Unlocking Network Intelligence with ThousandEyes

In an era where businesses are increasingly reliant on the internet and cloud services, ensuring optimal network performance is paramount. ThousandEyes, a company acquired by Cisco in 2020, has emerged as a leader in network intelligence and performance monitoring.

Through its innovative technology, ThousandEyes empowers organizations to visualize, analyze, and optimize the performance of their networks and applications.

Let’s delve into the intricacies of ThousandEyes and the technology that enables this type of measurement, providing insights for those seeking to understand the mechanics behind network intelligence.

Understanding the Business Model

ThousandEyes operates on the premise that for businesses to thrive in a digital landscape, they need insights into how their networks and applications are performing both internally and externally.

The platform offers a suite of tools that provide visibility into the performance of networks, applications, and end-user experiences. These tools include:

Network Performance Monitoring (NPM)

Monitors and analyzes network traffic to identify performance issues and bottlenecks.

Network Performance Monitoring (NPM) is a critical component of network management, focusing on the surveillance and analysis of network traffic to ensure optimal performance and reliability.

NPM tools, such as those provided by ThousandEyes, employ a variety of technologies and methodologies to achieve this. Let’s delve into the technical aspects:

Traffic Analysis and Packet Capture

NPM solutions often use deep packet inspection (DPI) to analyze the data packets transmitted over a network. By capturing and examining packets, administrators can gain insights into traffic patterns, bandwidth utilization, and potential security threats. Tools like Wireshark are commonly used for packet capture and analysis.

Flow-Based Monitoring

Flow-based monitoring, including technologies like NetFlow, sFlow, and IPFIX, allows for the collection and analysis of metadata about network flows. This metadata includes source and destination IP addresses, port numbers, and the number of packets and bytes in each flow. This information is invaluable for understanding how network resources are being utilized and for detecting anomalies.

Quality of Service (QoS) Metrics

NPM tools monitor QoS metrics such as latency, jitter, and packet loss.

Latency measures the time it takes for a packet to travel from source to destination, jitter is the variation in latency, and packet loss is when data packets don’t reach their destination.

If you want to learn more about jitter and packet loss, check out the article about internet speed in detail.

Monitoring these metrics is crucial for ensuring the performance of real-time applications like VoIP and video conferencing.

Path Visualization and Route Analysis

Understanding the paths that network traffic takes is essential for diagnosing issues. NPM tools often provide path visualization features that map out the hops that traffic takes through the network.

Additionally, BGP route analysis can be used to understand how traffic is routed through the internet, which is particularly important for troubleshooting issues with external services.

Performance Baselines and Anomaly Detection

Establishing performance baselines is a key aspect of NPM.

By understanding what is normal for a network, NPM tools can use statistical analysis and machine learning algorithms to detect anomalies that may indicate performance issues or security threats.

Alerting and Reporting

NPM solutions provide alerting mechanisms to notify administrators of potential issues in real-time. This can be through emails, SMS, or integration with incident management systems like PagerDuty.

Additionally, reporting features allow for the generation of detailed performance reports that can be used for analysis and planning.

Integration with SDN

Software-Defined Networking (SDN) has become a significant part of modern network architectures. NPM tools are increasingly integrating with SDN controllers, allowing for more dynamic and automated responses to network conditions. This integration enables networks to self-optimize and self-heal based on real-time performance data.

Network Performance Monitoring is a multifaceted discipline that combines traffic analysis, flow monitoring, QoS metrics, path visualization, anomaly detection, alerting, and integration with modern network technologies to ensure the reliability and performance of both internal and external network services.

ThousandEyes, with its comprehensive suite of NPM tools, empowers network administrators to maintain visibility and control over increasingly complex network environments.

Application Performance Monitoring (APM)

Focuses on the performance and availability of applications, ensuring they meet desired service levels.

End User Monitoring (EUM)

Tracks and analyzes the experience of end-users interacting with applications and services.

Internet and WAN Monitoring

Provides insights into the performance of wide area networks and the public internet, which is critical for cloud-based services.

This includes testing a variety of ways such as: HTTP Server, Network, DNS, Voice, BGP, Packet Captures, Scheduled, and more. Let’s dive in:

DNS Server Tests in ThousandEyes

ThousandEyes offers a feature-rich DNS Server Metrics view that provides in-depth insights into DNS server performance. When you create a DNS server test, you specify a domain name, record type, and the nameservers for the queries. The DNS Server view offers various selectors such as Metric, Server, and Agent to customize the data you see.

Key Features:

Metric Selector: Choose between availability or resolution time as the metrics to focus on.
Server Selector: Select the DNS server to use for the Timeline, Map, Servers, and Agents tabs.
Agent Selector: Choose the agent to use for the Timeline, Map, Servers, and Agents tabs.
Views Menu: Provides access to Network and BGP views.

Configurable Views:

Global View: Shows average availability and resolution time from every nameserver and agent location.
Specific Nameserver View: Displays availability and resolution time against the selected nameserver, averaged from all agents.
Specific Agent View: Shows average availability and resolution time across all servers from the selected agent.

Data Tabs:

Map: Visualizes average availability and resolution time.
Servers: Tabulates data like the number of errors and average resolution time for each server.
Agents: Provides details like minimum resolution time across all servers, availability percentage, and any error details for each agent.

