VIAVI Observer Apex- Finding the needle faster

I participated in the Tech Field Day Extra events at Cisco Live. One of the presenters, VIAVI has been floating near the edge of my awareness for a while, so it was great to see their presentation and get a better understanding of the VIAVI Observer Platform.

Anytime I see a presentation from a monitoring solution there are three questions that I ask:

“How useful would this be for tier one technicians?”

I usually consider that question from both the perspective of a NOC and also a helpdesk technician. If a monitoring tool isn’t practical for those roles, I am the one who gets stuck using it all of the time, and therefore, it has no place in my environment.

“How useful would this tool be for me?”

If the tool can’t offer enough information to be useful for a senior engineer, I don’t want to pay for it. It also increases the complexity of passing trouble tickets up the chain as each person has to start back at zero in their own tool.

“Does this make it easier to find the problem, or just add another step?”

Monitoring tools which only show up/down status and system logs have very little use for me. I can easily find those by other means, or on the device itself, faster than I can fire up a browser, click on a bookmark, log in, navigate through a device tree, etc.

VIAVI has provided the right answers to all three questions.

product-obsever-apex-welcome

The starting page for Observer is simple. It doesn’t take forever to load as it attempts to pull data from many different sources to provide a general health overview that rarely has anything to do with the reason you opened the application. Instead, Observer’s search box is ready for any relevant text the technician may know about the problem. If you have an IP, MAC address, VLAN, or hostname, those are all great places to start. You can also choose to push into a more generalized monitoring view like Application Performance, Network Performance, etc.

The search box is the beauty of the application for me. VIAVI indexes all of the monitoring sources for things like MAC addresses, IP addresses, interfaces, usernames, and other metadata and then correlates that information together. A technician doesn’t need to look up an IP address in the ARP table, get the MAC address, look up the MAC address in the MAC address table to get the port, then check the port for errors. A search on the IP address will provide all of that information, quickly! Since VIAVI also knows the assigned VLAN, it quickly displays “Here’s a bad actor on the same VLAN that is flooding the VLAN with bad frames.” The technicians can find problems without looking directly for them. That’s a huge win. This is not looking for a needle in a haystack. This is turning on an extremely powerful magnet and letting the needle come to you.

Another great feature is that Observer creates a baseline from the information that it acquires. With that baseline that understands system X typically runs at 75 percent utilization, but is now running at 90 percent, more problems quickly float to the surface. Additionally, the baseline filters out the normal abnormal. Is it “normal” for that system to run at 75 percent utilization all of the time? Maybe so. If it is, a technician doesn’t need a warning about it. It might be operating as designed.

If a technician can’t find a solution through the dashboard, the next engineer who picks up the problem will want to dig deeper. Thanks to the stored packet traces which provided all of the metadata the technician used, the engineer can take a look at the actual packets. Aside from the standard fields like source and destination, IP’s and ports, Observer also includes a patent-pending User Experience Score which is a 1-10 scale to aid in finding problems faster within the trace files.

Taking the click-through troubleshooting one step further, Observer creates Application Dependency Maps which aid an engineer to understand all of the dependent systems quickly and which are affecting performance.

When considering my initial three questions I proposed, I feel VIAVI’s Observer is providing pretty compelling answers for each. I look forward to learning more.

In many ways, Tech Field Day offers a similar solution to VIAVI Observer. TFD allows me to filter through the marketing hype, and get to the bottom of a product or solution and whether it will be useful to me. Don’t forget to check out the many other videos and content created by Tech Field Day at Cisco Live.

Arista announces acquisition of Mojo Networks

Today after the markets closed, Arista announced the acquisition of Mojo Networks. This is a very interesting development, and I am curious to see what Arista does with the technology.

You can read the press release here.

If you are asking “Who is Mojo Networks?” you clearly weren’t paying attention at MFD2 during the Mojo Networks presentation. Take a look at it here:

Mojo Presents at Mobility Field Day 2

You can see more at the Mobility Field Day 2 Event page:

http://techfieldday.com/appearance/mojo-networks-presents-at-mobility-field-day-2/

What do you think about this team up? Is this a good decision for Arista? How do you see it impacting the WiFi community?

Geek Tools – Ventev VenVolt

Any wireless engineer who has spent time completing AP-on-a-stick (APoS) surveys has probably used the Terrawave MIMO 802.3af POE battery. It was a heavy lead-acid battery in a metal case, which promised six hours of use before needing a recharge. Most days it did deliver 6 hours when powering an AP with a single radio enabled. However, I often found that if you ran both AP radios, it would regularly give you less; usually running right around 5 hours with a charge during a meal break.

Did I mention it was heavy? Travel through airports and the TSA was a lot of fun too!

