Networking professionals around the world are starting to coming to terms to the reality that IPv6 traffic is coming — and soon. As the free pool of IPv4 address space is now gone, the migration towards the next generation 128-bit IPv6 address space is now on.
IPv6 visibility hindered by IPv4, dual-stack
Getting proper visibility into IPv6 traffic flows however isn’t an easy task as traffic is often tunneled with IPv4 traffic as well in dual-stack deployments where traffic flows over both IPv4 and IPv6 address space.
An updated solution from network visibility vendor WildPackets is aiming to solve that problem. Wild Packets new Omnipeek 6.8 release now provides visibility and analysis into IPv6 traffic, enabling network administrator to diagnose traffic flows for performance optimization.
“We could see IPv6 traffic before, but what we did not support was IPv6 using our expert analysis system,” Tony Barbagallo, vice president of Marketing at WildPackets told Enterprise Networking Planet. “The expert analysis is a dashboard that gives plain English views of events about what is going on.”
Barbagallo noted that most of WildPackets customers rely on the expert dashboard for traffic analysis, instead of just attempting to parse the packet payload on a line-by-line basis. With the expert dashboard, an administrator can drill in and see what the root cause is for a particular anomaly. The system has a packet visualizer as well to see the time differential between the packet sender and receiver. The full IPv6 visibility also now extends into applications such as VoIP traffic. The effort to fully support IPv6 required WildPacket to do some rewriting of the Omnipeek internals.
Even as enterprises begin to consider the move to IPv6, the vast majority of traffic will remain on IPv4. That’s why dual-stack approaches, with IPv6 running alongside IPv4, are likely to be the norm for years to come. Looking into network slowdowns on a dual-stack deployment is something Omnipeek is ready for now, however. “We see IPv6 tunneled over IPv4 and vice-versa and we can also see both at the same time,” Barbagallo said.
Barbagallo explained that in a typical use case, an alert of some sort is triggered due to a network slowdown. With Omnipeek, the administrator can then drill into the packets to determine root cause. The bottom line for network forensics is the ability to identify the root cause of a network performance issue whether it’s rooted on IPv4 or IPv6.
The way Omnipeek works is it starts at the network flow. If, for example, there is a spike in network utilization, an administrator can sort the flows to see what is using the most bandwidth and what protocol is being used. The solution is also application-aware so an administrator can identify if it’s the network or the application that is at the root of a network performance issue.
Competing with Riverbed, Splunk
WildPackets competes against multiple vendors, including Riverbed’s Cascade solution. Riverbed is also a lead sponsor of the open source Wireshark project for network forensics.
Splunk is another big networking monitoring vendor that has been the news lately as a result of the company’s recent IPO. Barbagallo noted that WildPackets actually integrates with Splunk to provide a complementary solution. The Omnipeek platform can be enabled to send out data to a Splunk dashboard to plot network traffic.
Moving forward, WildPackets is looking to enable collection of network traffic over 40 gigabit links.
“We’re working on a scale out strategy since when you get to 40 [gigabit] of traffic you’re not capturing all the network traffic to a single box,” Barbagallo said. “So we’ve been working hard on that.”