By Ben Erwin

Have you ever read the Surgeon General’s warning on the side of your packet capture probe or appliance?  Look closely and you’ll find it:

SURGEON GENERAL’S WARNING:  PACKET CAPTURE PROBES MAY CAUSE IT BUDGETS TO VANISH AND MAY COMPLICATE PREGNANCY

IT budgets are being needlessly consumed by over indulgence in packet capture and analysis capabilities.  People seem to be somewhat addicted to packet capture.  Why is this happening?

Don’t get me wrong, I’m not anti-packet capture.  Packet capture has an important place in managing application delivery.  That place, however, is the data center.   Applications will occasionally misbehave (even though everyone will blame the network) and you will need some packet capture and analysis capabilities to find out why.  NetQoS provides the capabilities with NetQoS SuperAgent and GigaStor.  SuperAgent’s end to end application response time capabilities can isolate the issue from the network to the application, and GigaStor’s retrospective analysis can help you analyze raw packets for root cause – all from the confines of your data center.

Monitoring the edge is when packet capture becomes hazardous to your IT budget’s health.  While most IT shops have not pushed their application servers to the edge, technologies like MPLS and VoIP have decentralized network communication and increased the need for visibility at the edge. This is when packet capture junkies get out of control.

At $5 to 10K each, putting packet capture probes throughout the edge is simply not worth it. If you manage a large enterprise network, close your eyes and imagine having to deploy, monitor, and manage hundreds of boxes throughout your network just for edge visibility.  What’s my TCO of having all of the probes on your network?  What’s my impact to manpower?  Sure, they work fine for troubleshooting issues in the data center but can I really afford one at every site?  But I still need visibility…is there is a cure to my packet capture addiction? 

As a matter of fact, there is a cure – NetFlow.  Enabling NetFlow on edge routers provides cost-effective application visibility without the need to deploy probes.  Why is it cost-effective?  Because NetFlow itself is essentially free.  It already exists on your existing infrastructure, just waiting for you to enable and collect it. 

While NetFlow is not as granular as packet capture, robust NetFlow reporting capabilities will help you solve almost every issue at the edge.  NetFlow provides several IP layer metrics (including port, IP address, and ToS bit just to name a few) to help you troubleshoot network problems. 

Currently, NetFlow and NetQoS ReporterAnalyzer are monitoring over 250,000 WAN links for IT shops worldwide, and over 65 companies use NetFlow ReporterAnalyzer to monitor at least 1,000 WAN links.  All of these IT shops have blissfully discovered NetFlow is the only cost-effective solution for monitoring the edge.

So if you find yourself trying to scratch the packet capture itch just make sure you’re buying in moderation.  Save yourself a ton of time and money and keep packet capture in the data center.  When it comes to obtaining visibility into the edge, NetFlow is the way to go.