Now, Ventev has a new battery, the VenVolt. It’s sleek, orange, and much lighter. The VenVolt has a bunch of new features which make this an essential addition to any wireless engineer’s toolkit.5132514

  • The battery is now a lithium iron phosphate. That’s the weight savings that makes this thing easy to take on the road. It also ensures plenty of power delivery when needed and long-term stability of that power. Additionally, LiFePO4 battery chemistry is known for higher cycle life and better stability, which should relieve any concerns of a Samsung Note 7 style battery fires.
  • Better power delivery allows the VenVolt to efficiently deliver 802.3at power; a requirement for 802.11ac access points.
  • If 802.3at power wasn’t enough, Ventev includes a three amp, 15 watt, USB power port. That port can be used to trickle charge a laptop, or it can power my favorite tool, an Odroid, which I always use when surveying.
  • That power port wouldn’t be nearly as exciting for me without the final major upgrade, ethernet passthrough.

There are lots of “little” updates that should be mentioned as well:

  • A single switch! No more guessing which switch combination was needed for charging.
  • An LCD screen that shows charge status, voltage, and gives you some guess of the available runtime.
  • The case is ruggedized and has been drop tested to ensure reliability.

Let’s talk through my “new normal” setup with the VenVolt. I connect the AP to the “802.3AF/AT Out” port. There is no difference between that and the old heavy battery.
Next, I connect an ethernet cable between the “Ethernet In” port on the VenVolt and the ethernet port on my Odroid.
Finally, I connect a micro-USB cable between the Odroid and the USB port on the front of the VenVolt.
The magic happens due to the flexibility of my Odroid. A few jobs it runs:

  • iPerf, HTTP, Ping endpoint for any throughput/active surveys that I need to run.
  • TFTP Server – This is where I host boot or firmware files for the many various AP’s that I might use for surveys.
  • DHCP/DNS Server – Makes it easy for the TFTP Updates, client connections, etc.
  • Encrypted File Storage – This is where I store backups of survey files, any building drawings that I am given, or any specifics that I might need at a location.

One final note. The VenVolt is labeled “MK1”. To me, this is a suggestion that updates will come in the future, rather than the “one-and-done” approach of the Terrawave Battery. While I’m excited to see what may come in MK2, this is an excellent upgrade and a definite requirement for anyone who spends time doing APoS surveys.

There was an excellent session at WLPC, where Ventev employees Dennis Burrell and Mike Parry, along with Sam Clements discussed the development process for the VenVolt. It’s worth watching:

Relevent Links:

Ventev VenVolt

Ventev Infrastructure

Ventev Infrastructure supplied me with a VenVolt for testing and provided me the ability to give feedback. All written content provided here is my personal opinion, and has not been manipulated in any way by Ventev. I appreciate all companies who welcome constructive feedback!

 

Cisco Live 2018 Keynote Speakers Announced

Once again, this year I will be at Cisco Live – US. I’m excited about another year with the best people in technology!

The Keynote Speaker for this year was announced today; and I’m pumped! There is an undeniable focus on the future this year. It is clear that as Cisco looks to the future, they see lots of business potential, and areas where they can contribute.

On Thursday, the closing keynotes will come from two individuals:

I personally love the Celebrity Keynotes because I leave there with new ideas or a changed perception of the world around me. Sometimes, we need to be reminded that when we are stuck in the trenches, what we do on a daily basis really matters.

Now that you are thinking about Cisco Live, it would be a great time to also make plans for #KiltedMonday! If you don’t know about Kilted Monday, check out my previous blog post. If you don’t own a kilt, now is the perfect time to order one! As I’ve said in the past, the folks at damnnearkiltem.com make a great product that you won’t mind paying for.

Go register now. Once you do, send me a tweet and let me know you are coming! Cisco Live 2018 Registration

 

KRACK Attack Mitigation – A Call to Arms!

Ask any wireless engineer about the relationship with vendors who make the non-standard clients on their network and you’ll likely get a range of responses from quiet sobs to yelled expletives.

Problems ranging from bad driver or firmware updates, KRACKdevices which don’t follow the 802.11 standard, and long delays in problem resolution are all part of the experience.

Often we may say to a customer “These clients are causing problems and here is proof. You should look at replacing them.” While the vendor of those products are telling that same customer “Your network sucks!”

With that in mind, I want to consider a few things as we begin the KRACK Attack mitigation.

