Network Computingwww.networkcomputing.com

Routing Upstream

The main reasons for having multiple connections to the Internet are to add redundancy and increase performance. The best way to achieve redundancy is to have more than one ISP. But there are two major potential performance bottlenecks to overcome: usage of the local link to the ISP and problems on the Internet backbone. Because each ISP can provide a different path through the Internet, your choice of ISP will have an impact on performance. But choosing the ISP with the best performance record is difficult because performance is dependent on the time of day and the final destination network.

During my visit to Sockeye, technicians simulated the typical customer experience, using the Syracuse labs as the customer. The technicians gathered our ASN (autonomous system number), the IP addresses of our Internet routers and the read SNMP community string. They used this information to configure the appliance so when I received it at Syracuse, I could simply plug it into the network. The Sockeye device also required that the customer enter a couple of simple commands in the Internet routers to set up iBGP (interior BGP) peering with the appliance as well as turn on SNMP to monitor bandwidth. Customers might also need to turn on Cisco Systems NetFlow, which provides a method of tracking traffic flows at the TCP/IP layers. Sockeye also will pull NetFlow data from Juniper Networks and Foundry Networks routers that support it.

The setup did not require a lot of time nor expertise, and Sockeye says it's willing to walk any customer through the process. I chose the Genuity and Qwest Internet feeds coming into Sockeye's lab for our two Internet connections. I needed only about two hours to set up everything, including the installation of the configured 1U Sockeye appliance in a rack. Once installed, it started analyzing traffic data every five minutes.

Monitoring

Sockeye's approach to monitoring is to start out with a baseline of networks and ASs (autonomous systems) provided by Akamai Technologies, probe the ASs and build from there. The appliance immediately starts measuring the packet loss and latency to scan points -- individual end points within each network or AS. These scan points provide the best indication of performance to what Sockeye calls routable entities. The latency and packet-loss statistics are combined to provide a score, termed a shortfall score, that is compared for each local Internet connection. If the shortfall score for accessing a routable entity via an ISP is 5 percent better than it was for the ISP being used, the GlobalRoute appliance uses the BGP next-hop attribute, which simply redirects the traffic to the appropriate router interface.

The main activity screen does an excellent job summarizing the state of routable entities. A color-coded table lists each, along with the shortfall score for each entity's local ISP connections and the link in use. The screen also displays a time stamp of the last change and lists the reason for the change. To develop a comfort level with the product, you can run the appliance in suggest mode, which shows suggested changes.

I could easily choose the amount of data to display and sort it by clicking on any column. I was also able to drill down into each routable entity, which showed me a graph of the comparative performance among the local ISP links over time. In addition, for every change, I could drill into a detailed entry, including the most recent traceroute before the change. Clicking on respective icons on the top of the screen showed me the graphs of the latency and loss history, which conveniently defaulted to the last routable entity I had looked at.

I was able to click on a graph of the bandwidth history of the local ISP links that had been gathered using SNMP. This information can be used to configure the appliance to move the traffic to another link if a certain threshold is reached. This serves two purposes. If the local link is in danger of being saturated, you would want to move some traffic to an alternative link. But if your links have usage-based thresholds, you could balance the traffic to keep it under those thresholds as well. Because performance is being tracked, GlobalRoute has a list of routable entities that can be moved over without hurting performance.

In addition to the baseline of routable entities Akamai provides, new entries can be added dynamically based on the NetFlow data collected on the routers. ASs or networks with the highest traffic are added to the monitored list. Sockeye also crunches the NetFlow data into reports that let you to see where most of your traffic is going; these reports depict traffic in hourly, daily and monthly peaks as well as cumulative percentages. You can add a routable entity and associated scan points manually. This is handy if you have big customers or even VPN users whose traffic you want to optimize.

Because GlobalRoute is a service, Sockeye owns and manages the appliance for you through carefully filtered, encrypted and authenticated connections from its own NOC (network operations center). This means Sockeye not only replaces failed appliances, but it stores backup configurations of the appliance on its site.

If you have multiple connections to the Internet, you'll get your money's worth using Sockeye's GlobalRoute 2.0. The service gives you the information you need to see how well your ISPs are performing. It also can create VPNs that traverse multiple ISPs much more viable. Take advantage of Sockeye's evaluation program and see how it performs on your network.

Peter Morrissey is a full-time faculty member of Syracuse University's School of Information Studies, and a contributing editor to Network Computing. Send your comments on this column to him at ppmorris@syr.edu.