Network Intelligence User Guide

A form of CHAP (challenge handshake authentication protocol) is used to authentication client connections made to a Network Intelligence server. The client must be configured with a valid username and password and this can be entered in the configuration->user... window. In order to save entering this data every time the client is run, there is an option to save the password into a configuration file. In most cases it is a good idea to use this option.

Figure 2.1. Defining the user

The access_control program is used on the server to create a password file containing valid users, their passwords, and access level. The client username and password must match with an entry from this password file. For more information on how to do this, please refer to the server installation guides.

To connect to a server, select connection->open.... You will be presented with a window where you may specify the name of the Network Intelligence server to connect to and the TCP port to connect on. Either a fully qualified domain name (FQDN) may be entered for the name, or an IP address. The default TCP port for Network Intelligence servers is port 6700. Use this unless you know the server is running on a different port. A radio button option to automatically connect at startup is available. This is useful when you mostly connect to the same server each time to run the client.

Figure 3.1. Connecting to the server

After clicking Connect the client will attempt to connect to the server. If there is a problem, a message describing the error will appear in the Network Intelligence main window. Incorrect username/password pairs will be identified as such, as will any attempts to connect to servers that do not exist, incorrect server names etc.

If you have persistent problems connecting to a server and you cannot figure out where the problem is, try telnetting from the client machine to the server. Most telnet commands allow you to specify the port number on the command line. If you wanted to test the connection to the server at localhost on port 6700 you would enter the following under *NIX.

[martin@server src]$ telnet localhost 6700

The response should be something like:

Trying 127.0.0.1...
Connected to server (127.0.0.1).
Escape character is '^]'.
<session>
<software owner="Gadgets test" version="2.0.1a">
<message><broadcast>This is the message of the day.</broadcast></message>
<authentication><challenge>AWnNaoZ6VuStutdL</challenge></authentication>
Connection closed by foreign host.
[martin@server src]$ 

The important thing to look for here is any sort of text coming back from the server. If you see lines with authentication, a message of the day etc. it confirms the underlying network between the client and the server is working.

If you see such text coming back...

Any problems you experience while trying to establish a connection will be related to the Network Intelligence software. Check your usercode and password again. It's most likely the usercode you are using has not been created on the server.

If you do not see any text coming back...

There is a problem at a lower layer in the network. Maybe there is no network connection between the client machine and the server, or a firewall is blocking the traffic. It's also possible the domain name resolution is not working properly on the client machine. An exhaustive list of possibilities is beyond the scope of this article and resolving the problem is left as an exercise for the reader. To work towards a resolution first make sure you can ping the server machine from the client. Then work out why telnet isn't working. Once you have telnet working, try connecting with the Network Intelligence client once more.

In most situations the client to server connection will work first time, and you will receive an "Authentication successful." message in the messages window. This means a successful connection between the client and the server has been established.

Figure 3.2. A successful connection to the server

After connecting successfully to a server, the client will open a new window on the desktop. What you see in the window will depend on the state of the network as represented on the server. If you are connecting for the first time you will see very little apart from some green ground.

The three dimensional environment is very similar to that used in many popular games such a Doom, Quake etc. In such an environment the user may move around and interact with objects inside the environment. Network Intelligence is no different. All movement and interaction within the 3D window is accomplished using the mouse and the shift and control keys on the keyboard.

For a server that has no network presently defined you will see only green ground and black sky. The default bahaviour of the client is to include a certain amount of fog. This will give a somewhat cloudy appearance to distant objects, so don't be alarmed if your horizon does not form a sharp ground/sky transition, but rather a fade to black effect.

Figure 4.1. A blank canvas

It's not possible to demonstrate the navigation and interaction features without first defining objects in the environment. Refer to Chapter 6 to see how to add objects, then refer to Chapter 12 to see how to move around.

A network is represented using a few basic building blocks. The most basic is the router chassis. These are represented by vertical blue bars that look like batons.

Figure 5.1. A router close up

Interface objects can be added to the basic router object. These correlate to router interfaces such as Serial4/4/0, Eth5 etc. and appear as segments making up the vertical body of the router. If an interface is exporting Netflow Exports, it will appear light gold in colour, otherwise it will appear the same blue colour as the router.