  • Check CERT’s Vulnerability Notes Database for the status of vendor updates. This is a pretty extensive list, and is worth following:
    CERT’s Vulnerability Database
  • Some vendors will be VERY slow to issue patches. It is absolutely essential that we as wireless engineers who have the ability to approve devices refuse any new client deployments without the appropriate patches.
    Bring the security team into the discussion, and ensure that as a united front, unpatched clients are refused!
    Those who work in a sales role should warn all customers away from vendors who are not actively communicating their patch strategy, with clearly defined release dates. We should not send money to any company that doesn’t see resolving this as one of their highest priorities. Those companies should wither and die.
  • Many large enterprises have specific budgets for IT security related expenditures. If the budget isn’t available from teams responsible for the devices, check with the security team. They may have a budget that can be utilized.
  • Communicate to the vendors this week. Ask about patching schedules for KRACK. Ask to be included in weekly updates on the status until patches are released. Make it very clear that you see this as a high priority and are not willing to accept a “Maybe, eventually” patch schedule.

As a group of wireless engineers, we cannot accept anything less than appropriate patches which clearly mitigate KRACK.

Geek Tools – Cape Networks for more than just wireless

In case you missed it, a couple of weeks ago I wrote about my experience testing Cape Networks solution for wireless monitoring. You can find that post here. I first learned about Cape Networks at WLPC, and was able to have a conversation with them at Mobility Field Day 2 that you can watch here.

One point that continues to impress me about Cape Networks is the ability to test much more than WiFi.

It really comes down to the strength of the dashboard and the various tests that each sensor can run. The ability to test against internal and external systems is one example.

Screen Shot 2017-09-15 at 11.57.05 AM

Each sensor can test against web servers, iperf, or custom ports of your choosing.

Users can configure a test to run against predefined external websites like Adobe Creative Cloud, Microsoft Office 365, Dropbox, and others. But, the sensor can also test against custom websites, checking not just “Is it up?” but HTTP status codes and latency as well.

I’ve used this recently to help an outside vendor truly understand that “No, our network is not to blame” for the high latency their users are complaining about.

When all other external websites are seeing ~20ms latency, and your web application is averaging ~90ms over a period of weeks, guess what? YOU have a problem!

Screen Shot 2017-09-15 at 12.06.02 PM

Averaging 96ms of latency. Maybe that’s why the application is always slow?

Obviously, due to the nature of these tests being performed over WiFi, latency, jitter, and packet loss are all expected to be a bit higher, especially if they are performed during times of peak WiFi utilization. However, when you have tests to compare across multiple online services, it’s easy to notice standout patterns.

One feature request I would make to Cape Networks is this: Allow test to be ran across both the LAN and WiFi connections. If we can compare across these two mediums, we may also see additional information useful in diagnosing wireless issues.

Have you found a non-WiFi use for the Cape Networks sensors? If so, tell me about them in the comments.

As a MFD2 delegate, I did receive a free sensor from Cape Networks and various stickers and other low value (but tasty) snacks. All other expenses for MFD were covered by Tech Field Day. I was not compelled to write about Cape Networks in any way other than personal user experience. My employers decision to purchase sensors was based solely on the user experience and ease of problem resolution.

Geek Tools: Ekahau’s New Sidekick

Today Ekahau went public with a new device that moves them from just another industry player to leading the wireless survey tool industry.

The Ekahau Sidekick answers a lot of questions that have been plaguing those of us who regularly do wireless surveys. To understand why it is such an important move for the company, you first need to understand a few of the pain points that comes with being a wireless engineer.

  • Some USB3 hubs create significant RF noise that can affect wireless survey results.
  • Many 802.11ac USB adapters have very poor consistency between devices.
  • Laptop batteries are often non-removable, requiring regular recharging when used for survey work.
  • How reliable is a 3×3:3 USB adapter when all antennas are internal without physical separation? (Short answer, they aren’t)
  • A laptop with 4-5 dongles connected to it is difficult to manage. I know many people who have snapped off a USB dongle in their career.

So, how does the Sidekick do it different?

  • It is a dual 802.11ac radio system with 3×3:3 radio chains and the appropriate antennas.
  • It has a very fast dual band spectrum analyzer with incredibly high resolution.
  • The device has it’s own 8 hour battery, and does not draw from the laptop battery.
  • Nothing to snap off and break. This thing is very rugged, and easily hangs from the hip as the engineer moves around.

So the big question is cost. The Ekahau Sidekick cost $2995US. The question of annual support was not answered during the presentation. This assumes the user already has an active license for ESS or ESS Pro.

Most importantly, by separating the hardware and drivers into a unique specialized unit, the Ekahau Sidekick can be used by those of us who use MacOS just as easily as those crazy few still using Windows. Drivers and firmware are no longer a concern.

Well done Ekahau!

You can find out more at: https://www.ekahau.com/sidekick

 

I received nothing to write this post. I am an active Ekahau user, and purchase licenses and support just like any other user. Hopefully, I will be able to convince my manager that he should fund one more purchase…