For More Information

Traffic Sentinel

Visibility and control of converged networks

Convergence and virtualization of IT infrastructure promise increased flexibility and lower costs. However, convergence also poses management challenges that must be addressed if the benefits are to be fully realized.

The flexibility and efficiency of a converged IT infrastructure derives from the use of a shared network fabric. The challenge in managing in a converged environment is that a shared network fabric allows performance problems to propagate. For example, server virtualization offers the flexibility to easily relocate virtual machines. However, virtual machine migration operations made by the server group can significantly alter network traffic patterns and impact performance. Similarly, moving storage traffic to the network dramatically increases the need for bandwidth, making the network vulnerable to changes made by the storage team. If a shared resource becomes congested, all the services that depend on it will be impacted. It is critical that management tools are in place to provide visibility into all the elements of the converged insfrastucture.

Traffic Sentinel™ is the first of a new class of performance management tools specifically designed to meet the challenge of convergence. Traffic Sentinel makes use of the multi-vendor sFlow® standard to provide scalable, real-time visibility across the entire networked infrastructure, delivering the integrated picture of network, storage, server and communications performance needed to ensure optimal service delivery in a converged infrastructure.

  • Manage network, server, storage and communications performance from a single "pane of glass"
  • Identify network, computing and storage hot spots
  • Monitor performance of scale-out storage, compute and switch clusters
  • Track network, server and application dependencies
  • Eliminate congestion and ensure quality of service
  • Identify underutilized resources and improve efficiency
  • Account for usage

At its core, Traffic Sentinel has a highly scalable correlation engine capable of continuously monitoring tens of thousands of switch/router ports and the physical and virtual systems connected to them. Sophisticated statistical algorithms integrate network and system performance data to build accurate and detailed real-time picture of the performance of the entire converged IT infrastructure.

Convergence and the data center

Convergence simplifies the data center by connecting flexible pools of storage and computation using a high-speed switched Ethernet fabric. The shared Ethernet fabric is the key to monitoring performance, providing real time visibility into all the activity across the fabric. Traffic Sentinel uses the sFlow standard, implemented by most data center switch vendors, to monitor activity across all the switches in fabric, building a real-time and historical picture of data center performance.

The sFlow standard was recently extended to include physical and virtual server performance metrics. Using sFlow it is now possible to monitor the performance of all the components of the data center, including physical and virtual switches and servers, using a single multi-vendor standard. Traffic Sentinel fully support supports the sFlow host monitoring extensions, providing real-time visibility into compute, storage and network activity throughout the data center.

Convergence in the campus environment

Convergence extends beyond the data center to corporate campuses, where VoIP (Voice over IP), real-time streaming media and virtualized desktops share the network with traditional IT traffic. Again, Traffic Sentinel uses the sFlow capability, built into campus switches, to provide visibility into end to end network performance, ensuring that mission critical services are not disrupted.

Charging for use of network and system services can be an effective method to encourage proper use as well as to recover the costs of providing value-added services. However, obtaining the detailed information required to charge users fairly for services can be challenging. Traffic Sentinel uses data collected from switches, routers and servers throughout the network to account for resource usage by configurable groups or by individuals.

Key features

Traffic Sentinel's intuitive, drill-down interface makes navigation through its detailed data simple. Real-time, overall status can be seen at a glance, clicking on alerts brings up additional detail and guides you to the cause of the problem. Detailed historical traffic flow and server performance information is accessed by standard and customizable automatic reports.

Traffic Sentinel makes use of embedded instrumentation within switches, routers and servers. The breakthrough technology, sFlow, provides the richest information, greatest scalability and is supported by the largest number of vendors (see sFlow Capable Devices). However, Traffic Sentinel also accepts IPFIX and a number of proprietary monitoring technologies, including: Cisco NetFlow, Juniper J-Flow, and HP Extended RMON. The use of embedded switch and router monitoring eliminates the need for probes, providing a cost effective way of providing detailed, network-wide coverage.

  • Network-wide thresholds and alarms
  • Real-time top n visualization
  • Host location
  • Automated L2 and L3 topology discovery and mapping
  • Application dependency mapping
  • Fullly detailed historical data retention
  • Customizable interactive and scheduled reporting
  • Continuous monitoring of tens of thousands of switch ports and servers
  • Access to performance data from any web browser or web-aware application
  • Easy integration with other applications through open interface and web-based queries

Technical Specifications

Protocols Monitored
Full layer 2 - layer 7 analysis:
BGP4 source, destination, peer, full AS path analysis
RTP jitter and loss

Layer 2 analysis:
Full duplex port statistics
Traffic priority by port
VLAN statistics

Server performance:
Physical server CPU, memory, disk and network IO
Virtual machine CPU, memory, disk and network IO
Server UUID, OS, machine type and MAC addresses

Standard reports
Traffic profiling and trending (host, protocol, link)
Server profiling and trending (CPU, memory, disk, network)
Cluster performance
Top servers
IP multicast sources, channels and trends
RTP delay and jitter
BGP AS Path analysis
Usage accounting
Unauthorized activity
Event frequency SLA analysis

Data Sources
sFlow (including host extensions)
IPFIX (over UDP)
Cisco NetFlow Versions 1, 5, 7 and 9 (non-aggregated)
Juniper j-flow (non-aggregated)
HP XRMON (Extended-RMON)
Monitors 100,000+ switch ports from a single server
System Requirements
Traffic Sentinel is a web-based application that runs on a variety of platforms designed to monitor different size networks.

Virtual Machine
Medium size network (campus, small data center)

OS RedHat ES/AS, CentOS or Fedora
CPU 2 x vCPU (max.)
Memory 2GB (min.)
Disk 80GB (min.)
Network 100Mbps

Stand-alone server
Large network (large campus, data center)

OS RedHat ES/AS, CentOS or Fedora
CPU 4 x 2GHz (min.)
Memory 16GB (min.)
Disk 400GB Fast-SCSI (min.)
Network 1Gbps
HP Network Integration Tested HP Converged Infrastructure Ready sFlow enabled