By leveraging these features, network administrators can gain a comprehensive understanding of DNS server performance, helping them make informed decisions for optimization and troubleshooting.

Thought-Provoking Questions:

How can the Metric Selector enhance your DNS monitoring strategy?
What insights can the Specific Nameserver View offer that the Global View cannot?
How can the Agent Selector help in pinpointing issues related to specific geographic locations?

HTTP Server View in ThousandEyes

The HTTP Server View in ThousandEyes is a feature that provides detailed metrics and insights into the performance of HTTP servers. It measures metrics like availability, response time, and throughput.

The view offers different data perspectives based on whether a location is selected or not. It also provides a timeline and tabular views for more granular analysis.

Key Metrics

Availability: Measures the percentage of time the site is available. It should be 100% if the HTTP status code is 2xx or 3xx.
Response Time: Also known as Time-to-first-byte, it measures the time taken from the start of the request until the first byte of the response is received.
Throughput: Calculated by dividing the total wire size by the receive time.

Data Views

Without a Location Selected: Shows average metrics calculated from all locations globally.
With a Location Selected: Provides metrics specific to the selected location, charted against global averages.

Detailed Metrics

The detailed metrics area shows a tabular view of metrics for each location used in the test, including HTTP response codes, number of redirects, and error types if applicable.

Thought-Provoking Questions

How can the HTTP Server View help in diagnosing performance issues?
What are the implications of low availability or high response time on user experience?
How can throughput metrics be utilized for optimizing server performance?

HTTP Server View in ThousandEyes

The HTTP Server View in ThousandEyes is a feature that provides detailed metrics and insights into the performance of HTTP servers. It measures metrics like availability, response time, and throughput. The view offers different data perspectives based on whether a location is selected or not. It also provides a timeline and tabular views for more granular analysis.

Key Metrics

Availability: Measures the percentage of time the site is available. It should be 100% if the HTTP status code is 2xx or 3xx.
Response Time: Also known as Time-to-first-byte, it measures the time taken from the start of the request until the first byte of the response is received.
Throughput: Calculated by dividing the total wire size by the receive time.

Data Views

Without a Location Selected: Shows average metrics calculated from all locations globally.
With a Location Selected: Provides metrics specific to the selected location, charted against global averages.

Detailed Metrics

The detailed metrics area shows a tabular view of metrics for each location used in the test, including HTTP response codes, number of redirects, and error types if applicable.

Thought-Provoking Questions

How can the HTTP Server View help in diagnosing performance issues?
What are the implications of low availability or high response time on user experience?
How can throughput metrics be utilized for optimizing server performance?

POSIX Extended Regular Expression Syntax (Quick Reference)

This section of the ThousandEyes documentation provides a quick reference guide for POSIX Extended Regular Expression syntax, which is implemented for page content verification in HTTP Server tests. The guide covers various types of expressions, including single-character expressions, repeaters, patterns, and boundaries. For example, it explains that \\d matches any digit character (0-9), while \\w matches any alphanumeric character, including underscores. Repeaters like {n,m} indicate that the previous expression matches between n and m times (inclusive).

Thought-Provoking Questions

Importance of Regular Expressions: How crucial is the understanding of POSIX Extended Regular Expression syntax for effective HTTP Server testing?
Syntax Versatility: What are the most commonly used regular expression syntax elements in HTTP Server tests?
Troubleshooting with Regex: How can regular expressions aid in troubleshooting issues in HTTP Server tests?

POSIX Extended Regular Expression Syntax in HTTP Server Tests

ThousandEyes uses POSIX Extended Regular Expression syntax for content-checking in its HTTP Server tests. This syntax is similar to what is used in Unix utilities like awk and egrep.

The documentation provides a comprehensive guide on how to create regular expressions for the “Verify Content” feature in HTTP Server tests.

Key Points:

What Is a Regular Expression?: A regular expression is a pattern that is evaluated against a target, returning either a match or no match. It consists of literals, special operators, and boundaries.
Single Characters: Standard characters match themselves, and special characters like \d match any digit. You can also specify a range or list of characters to match.
Patterns: Patterns can be simple or complex, involving single characters, character classes, and special operators. They can be grouped using parentheses and can contain repeaters, alternates, or negation.
Special Operators: Special characters like .[]{}()\\*+?|^$ need to be escaped using a backslash. Repeaters like {n}, {n,}, {,m}, and {n,m} specify how many times the previous expression should match.
Negation: To negate a list of characters, use the ^ (caret) character before the list, such as [^A-Za-z].
Boundaries and Anchors: Boundaries can be specified for the entire content retrieved or for individual lines. Anchors like ^ and $ specify the start and end of a line, respectively.
Unicode Characters: To match a UTF-8 encoded character, you need to match its byte representation.
Operator Precedence: Be aware of the order of operations, similar to basic arithmetic, when constructing regular expressions.
Case Sensitivity: Regular expressions are case-sensitive.
Expression Testing: It’s recommended to validate your regular expression using online validators or command-line utilities before creating your test.

Thought-Provoking Questions:

How can understanding POSIX Extended Regular Expression Syntax enhance the efficiency of your HTTP Server tests in ThousandEyes?
What are the common pitfalls to avoid when constructing regular expressions for content verification?
How do special operators and boundaries affect the accuracy of content matching in HTTP Server tests?

