Network Design and

Analysis

Dr. Abdulmajid Al-Mqdashi

Lecture 4
Characterizing the Existing Network

1-2
Characterizing the Existing Network

 Examine the customers existing network to

better judge how to meet expectations for
network scalability, performance and
availability

 Understanding the existing network’s

structure, uses, and behavior you get a better
feel if the design goals are realistic.

 Most designers design network

enhancements to existing networks
Characterizing the Network Infrastructure

 Develop a network map

 Learning location of major internetworking
devices and network segments
 Documenting the names and addresses of
major devices and segments
 Documenting the types and lengths of
physical cabling
 Investigating architectural and environmental
constraints
Developing a Network Map
 Location of major hosts, interconnection
devices and network segments
 Help understand traffic flow
 Data on performance characteristics of
network segments coupled with location
information gives insight to where users are
concentrated and the level of traffic to be
supported
 Goal is to obtain a map of the already-
implemented network
Tools for Developing Network Maps

 Invest in a good network-diagramming tool

 Visio is one example

 Some companies offer diagramming and

network documentation tools that
automatically discover existing networks.
What Should a Network Map Include?
 Geographical – cities and campuses
 Wan connections between campuses.
 Buildings and floors and rooms

 WAN and LAN connections between

buildings and campuses
What should a network map include?

 Indication of the data-link technology for

WANs and LANs
 Service provider for WANs
 Location of routers and switches
 Virtual Private Networks
 Major servers or server farms
 Location of major network-management
stations
 Location and reach of any virtual LANs
 What should a network map include?

 Topology of any firewall security system

 Location of any dial-in and dial out systems

 Indication of where workstations reside

 Depiction of the logical topology or

architecture of the network
Characterizing Network Addressing
and Naming
 Documenting any strategies customer has for
networking addressing and naming
 On detailed network maps include the names
of major sites, routers, network segments and
servers
 Investigate the network-layer addresses your
customer uses
 A customer goal might be to use route
summarization
 Existing addressing scheme might affect the
routing protocols you can select
Characterizing Wiring and Media
 Document existing cabling design to help
plan for enhancements and identify any
potential problems
 Assess who well equipment and cables are
labeled

 Document connections between buildings

(number of pairs of wire and type)
 Locate telecommunications wiring closets,
cross-connect rooms and any lab or
computer rooms
Checking the Health of the Existing
Internetwork
 Knowing baseline of existing system give a
standard to measure new system against
 Existing segments will effect overall network
performance
 Segments that will interoperate with new
segments, backbone networks and networks
that connect old and new areas
 Legacy systems may have to be included
The Challenges of Developing a
Baseline of Network Performance
 Not an easy task
 Time selection
 Time allocation
 Typical time period
 Periods of normal traffic load
 Customer may not recognize need
 Need good understanding of customers
technical and business goals
Analyzing Performance metrics
 Network Utilization
 Throughput
 Delay and Response Time

 Checking the Status of Major Routers

Tools for Characterizing the Existing
Internetwork
 Protocol Analyzers
 Remote Monitoring Tools
 Cisco Tools for characterizing an Existing
Internetwork
 Cisco Discovery Protocol
 Enterprise Accounting for NetFlow
 Netsys Service-Level Management Suite
 Cisco Works
Protocol Analyzers
 A fault-and-performance-management tool
that captures network traffic, decodes the
protocols in the captured packets and
provides statistics to characterize load,
errors, and response time.
 Sniffer Network Analyzer
 EtherPeek
Remote Monitoring Tools
 Remote Monitoring (RMON) MIB developed
to overcome shortcomings in the standard
SNMP MIB for gathering statistics on data-
link and physical-layer parameters

 Gathers statistics on CRC errors, Ethernet

collisions, Token-ring soft errors, frame sizes,
number of packets in and out of a device, and
the rate of broadcast packets
Cisco Tools for Characterizing an
Existing Internetwork
 Cisco has a complete range of tools for
characterizing an existing internetwork,
ranging from the Cisco Discovery Protocol to
sophisticated Netsys tools
 Look at information about neighboring
routers:
 Protocols enabled
 Network address for enabled protocols
 Number and types of interfaces
 Type of platform and its capabilities
 Version of Cisco IOS software
Characterizing Network Traffic
Characterizing Network Traffic