Figure 5.2. A router with interfaces

Router interfaces may be connected to other router interfaces by a circuit. Circuits look like pipes and are grey in colour. They are unidirectional, so in order to represent a bi-directional circuit two adjacent pipes are used, one for traffic in each direction. Traffic flow along such a circuit is represented by a coloured pipe slightly larger than the circuit that appears at the destination interface of the circuit. Think of traffic waiting on the input queue of the interface. The length of the coloured pipe in relation to the length of the circuit represents the utilisation of the circuit. A lightly utilised circuit (small packet flow) will have a short coloured pipe. A heavily utilised circuit (large packet flow) will have a longer coloured pipe. The colour of the flow depends on the circuit utilisation. Usually the flow will be green, however if the utilisation warning threshold of the circuit is exceeded, it will appear red. It is possible to manually set the utilisation warning threshold of any circuit manually. Refer to Chapter 8 to find out how to do this.

Figure 5.3. Two routers and connecting circuits

Autonomous Systems are represented as double-cone shaped objects that look similar to a childs spinning top and are salmon in colour. These are used to represent the other networks making up the Internet.

Figure 5.4. An Autonomous System close up

Traffic flowing away from the network being measured is represented by pipes of varying diameter and colour. The diameter represents the size of the flow. Additionally the current flow rate is displayed numerically alongside the flow in bps, Kbps, or Mbps depending on the traffic volume. The flow is also coloured according to how large the flow is relative to other flows in Network Intelligence. The largest flow displayed will be purple in colour. There is a gradual progression from purple through blue to green (for the smallest flows). Such colour coding allows flows of significant size to be identified very quickly.

A traffic flow may connect a router interface to an adjoining Autonomous System (AS) or may connect two ASes together. They represent the volume of traffic from your network towards the other ASes. Such flows allow visualisation of not only traffic towards a particular AS, but also the traffic that transits throgh that AS destined for another AS.

Figure 5.5. Traffic flows away from the network towards other networks

There are two ways to add routers to the environment. They can be imported from router configuration files previously obtained directly from the routers themselves, or they can be built by hand. Importing is the easiest and fastest way of building a network as the router object and all interfaces are created at once. Performing the same task manually is somewhat laborious by comparison.

Import routers into the environment by selecting action->add/edit->router (import)... from the menu. A window will appear with the names of all of the files in the router configuration directory on the server.

Figure 6.1. Importing routers

Network Intelligence uses these configuration files to build a network representation with router names, interface names, link speeds, IP addresses etc.

Select a single router to import. Multiple routers can be quickly loaded by using ctrl-click, shift-click as well as click and drag to select a range. Click on add and the configurations for the selected items will be parsed and the new objects should appear on the ground directly in front of you in the 3D environment.

Routers can be added manually by selecting action->add/edit->router... from the menu. A window will open where you can enter a name for the router, the loopback address and the IP address of the collector this router is exporting Netflow Exports to (if applicable). Click add and the router will be added to the environment. It will be placed on the ground in front of you in the 3D environment.

Figure 6.2. Adding routers manually

Interfaces can be manually added to routers. First select the router, then choose action->add/edit->interface... from the menu. A window will open with all of the parameters for an interface. You can specify values currently used by your routers, or enter different values if you wish to simulate a different network. Click add to have the interface added to the currently selected router.

Figure 6.3. Adding interfaces manually

Circuits between two router interfaces can be manually added by first selecting the two interfaces in question, then by selecting action->add/edit->circuit... from the menu. A window will open where you can manually define the utilisation warning level. Click add and the circuit will be added. The direction of the circuit (since circuits are unidirectional in nature) will be from the first interface selected towards the second interface selected.

Figure 6.4. Adding circuits manually

There is no ability to manually add AS objects. These are created automatically by Network Intelligence as and when they are required.

In order to save time spent creating circuits between routers, Network Intelligence includes a connection discovery feature. This matches up interfaces on different routers based on the IP address and automatically creates the associated circuits. To make use of the feature first select at least one router, then choose action->connection discovery from the menu. As the interfaces for each router are scanned and matched, a message will be displayed in the main Network Intelligence window. New circuits are created with a default utilisation warning level of 80%. Performing connection discovery on a large number of routers in a large network can be quite slow. Please be patient.

