How to monitor the status of a corporate wireless network with Extreme NSight

Today in retail without a wireless LAN - nowhere. However, it is important to control it in order to fix problems and problems in time. Let's talk about how to do it effectively.
In recent years, wireless LAN has become one of the key success keys in retail, providing the necessary data in real time. This simplifies the daily management of business processes, improves the quality of customer service and reduces the number of possible errors that can lead to reduced profitability, increased lost sales and, as a result, loss of customers.

In order to achieve a high level of reliability of a wireless network, we need to know about its state and understand what is happening in it at any given time. It is imperative that you collect and receive information in a timely manner to troubleshoot problems. Also, this data can be used for budget planning in case of network scaling and analytics of business processes of the organization.

In the corporate segment, Cisco, Aruba Networks, Extreme Networks solutions are used for these tasks. Taking into account the experience of "Pilot" in the deployment of wireless networks, let’s see how to effectively monitor their status in real time using the example of the popular Extreme NSight software product for Extreme Networks equipment. This, in fact, is a software add-on that extends the functionality of the WiNG5 infrastructure with the help of additional capabilities for managing and controlling a wireless domain. So, the key features and functionality of NSight:

Monitoring.NSight lets you monitor the status of an enterprise wireless domain. It is possible to import a tree of corporate network sites directly from the WING5 infrastructure (from NX or VX, RFDM controllers) into the program body (customizable dashboard). It is possible to import maps from Google Maps with geo-referenced sites, creating and monitoring floor plans with hosted access points and a heat map. Information and visualization of the network tree are structured: from a specific point or user on the site to generalized information throughout the wireless domain. Customizable Dashboard NSight is an interactive, multi-user and multi-window program that allows you to easily navigate the structure tree to the levels of interest to us for analysis and Troubleshoot. It is possible to display the operational status of network devices of a wireless domain, the number of users, network load, bandwidth. All information can be ranked and provided to users with different levels of access and impact role. This is very convenient if the control over the network is distributed by area of ​​responsibility.

Analysis. Using predefined and easily mounted widgets, you can summarize the information received from the wireless infrastructure of a domain into different groups and levels:
- access points;
- used channels;
- the number of users and their type, type of their operating systems;
- used applications;
- wireless network protocols;
- enemy points, attacks;
- events of different significance levels.

This information is collected during the monitoring of the wireless domain and is archived into a database with a custom retention period.

Report Generation.Extreme NSight implements reporting functionality. Two reporting modes: on demand and scheduled. There are ready-made sets of reports on the type of key metrics for analysis - an inventory of wireless equipment, the status of the network and its components, security, compliance with the standards of industry regulators, the dynamics and direction (trend) of network use, its load. There is also the possibility of customizing reports with the selection of information of interest to us and the method of extracting it from the system.

Troubleshooting.NSight’s interactive interface makes it easy to access the data we need to analyze and fix wireless network problems. There is no need to go to any specific access point to receive information, everything is available through the program interface. Instead, we can create our own dashboard and collect and track data metrics from remote access points and their clients on any particular site or their combination on the fly. There are three built-in mechanisms for obtaining and analyzing information:

- Packet Capture;
- Wireless Debug Log access;
- Event Log Browser.

Packet Capture allows you to capture wireless and wired traffic with filtering by type and protocol of network exchange. This data can be saved to a file for later analysis.

Wireless Debug Log makes it easy to get detailed information about 802.11 protocol errors at the level of access errors, authentication that can occur during the operation of a wireless network.

Event Log Browser organizes access to the event log through the Extreme NSight interface to view events for a certain period of time that occurred with the access point or mobile wireless clients.

Composition, requirements, licensing, deployment models

Extreme NSight - lines of code that are included in the WiNG5 kernel, which is part of the usual distribution for the NX, VX and RFS series controllers. Available since version WiNG5 - 5.8.2. The functionality is enabled only on the WiNG5 command line with just a couple of commands:

• An NSight Policy is created for the NOC controller



• Assign the NSight policy on the RF-Domain of the NOC controller



Another group of settings relates to NSight clients - infrastructure and database.

NSight is a Client-Server-type application with a database, where the role of the server on which all the collected information is stored and maintained is usually played by the NOC controller (VX or NX controller), and as the client that collects this data on each site and provides them to the server, it acts either RFDM on AP, or RFDM on RFS or on NX controllers. Accordingly, policies are also created for them, in which the IP address of the NSight server (or server cluster) will be indicated. User access to the application itself is carried out through the https protocol:



where the address of the NSight server (domain controller) is specified as fdqn or ip. A general view of the NSight interface is presented below:



Read more about NSight components.