1. Sniffing Network Traffic and performing

Traffic Characterization

2. Application Profiles

3. Application Monitoring
1- Sniffing Network Traffic

 By looking at what is going on inside the network

wire - called “sniffing”
 By analyzing on how the network is being used -
looking at application use
 We do this to better understand how the network
resource, bandwidth, is being used and how its
use impacts the network’s design
 By capturing traffic you can really see how your
network is performing
Sniffing Network Traffic
 There are several ways to collect data to
determine our network traffic
 One way is to look inside the wire - otherwise
known as “sniffing” the network traffic
 Lets look at how Windows NT does this as an
example of how you do this
 Experiments with Etherreal Sniffer Tool
Sniffing Network Traffic

Analyze
Analyze

Optimize
Optimize Predict
Predict
Characterizing Services
 Traffic Characterization
 What kind of traffic is generated?
 How often is it generated?
 What is the relative impact on the network?
 Method for Characterizing a Service
 Use a network capturing and analysis tool
 Capture the appropriate traffic
 Identify each frame in the capture
Frame Types

Broadcast Deliver to all hosts

Multicast Deliver to registered
members

Directed Deliver to specified

address
 The NT Network Monitor Interface

Network Monitor - [\Ethernet\NET1 Capture Window (Station Stats)]

File Capture Tools Options Window Help

% Network Utilization: Time Elapsed: 00:01:44.659

0 0 100 Network Statistics
Frames Per Second: # Frames: 35
Graph
Graph
0
Pane
Pane 0 100
# Broadcasts: 4
# Multicasts: 0
Bytes Per Second:
0 0 2180
# Bytes: 3450
# Frames Dropped: 0 Total
Total
Broadcasts Per Second :
Network Status: Normal
Captured Statistics
Statistics Pane
Statistics Pane
# Frames: 35
Network Address 1->2 1<-2 Network Address 2 # Frames in Buffer: 35
BACKUP 9 11 WFW Client # Bytes: 3450
Session
Session
BACKUP 1 *BROADCAST
# Bytes in Buffer: 3730
% Buffer Utilized: 0
Statistics
Statistics Pane
Pane
INSTRUCTOR 2 1 WFW Client # Frames Dropped: 0
INSTRUCTOR 4 4 BACKUP Per Second Statistics
WFW Client 3 *BROADCAST % Network Utilization: 0
# Frames/second: 0
# Bytes /second : 0

Network Address Frames Sent Frames Rcvd Bytes Sent Bytes Rcvd Directed Frames Sent Multicasts Sent Broadcasts Sent
*BROADCAST 0 4 0 423 0 0 0
BACKUP 14 15 1336 1513 13 0 1 Station
Station
INSTRUCTOR 6
WFW Client 15
5
11
432
1682
402
112
6
12
0
0
0
3
Statistics
StatisticsPane
Pane

Network Monitor V1.1 (built on Jun 23 1995 at 17:49:57)

Displaying Data with Network Monitor

Network Monitor- [Capture:1 (Summary)]