Custom User-Agent Strings in HTTP Tests

The User-Agent string in an HTTP request header specifies the type of client that sent the request. ThousandEyes allows you to customize this User-Agent string for more targeted testing.

Default User-Agent Strings

By default, ThousandEyes Web layer tests, including HTTP Server, Page Load, or Transaction tests, send a User-Agent string based on the test type. For instance, an HTTP Server Test will send a User-Agent string based on the curl program, while Page Load and Transaction Tests will send a User-Agent string associated with the Chrome browser.

Customizing User-Agent Strings

ThousandEyes provides the flexibility to specify your own User-Agent string. This is particularly useful for applications that differentiate between desktop and mobile clients via the User-Agent string. You can set a custom HTTP User-Agent string using the User Agent selector in the HTTP Request section, under the Advanced Settings tab of the test’s configuration page.

Verification

You can verify the User-Agent string being sent by clicking on an Agent in the results table of the test’s result page. For HTTP Server tests, you can see the User-Agent string under the Request Headers tab.

Additional Information

The documentation also provides information on how to identify HTTP requests coming from ThousandEyes Agents and how to exclude these requests from web analytics packages like Google Analytics.

Thought-Provoking Questions

How can customizing the User-Agent string benefit your specific testing scenarios?
What are the implications of not setting a custom User-Agent string for your tests?
How can the User-Agent string affect the analytics and metrics of the website you are testing?

HTTP 2-Step OAuth in HTTP Server Tests

ThousandEyes offers a feature for two-step HTTP testing, particularly useful for OAuth-secured services. The first step involves an initial request to fetch an authentication token, and the second step uses this token to perform the actual test measurement on a different target URL. This two-step process is configured under the Advanced Settings tab in the HTTP Server Test settings. Various options are available for customizing both the initial authentication request and the primary measurement request.

Key Points

Two-Step Process: The feature allows for an initial authentication request followed by a primary or measurement request.
Dynamic Insertion: Values from the initial request can be dynamically inserted into the primary request.
OAuth Option: The OAuth option is available under the HTTP Authentication section in the Advanced Settings tab.
Troubleshooting: If issues arise during the initial authentication phase, they are displayed in the test view, aiding in troubleshooting.

Thought-Provoking Questions

How can two-step HTTP testing improve the accuracy of your network performance measurements?
What are the security implications of using OAuth in your HTTP server tests?
How can you effectively troubleshoot issues that arise during the initial authentication phase?

Network Tests in ThousandEyes

ThousandEyes offers a category of tests specifically designed to measure network performance and the path between an agent and a target device. These network tests can be categorized into two types:

Agent-to-server tests: These tests measure the network performance between a ThousandEyes agent and a target server, which could be identified by a URL or an IP address.
Agent-to-agent tests: These tests are conducted between two ThousandEyes agents and are useful for measuring network performance between different points in a network.

For these tests, ThousandEyes sends lightweight bursts of TCP or ICMP traffic from agents to the target to measure metrics like loss, latency, and jitter. If you have agents on both ends, you can also run network tests between them using UDP.

Thought-Provoking Questions

Choice of Agents: How do you decide between using Cloud Agents and Enterprise Agents for your network tests?
Metrics Importance: Which metrics (loss, latency, jitter) are most crucial for your specific use-case?
UDP vs TCP/ICMP: When would it be more beneficial to use UDP for network tests as opposed to TCP or ICMP?

Network Tests Explained: A Deep Dive into ThousandEyes Network Measurements

The docs cover various types of network tests, including agent-to-server and agent-to-agent tests, and the protocols used in these tests. The docs also explain the dual origin of network test results, which are gathered using end-to-end network measurements and path visualization measurements.

These measurements offer insights into network quality and path information, respectively.

The data collected is available in two separate views: Network Overview and Path Visualization. This way you can delve into technical details, such as performing loss, latency, and jitter measurements.

Key Insights

Dual Origin of Network Test Results: Network data is collected both explicitly in network layer tests and implicitly in application layer tests. Two distinct measurement methods are used: end-to-end network measurement and path visualization measurement.
Network Overview and Path Visualization Views: The Network Overview view provides end-to-end network measurement results, while the Path Visualization view combines data from both measurements to offer a detailed look into network path information.
Technical Details: The article goes into the nitty-gritty of how each measurement is performed, including the protocols used (TCP, UDP, ICMP), and how metrics like loss, latency, and jitter are calculated.

Agent-to-Agent Test Overview in ThousandEyes

The Agent-to-Agent test feature in ThousandEyes allows for comprehensive network monitoring by placing agents at both ends of a monitored path. This enables bidirectional testing—source to target and target to source.

The test produces standard network metrics such as packet loss, latency, jitter, and optionally throughput. It can be configured to use either TCP or UDP protocols.

The feature also allows for more accurate one-way metrics, as opposed to round-trip metrics, by synchronizing the clocks of the sending and receiving agents. Various configurations are possible, including Enterprise-to-Cloud, Enterprise-to-Enterprise, and Cloud-to-Enterprise setups.

The test settings are highly customizable, including options for throughput measurement, protocol selection, and more.

