Cover V08, I09
Article
Figure 1
Figure 2
Figure 3
Figure 4

sep99.tar

The Xni Network Analysis Tool

Marcel Gagné

Welcome to the world of complex network administration made simple -- well, simpler, anyway.

When you are administering 500 hosts scattered across a dozen buildings running everything from NetWare to NT, DECNet to TCP/IP, including those real network killers, streaming audio and video, push network channels, and Internet gamers, things can get pretty complicated. That's where FastLane's Xni really shines. When I first installed it on my network of one server and three PCs, I still thought it was pretty cool, but Xni is very much a tool for the big networks. After a couple of hours spent trying to generate network traffic on my little intranet, I opted to move my operations to that 500-host site. Then, things got interesting, and Xni showed its stuff.

FastLane's Xni is many things. I started out seeing Xni as Big Brother looking at every piece of network traffic. Watchful, he sits by the side of your network, ever on the alert, and ready to let you know as soon as the situation warrants. Later, I began to think of Xni as more of a microscope -- one that lets you zoom into any part of the action with the click of a mouse.

Installation

Installation of Xni was a breeze. My copy came to me in a roughly 45-MB tarred bundle. Ordinarily you would receive the package on CD-ROM, but the installation is the same. First, run the “inst_xni” script in the distribution directory. The script will ask you to confirm the installation directory (which it suggests as “/usr/XNI”), and you are pretty much done. You can install the software to any directory you want, but there must be a symbolic link to “/usr/XNI”. I had created the /usr/XNI directory beforehand, which turned out to be a mistake, because the install script assumed that Xni was already installed. FastLane recommends removing any previous version of Xni before installing your new version. For this purpose, the distribution also includes a “remove” script. I mentioned this installation quirk to my technical contact at Fastlane. They thanked me and said it would be taken care of. By the time you obtain your copy, this may not be an issue.

Part of the process installs a local copy of MySQL, which Xni uses to keep its historical information and periodic reports. More on that later.

Once all this installation is finished, you'll need to contact FastLane for your license key. The software is node-locked and requires a unique key based on the MAC address of the host from which you intend to run Xni. Cut and paste the single line key into your lic.txt file in the installation directory (/usr/XNI).

The whole installation process took only a couple of minutes on my 64 MB, 350 Mhz Pentium II system. 64 MB, incidentally, is what FastLane recommends. FastLane further suggests that you leave yourself 2 GB of storage space for reports. This space requirement is an important consideration. After a few days of reports being gathered and generated, I found my disk space dropping rapidly. If you are using the reporting feature, make sure you have adequate space

According to the documentation, you also need an X-display (or PC client) that can run an 1152x900 resolution. I run mine in 1024x768 on my KDE desktop, and it looks great!

For those with other OS/hardware preferences, FastLane's Xni is available for Sun OS 2.4/5/6, Solaris 4.1.3, Silicon Graphics' IRIX 5.x and 6.x, HPUX 10.x, FreeBSD 2.2.6 or later, and RedHat Linux 4.x and 5.x. An NT version is expected by the end of the year. AIX, DEC Alpha, and X86 version are available upon request. As for network adapters, you'll find that Xni is right at home with 10/100BaseT, Gigabit Ethernet, FDDI, ForeATM, HIPPI, Fibre channel, and EPLEX cards.

There are two versions of Xni. Version 3.0, the full Xni suite, comes with Web reporting and administration. The slimmer XniRT, version 2.6 (Real Time), is available with just the X-based graphical user interface. The version I reviewed is actually a 4.0 beta release, which is essentially the 3.0 version with the SQL reporting function.

Words, Words, Words

Before I start, let me mention the manual. The documentation is online, accessed through Xni's Web interface (which we will visit shortly). The reference guide is clear, consisting of 16 hyperlinked chapters, each a large single page with a chapter index at the top of each page, and the full index in the left-hand frame.

Since I'm a bit of a high-tech Luddite, I printed out the HTML manual so I could casually browse the documentation. (I read it in the car on the way to visit my mother-in-law. No, I was not driving!) For the most part, I find it much easier and faster to leaf through old-fashioned paper (with a nice index) than just about any online manual. I'm even willing to pay a little more for it. Thus, I congratulate the folks at FastLane for being among the shrinking group of companies that will still provide a paper manual.

