Route Explorer, Route Dynamics take new network mapping path

Most network administrators would give their right arms to get an accurate picture of their network over time. Knowing where the network is broken can save hours of troubleshooting, which translates into monetary savings for any enterprise. Creating a dynamic network map is a good solution, but most devices that gather that data ignore the one device that can tell them everything: routers.

Traditional network monitoring packages treat the network as a group of devices that happen to be interconnected. As a result, routing information tends to be interpreted on a device-by-device basis, making troubleshooting difficult.

Luckily, an emerging class of network mapper is changing that by using existing routers and routing protocols to gather network information. Two early entries, Packet Design’s Route Explorer 1.5 and Ipsum’s Route Dynamics 1.2 network monitoring packages treat the network as a large interconnected system, collecting  routing information for analysis.

This new approach allows administrators to monitor the network in terms of traffic paths and connections, making sure relevant network paths are available to users. With the stored information, administrators can “replay” the state of the network from a point in the past to make diagnoses.

Because Route Explorer and Route Dynamics get data directly from the routers, their network maps are more accurate. Plus, both systems are almost entirely passive, and neither requires router reconfiguration to integrate into a network.

The differences, however, lie in the products’ user interfaces and architecture: Route Dynamics is more distributed, Route Explorer is centrally managed. Though both are very good, Route Explorer’s extra features, including its what-if analysis tools, give it an edge.

Centralized Mapping

I used the University of Hawaii’s OSPF (Open Shortest Path First) network at its Advanced Network Computing Lab (ANCL) to host both boxes. On the most basic level, OSPF is a link-state protocol: Each OSPF-enabled router has complete knowledge of how the various subnetworks are connected. OSPF, like a friendly traffic cop, will provide a copy of the specific network map to anyone with the proper credentials. Getting information directly from the network’s routers, combined with the “entire map” property of OSPF, is what makes these devices work.

After configuring Route Explorer’s initial network via the LCD on the 2U appliance, the rest of the setup and admin tasks, such as user management, Ethernet interface configuration, and route database administration, are done via a Web interface. The administrative interface on the Route Explorer is intuitive and easy to use, but the downloadable VNC (Virtual Network Computing) end-user interface is not as polished.

Route Explorer is centrally managed, for the most part, and has three main modes of operation: network monitoring, route recording, and historical. In network monitoring mode, Route Explorer listens for changes and can be configured to send out alerts (syslog alert or SNMP trap). I found this to be a particularly useful feature, as it will alert administrators if the network routing topology changes.

In recording mode, the Route Explorer simply records to a database all the routes it hears on the wire. This allows statistical analysis of network routes during specific periods of time.

Furthermore, the route database becomes the basis for historical mode, which includes the very useful what-if analysis tools.  With a few mouse clicks, you can easily simulate one or more router failures anywhere within the network and observe the effect on the flow of traffic, pinpointing network weak spots.

I found the what-if analysis to be an interesting and eye-opening feature. I’ve never been able to simulate routes and router failures in such an intuitive way, and Route Explorer showed me just how resilient the ANCL network connection is to router failures. I also discovered that our network is not as redundant as I thought — a valuable lesson to learn.

Distributed Mapping

Unlike Route Explorer, Ipsum’s Route Dynamics takes a distributed approach to network monitoring. The system consists of a central 2U appliance and one or more 1U “listener” appliances that are deployed throughout an IP network.

The small appliances gather network topology information by listening to OSPF broadcasts, then send the information to the central system to be recorded in a database. This distributed setup increases the system’s fault management features — the listeners can continue to provide information if one router goes down — as well as allowing simultaneous data sampling from different parts of the network.

Ipsum works with the clients to tailor its system for the specific environment, including pre-configuring all units down to the IP address for the client. This can save a considerable amount of admin effort, as the Route Dynamics setup has a steep learning curve compared to that of Route Explorer.

Route Dynamics uses a Java-based interface for all network-monitoring functions, which feels more polished and intuitive than Route Explorer’s interface. However, the Java interface must be installed on a user’s computer, which limits the Route Dynamics system to Windows and Linux users.

Route Dynamics has three major modes of operation: monitoring, historical, and alerting. In monitoring mode, the Route Dynamics system passively gathers network information, which can be used to view the network as a graphical map.

In historical mode, a user has access to a rich set of utilities that query the accumulated data by various criteria, such as viewing the status of nodes over time or getting the status of a single node at a specific moment.

Finally, alerting mode allows users to view “unusual” events occurring in the network. For example, bad routes being injected by a peer can be easily diagnosed in this mode as the system flags significant changes in route topology.

I found that this alert mode did a better job at classifying and presenting events to the user than did Route Explorer. Unfortunately, Route Dynamics does not support external alerts as Route Explorer does, nor does it have the valuable what-if analysis features.

Planning the Next Step

These products are still early entries in this new class of network monitoring systems, but there are two major features I’d like to see added. First, neither product currently has the ability to simulate network reconfiguration or expansion, which would be helpful. Route Explorer’s what-if tools will show what happens if an existing router crashes, but cannot show you the effect of adding a new router.

Second, both products will show you a network’s weak spots, but neither can help you with a fix. Given the cost of downtime in any production network, a simulation of reconfiguration or expansion would be of great value to network administrators.

Both Route Dynamics and Route Explorer do their jobs well and are similarly priced, so the ultimate choice will depend on your needs.

Route Explorer will be a better option for companies with a central network operations center and limited space, as well as those with a diverse sampling of platforms since its interface is supported on more systems. Route Dynamics, however, will work well for companies with a more distributed network; its distributed structure can better document failures, and the enhanced error reports would help any company with an overly complex network.