Key Insights

Bidirectional Monitoring: The Agent-to-Agent test allows for monitoring in both directions, enabling the visualization of asymmetrical paths between source and target agents.
One-Way Metrics: Unlike traditional round-trip metrics, one-way metrics offer more accurate data. This is made possible by clock synchronization between the sending and receiving agents.
Customizable Settings: From the protocol used (TCP or UDP) to the duration of throughput tests, the settings are highly customizable to suit different monitoring needs.

DSCP Options in Network Tests

Summary

The DSCP (Differentiated Services Code Point) options in ThousandEyes’ Network Tests provide a way to monitor changes in DSCP values for different types of network tests, including Agent-to-Server, Agent-to-Agent, and Voice (RTP Stream). The DSCP value is crucial for Quality of Service (QoS) management and helps in prioritizing packet transmission. The Path Visualization view in ThousandEyes allows users to see any changes in DSCP values in their network tracing. This feature is particularly useful for understanding how traffic is prioritized and for identifying any changes in priority levels between different nodes in the network.

More About DSCP

DSCP is a value in an IP packet header that requests a level of priority for delivery. It is used in router configurations to manage real-time and high-priority data applications. DSCP markings can help reduce network congestion and determine the priority of a packet to be dropped before a queue becomes full. Routers configured with QoS policies that honor DSCP will prioritize the processing and forwarding of queued packets based on their classification.

Common DSCP Values

The documentation also provides a list of common DSCP values, such as Default Forwarding (DF), Expedited Forwarding (EF), and Assured Forwarding (AF), among others. These values are used for different types of traffic and have varying levels of priority and drop probabilities.

ThousandEyes Voice Tests Documentation

ThousandEyes offers a comprehensive suite of Voice Tests to monitor the performance and quality of voice services over the internet. The tests focus on two main aspects: SIP Server Tests and RTP Stream Tests.

SIP Server

A SIP (Session Initiation Protocol) server is a specialized server that acts as an intermediary for managing the setup of voice, video, and other interactive media communications.

agents that are internal to a companies network and monitor network paths that traffic takes through internal networks and apps

The SIP server handles the process of initiating, maintaining, and terminating sessions, essentially acting like a “traffic cop” for digital communications. It plays a crucial role in VoIP (Voice over Internet Protocol) systems by establishing the connection between different endpoints, ensuring that the communication is seamless and efficient.

SIP Server Tests

Metrics: Availability, Response Time, Total Time
Availability: Measures the percentage of time the SIP server responds to a request.
Response Time: Time elapsed from the beginning of the request until the first byte of the response is received.
Total Time: Time to perform the complete test, including DNS, Connect, Redirects, Register, and Options phases.

RTP Steam

RTP (Real-Time Transport Protocol) is a protocol used for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, and web-based push-to-talk features.

The protocol is designed to handle real-time data, providing features for synchronization and detection of packet loss, which are essential for maintaining the quality of audio and video streams.

RTP Stream Tests

Metrics: Mean Opinion Score (MOS), Loss, Discards, Latency, Packet Delay Variation (PDV)
MOS: A measurement of perceived voice quality, ranging from 1 to 5.
Loss: Calculated from the number of packets that the target receives.
Discards: Packets discarded due to delay variations greater than the de-jitter buffer setting.
Latency: Average time for each packet to travel from sender to receiver.
PDV: Variation in delay from sender to receiver.

Both test types offer detailed metrics and views depending on whether a specific agent or location is selected. The metrics are displayed in various formats, including maps, timelines, and tables, providing a comprehensive understanding of voice service performance.

BGP Route Visualization: A Deep Dive

BGP Route Visualization is a feature in ThousandEyes that provides insights into the Border Gateway Protocol (BGP) routes.

This is crucial for understanding how internet traffic flows.

The feature is available for various test types, including Network, HTTP Server, and DNS server tests, as long as network measurements are enabled. To view BGP data, you must enable BGP data collection in the test settings.

Key Components

Prefix Selector: Allows you to choose the network prefix you want to monitor. It shows all announced, matching prefixes for each server address.
Timeline: Displays the average values for the selected metric over a specified period, helping you zoom in on network events.
Monitor Selector: Enables you to choose from BGP data collectors, allowing you to focus on specific geographies and networks.
Metric Selector: Lets you choose among various BGP metrics like Path Changes, Reachability, and Updates to monitor network stability.
Date/Time Label: Shows the time and date of the selected instant on the timeline.
Monitor and Origin Complexity Controls: Allows you to simplify the BGP route visualization by collapsing routes between various autonomous systems.
Quick Selection: Highlights areas of interest based on the metric selected.
Grouping: Controls how BGP Monitors are displayed, either not grouped or grouped by the network.
Search: Enables you to search for an autonomous system, IP address, prefix, or rDNS entry in the visualization.

Interactivity

You can hover over any object to get detailed information. Clicking on a node or a link selects it, and double-clicking selects the entire path. You can also reposition nodes by dragging them.

Additional Features in Views 2.0

ThousandEyes Views 2.0 layout offers additional options like selecting multiple metrics and tests/services for a more comprehensive view.

BGP MD5 Authentication

BGP MD5 Authentication is a security mechanism used in Border Gateway Protocol (BGP) peering sessions to ensure the integrity and authenticity of BGP messages exchanged between routers.

This method employs the Message Digest Algorithm 5 (MD5) to create a cryptographic hash of the BGP message, which is then included in the message itself.