Gentle-admins,
Start Your Xnis

Now, it's time to get things going. Bring up your Netscape 4.x browser (Internet Explorer 4.x seems to work fine, too) and enter the URL to your machine like this:

http://yourmachine.yourdomain.com:31416 (think pi)

You will find yourself at the Xni Traffic Database screen. Click on the link for “Setup Xni Software”. You will be prompted for a username and password (a default is provided that can be changed later). The resulting display can be seen in Figure 1, with green lights across the board. Xni is ready to roll.

Getting the Goods from the GUI

I'll tackle reporting a little later in this review and start the investigation with the XniRT graphical user interface. The Xni GUI is a network administrator's treasure chest. I was really impressed by the amount of information that FastLane managed to pack into the GUI without making it look bulky and unreadable. Below the seemingly simple interface is a plethora of information no more than a mouse-click away.

Start the GUI by typing “xni &” from your xterm window. Click “OK” to acknowledge the splash screen and, a few seconds later, you should be presented with the Xni real-time GUI. I ran the GUI both locally and across a 56K PPP dial-up connection. I was impressed by the performance of the X Window program and its small footprint. Even across my Internet link, its performance was quite acceptable.

At the top of the X Window GUI (see Figure 2) is a load graph in bar chart format that shows network usage tracked over time. The scale is measured from 0 to 100 percent. This is based on the total capacity of your network. In my case, I was dealing with a 10-Mb network. An 80% hit would mean that 8 Mb of my network capacity were in use at the time the peak was registered.

Let's say you had to run out for an important business coffee. When you got back, there were huge peaks in network traffic and you wanted to know what you missed. Clicking on the graphed peak will pop up a window, which shows the top talker at the time the reading was taken. If you look at Figure 3, you'll see an example of just such a peak -- one of my users busy visiting MP3.COM.

Below the graph is the main control panel. From there you can get quick information about your network, such as Ethernet card and subnet, free memory on the host machine, and a snapshot of the current cycle. You'll also find some basic control features where you can stop and start data collection on the interface and modify the way information is displayed. Under “Net Devices”, for instance, you can select whether numeric IP addresses or names are used. Be aware that names will add some network load because each address will undergo translation via your DNS.

Beside the “Stop” and “Start” buttons, you might have noticed another button labeled “VCR''. This allows you to record a real-time GUI session and play it back at a later time. While recording, your graph will show in red; green is the color for playback. This is a great way to go back in time and see what might have disappeared from your graph while you were busy putting out other fires.

Right below the control panel is a slim bar of radio buttons. These give you access to some of the more powerful features of the real-time GUI. “Paths” displays a pair of pie charts that highlight percentages of network traffic to, from, and through your network (routed), as well as a section for non-IP traffic. “Destinations” looks a lot like the “Paths” panel, but its display is based on unicast, broadcast, and multicast traffic.

I personally found the “Protocols” view most useful. In this way, I could see various types of traffic across my network, displayed on a pie chart and highlighted by several of the more common types of traffic. Among the protocols displayed, you'll find WWW, NFS, SMTP, News, Appletalk, NetWare IPX, and so on. Xni even recognizes popular network games like DOOM. On a busy network with miscellaneous protocols at work, the protocols view shines a light into every dark corner. The individual protocol types are even user editable, making it possible to segregate certain types of traffic that are particularly important on your network. You can also filter out various protocols to better zoom into those areas that concern you most.

Xni also allows the setting of alarms. When certain network conditions are met (i.e., a percentage of load on email traffic), the event can be logged or saved for later view. Your alarm can be visual with a window popping up to inform you, or audible, with a beep. The most powerful aspect of the alarm configuration is the UNIX command function. Any Bourne shell command or script can be executed -- with your imagination and needs the only limitations. In my case, I set up a small shell script that sends an smbclient pop-up message, so that I can be informed even if I am logged into a Windows 95 workstation. The test I used sends a message to a workstation named “speedy”:

echo “High NFS traffic” | smbclient -M speedy &

In this case, the command is entered into the configuration for the alarm, but this could easily have been just a shell script with much more complex demands.

The Browser Interface and Reporting

I briefly discussed the “Setup” facility previously. I won't go into a lot of detail here except to tell you to visit the “Configuration” menu and click on “DNS” after you've been running Xni for a while. Xni will report on any host that has been seen and will show you which ones do not have DNS entries. Use this report to help get your DNS up to date. As you use Xni more, you'll want to be able to relate all those numbers to usable addresses.