Server.This is a web application. It interacts with WiNG5 and performs the following functions:

- automatically saves configuration updates from the WiNG Management module;
- periodically saves updates of statistical data from all RFDM wireless domain of the corporation;
- saves information about the adaptation process for access points coming from NOC and the site of the controllers;
- Manages and maintains API requests from third-party applications.

Client.Client functions are assigned to the RFDM of each site. As an RFDM, a dynamically selected access point or a local site controller can act as such. The client collects statistics from all access points of this site and sends them to the server every 60 seconds (by default). Sends the following data:

- AP statistics;
- client (mobile) statistics;
- wired statistics;
- event history;
- adoption information.

Database. NSight Server stores a database of all wireless clients, access points and controllers:

- all devices are identified by their unique MAC address;
- All information about the device is stored: Mac, IP, hostname, location, etc.
- information about SMART-RF neighbor from each access point;
- enemy access points detected in the network coverage area;
- statistics about customers and access points;
- event history for each device.

Extreme NSight is supported on the NX 95XX, 96XX and VX9000 platforms in two deployment modes - standalone server and integrated WING5 + NSigt mode. Standalone mode is when only NSight functionality is running on the controller (NX or VX), and integrated when the controller simultaneously performs WiNG management and NSight functions.

The table below shows the system requirements for the VX9000 appliances, depending on the size of the network served:



To transfer data from the NSight client to the NSight server, no more than 1 kbps is required per point, which belongs to the site from which information is sent to the NSight server.

Extreme NSight - licensed functionality. The license includes two key components: the number of devices and the expiration date.

The number of devices is the sum of the access points and controllers that make up the organization’s wireless domain. The number of licenses must be equal to or greater than it.

Validity period - two options are available - for 1 and 3 years. If the number of licenses is insufficient and expires, NSight displays a warning message 60 days before the program is blocked. If the program is blocked, then the user interface is no longer available. At the same time, the system continues to collect statistics and write it to the database. As soon as the license is installed, the system will open access to the user interface and database.

If we use the integrated deployment model (WING + NSight), then only one license is required that is installed on the NOC controller and shared by all cluster members (if any). When implementing a standalone scheme, only one license is required that is installed on the primary replica set. It is also shared among all members of the replica set topology. If, for example, we launched the NSight server on the VX9000 in standalone mode, then we do not need a license for the VX platform as such. Only license for NSight.

What is replica set

The NSight database created and stored must have a high degree of availability and reliability of data storage in case of failure of any of the NSight topology elements. For this, a three-node model for organizing the storage and maintenance of the database was recommended. Two aspects are important here:

- the database storage topology should always consist of an odd number of storage and processing nodes (for example, 3);
- Database backup is a process independent of the WING topology clustering process.

Directly replica set- a group of database processes (servers) that support the same data set. Replica sets provide redundancy, high availability, and are the foundation for all deployment models. In fact, this is a distributed group of servers that are synchronized with each other, store and maintain a common database, as well as ensure its reliability and availability in case of failure of any topology nodes. Full-node is a member of the replica set topology with a full copy of the database. Arbiter is a process (server) that does not store any data, but participates in the generation of synchronizing signals and in the selection of the primary database.

Some Extreme NSight infrastructure deployment models:

1. Integrated WiNG5 + NSight model on one controller in the NOC center



NSight components operate with WiNG5 within the same physical controller (VX, NX). NSight receives data from the RFDM (AP or controller) of each individual site via websocket. And the exchange of data between elements of the WiNG5 infrastructure is carried out using the MINT protocol (level2).

2. Standalone model (NSight only)



In it, the Extreme NSight server runs on a stand-alone VX or NX9XXX platform without any WiNG5 management features. Extreme NSight only receives statistics and configuration information from remote sites. In addition, each WiNG5 NOC center controller transmits information about the structure of the site tree configuration. The standalone Nsight server does not interact with the WING5 module on the same controller and does not report any statistics about itself to the Nsight base. Data exchange and statistics are also collected through websocket for NSight and through MINT for WiNG5.

In both of the above examples, NSight is deployed within the same physical device. If we require high availability and reliability of the NSight functional and its database, then the replica set topology mentioned earlier is implemented. A circuit consisting of three nodes, one in each data center. The third node does not necessarily require a separate data center, the main thing is that it be placed in a separate location with reliable and uninterrupted power and access to the corporate network. If this server plays the role of Arbiter, then it is not necessary to purchase an expensive IBM (HP) server. A normal computer capable of working with VMware is enough.

The diagrams below show two diagrams of the three nodes of the replica set topology. The first consists of two full-node nodes and plus arbiter. It should be noted that full-node nodes should be located on devices of the same type - for example, VX9000-VX9000 or NX9500 - NX9500.



The second model: all three nodes are full-node servers. Pay attention to how the database policy is configured - by setting the priority for each specific device.



In both examples, the replica set topology is applied to the NSight infrastructure standalone model. But other options are possible.