Monday, March 31, 2008

Documentation and Maintenance Keeping Things Up-to-Date

Documentation is an ongoing process. Networks rarely stay the same for a long time. It has been my experience that the larger the network, the faster the rate of change, as users or departments are relocated and new equipment replaces older equipment. So when you consider what means you'll use to create network documentation, be sure to take into consideration that it will need to be updated and you'll need some way for keeping track of changes in an orderly fashion.

Some of the tools you can use to create network documentation include these:

Word Processors and Spreadsheets

Internet 2010

These two tools can be useful for creating documentation. You can use either one to gather information about the network and organize it to locate information quickly and easily. Word processing and spreadsheet applications are easy to update, and for instances in which printed documentation is necessary, most of these programs provide excellent formatting and printing capabilities. For example, you can use tables in Microsoft Office's Word program, or possibly a spreadsheet, to create a list of all the network devices and computers that have an IP address assigned to them. If you want to locate a particular item of data, Word enables you to search a document, and spreadsheets allow you to create multiple indices so that important identifiers are sorted to make it easy to locate information.

For a typical LAN today, it's likely that you'll have only a few important devices or servers that have static IP addressing information assigned. It's easier to use DHCP servers to allocate IP configuration information to computers automatically when they boot. To keep track of dynamically assigned IP configuration information, you can consult the DHCP server application to determine what listing or reporting features are available. For computers or devices you configure with static IP information, you can use a spreadsheet to keep track of this information. Then, when it becomes necessary to replace a router or similar device, you can consult the documentation to get the required configuration information to use on the replacement.

Other important things you may want to consider keeping track of for individual computers include the particulars of the hardware that make up the system, any customizations made on the system that aren't part of a standard, and the user(s) of the system. If the computer is a server on your network, it's a good idea to keep track of contact phone numbers for client representatives so that you can keep them informed during any troubleshooting efforts or downtime.

Online and Paper Documentation

The paperless office that was forecast during the early days of the PC revolution in the 1980s has yet to come about. No matter how small PDAs and laptops become, it's generally easier to sit down with a printed manual. Having to stare at a screen for hours at a time can be a lot more cumbersome. Although word processors and other programs are great at making it easy to find information quickly, sometimes the best option is to print things for easier handling.

Today it is not uncommon to find paper documentation being replaced by hyperlinked text files on a Web site. Instead of looking in the index of a book to find the information you need, you can utilize the Web. A Web site can be useful for several reasons. First, for common problems, a simple FAQ document can help end users solve problems themselves so that your help desk doesn't get a call. Second, for those who do sit at a help desk, clicking through a set of links to find information can be faster than having to juggle one or more manuals and talk to the end user on the phone at the same time.

User Feedback Can Improve Documentation

You can easily judge how well your documentation assists end users by soliciting feedback. If you create the greatest looking documents that can possibly be created, that won't matter if the end user can't make sense of the content. After you've created any kind of documentation, be sure to provide a mechanism that can enable users to provide you with questions or comments on the documentation. Take these suggestions into consideration when it comes time to make updates.

Handheld Cable Checkers

A cable-checker device is usually a small battery-operated unit that is used to check STP or UTP cables. This simple test is usually done when cables are first installed as a quick check to be sure that the process of pulling the cables through the ceiling or walls has not damaged them.

If the cable is already attached to a network device, you have to disconnect it and attach it to the unit. A cable checker operates by placing a voltage on a wire and determining whether it can be detected at the opposite end. This can be used to determine whether the cable has a break anywhere along its path and whether you are looking at the same cable on both ends when several cables are traversing a single path. Most cable checkers consist of two components, which you attach to opposite ends of the cable.

Cable Testers

A cable tester is a small step up from the basic checker. This device can be used to measure NEXT, attenuation, impedance, and noise on a line. Some cable testers even perform length measurements, of both the total cable and the distance to a fault on the cable, such as a kink in the wire that is causing reflections of the signal to radiate back to the transmitting side of the cable. Another function you might see is wire-mapping, which checks to be sure that the correct wire-pairs in a cable have been mapped to the correct pins on the connector attached to the end of the cable. In cables used for 10BASE-T networks, for example, the standard specifies specific pairs of wires in the cable that must be used for transmitting and receiving data. The actual decisions about which pins are chosen for a particular connector are not made arbitrarily. If the wires are not correctly mapped to the pin-out on the connector specified by the standard, the cable might generate errors due to noise or cross-talk.

Internet 2010

Small handheld instruments like these usually have LED lights that indicate a pass or fail condition for the test you are performing. They do not require a keyboard or monitor to display data. Some have a small screen that displays limited text, sometimes showing the suspected type of error that has caused a fail condition. Most are battery powered and can use an AC adapter, which makes them useful portable instruments for installing or troubleshooting cabling.