When the receiving router gets the message, it performs the same MD5 hashing on the message content and compares it to the received hash.

If the two hashes match, the message is considered authentic and is processed further; otherwise, it is discarded.

This form of authentication adds an extra layer of security to BGP sessions, making it more difficult for unauthorized routers to inject malicious or incorrect routing updates into the network.

It is particularly useful in scenarios where BGP sessions are established over untrusted networks or the internet.

BGP: Reasons for Failure of Private Peering

ThousandEyes offers a feature called Inside-out BGP visibility, which allows network administrators to include their private networks in the results of BGP tests. Administrators can configure their Border Gateway Protocol (BGP) speakers to peer with the ThousandEyes route collector, thereby transferring the desired prefix announcements.

This enables the ThousandEyes platform to display the reachability of each BGP test’s target from the customer’s own networks.

Key Points:

Incorrect Router Configuration: If your peering session is not uploading your BGP announcements to the ThousandEyes route collector, you should review your router’s configuration for errors.
Mismatched Passwords for MD5 Digest: All devices peering with ThousandEyes’ route collector will use BGP MD5 authentication. If the password is not configured on one or both sides or does not match, you may encounter issues.
Firewall/Packet Filter Rules: If your device is behind a firewall or packet filter, it must permit connections to the ThousandEyes route collector’s IP address on the standard BGP service port, 179/TCP.
Network Address Translation and Port Address Translation: BGP MD5 authentication is incompatible with NAT and PAT, which can cause failure in the MD5 hash comparison.

How ThousandEyes Can Help:

Inside-Out BGP Visibility: Enables network administrators to include their private networks in BGP tests.
BGP Route Visualization: Provides a comprehensive view of BGP routes, which may require up to two hours to fully populate after configuration.
Troubleshooting Guide: Offers a detailed guide for troubleshooting issues related to BGP peering, including incorrect router configuration, mismatched passwords for MD5 digest, and firewall/packet filter rules.

Thought-Provoking Questions:

How can Inside-Out BGP Visibility benefit your organization’s network monitoring strategy?
What steps can you take to ensure that your BGP peering with ThousandEyes is configured correctly?
How does ThousandEyes handle BGP MD5 authentication, and what are the implications for your network security?

Technology Behind ThousandEyes

ThousandEyes leverages a combination of technologies to provide its network intelligence services:

Cloud Agents

These are monitoring nodes deployed in data centers around the world. They simulate user traffic and interactions to measure performance metrics such as latency, packet loss, and jitter.

ThousandEyes provides Cloud Agents that serve as globally distributed vantage points across the Internet. These agents are maintained by ThousandEyes and are situated in over 200 cities, connected to various ISPs and major cloud providers’ regional data centers.

Pricing Difference

Cloud Agents are readily available for customers to run any test types on the ThousandEyes platform without any administrative responsibilities. They operate on a unit-consumption basis and are shared among all customers.

While Cloud Agents offer most of the configuration options that Enterprise Agents do, they have some limitations. For instance, they cannot be configured to run Web Layer tests through a proxy server due to their shared nature.

Additional Resources

Thought-Provoking Questions

Scalability Concerns: How does the shared nature of Cloud Agents impact their scalability and customization?
Security Implications: What are the potential security risks of using Cloud Agents that are shared among multiple customers?
Feature Limitations: How do the limitations of Cloud Agents compare to Enterprise Agents, and what use-cases might require the latter over the former?

Enterprise Agents

Installed on-premises in an organization’s data center or office, these agents monitor internal networks and applications.

These are software components that run on Linux platforms and are exclusively managed by ThousandEyes’ customers. Unlike Cloud Agents, which are shared, Enterprise Agents are deployed within a customer’s network or infrastructure.

They require minimal hardware resources and can be deployed in various ways, including as virtual machines, Docker containers, or ISO images on supported hardware platforms like Intel NUC and Raspberry Pi.

Enterprise Agents can also be grouped into clusters for added capacity. They are ideal for testing targets within your network and offer various installation types, such as Linux packages and virtual appliances.

These agents have different distribution options and can be installed in IaaS environments like AWS, Azure, and Google Cloud Platform.

Enterprise Agent Deployment Using Linux Package Method

Enterprise Agents can be deployed on a variety of Linux distributions such as Ubuntu, Red Hat Enterprise Linux (RHEL), and CentOS.

Endpoint Agents

These lightweight agents are installed on end-user devices such as laptops and mobile phones to monitor the end-user experience.

Endpoint Agents are applications installed on Windows or macOS machines to collect network and application-layer performance data.

These agents allow customers to use regular desktops and laptops as test devices for measuring both internal and external application performance. Endpoint Agents offer several features for performance measurement:

Scheduled Tests: These run at regular intervals without user interaction and can be deployed on network and web layers.
Automated Session Tests: These tests are dynamic and execute when a user uses an application on their device.
Browser Sessions: Records in-browser and network performance metrics when users navigate to monitored domains.
Network Access: Records the performance of the Endpoint’s physical connections, gateways, VPNs, proxies, and DNS servers.

The agents are highly configurable, allowing you to control when and under what conditions tests run or browser sessions are recorded. All collected data is displayed in an intuitive “Endpoint Agent > Views” page, which separates data by layers and presents it in an interactive timeline.

