What is MONI?

MONI or to give it it's full name Multipoint Osculating Network Investigator
is a network of peer-based devices which you embed into your network so it can watch it for problems and do something about them.

It is an automated fleet of robot engineers who watch all your traffic 24/7 and checks it gets to where it needs.
It watches all the traffic, including stuff you didn't anticipate or know about.

Why is it better than (insert competing brand monitoring here), you ask?
MONI does not check that a packet should get somewhere without problems, it checks the packets that are moving around your network.

This difference is very important: other very expensive products are mainly to inspect particular known streams of traffic for integrity.
MONI watches all traffic on your network, not just that which you anticipate, and sees from where it comes and to where it goes.

MONI was originally design for whirlwind, relentless financial networks, for where it is important for every packet to be accounted.
And this it does very well, but most networks are not requiring this level of inspection.

So a version of MONI is also available for customers with more flexible requirements.
There is also a version of MONI targeted at home and small business usage.

MONI Multipoint System attached to all devices on your network.
- See individual packets as they traverse the network from your desktop or mobile device.
MONI PacketWave for real-time micro-burst analysis giving real-world burst figures.
MONI TokenWave for real-time drop prediction using real-world network algorithms.
MONI NetWave for real-time propagation tracking using real-world protocol agnostic packet tracking.

For the enterprise package the system consists of multiple nodes (one package is 10 nodes) with full NetWave tracking.
You deploy this into your network and MONI will monitor and report on what it finds.
You can expand the coverage with more nodes if you need: all nodes are designed to be managed as part of a single peer network.

The professional package is single units with capturing ability designed for your support engineers to do targeted, forensic analysis on your network.

In the home/SBS package the nodes sold singly are capable of capturing a high-speed broadband or WiFi connection.

Also you can use MONI to monitor your cloud and container environments

Without MONI -you are blind

Dude, where are my packets?

Switches and routers have limited abilities for investigating dropped or latent traffic
- Interfaces show counters but no information on packets
- Some Cisco and Juniper network devices have limited capture ability (seconds of capture)
Modems have no diagnostic ability
- No counters
- No capturing
Servers can capture traffic
- Limited space
- Will use resources of the server to capture
- Will only give information about one point in the network, i.e. the end.
- Limited functionality without installing specific software
- Are for customer applications, of course :)

Competitor Products -give a glimpse

High price per unit.
- Competitors sell single units
- Costing is based on individual units so purchasing decisions are based per unit.
Single point monitoring in network.
- Units are deployed in data-centres or sites where a single unit can monitor multiple paths.
- Each path will be only monitored at a single point or location.
- Monitoring will not be available on endpoints or on your customers site as it will not be cost effective.
- Equipment can provide massive amounts of information, but it's up to you to make sense of it.
Rely on expensive algorithms
- Some use algorithms to attempt to predict other events outside monitoring.
- These algorithms are costly to develop, so pushing up the price per unit.
- Real world scenarios show these are are of limited value, better to actually monitor the traffic in location.

MONI Multipoint System -now you can really see!

MONI nodes attached to all devices on your network
- See individual packets as they traverse the network
- Monitor drops across each network device and have them send alerts automatically
- Assess maximum bandwidth and throughput for each customer application independently
- Store full historical data on every MONI node so you can go back in time and do in depth analysis
- High speed real-time analysis and inline stats processing on all MONI nodes
- MONI NetWave works like a "hive mind" and attempts to understand your network for you.
  - NetWave tracks from where your packets are really originating and their real destination -even across firewalls, through VPNS and across dynamic networks (e.g. MPLS).
  - NetWave understands the flow of packets in your network and so can tell you of real life issues e.g. security penetration

Customer feedback shows positive results
- Provides captures and information in which customers put stock
  - Customer will ask for information which they know can be extracted from the nodes,
  - e.g. TCP options from 3-way handshakes, full protocol capture and analysis
Customers quickly get up and running with MONI
- Customers' engineers understand wireshark captures so they understand how to get the results.
- The devices are fully field tested, so are robust and easy to deploy.
- They are physically small, light, low power (fanless) and silent when running.
- They are easy to maintain as they work in a similar way to other well known data-centre equipment.

All this is viewed from a web browser on your desktop, a console in your operations centre,
or anywhere in the world on your mobile device.

How MONI works

MONI works using industry standard mature methods of port/VLAN mirroring
Packets are copied in the switch/router and the copy is sent to the MONI node
This means the customers traffic is unaffected by the monitoring

The MONI node saves all traffic to nanosecond-accurate, compressed PCAP files fully compatible with Wireshark for offline deep inspection
As the packets arrive they are processed real-time and the analysis is saved for the browser inspection tools
MONI nodes have internal monitoring to ensure the device is always available and capturing
You simply access the MONI node using your out-of-band (OOB) management network keeping the valuable customer safe from issues

User access

The MONI browser application is served up from NetLinux MONI servers.

This then requests the data from the nodes in your network from your device and shows it realtime.

This provides the instant support and updates from NetLinux while still keeping your confidential information within your network.

If you have a separated management network then you will use the secure proxy module to communicate to the nodes.

This can be a physical unit, a virtual node, or the MONI secure proxy module installed on your gateway.

MONI PacketWave for real-time micro-burst analysis giving real-world burst figures.
MONI TokenWave for real-time drop prediction using real-world network algorithms.
MONI NetWave for real-time propagation tracking using real-world protocol agnostic packet tracking.

Customisation Options

Inline nodes

For customers who opt for in-line monitoring solutions MONI nodes also work this way.
There are 2 choices:
1. Embedded: In the MONI node there is an internal virtual switch which works the same as an external one
  The node is managed the same as the OOB solution using an internal management connection.
2. OOB Inline: The node has a third port used for OOB management
Traffic is monitored directly from the wire without mirroring
All competitors solutions use one of these methods

Cloud Nodes

MONI can be added as nodes in your VPC:

The MONI appliances can be installed into your cloud infrastructure too
so extending the coverage into your virtual datacentre in exactly the same way as physical infrastructure.

Container Environments

MONI can also be added to your container environment:

MONI node containers are deployed into your container environment and can monitor all your container traffic.
The MONI module is statically linked so is compatible with all Linux environments (e.g. CoreOS / Alpine)

A single MONI node can track which containers send/receive traffic and where it comes/goes.
It can also determine if the incoming requests are serviced or if they are blocked (e.g. by a container being offline)
and how long it takes for the container to process and respond.

Of course, the MONI node also keeps the entire packets
so the individual requests and responses can be forensically analysed and debugged both real-time and after the events.

History
Internal
Relationship to CenturyLink NAPI