture data. When measuring analyzer performance, determine its maximum raw capture rate—how fast monitored data can be saved to the capture (RAM) buffer. It is important to be able to capture data at the full line rate and review it without interrupting the ongoing process of collecting statistics.
The statistics-gathering performance of an analyzer is based on its basic architecture. Performance parameters such as frame rates, protocol distributions, and percent utilization are derived from the cumulative totals gathered over a sampled period.
All analyzers are limited by their frame-rate processing capabilities. Beyond this limit, the analyzer’s cumulative totals no longer are accurate. If the analyzer cannot monitor at the full line rate of the network, then all calculated statistics will be based on partial data. Statistics calculated on the cumulative totals gathered over long periods will be entirely unreliable.
Architecture of an Analyzer
The architecture of an analyzer is represented by four functional blocks: the line interface hardware, the RAM buffer, the processor engine, and the user interface. Depending on the type of analyzer, these functions may be implemented on dedicated hardware, standard PC hardware, or a combination of both.
Today, the majority of LAN or WAN analyzers are processor-based and fall into two categories: software only and software with processor-based hardware. Typically, these products attempt to minimize the processing overhead in real-time and capture every frame or cell on the network.
Software-Only Products
Software-only products generally are low cost and PC-based and use standard off-the-shelf network interface cards (NICs) to connect to the network. All analysis functions are performed in software, and the product performance depends on the PC microprocessor performance. Typically, these products provide protocol decodes and require you to interpret detailed protocol information on a frame-by-frame basis. This is the most inefficient method of troubleshooting and often calls for a high level of protocol expertise.
The use of shared RAM as a capture buffer in the PC requires that all captured data to be stored must be transferred across the computer data bus. The microprocessor is interrupted for the transfer of each frame captured by the NIC.
For monitoring standard Ethernet (10 Mb/s), this equates to the theoretical maximum of 14,881 interrupts per second. Fast Ethernet (100 Mb/s) increases this by a factor of 10 (to 148,810). These performance limitations mean that software-only products are unsuitable for high-speed networking analysis such as ATM networks operating at 155.52 Mb/s (OC-3) and higher.
Processor-Assisted Products
Data-capture speed can be increased by adding a dedicated analyzer NIC. A dedicated card can include a RISC processor, dedicated line-interface hardware, and an on-board RAM capture buffer.
By using the RISC processor in combination with the on-board RAM buffers on the analyzer, the NIC greatly reduces the number of interrupts to the PC. This off-loading of tasks leaves the PC dedicated to the user interface and generally unaffected by the network loading.
The use of direct memory access (DMA) for data transfers from the NIC to the PC will reduce the total number of interrupts. Analyzer performance improvement is directly related to the performance of the RISC processor.
Theoretical Rates
A common argument, is that equipment that does not meet the full line rate performance, still is useful because production networks seldom reach theoretical maximums. This does not address the issue of using the network test equipment to analyze problems related to network overload conditions. With improvements in workstation processor hardware and high-performance NICs, not only is it possible, but even likely, that LAN networks are approaching theoretical maximums.
Viewed from a WAN perspective, maximizing utilization is a prime network design goal to minimize monthly carrier charges. Broadband networks operate in point-to-point configurations with no shared media contention problems that could prevent them from operating at maximum bandwidth.
In addition to monitoring the network line and capturing data for off-line analysis, new test equipment must monitor additional user-defined statistics, support event-based triggers, and perform pattern-match filtering and simultaneous data capture from multiple channels. For lower-speed, 2-Mb/s WAN and 10-Mb/s Ethernet networks, the newer, powerful PC and RISC microprocessors perform these tasks in software.
Higher-speed networks including OC-3 (155 Mb/s) ATM, gigabit Ethernet, and 100-Mb/s Fast Ethernet are too fast for the software-only and the processor-assisted designs. Triggering and filtering for high-speed network analysis must be performed in hardware to achieve maximum performance for active line-rate monitoring.
New Hardware
High-performance monitoring is achieved using specialized hardware.