Additional Resources

Thought-Provoking Questions

Deployment Strategy: How can organizations effectively deploy Endpoint Agents to get the most comprehensive performance data?
Data Privacy: What are the implications for data privacy when using Endpoint Agents, especially in terms of browser session recording?
Real-Time Monitoring: How can real-time monitoring with Endpoint Agents help in proactive issue identification and resolution?

Additional Resources

Enterprise Agents Deployment Flexibility

The flexibility in deployment options for Enterprise Agents offers several advantages for organizations with complex network architectures:

Enhanced Visibility

Enterprise Agents can be deployed on a variety of platforms, including various Linux distributions. This allows organizations to place these agents at strategic points within their network, providing comprehensive visibility into network performance, bottlenecks, and issues that may not be visible from the cloud or endpoint perspectives.

Customization

The ability to deploy on different platforms and in various network locations means that organizations can tailor the monitoring to meet specific needs. Whether it’s monitoring the performance of an internal application, tracking data across a WAN, or ensuring the health of a hybrid cloud deployment, the flexibility of Enterprise Agents allows for highly customized monitoring solutions.

Scalability

As an organization grows, its network architecture can become increasingly complex, incorporating more cloud services, data centers, and branch offices. The flexibility of Enterprise Agent deployment means that the monitoring solution can scale along with the organization, providing consistent and comprehensive visibility regardless of how complex the network becomes.

Cost-Efficiency

By leveraging existing infrastructure and choosing the most appropriate deployment options, organizations can optimize their monitoring investment. This is particularly beneficial for organizations that already have a heterogeneous environment and do not want to invest in additional hardware or platforms.

Improved Troubleshooting

In complex networks, issues can arise at multiple points— from the user’s device to the application server, and everywhere in between. Flexible deployment of Enterprise Agents enables organizations to pinpoint issues more accurately, making troubleshooting faster and more efficient.

Thought-Provoking Questions

Strategic Placement: How can organizations determine the most strategic locations within their network for deploying Enterprise Agents?
Security Considerations: What are the security implications of deploying Enterprise Agents across various parts of a complex network?
Data Analytics: How can the data collected by Enterprise Agents be most effectively analyzed to provide actionable insights for complex network architectures?

By offering a flexible, scalable, and customizable solution, Enterprise Agents are well-suited to meet the challenges posed by complex network architectures.

Enterprise Agents Resource Efficiency & Hardware Requirements for Enterprise Agents

Enterprise Agents can be deployed on various platforms, including virtual machines, Docker containers, and specific hardware like Intel NUC or Raspberry Pi. The hardware requirements can vary based on the deployment method but generally include:

CPU: At least 2 cores for moderate workloads, more for heavy monitoring tasks.
Memory: Minimum of 4 GB RAM, with more required for intensive tasks.
Disk Space: At least 20 GB of free disk space, depending on the data retention needs.
Network: A stable network connection for data transmission.

Cloud Agents

Cloud Agents are managed and maintained by ThousandEyes, so customers don’t need to worry about hardware requirements.

These agents are deployed in data centers around the world and are designed to scale automatically to meet demand. They are shared resources among all ThousandEyes customers.

Comparison

Ownership & Maintenance: With Enterprise Agents, organizations are responsible for the hardware and its maintenance. In contrast, Cloud Agents are fully managed by ThousandEyes.
Flexibility: Enterprise Agents offer more flexibility in terms of deployment options and can be tailored to fit specific hardware and network configurations. Cloud Agents are standardized and offer less customization.
Scalability: Cloud Agents are designed to scale automatically and can handle large workloads without any intervention from the customer. Enterprise Agents may require manual scaling, depending on the organization’s needs.
Cost: Enterprise Agents may involve initial hardware costs and ongoing maintenance, whereas Cloud Agents operate on a subscription model without any hardware investment.
Data Localization: Enterprise Agents can be deployed within an organization’s own network, allowing for data to remain local. Cloud Agents send data to ThousandEyes’ cloud, which may be a concern for some organizations due to data sovereignty issues.

Thought-Provoking Questions

Total Cost of Ownership: How do the hardware and maintenance costs of Enterprise Agents compare to the subscription costs of Cloud Agents over the long term?
Performance Metrics: Are there specific performance metrics that can only be captured by Enterprise Agents due to their placement within the organization’s network?
Data Privacy: How do the data storage and transmission requirements differ between Enterprise and Cloud Agents, especially in terms of compliance with data protection regulations?

In summary, Enterprise Agents offer more customization and control but come with the responsibility of hardware management. Cloud Agents provide ease of use and scalability but are less customizable. The choice between the two will depend on an organization’s specific needs, technical capabilities, and compliance requirements.

Enterprise Agents Cluster Functionality: Test Assignment

Automated Distribution: Clustering allows for automated distribution of tests among multiple agents within the same cluster. This means you don’t have to manually assign tests to individual agents, saving time and reducing the chance of errors.
Dynamic Reassignment: If an agent within a cluster goes down or becomes overloaded, the tests it was responsible for can be automatically reassigned to other agents in the cluster. This ensures that monitoring continues uninterrupted.

