Introduction to Network Performance Measurement

Daniel McRobb

Table of Contents

• Stan Barber's Notes
• Sharif Torpis' Notes
• June 1997 NANOG Home Page

Sharif Torpis of PAC*BELL volunteered his notes from this talk. They are included here.

Stan Barber's Notes

This talk will be an operational perspective on what is important to measure and can be easily measured.

Why do it?

• Capacity Planning -- Probably the #1 reason to do this.
• Assist operations provide information for the NOC and engineering with data that can't be found from the NMS
• Value-added service -- providing reports to customers
• Usage-based billing -- Not going to talk about this much

Basic Measurements

• Bandwidth utilization -- particularly important for customers -- A common cause of performance problems
• Packets per second -- this is less important now, but more on this issue
• Round Trip Time (RTT) -- It's a good measurement for long-term trend analysis
• RTT variance -- more on this later
• Backbone packet loss
• Reachability -- Why is packet loss occurring? (examining ICMP responses)
• Circuit Performance -- How are our carriers doing?
• Bandwidth Utilization and Packets Per second --- MIB-II variables are listed (except one)

Why these variables?

IfOutDiscards is normally a very good indicator of congestion.

IfInOctects and IfOutOctects give reasonable link utilization.

Packet Counters are a good indicator of CPU utilization and does not require using enterprise mibs.

IfIndex, IfDescr and IfAdEntIfIndex are good for mapping interfaces to human-readable reports and topology information. Driving the reports from the IP address is much more consistent. Using IfAdEntIfIndex will give you the address data you need.

Someone asks of ifSpeed causes a problem. Daniel acknowledges that this is a problem. Often the database for the customer and the actual configuration vary (especially if the installation engineer sets this manually).

Correlation across counters is very useful. For example, correlating IfOutDiscards and IfOutPackets will help point up performance issues.

Why these variables? MIB-II is available in almost anything that does SNMP.

Useful Representations

• Text
• Value Vs. Time
• Frequency Distributions
• Box plots (Candle plots)

ANS uses 5 minute intervals, however 15 minutes is probably ok. Doing anything more frequent is probably not possible on large networks and generally won’t provide much more insight.

There are some useful variables in the enterprise mibs -- Cpu utilization, queue loss information and so on.

Round Trip Time

RTT can be an indicator of standing queue and congestion, not just distance.

Keeping RTT data long term is useful for trend analysisand correlation against other data. Changes in the RTT are usually and indication of configuration changes or changes in congestion levels.

The tools that ANS uses are ICMP based, which run on POP hosts (not routers).

RTT variance

Some applications are sensitive to variance in transit time. Video and audio application are particularly sensitive. At ANS, this kind of measurement is typically done in cooperation with a customer. ANS uses ICMP, but there may be other good methods using RMON probes.

Backbone Packet Loss

Provides critical view of performance -- the end user will feel it. Correlation can lead to the reasons for packet loss. The Ideal end result will be the ability to predict this before it happens and act to prevent it.

Reachability

Polling all devices in less than 60 seconds (for 10,000 devices) is a design criterion

How often is one edge of your network unreachable from the other?

Circuit performance

Track Circuit errors -- Degrading Circuits can be caught before they go down hard

Set thresholds with your circuit provider and live by them and make the carrier live by them.

Don't buy hardware that you can't query

What does ANS uses? A large mix.

Link Quality Monitoring

There are gaps in the standards. LQM on high speed interfaces is needed (LQM without PPP). LQM on ATM VCs is needed.

Router logs

Very useful when doing post-mortem, however router log formats are very vendor specific. Log information can also be lost because of router problems.

Traps

• HSSI Traps
• PPP Traps
• OSPF Adjacency traps
• BGP traps

Most are vendor specific and traps can be lost just like syslogs.

Source and Destination Data

Daniel has presented information as the previous two NANOGs.

Problems with source to destination data. Difficult to collect. RMON-2 can help, but don't address lots of IP-level issues. If they had routing information, it would be much better.

Route changes are good to measure as well. The Merit tools can help there.

Lab measurements -- Route convergence, flat-out forwarding performance

Misc correlation -- NTP is very useful, use it. Don't use RR option when doing RTT measurements. Polling a very large network is taxing. Most off-the-shelf NMSs don't have good pollers. Save data and think about the data before digging in.

Work with your customers on designing useful measurements. If they can't get what you need, they may go elsewhere.

Bill suggests that Daniel and he get together can write up a setup of recommendations for basic measurements.

Sharif Torpis' Notes

• capacity planning
• assist operations
• value added services
• usage based billing
• basic measurements
  • bandwidth utilization (see related MIB II variables)
  • packets per sec (see related MIB II variables)
  • round trip time
  • round trip time variance
  • reachability
  • circuit performance
  • backbone packet loss (why you're having packet loss)
• ifOutDiscards (normally good indication of congestion)
• ifInOctets (reasonable estimate of link utilization)
• ifOutOctets (reasonable estimate of link utilization)
• packet counters indicate processing time (cpu)
• ifIndex, ifDescr, ipAdEntIfIndex allow mapping t
• human-readable reports and topology info
• ifSpeed needed for % utilization measurements
• correlation across counters is useful where strong correlation is evident e.g. if ifOutDiscards correlates strongly t
• ifOutOctets then you can indicate "danger threshold" on bandwdith utilization
• useful representations
  • text summaries
  • value vs time
  • frequency distributions (histograms)
  • "box" plots (aka "candle" plots)
  • newsgroup propagation
• useful enterprise MIBs
  • cpu load info: avgBusy1, avgBusy5 in Cisc
  • Isystem table
  • queue loss inf
  • (dropped datagrams): IocIfInputQueueDrops, IocIfOutputQueueDrops in Cisc
  • Isystem table
• RTT
  • can be indicator of standing queues and congestion, not just distance
  • useful t
  • keep long term for correlation
  • changes indicate configuration changes or congestion

    -    abq   alt   arc
     abq  -     n     n
  
     alt  n     -     n
  
     arc  n     n     -
  

• RTT variance: some apps (e.g. video) sensitive t
• transit time variance
• backbone packet loss
  • critical view of performance
  • ideal end result: ability t
  • forecast backbone packet loss and hence prevent it (capacity planning, routing policy, etc.)
• reachability
  • take very large scale measurements from as many places as possible
  • critical for realtime NMS
• circuit performance
  • DS1, DS3 MIBs
  • track circuit errors: degrading circuits can be caught before going down hard
  • often strong correlation between poor circuit performance and higher layer problems (cpu, congestion, packet loss)
  • set thresholds and live by them
• router logs: useful for post mortem activities
• problem with LQM
  • LQM on high speed interfaces is needed (LQM w/o PPP)
  • LQM on ATM VCs
  • LQM on NBMA/broadcast per ARP entry is needed
• traps
  • HSSI, PPP, OSPF adjacency, BGP
  • indicate connectivity and adjacency changes
• source to destination data
  • makes capacity planning simpler
  • make peering decisions based on real numbers
  • evaluate configuration changes
  • evaluate private peering and optimal location for this
• route changes: difficult to measure in realtime w/o router assistance
• lab measurements
  • route convergence
  • how well is route flat dealt with?
• use NTP