When you begin to go up the price ladder for these types of instruments, you will find some that can perform more advanced monitoring functions, such as showing network use and Ethernet collisions. Another useful feature to look for if you can afford it is the capability to log data to a memory buffer for later review. Some cable testers are even capable of connecting to a PC or printer to produce awritten report. This allows you to leave the device connected for a while to monitor a line.

Depending on the capabilities of the particular device, you can expect to pay from several hundred dollars up to a thousand or more for a good cable tester. When evaluating products, be sure to compare features. Price doesn't always reflect the quality of a device. And you should carefully check the literature and documentation that is available for each device when making a purchasing choice. Although some features, such as the capability to produce a written report, might sound great, do you really need that capability? In a large network, probably so; in a small one, probably not.

Bit Error Rate Testers (BERT)

Data travels through the wire (or the fiber) as a series of signals that indicate a single bit, representing either zero or one. The statistic called bit error rate (BER) is calculated as a percentage of bits that have errors when compared to the total number of bits sampled:

BER = number of bit errors during sampling interval / total number of bits transmitted

Whereas LAN analyzers operate on data captured from the wire in units of frames (depending on the LAN protocol, such as Ethernet or Token-Ring), a bit error rate tester (BERT) performs a more basic function to determine whether the line is capable of carrying the network signaling at the bit level with a minimum of errors.

This kind of instrument is normally used when installing a connection to a network service provider, and it might be used to demonstrate the quality of service that the provider establishes for your link.

The instrument used to perform this kind of error detection usually does so by generating a specific bit pattern on the line and then checking it at another location to compare the generated signal with that which is received. A pseudorandom binary sequence (PRBS) of bits is produced by the instrument. It is pseudorandom because it simulates random data. However, because the pattern is also known by the receiving connection so that it can make the comparison, it's not truly random, but instead is a predefined pattern. Other tests include sequences of specific bits, either zeros or ones, for extended periods, or specific user-defined bit patterns.

When you have a line that exhibits a high bit-error rate, using a slower transmission speed usually improves performance. This is because when you lower the number of errors that occur, higher-level protocols do not have to resend packets as often to compensate. Although one bit error in a frame usually is easily recovered by a network protocol using an error correction code (ECC) technique, multiple bit errors might be all that it takes to cause an entire frame of several hundred thousand bits to be re-sent.

Sunday, March 30, 2008

Network and Protocol Analyzers Part 2

Establishing a Baseline

Before you begin to perform monitoring or analysis of the network usage and utilization, you need to establish a set of baseline data. To interpret the statistical data that you can collect using LAN analyzers, you need to have something with which to compare future measurements. Baseline data is used to define the normal operating environment for a system and provides a reference for monitoring and troubleshooting efforts.

Baseline data is useful not only for troubleshooting, but also for planning capacity and measuring the effectiveness of an upgrade. Things you should consider recording in your baseline documentation in addition to values you monitor with a LAN analyzer include such things as these:

Knowing the type of equipment is important because different models of NICs, hubs, and other devices can vary widely in their performance. Knowing where each piece of equipment is located can enable you to create an audit trail for troubleshooting. For example, it is common in a business environment for users and workstations to be constantly on the move.

Internet 2010

A simple weekend move, in which you take a few workstations or servers and move them to a different location, might have a dramatic, unexpected impact on the network. Suppose you have two servers that you want to move from a departmental location to a central computer room. When they were located on the same network segment as the users that use them the most, traffic was localized. Placing them on a different segment might cause capacity problems in a backbone link or in a device such as a switch or router that connects the network. If you keep track of hardware and statistical information about its performance and usage, you can usually prevent this sort of thing from happening. At least, you can look back and determine where a problem lies and be in a better position tofind a solution.

This same principle applies to the location of users in the network. Different users can make widely differing demands on a single workstation or server. Keep a list of users, the applications they use, and, when appropriate, the time of day they work in situations in which shift-work is performed.

Understanding the protocols that are used is also important. A simple problem that can be hard to figure out occurs when you move a device to a different network segment and are unaware that it is using a nonroutable protocol. Most routers can be configured to pass these nonroutable protocols (such as NetBEUI), but you need to be aware of this and configure the router accordingly before you make the move.

Finally, baseline data is going to be something that is cast in stone and unchangeable. Modify your documentation as the network grows or changes so that the data remains useful.

Statistical Data

Although most analyzers provide a wide range of statistical data, the analyzer should be able to give you a few general values.

First, be sure that the analyzer can give you statistics that tell you the utilization of the network. In addition to a real-time graphical display, you should also look for the capability to monitor the network and tell you when peak utilization occurs. That is, what times during the day does the network reach its busiest points? Overall utilization calculated over the average workday might not be nearly as helpful as identifying the periods of time when users are working their hardest and getting frustrated with a bogged-down network. Using peak utilization statistics, you can work to resolve the traffic problems by reallocating resources, or perhaps rearranging work habits of the user base.