Enterprise Agents Cluster Functionality: Load Distribution

Balanced Workload: Clustering helps in distributing the monitoring load evenly across all agents in the cluster. This ensures that no single agent is overwhelmed, leading to more reliable test results.
Scalability: As your network grows, you can easily add more agents to the cluster to handle the increased load. This makes it easier to scale your monitoring efforts in line with your network’s growth.
Resource Optimization: By distributing tests and monitoring tasks across a cluster of agents, you can make more efficient use of your hardware resources. This could lead to cost savings and improved performance.

Flexibility and Adaptability

Custom Configurations: Clustering often allows for custom configurations where specific agents can be tuned to handle specific types of tests, providing a level of flexibility that can be beneficial for complex network architectures.

By leveraging clustering, organizations can achieve more robust, scalable, and efficient network monitoring, which is particularly beneficial for those with complex network architectures.

Browser Synthetics: Navigating Waterfall Charts for Page Load and Transaction Tests

This tool helped me see that I really need a premium caching service because my page load times are all over the place.

Additionally, it looks like having all those google services on my side like ads, tag manager, analytics, etc.. might be part of the issue there. More research needed, clearly. Below the page load section we can see the classic network resource waterfall chart.

In general, these charts offer insights into how a browser interacts with web page objects. Here’s an example in the app, but you can also find this in your developer tools in the network tab.

What is a Waterfall Chart: A time-based representation of data that shows the relationship between events. It is generated by BrowserBot, the application that performs Page Load and Transaction tests.

Understanding the Document Object Model (DOM): The DOM is crucial for understanding waterfall charts. It describes the HTML structure as a series of objects called nodes.

Metrics in Waterfall Charts: Various metrics like DNS time, Connect time, SSL negotiation, and others are provided in the waterfall charts.

Navigating the Charts: The article provides detailed instructions on how to navigate these charts, including sorting options and hover-over features for more information.

Advanced Settings: If “save object headers” is selected under the test’s advanced settings, a link to view headers will be included within the Waterfall “Response Code” column.

Thought-Provoking Questions

How Important is Understanding the DOM for Navigating Waterfall Charts?
What Metrics in Waterfall Charts are Most Crucial for Performance Analysis?
How Can Advanced Settings Like ‘Save Object Headers’ Enhance the Utility of Waterfall Charts?

Deep Path Analysis and Demystifying Transit MPLS Tunnels

This technology visualizes the network paths that traffic takes through the internet. It helps in identifying where performance issues are occurring, whether within an organization’s network or an external service provider.

The release notes from September 18, 2013, introduced several new features and enhancements to the ThousandEyes platform. One of the key features was “Deep Path Analysis,” aimed at demystifying transit MPLS tunnels. The update improved the algorithms to better identify partially obscured transit paths that leverage MPLS. It covered three types of MPLS tunnels:

Explicit Tunnel: These are MPLS tunnels that are not obscured and show complete label information between each hop.
Implicit Tunnel: Even if devices are configured not to send MPLS stack entries, the system can infer that the link is part of an MPLS tunnel and attempt to infer the hop number.
Opaque Tunnel: In cases where a single MPLS label is encountered but the IP TTL is reset, the system will show it as an X-hop MPLS tunnel.

Other features included managed package deployment for Linux servers, enforced password expiration, and content verification for HTTP Server tests. API enhancements were also part of this release.

Thought-Provoking Questions

How Does Deep Path Analysis Enhance Network Visibility?: How can the improved algorithms for MPLS tunnel identification aid in network troubleshooting and performance monitoring?
Security Implications: What are the potential security considerations when enabling features like enforced password expiration?
API Enhancements: How can the new API features be leveraged for better automation and integration with other systems?

Data Analytics and Analysis in ThousandEyes

Overview

ThousandEyes offers a robust set of features for network monitoring, one of which is WAN Insights. This feature employs advanced data analytics to provide network teams with actionable insights for optimizing network performance.

Key Features

Network Quality Metrics: WAN Insights organizes data around QoS levels for loss, latency, and jitter. These metrics are crucial for understanding network performance and making informed decisions.
Path-Level Visibility: The feature provides detailed visibility into the network path, allowing network teams to identify bottlenecks or problematic sites.
Long-Term Recommendations: Based on the analyzed data, WAN Insights offers long-term recommendations for optimizing network configurations and policies.

Benefits

Proactive Issue Resolution: The feature allows network teams to proactively detect and address major issues before they affect end-users.
Optimized Network Policies: By providing data-driven insights, WAN Insights helps in formulating better network policies, thereby optimizing network configurations.
Service-Level Agreements: The feature enables network teams to compare different providers and agree on service-level agreements, ensuring optimal network performance.

By focusing on data analytics and analysis, ThousandEyes provides network teams with the tools they need to optimize network performance effectively.

APIs and Integrations: A Comprehensive Overview

ThousandEyes offers APIs that allow for integration with other tools and systems. This is crucial for automating workflows and correlating data across different monitoring tools.

Create, Update, Delete Tests

ThousandEyes API allows users to create, update, and delete tests. The API supports a variety of test types, including HTTP server tests, network tests, and many more. Users can specify test settings, such as the interval, agents, and test names, in the API request.

Obtaining Agent IP Addresses

The API also provides a way to obtain a list of ThousandEyes agent IP addresses. This is particularly useful for whitelisting purposes or for setting up specific network configurations.