In order to interact with the environment it's necessary to be able to indicate which objects you wish to manipulate. Use the LMB (the left mouse button) for this in combination with either the CTRL or SHIFT key. CTRL-LMB will enable you to select one object at a time whereas SHIFT-LMB will enable you to select multiple objects by clicking on each in turn. When you select an object it will turn yellow to indicate that it is selected.

Figure 7.1. Selecting a router

Figure 7.2. Selecting an interface

In order to clear the list of currently selected objects click (CTRL-LMB) on the sky or ground.

For a quick way to select a large number of routers or ASes select action->select... from the menu. A window will open with a list of all of the routers and ASes contained in the present network. Here you can choose multiple items and then click select. The selected items will turn yellow in the 3D window.

Figure 7.3. Selecting many objects

Items once selected may subsequently be manipulated using most of the options on the action menu.

Once an object is selected you can manipulate it. The action menu items offer a variety of functions including the ability to edit, move and delete objects.

Connection discovery is a particularly interesting feature and is extremely useful when building a network model. Connection discovery uses the configuration of the actual router to calculate where it is connected into your network. This saves you the tedious and error-prone job of working it out by hand.

To edit a router, select the action->add/edit->router... option. The settings for the most recently selected router will be displayed. To change the settings for that router simply edit the desired fields and click update.

Figure 8.1. Editing a router

Editing an interface using the action->add/edit->router... option works in the same way as for editing a router. The settings for the most recently selected interface are displayed.

Figure 8.2. Editing an interface

Editing a circuit using the action->add/edit->circuit... options works the same way as editing a router. The warning level for the most recently selected circuit will appear in the window. By selecting a new warning level then clicking update the warning level for all selected circuits will be updated.

Figure 8.3. Editing a circuit

There are two ways to move objects. An interactive drag of an objects in the 3D environment allows objects to be moved on the horizontal (X-Z) plane, whereas a menu option move up/down... allows objects to be moved along the vertial (Y) axis.

To move objects on the XZ plane first select one or more movable objects. Routers and ASes are both movable objects. Interfaces, circuits and traffic flows are not directly movable however they will follow wherever the routers and ASes are moved. Select objects as described in Chapter 7 Now drag the selected objects by holding down CTRL or SHIFT and the right mouse button (RMB). Move the mouse and the objects will follow. Mouse sideways movement moves the objects sideways, and mouse forward and backward movement moves the objects away or toward you. Release the mouse button to complete the move.

Moving objects vertically can be achieved with the action->move up/down... menu item. A window with a number of buttons will appear. The various buttons control the amount of up or down movement. All selected items will be moved according to the button pressed. It's not possible to move objects below ground level or above a certain height that would make them difficult to reach later.

Figure 9.1. Moving objects vertically

Manually placing individual objects can be a slow procedure. The auto arrange... feature lets you position routers and ASes in a pattern that helps improve clarity. After selecting the option you will be presented with a window that lets you specify the arrangement parameters.

Figure 10.1. Automatically arranging placement of objects

Two arrangement actions are available. The first one is used for arranging routers and is labelled arrange routers. It works by arranging the devices in circles of increasing radius. This tends to group the routers together nicely while keeping some space around each one. The parameters allow you to alter the density of the placement of the routers.

Figure 10.2. A group of routers automatically placed

One technique for building a network is to move all the routers for a particular city or POP to an empty area in the 3D environment, then to perform an auto arrange on just those routers. The result is a clumping together of geographically close routers. If your network covers four different cities for example, you might chose to group the routers by city, each group separated from the other.

The second option is used for placing ASes. In a typical carrier network there will be hundreds of ASes in the model. An easy way to arrange them is to first select all of the ASes using the action->select... option, then to use auto arrange. The AS placement auto arrange feature lets you specify starting altitude and incremental altitude. The ASes will be placed in circles of increasing radius as for the router auto arrange feature, but additionally they will be located at different heights. ASes directly connected to the network will appear at the lowest layer, while ASes further away (more hops away from your network) will appear at a higher layer.