Xni comes with an excellent Web reporting interface that serves up hourly, daily, weekly, and monthly reports. All reports are clear and easy to read, with Xni's ubiquitous full-color charts and graphs. In addition to reports, you can query a database to locate traffic statistics ranging in complexity from single host, with a single protocol, to complex inter-network queries. See Figure 4 for a snapshot of the search form.

The Web graphs are image mapped so that you can click on any portion of the graph and get a detailed explanation of what it represents. If you are looking at the daily report, a click on one of the graph's bars will take you to the report for that hour. From there, you can click on an even smaller and tighter section of the report and bring up the top talker for any given period.

Each view, whether weekly, daily, or hourly, has its own left-hand menu of operations. Most are common, but in the hourly view, you can also select your Top 40 “Talkers” and see where the bandwidth is concentrated. Clicking on “Subnet” will show you a list of all the talkers on your subnet sorted by their MAC addresses.

“Apps” is particularly interesting to me. This provides a list of network protocols sorted by the amount of traffic in bytes, packets, and network requests. With this list, you will quickly see what your network is really being used for. “Hosts” presents a similar display, but is sorted by the site address, both inbound and outbound.

The calendar function will display a calendar for any period you specify. Only those days with full reports will show a hyperlink which, when clicked, will take you to that day's report.

Another feature worth visiting is the real-time Java applet, available from your reporting menu as “Live”. The applet displays real-time information that your Xni probe is busy collecting. It's a slimmer version of the X Window GUI without the flexibility of the former. Unfortunately, this function will not work on all browsers because of the dynamic nature of Java virtual machine development. My browser is Netscape 4.51. The applet runs best with Netscape 4.05. Given the richness of the GUI, I find my inability to put this tool to proper use a trivial inconvenience.

After speaking to FastLane, I discovered that a patch is now available that will allow the Java RT applet to run in all browsers up to 4.51.

How Much Does All This Cost?

The full Xni suite with the real-time X Window GUI, the Web server, and the SQL database sells for $4,995 (U.S.). Additional probes (for remote administration) are $1,500. The XniRT GUI on its own sells for $1,995; additional licenses can be purchased at a reduced rate. Contact FastLane for more details. The purchase price of Xni includes one year of updates and comes with a printed manual.

The Bottom Line

After a few days of working with Xni, there is almost nothing negative I can say about it. It's a breeze to set up, and its intuitive interfaces start providing useful information minutes later. For Web reports, you need to give it a couple of hours at the very minimum (but the real-time GUI will keep you busy while you wait). Stressed out systems and network administrators (are there any other kind?) will see their networks as they never imagined, in colorful charts that would make “USA Today” green with envy. The ability to play back and revisit what you missed means you'll never skip lunch again. With Xni's configurable alarms and filters, you can set up the monitor to clear out background noise and focus on those events you need to know about.

FastLane's Xni is for the network administrator who believes that too much information is just about right. Generally speaking, that's most of us.

The only downside is the price, which may cause smaller shops to think twice, despite the fact that Xni could help them as well. At $4,995 for the initial license, many smaller operations might want to consider the Xni Real-Time GUI version only.

Xni stands for X Window Network Insight, and the product is aptly named. I can't recommend it too highly -- an outstanding product.

Contact Information

FastLane Software Systems Inc.

http://www.inetd.com

1028 West Maude, Suite 401

Sunnyvale, California 94086

(408) 733-1483

Score Card: Xni Network Analysis Tool

Installation 4
Documentation 3
Functionality 4
Ease of Use 4
Ease of Administration 4
Platform Support 3
Standards Conformance 4
Overall 4
4 = Excellent, 3 = Good,
2 = Average, 1 = Poor

About the Author

Marcel Gagné lives and writes in the mythical city of Mississauga, Ontario. There, he is president of Salmar Consulting Inc, a systems integration and network consulting firm. He also writes science fiction and fantasy, and edits TransVersions, a science fiction, fantasy, and horror magazine. He has loved UNIX and all its flavours for more than 15 years now, and will even admit it in public. He can be reached at: mggagne@salmar.com. You can find out more from his Web site at www.salmar.com.
 

© 2000 CMP Media Inc. All Rights Reserved.
www.samag.com