Another statistic that is found on most analyzers is Frames Per Second (FPS). By itself, FPS isn't a revealing value, but when combined with data showing the size of packets traversing the network, it can produce meaningful data. The larger the packet size used by a protocol, the more efficient the protocol is likely to be. This is because each packet requires overhead necessary to implement the protocol, such as addressing and error-checking information. With a larger packet size, the ratio of overhead to payload is reduced.

Network and Protocol Analyzers Part 1

The first level of network testing consists of making sure that the underlying physical cabling structure is performing as expected. The next level is to monitor and test the network traffic and messages generated by the network protocols to be sure that you have a healthy network. Network analyzer products operate by monitoring the network at the Data Link and Transport layers in the OSI reference model.

Again, you will find that the tools you can select for protocol analyzers range from the very inexpensive (free) to the very expensive (several thousand dollars). One difference between these kinds of tools and those used to check cables, however, is that you need to have a good understanding of the network structure and protocols used before you can make meaningful judgments about the data you collect. The LAN analyzer allows you to intercept network traffic as it passes through the wire in real- time and save the data for analysis. A good analyzer should be able to produce meaningful statistics about the traffic on the network, decode the protocols that are used, and provide a good filtering capability so that you don't get bogged down in an overwhelming amount of data.

Internet 2010

You should consider many factors when deciding on a network analyzer product. The most basic factor is whether you want a portable device that can be transported to different sites or one or more devices that can be placed at strategic locations in the network to perform continuous monitoring. Other features to consider include the following:

  • Price—Of course, this is always a factor when purchasing equipment for a network.
  • Software or hardware—Do you need a dedicated hardware instrument that can perform intense analysis and connect to multiple segments, or can you live with a software implementation that runs on an existing network workstation?
  • Network interface—Do you need to connect to just a 100BASE-T (or even higher bandwidth devices) environment, or do you need a device that connects to other topologies such as FDDI or Token-Ring?
  • Protocol stack support—Is your network homogeneous, or does it support multiple network protocols?
  • StatisticsWhat kind of statistical data does the instrument support? The most basic is frames-per-second. Others include utilization and usage. Utilization is a measurement of the actual amount of bandwidth that your network media is supporting at any point in time. Usage statistics can tell you what is using that bandwidth—from protocol statistics to such things as the number of collisions on a shared Ethernet segment.
  • Memory and buffers—Does the instrument provide enough buffering capacity to capture frames on a high-speed network such as 100BASE-T? How about Gigabit Ethernet?
  • Filters—Does the analyzer provide sufficient filtering capabilities to allow you to look through large volumes of data to get to the frames that really matter?
  • Import and export—Does the device allow you to save files to a disk or another medium so that you can transfer them to other workstations for further analysis?

A good LAN analyzer allows you to monitor network traffic in real-time mode, using filters to narrow the scope of your view. You can set up capture filters, store part or all of the frames that match in a buffer, and perform further analysis.

Friday, March 28, 2008

RMON (Remote Monitoring) continue...

As this list shows, RMON provides a greater deal of functionality compared to SNMP. It allows for the collection of statistical data from all levels of the OSI reference model, including applications at the top in RMON2.

Because Ethernet and Token-Ring networks operate in a fundamentally different way, additional groups are defined in RFC 1513 that are specific to Token-Ring networks:

Alarms and Events

Internet 2010

RMON agents can be programmed to take actions when specific things happen on the network. The Alarms and Events groups provide an important intelligence function.

Configuring an alarm consists of specifying a variable to be watched, the sampling interval, and the event that will be performed when a threshold is crossed. The threshold can be a rising or a falling threshold, or both. For example, an alarm can be set to notify you when something begins to go awry, and to tell you when the situation gets better.

An event that is generated by an alarm can be configured to send an SNMP trap message to one or more management consoles, and store the event in the Log Table. The management station can then take the actions it deems necessary, including retrieving information from the Log Table.

Establishing a Baseline

When making decisions on how to set up alarms and the events they generate, you should consider how the network functions normally. First monitor the network using RMON agents over a long period, noting when variations in traffic or errors occur. Make note of any fluctuations that regularly occur for specific dates or for a particular time of day.

Different network segments might require different sampling intervals and thresholds. For example, a local LAN segment might be subject to wide variations depending on only a small number of users, whereas a major backbone might fluctuate much less as traffic from many segments is blended together. When deciding on a sampling period, it's best to use a shorter interval for a segment that experiences frequent fluctuations and a longer interval for a segment that behaves in a more stable manner.