Figure 10.3. A group of Autonomous Systems automatically placed

Looking around the 3D environment is very useful. The left mouse button (LMB) is used to achieve this. Click and hold the LMB while the cursor is over an empty area of ground or sky. Your viewpoint will follow the mouse pointer, so moving the mouse forward or backward will cause you to look up or down. Looking to the left or right is achieved with sideways mouse movement. The control is proportional to the amount the mouse is moved. Releasing the button will halt all movement.

Three forms of movement are available to the user. Each form is useful and helps to make visualisation of the network a breeze. Translation allows movement on the horizontal plane and two forms of orbit allow movement around an object. The first type of orbit maintains constant height of the viewpoint, while the second maintains constant distance from the object.

To translate, click and hold the RMB (right mouse button) over an emptry area of sky or ground. Pushing the mouse forward or backwards moves you forward or backwards in the 3D environment. The speed of movement is proportional to the amount the mouse is moved. Sideways movement is controlled by moving the mouse to the side. Once again, speed of movement is proportional to the amount the mouse is moved. This allows the user to move about anywhere on the XZ plane, and can be likened to walking around the environment. When you are finished moving, release the button and you will stop.

To orbit (pan) around an object, click the LMB (left mouse button) on a router or AS and while holding the button down, move the mouse. Moving the mouse sideways will result in you panning around the object while maintaining a constant distance. Moving the mouse forwards or backwards will move you nearer or further away from the object. Releasing the button will stop all movement.

To orbit around an object at constant distance, click the RMB on a router or AS and while holding the button down, move the mouse. Moving the mouse sideways will result in you panning around the object while maintaining a constant distance. Moving the mouse forwards or backwards will move up or down relative to the base of the object. Releasing the button will stop all movement.

Should you ever become lost in the 3D world it is useful to be able to get back to a known position. The go to->start position option will take you back to the place you were at when you first connected to the server. The go to->overview position will move you to a position from where the whole network should be visible.

Figure 12.1. An overview position for the whole network

To move straight to a particular router, use the go to->router...option. A window containing all of the routers in the network will appear. Selecting a router from the list will immediately take you to it.

Figure 12.2. Going straight to any router

Graphs are usful for tracking changes in a variable (flow volume or circuit utilisation in the case of Network Intelligence). Two kinds of graph are supported. Window graphs appear on the desktop in a window of their own. They can be resized by the user, minimised and treated like any other window. The second style of graph is the 3D graph. This exists only inside the 3D environment, and will hover somewhere near the object being graphed.

Figure 13.1. Graph window

To create a graph, first select a single circuit or flow. Select the action->graph... option. A window will open with various fields that let you customise the graph.

You can set the graph title, the physical size of the graph, and the number of data points to display. Each data point represents the traffic for the update period presently set between the client and the server. The graph style radio buttons let you chose the style of graph (either window or 3D).

Seeing how network topology and traffic flows vary over time can be extremely useful. The time control features of Network Intelligence allow any histroic data to be replayed as dictated by the wishes of the user.

Time control in Network Intelligence is one of the more challenging aspects to understand completely. It is simplified greatly by understanding the underlying workings of the Network Intelligence system. It begins with statistics being gathered by collectors that are scattered around the network. These statistics can be considered as real-time, and are therefore valid only for this point in time, known as the present. The statistics are sent to a server which in turn populates a database with the statistics, along with a timestamp. The timestamp in this case being the present time. A server such as this, that collects statistics from the present and populates the database, is called a master server. There can be only one master server per database. The master server is the sole entity responsible for populating the database with data. It makes sence then, when a client connects to a master server, only the present network topology and traffic can and will be viewed. If we wish to view our network environment as it was some time in the past, we need to connect to a slave server. A slave server extracts information from the database, and produces a network environment for the client. The client specifies the timestamp of data they are interested in, and the slave server will retrieve this from the database. In such a way the user can review historic information, and can control the passage of time through history. It is possible to have any number of slave servers operating from a single database, limited only by system resources. Setting up severs, along with whether they are a slave or a master server, is part of the server installation documentation. Slave servers typically run on the ports following a master server. For example, a master server may be configured to run on port 6700, while slave servers may be running on ports 6701, 6702 and 6703.

