Originally Posted on TheTechStop.net

For most system administrators, network monitoring is like car insurance: we know we should have it — we know we’ll regret doing without it — we know that it can provide all sorts of interesting and useful purposes — and yet somehow the muss and fuss involved in getting it right and understanding its utility is overcome by the desire to “get in and go.” The usefulness of network monitoring tools is eclipsed only by the difficulty in getting many of those tools running, or in the learning curve to decipher the information coming off those same tools.

cPacket Networks hopes to change all that with their cVu 1000 Distributed Appliance for active network traffic inspection and response.

The cVu1000 on Paper

• Transparent monitoring
• Real-Time Traffic Analysis
• Interactive trafic Administration and Filtering
• Zero Latency Taps
• Intuitive “Drill Down” menu
• SFP Interfaces for GigE and Fiber on all ports
• Traffic Passthrough and Mirroring
• Distributed Monitoring with centralized Storage and Analysis

Backstory
cPacket Networks was a relatively late arrival to Interop NY ‘06. They came into the Belmont warehouse in the waning days of hotstage with four of their cVu 1000 Distributed Appliances. It was my responsibility to find those units appropriate homes where they could tap and monitor the traffic running through the more interesting parts of our network. After a quick tutorial on how the devices worked, we agreed to use the cVu 1000s to monitor four particular segments of the eNet: show floor, classrooms, registration and press.

Installation was straighforward — we use Systimax QDs to connect fiber umbilicals from the core switches to the show floor racks. The cVu 1000 came populated with GigE copper modules, but since they use standard SFP ports, we were able to swap the GigE copper modules for fiber units. Placing the units inline was a simple matter of plugging the fiber that originally went from the QD to the switch into the “A” port of the cVu and running the “B” passthrough back to the switch. Installation didn’t necessitate any changes in our network topology and we immediately began seeing trafic statistics on the built-in LCD screen on the front of the unit.

I like the cVu 1000s — they’re small, easy to install, feature-packed on paper, and cPacket’s engineers are hard-working, honest uberGeeks. They claim that their custom-developed ASIC allows for deep inspection of every packet at linespeed without adding latency to the network. Still, with monitoring vendors like Fluke, Network Physics, Network General, Gigamon, Groundworks, and others already on the Interop train, I didn’t know what to expect from cPackets and their little black box.

Trial-by-Fire
So… the questions — Did the cVu 1000 make monitoring any easier? Did the unit live up to its promises of transparent, zero-latency taps? Did it have an intuitive, drill-down interface that made it easy to isolate, diagnose and correct network problems? Did cPacket Networks come up with a formula for shifting monitoring from a “what happened” to a “what’s going to happen” paradigm?

After seeing the cVu 1000 go through a trial-by-fire of being in the enterprise-class network that we call the Interop eNet, my answer would have to be a loud and resounding, YES.

The cVu 1000 is the first standalone, in-rack monitoring tool that I have been able to master in under 30 minutes. Their interface is extremely intuitive — reporting is divided into “live” and “historical” groups which give users immediate access to the statistics that matter, like bandwidth consumption and DNS requests/replies. Data can be represented in a variety of user-configurable graphs and charts. Users can easily switch between the various cVu 1000s installed in the network and drill-down their views from hours to seconds in order to locate spikes, drops or attacks.

These screens give a good representation of the information that the cVu 1000 makes availible in real-time. It is important to note that the interface was very responsive: Over the course of the show I never experienced a freeze, hickup or drop in my live or historical views through the cVu 1000 status screen.

Show Impressions
The first thing that I have to note is how useful the built-in LCD becomes once it is deployed. Not only does it give the administrator an immediate confirmation of whether or not traffic is passing through the network, the bandwidth counters are surprisingly informative even with such limited real-estate.

The day that the full network was up and running, the cPackets guys introduced me to the status screen and gave me a quick (10 minute) tutorial. From that point on the cVu 1000 became my first stop whenever NetServ (Network Services Help Desk) received a complaint about connectivity or speed. I was amazed at how quickly I was able to learn the interface and at how useful the cVu 1000 was in diagnosing problems — within 4 hours of collecting data we were able to isolate several ARP storms from the registration area, DA attacks over the classroom wireless, DNS problems in the Press area and bandwidth hogs on the show floor.

Conclusions
Even though I didn’t get as much time with the cVu 1000 as I would have liked, my brief experience with the unit, and with the cPacket guys, tells me that they have a winner. The cVu 1000 is an amazingly versatile piece of monitoring gear that is easy to install, easy to use and designed with scalability in mind. I can’t wait to use it in the eNet for Interop Las Vegas, and this time I plan to try the mirroring and filtering functions of the unit.

Trackback URI | Comments RSS