Field-programmable gate array (FPGA), contents addressable memory (CAM), and application-specific integrated circuit (ASIC) technologies are the building blocks that boost the performance of processor-based analyzers to the levels required for broadband network testing such as ATM. While all of these devices perform pattern matching, each technology has unique advantages that influence their use in a hardware design.
The FPGA is the most versatile of these devices. It also is the most expensive but allows extensive reprogramming and is suitable for performing much more complex tasks in hardware.
The FPGA in a network analyzer can be reprogrammed under software control. These devices perform many tasks traditionally done by processors including pattern-based filtering, cyclic redundancy checking, and frame and cell reassembly.
The CAM is specifically designed for pattern matching. It has performance comparable to the FPGA and is programmable but also expensive and limited to pattern-matching applications.
It has a unique capability to “learn” patterns as they occur on the monitored line. For example, a CAM could be programmed to continuously detect and remember the first 1,024 media access control addresses on a monitored LAN line and maintain a running count of all occurrences for each detected (pattern-matched) frame. This could be used by an analyzer to maintain accurate frame counts for all traffic to and from a workstation or server.
The ASIC is designed for specific tasks. It is best used in a mature networking technology and offers a high performance at a reasonable price. The ASIC cannot be reprogrammed. It can be used in pattern matching, but it usually is developed only after the standards are fully defined. Current use of ASICs on LAN switches has enabled line-rate frame forwarding using cut-through techniques, such as forwarding messages based on a subset by addresses or without error checking.
ATM Standards
New standards and the definitions of previously unused protocol fields are constantly being announced. ATM analyzer hardware must be programmable to protect a customer’s investment. For these instances, FPGA-type devices easily accommodate software image updates.
Your investment is leveraged further through software options that allow the same hardware to be reprogrammed for different applications. For example, an ATM product performing Quality of Service measurements could easily be reprogrammed through a software update to perform internet protocol (IP) or Motion Pictures Experts Group (MPEG) analysis.
Additional benefits of the FPGA-type devices are capabilities for filtering and triggering. A fully loaded OC-3 rate line can transfer 18 MB of data per second. While new hardware technologies can monitor and compile some statistics at this rate, software analysis cannot be performed at line rate.
Filters are required to detect and capture a specific subset of the total traffic. Filter selection must be based on the statistics. The decision of what filters to set can only be made by monitoring statistics in real time.
Filtering provides efficient use of the capture buffer and reduces the load on the protocol-analysis processor. The analyzer now can maintain real-time analysis of higher-layer protocol activity in the data stream as it is extracted from the OC-3 link.
Networking problems often are intermittent, and it is not possible to predict when they will occur. In these conditions, the analyzer must automatically trigger the capture based on a set of user-defined network conditions.
Broadband analyzers should support start and stop capture triggers for as many user-defined conditions as possible. Triggers should include higher layer support for protocols such as IP. This is important because higher-layer symptoms often are the only available indication of a lower-layer problem.
Testing Legacy Networks
To provide a communications link between two legacy (LAN or WAN) networks, all native protocols must be encapsulated before transmission over the ATM portion of the network. Troubleshooting these systems requires the capability to simultaneously monitor full line rates on both the broadband (ATM) and the legacy systems. This time-stamped data then can be correlated to track down interworking problems.
Essential, higher-layer, real-time statistics are available today only on high-end broadband test tools. When evaluating test equipment, compare the cost of a product against its capability to accurately identify the problem.
Accuracy is entirely dependent on the capability of the analyzer to acquire all the data on the network. A product limited by its performance only can offer a best guess, which ultimately results in countless hours of wasted time and money chasing the wrong solution while a network is down.
Conclusions
These new broadband networks move enormous amounts of data in a pay-per-byte technology. And, if a link is down, you need the best tools to get it back up as fast as possible. If you are testing the new-generation high-speed broadband network technology, then you need the new generation of analyzers designed for this purpose.
About the Author
Mario Pidutti is the product manager at GN Nettest. GN Nettest, 55 Renfrew Dr., Markham, Ontario, Canada L3R 8H3, (905) 479-8090.
Copyright 1997 Nelson Publishing Inc.
November 1997
|
|