File Edit Display Tools Options Window Help

Frame Time Src MAC Addr Dst MAC Addr Protocol

Description
19 66.276 WFW Client BACKUP TCP
.A..S., len: 0, seq: 282193079,
20
21
66.277
66.278
WFW Client
BACKUP
BACKUP
WFW Client
NBT
ack:1312173
NBT
SS: Session Request, Dest: BACKUP Summary
Summary
, Pane
Pane
22 66.279 WFW Client BACKUP So SMB
23 66.281 BACKUP WFW Client SMB
SS: Positive Session Response, Len: 0
C negotiate, Dialect = Windows for
+ IP: ID = 0xE204; Proto = TCP; Len: 186 Workgroups
R negotiate,
+ TCP: .AP..., len: 146, seq: 282193151, ack: 1312173868, win: 8756, src: 1029 dst:Dialect 139 (NBT#=3
Session)
+ NBT: SS: Session Message, Len: 142
- SMB: C negotiate, Dialect = Windows for Workgroups 3.1a
+SMB: SMB Status = Error Success Detail
DetailPane
Pane
+SMB: Header: PID = 0x36DB TID = 0x0000 MID = 0x4F81 UID = 0x0000
- SMB: Command = C negotiate
SMB: Word count = 0
SMB: Byte count = 107
SMB: Byte parameters
- SMB: Dialect Strings Understood
00000050 00 SMB: Dialect
00 00 00 String
DB 36 = 00
PC00
NETWORK PROGRAM
81 4F 00 6B 00 021.0 50 43 . . . . | 6. . u0 . k . . PC
00000060 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 52 41 4D NETWORK PROGRAM
00000070
00000080
20
4E
31
45
2E
54
30
57
00
4F
02
52
4D
4B
49
53
43
20
52
33
4F
2E
53
30
4F
00
46
02
54
44
20
4F
1 . 0 . . MICROSOFT
NETWORKS 3 . 0 . . DO
Hex
HexPane
Pane
00000090 53 20 4C 4D 31 2E 32 58 30 30 32 00 02 44 4F 53 S LM1 . 2X002 . . DOS
000000A0 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 57 69 6E 64 LANMAN2 . 1 . . Wind
000000B0 6F 77 73 20 66 6F 72 20 57 6F 72 6B 67 72 6F 75 ows for Workgroups

SMB dialects this node understands F#: 22/35 Off: 93(x5D) L: 107 (x6B)
Characterizing Network Traffic

Application Profiles
Application Profiles
 The other way to characterize network traffic
is by looking at the applications that users
utilize on the network and figuring out their
impact on the overall network

 Again, the goal is to figure out how the

bandwidth is being used and the adequacy of
the network design
Application Usage Patterns
 Need to identify the number of users per
application
 Need to identify the frequency of application
sessions
 Length of an average application session

 Number of simultaneous users of an

application
Size of Data Objects
 Terminal session - 4 Kbytes
 E-mail message - 10 Kbytes
 Web page with graphics - 50 Kbytes
 Spreadsheet - 100 Kbytes
 Word processing document - 200 Kbytes
 Graphical computer screen - 500 Kbytes
 Presentation document - 2 Mbytes
 High resolution image - 50 Mbytes
 Multimedia object - 100 Mbytes
 Database backup - 1 Gigabyte or more
Application Monitoring
Application Monitoring
 Using software tools can be used to
determine application performance statistics
 Uses “agents” to collect data and send
information to a “management” station
 Agents run on the different OS where the
applications are installed
 Usually very expensive
 $5,000 to $10,000
Application Monitoring
 The idea is to be able to predict what will be
the effect on the network of rolling out a new
software application
 For existing application, the profiling software
transforms raw application data captured
from the network into an application profile.
This is used for scalability.
 Allows you to do what-if scenarios, to ensure
the planned application can be run across
your LAN or WAN.
Types of Traffic
 Different traffic types have different
characteristics

 Terminal/Host
 Asymmetrical
 Terminal sends a few characters
 Host sends back many characters
 Client/Server
 Similar to above
 Client sends more data as does the server
36
Types of Traffic
 Browser/Server
 Similar to a terminal/server
 Uses a web browser instead of a dedicated
program
 The server response will be quite large possibly

 Peer-to-Peer
 This flow is bi-directional and symmetric
 Unix-to-Unix workstations often use this

37
Types of Traffic
 Server-to-Server
 The flow depends on the relationship between
the servers
 If mirrored, then one way and high level
 Other relationships may be more bi-directional

 Distributed Computing
 Several computers join together to solve a single
problem
 Normally the exchange is quite high
 It is bi-directional and symmetrical
38
Type of Traffic List

Application Type of Protocol User Data Bandwidth QoS

Traffic Community Store
Enterprise Client/Server IP Enterprise Accounting Average None
Accounting Browser/Server Accounting Data of 2 Mbps
from 8 to 5
weekdays
OpenView Terminal/Server IP Average of 2 Kbps OpenView Average of 2 None
24X7X365 Logs Kbps
24X7X365

AlertPage Terminal/Server IP Average of AlertPage Average of None

65 Kbps Logs 65 Kbps
Every hour Every hour
24X7X365 24X7X365

39