When connected to a slave server, an additional time->control... option appears on the menu bar of the client. Using this control it is possible to go back in time and view the network and associated traffic flows at some time in the past. It is also possible to set the speed at which time passes. This feature allows behaviour like a time lapse movie, in which the displayed network changes many times faster than real-time. It is even possible to run time backwards using this time control if the user so desires.

Figure 14.1. Time control

Accessed from time->update period..., the update period window allows the user to specify the interval between server to client updates. A very short update period will keep the client closely in sync with the server, at the expense of increased network traffic between the two. Event messages and warnings are sometimes sent every period as well, so short periods like one second are to be avoided unless the user chooses to be flooded with information.

Short intervals are useful however when displaying time-lapse views of the network. Consider the case where time has been accelerated so that one day passes in one minute of wall clock time. If the client is being provided with updates every minute, you will see a new snapshot of the network every minute, with each snapshot representing one day. If the update period is reduced to 15 seconds, time will still pass at the same rate of one day per minute of wall clock time, however you will receive four snapshots each minute, each one representing a different part of the day.

Figure 15.1. Setting the update period

When viewing the traffic flowing on your network, it is possible to view all of the traffic flows, or just the flows created by the traffic from one interface. Looking at one interface can give an excellent idea of where traffic from a peer is actually flowing!

The current setting is displayed on the main window, the default being to view all traffic flowing across the network. In order to view just the traffic coming in a particular interface, first locate an interface of interest. The interface must be one gathering Netflow Exports. Such an interface will appear light gold rather than blue.

Figure 16.1. An interface receiving Netflow Exports

Select the interface, then choose the menu option action->view->single interface traffic. The traffic field on the main window will be updated to show what traffic is being viewed.

Figure 16.2. Viewing traffic for a particular interface

The three dimensional display will update accordingly showing the flows for all traffic coming in the selected interface.

The image snapshot feature accessible from export->snapshot... allows you to create either single frame images of the network environment or sequential frame by frame images. Images created using the latter method can be combined using third-party software to generate a network animation.

A quality field enables you to set the compression level when saving the JPEG images. Larger values produce clearer images at the expense of increased disk space usage. After taking a snapshot the filename will be displayed for your information. All snapshot images are created in the working directory.

Figure 17.1. Taking a snapshot

A collaborative message broadcast system is included in Network Intelligence that enables users to communicate using text messages. This is useful for follow-the-sun applications where people using Network Intelligence may be located anywhere on Earth. Using the messaging system the network designers can easily keep in touch, can discuss network issues etc.

To send a message to other Network Intelligence users on the same server, select the messages->collaboration... option. A window will open that contains a history of messages received. One line will be available for entering a message to send, and it will be sent as soon as you hit the return key.

Figure 18.1. Collaborating with other users

To display a list of who else is presently connected to the same server enter the text /list.

A handy feature for data centres and the like is the ability to auto rotate around a network. This will cause the network to spin slowly in the 3D window. In this way the overall status of all links and traffic flow can be kept in check.

To auto rotate, first select a router or AS to auto-rotate about. Then select action->auto-rotate. The network will continue to spin until a mouse click is detected inside the 3D window.

Selecting configuration->display properties... will cause a window with a number of tabs to appear on the screen. This window allows control over frame rate, size of the 3D environment as well as what objects are displayed.

Advanced 3D LOD (level of detail) features enable Network Intelligence to maintain high frame rates. One of the methods used is to fog out objects that are a long way away when the frame rate is dropping. By specifying the acceptable ranges of frame rate the fog effect will be used to try to maintain those target frame rates.

Figure 20.1. Fog and frame rate

Target window sizes for the 3D environment can be specified here. It's also possible to resize the window manually by dragging the borders manually.

Support is included for red/blue 3D glasses as well as multi-buffered video hardware. When using the proper 3D modes the fields for focal length and separation will come into effect. The default values should work fine however for very large or very small fields of view these values may be tweaked. Situations such as large video projection screens where the user is very close (relatively speaking) to the screen will probably benefit from less angular separation.

Figure 20.2. Window size and 3D glasses

The display details window provides the ability to turn off the display of any objects of a particular type. This may provide a degree of clarity to the view in some situations.

Figure 20.3. Selecting what objects to display