OpenTelemetry

OpenTelemetry is an open-source observability framework for cloud-native software. It provides a set of APIs, libraries, agents, and instrumentation to enable observability in applications. The framework is designed to collect distributed traces and metrics from applications, so you can monitor, analyze, and troubleshoot performance issues.

OpenTelemetry is a merged project of OpenTracing and OpenCensus, aiming to provide a unified standard for collecting distributed traces and metrics. It is widely accepted in the industry and supported by various monitoring and observability platforms.

OpenTelemetry allows developers to capture key performance and behavior data from their applications, regardless of the development language, framework, or cloud environment. It offers a way to export telemetry data in a standardized format, making it easier to integrate with various monitoring and analytics tools.

OpenTelemetry Integration

ThousandEyes has OpenTelemetry (OTel) support, offering machine-to-machine integration. It allows the export of ThousandEyes telemetry data in OTel format, which is widely accepted in the industry. Users can configure and enable OTel-compatible streams for their ThousandEyes tests. The API supports various test metrics like network latency, loss, and jitter, as well as web HTTP server layer metrics.

Handling HTTP 406 Response Code

When using the API, if you encounter an HTTP 406 response code, it’s essential to verify your JSON data. The documentation provides guidelines on how to ensure the JSON data is valid and how to troubleshoot issues related to the 406 status code.

Custom Webhooks OAuth Integration Guide

The OAuth integration guide for custom webhooks in ThousandEyes outlines the process of setting up OAuth authentication for secure communication between ThousandEyes and external systems.

OAuth is a standard protocol used to grant third-party applications limited access to a user’s resources without exposing credentials.

Key Points:

OAuth Authentication Flow: The guide describes the OAuth 2.0 authentication flow, including the roles of the client application, authorization server, and resource server.
Access Tokens: Learn how to obtain access tokens required for authentication and authorization when making requests to the ThousandEyes API using OAuth.
Token Renewal: Discover the token renewal process to ensure continued access without requiring the user to reauthenticate.
Scopes and Permissions: Understand how to define scopes and permissions to control the level of access granted to external applications.
Configuration Steps: Step-by-step instructions guide you through the process of configuring OAuth authentication for custom webhooks in ThousandEyes.

By implementing OAuth authentication, you can enhance the security of your custom webhook integrations while enabling seamless data exchange between ThousandEyes and external systems. For comprehensive guidance, refer to the Custom Webhooks OAuth Integration Guide on the ThousandEyes documentation website.

Custom Webhooks Webhook Variables Guide: The Webhook Variables guide for custom webhooks in ThousandEyes provides insights into utilizing dynamic variables in webhook payloads. These variables allow you to include specific details and context from ThousandEyes events when sending notifications to external systems.

Key Points:

Dynamic Payloads: Learn how to use webhook variables to dynamically populate webhook payloads with relevant data from ThousandEyes events.
Event Context: Understand the available variables that provide event-specific context, such as test names, event types, timestamps, and more.
Customization: Explore how to tailor webhook payloads by selecting the appropriate variables based on the information you want to include.
Payload Examples: The guide offers practical examples of how to structure webhook payloads using different variables.
Configuration Steps: Step-by-step instructions guide you through the process of configuring webhook variables within custom webhooks in ThousandEyes.

By incorporating webhook variables into your custom webhook payloads, you can ensure that the notifications sent to external systems are enriched with relevant event information. For detailed guidance and examples, refer to the Custom Webhooks Webhook Variables Guide on the ThousandEyes documentation website.

How to Use This Tech and It’s Benefits

ThousandEyes is employed across various industries for different purposes:

Troubleshooting Performance Issues

Network administrators use ThousandEyes to quickly identify and resolve network and application performance issues.

Optimizing Cloud Migration

Organizations migrating to the cloud can use ThousandEyes to plan and monitor the performance of their cloud-based services.

Enhancing User Experience

By monitoring the end-user experience, businesses can make informed decisions to improve the performance and usability of their applications.

Securing Network Infrastructure

Through its visibility into network traffic, ThousandEyes can help in identifying security vulnerabilities and mitigating threats5.

SLA Compliance Monitoring

Companies can use ThousandEyes to ensure that their service providers are meeting the agreed-upon service level agreements in terms of performance and availability.

Global Business Operations

For businesses operating globally, ThousandEyes offers a way to monitor and optimize network performance across different geographical locations.

ThousandEyes represents a paradigm shift in network intelligence and performance monitoring. By providing comprehensive visibility into networks and applications, it enables organizations to not just react to issues, but to proactively optimize their digital ecosystems.

The combination of:

Cloud Agents,
Enterprise Agents,
Endpoint Agents,
Synthetic Monitoring,
Deep Path Analysis,
Data Analytics, and
APIs

forms a robust technological framework that empowers businesses to thrive in an increasingly digital and cloud-centric world.

As networks continue to evolve and become more complex, tools like ThousandEyes are indispensable for maintaining optimal performance and delivering exceptional user experiences. For network administrators, IT professionals, and decision-makers, understanding and leveraging the capabilities of ThousandEyes can be a game-changer in achieving operational excellence and business success.

In an age where the digital landscape is ever-evolving, ThousandEyes stands as a testament to the power of technology in bridging the gap between complexity and clarity. Through its innovative solutions, it not only addresses the challenges of today but also gears organizations for the challenges of tomorrow.