Response to alarms can be in the form of immediate corrective action, as in the case of a defective device, or a long-term solution such as additional capacity or equipment. Regularly review the baseline values you set, and change them as network usage or topology changes. If alarms and events are not configured to reflect activity that is of a genuine concern, network operators might begin to ignore them, much like what happened to the boy who "cried wolf."

RMON (Remote Monitoring)

RMON (which stands for Remote Monitoring) is a data-gathering and analysis tool that was developed to help alleviate some of the shortcomings of SNMP. RMON works in a similar manner, and its objects are defined in an MIB. RMON can also be thought of as a specialized SNMP MIB for use with remote monitoring devices. It was designed to work much like the LAN analyzer discussed RFCs 1757, "Remote Network Monitoring Management Information Base," and 1513, "Token-Ring Extensions to the Remote Network Monitoring MIB," provide the standard MIB definitions for RMON for Ethernet and Token-Ring networks, respectively.

In SNMP, the roles of the manager and agent are those of a client and server, with the agents being the client of the management console software. In RMON, the agents (often called probes) are the active parties and become the server while one or more management consoles can be their clients.

Internet 2010

Instead of the management console performing a periodic polling process to gather data and perform analysis from agents out in the field, the agents in RMON perform intelligent analysis and send SNMP traps to management consoles when significant events occur.

Using RMON, the administrator can get an end-to-end view of the network. The types of data collected and the alerts and actions that are associated with RMON are different than those of the standard SNMP type. The objects for RMON fall into the following MIB groups:

l StatisticsThis group records data collected about network interfaces. A table called EtherStatsTable contains one entry for each interface to hold this data and also contains control parameters for this group. Statistics include traffic volume, packet sizes, and errors.

Thursday, March 27, 2008

Power Problems

As basic an issue as power might seem, it should be your starting point when you have a device that is not functioning correctly. For example, you might get up one morning and find that although your computer is working just fine, nothing prints. You check the printer and find that it's turned on and has paper loaded; you just can't figure out what the problem might be. Check your hub or switch. Has someone accidentally unplugged the AC adapter that powers the device? Most hubs have a power LED that indicates when the unit is powered up. If you have a power strip, check that too. It's easy, especially in a small office where you don't route cables through the wall, for something as simple as an unplugged device to cause problems. Of course, look to see that no one has switched the power strip to the off position.

The term power strip can refer to either a temporary switched power strip or to a true surge protector (also known as a surge suppressor). At a minimum, a surge suppressor prevents damaging voltage surges from affecting connected equipment. Some also filter out electrical noise and interference.

Internet 2010

You should use high-quality surge suppressors to protect your SOHO network and other electronics around your home. A true surge suppressor is a UL 1449-rated device (check the packaging for the UL rating). Any surge suppressor that meets this standard is a very good one and offers a line of protection beyond what the power supply in your PC already offers. The only types of surge suppressors worth buying, therefore, should have at least two features:

  • Conformance to the UL 1449 standard
  • A status light indicating when the unit can no longer provide protection. It's preferable to look for units that shut down power to the outlets to prevent devices from being damaged when the unit can no longer stop surges.

Other useful features to look for include:

  • Increased spacing for AC/DC converters—Many peripherals, such as broadband and dial- up modems and some types of printers, are powered by AC/DC converters (also known as power blocks or briquettes). Surge suppressors that provide extra spacing between outlets enable all outlets to be used, even when some are occupied by power blocks. When combined with a double-side design (in which both sides of a surge suppressor include outlets), wide spacing of AC outlets helps assure that every outlet is a usable outlet.
  • Built-in circuit breaker—The breaker protects your system if it or a peripheral develops a short.

For greater protection against electrical problems, consider connecting each PC and network device (such as a broadband modem and router) to a battery backup (UPS) device. UPS devices are available from many vendors and are designed to provide a few minutes of runtime when the power goes out— enough time to close applications and shut down computers without losing data. Many UPS units feature signal lights to inform you of battery condition and whether your PCs are running on normal AC power or on battery power from the UPS. A single UPS can power a computer, a monitor, and typical external peripherals, such as a cable modem and router. However, printers should not be connected to a UPS—they draw too much power, and are not mission-critical devices.

Finally, if you are having power problems with all the computers on your network, check the fuse box or power panel in your home or office to be sure that the fuse or circuit breaker at that point hasn't disconnected the power.

If computers or other devices on a SOHO network are malfunctioning, don't overlook the possibility that they are connected to poor-quality or incorrectly wired outlets. An inexpensive AC circuit tester can be used to determine if the electrical outlets in your home or office has been configured properly. This tester uses signal lights to indicate common wiring problems, such as open ground and reversed wires.

Another type of electrical tester known as a multimeter can be used to test electrical outlets for correct AC voltage levels. Multimeters can also measure DC voltage cable continuity and perform other tests. See the multimeter's instruction manual for details and testing methods.

Internet Blogosphere