
	Feedback
	Search
	Index
	Contents
	What's New?
	Home
	PolicyCenter Home
	Overviews
		Adaptive Response
		ATM
		Auto-deployment
		Classification
		Compression
		Control Strategy
		Customer Portal
		Events
		Flow Detail Records
		Frame Relay
		High Availability
		Matching Rules
		Partitions
		Plug-ins
		Policies
		PolicyCenter
		ReportCenter
		Response Time Measurement
		SNMP
		Traffic Tree
		Watch Mode
	Recommendations
	Tasks
	Reference
	Documents

Adaptive Response Overview

This overview gives a general description of the adaptive response feature. For more detailed overviews on specific components of this feature, refer to the Adaptive Response Agents Overview and Adaptive Response Action Files Overview.

For examples and workflows showing how to use this feature to Monitor and Respond to Conditions of Interest on your network, see Monitor and Respond to Conditions of Interest using Agent Templates and Monitor and Respond to My Own Custom Condition.

Introduction

Network problems. Hardware problems. You never know when they are going to strike, but they almost always seem to come at an inconvenient time. Even if you have someone monitoring the health of your entire network 24/7, very often by the time a problem has become critical, users have already been impacted. Packeteer's adaptive response feature makes it easier to monitor your network by enabling an individual PacketShaper to monitor unit, application, and network health, hosts, traffic classes, links, and partitions, and by providing a color-coded summary that lets you identify potential problems at a glance.

The adaptive response feature has three major components: agents, incident reports, and action files.

Each performance standard is measured by an agent. You can create an agent that monitors the efficiency of just one mission-critical traffic class, for example, or measure the traffic performance of your entire network. Because acceptable behavior on one network or unit might be considered very unacceptable on another, you can set the thresholds of each agent to reflect your own definitions of good and bad performance. Each PacketShaper or PolicyCenter configuration can have a maximum of 32 agents.

PacketWise comes with several different agents already configured. These agents immediately start monitoring your unit and network, returning values and measuring them against their predefined good and bad performance thresholds. If there is a problem, the agent will send information about the problem to two different places: an incident report and an action file.

Incident reports show supporting data for the problem at the time it occurred, letting you see exactly what just happened. Incident reports are automatically created by the agent, and do not need to be created or configured by the user.

Action files are user-created scripts of CLI commands that are triggered to run when unit or network performance starts to degrade, or to rearm when the situation starts to return to normal. Very often, it is not enough to merely identify a problem area in an incident report. Once a problem has been pinpointed, corrections and adjustments still need to be made to solve the immediate problem. These customized action files can make automatic changes based on the problem at hand, often correcting the problem before users are ever impacted. Action file scripts can be configured to send notifications via email, syslog, and SNMP traps. Once the unit or network returns to normal, a second action file script can undo the previous changes or run additional commands.

Adaptive Response Agents

An agent is an entity in adaptive response that measures and monitors the performance of the PacketShaper, the network, or a specific class. A number of agents are predefined for you and will begin measuring and monitoring as soon as you have enabled the adaptive response feature. You can create additional agents using the included templates. (A template is a form that is used as a guide for creating agents.)

Adaptive response has five categories of agents:

Unit Health agents monitor capacities and loads on the PacketShaper.
Network Health agents monitor the efficiency of a specified traffic class, and how much of a partition is currently utilized.
Application Health agents monitor the new traffic on the network, as well as traffic that is classified into /default categories
Host agents detect hosts that are using up too much of the link or identify hosts that may be attacking your network.
User Event Emulation agents monitor any of the 130+ PacketWise measurement variables.

The adaptive response feature includes agent templates for creating and defining agents, as listed in the following table. Click any of the agent template names below for detailed information.

Unit Health Agent Templates	Network Health Agent Templates	Application Health Agent Templates	Host Agent Templates	User Event Emulation Agent Templates
Unit Limits	Traffic Performance	Default Traffic	High Bandwidth Host	Class ME Variables
System Load	Partition Utilization	New Application	Host Info Variables	Partition ME Variables
Memory Allocation		High Bandwidth New App	Failed Flow Ratio	Link ME Variables
			New Flows Per Minute (NFPM) Failed Flow
			New Flows Per Minute (NFPM) Side Unknown

The following agents are predefined in 7.4:

Agent Name	Based on this Template
High Bandwidth New App	High Bandwidth New App
Inbound Default Traffic	Default Traffic
Outbound Default Traffic	Default Traffic
Inbound Packet Drops	Link ME Variables
Outbound Packet Drops	Link ME Variables
Spoofing-Client	NFPM Side Unknown
Spoofing-Server	NFPM Side Unknown
Syn Attack-Failed Flows	Host Info Variables

Note: Some agents are not predefined and must be individually configured if you want to use them.

You can modify the settings of the default agents, create agents based on other templates, or create multiple instances of an agent based on different parameters or variables (not applicable to all agents). The adaptive response setup page allows you to create new agents, and edit or delete existing agents, and enable or disable action files.

Adaptive Response Dashboard

The info tab has five colored status indicators that show the status of each of the five categories of agents.

The category status color is based on the status color of the agents in that category.

Category Status Color	What it Means
Green	All agents in the category are reporting desired performance
Yellow	At least one agent in the category is reporting marginal performance
Red	At least one agent in the category is reporting unacceptable performance
Gray	All agents in the category are either disabled, absent, or have not yet reported a value. A status indicator will be gray until the agents in the category have had time to gather and analyze data. Another reason for a gray status is if there are no active agents in that category — either none are configured or all of the configured agents have been temporarily turned off.
Blue	At least one agent in the category has not been able to measure its target or return a value; when an agent has a blue status it indicates that the agent had a problem retrieving data. For example, an agent was set to measure a traffic class, but the class was subsequently deleted from the traffic tree.

Are all five status indicators showing green? You don’t need to look any further to know that every agent in each category is reporting desired performance for the part of the network it is monitoring. Did a green status indicator just turn yellow? You can quickly find out exactly which particular agent in that category is reporting a problem—simply hover your mouse over the agent category to display a pop-up window with a separate status indicator for each individual agent in that category show screen. These pop-up windows can also contain links to additional valuable information. When an agent changes status from green/yellow to red, it will create a drill-down report (an incident report) that shows related data or a graph at the time the problem occurred. If a report is generated, a link to the report appears beside the status indicator for the agent. Some agents also create incident reports when status goes from red/yellow to green.

The colored status indicator for the category as a whole always reflects the agent in that category with the highest severity level, as shown below.

Highest Severity <— red —yellow— blue— green —> Lowest Severity

As an example, suppose you had two Unit Health agents with a green status, and one with a yellow status. The highest severity level for those agents would be yellow, and the Unit Health category would display a yellow status indicator on the info tab. If one of the agents turned from green to red, the highest severity level would be red, and Unit Health would display a red status indicator.

Drill-Down Incident Reports

An incident report is a table or graph that adaptive response automatically generates when an agent changes status. A red incident report shows supporting data for the interval in which the agent crossed the red threshold (the time that the problem occurred). A green incident report shows the data for the interval in which the agent returned to a green status.

Adaptive response generates a red incident report if the agent's very first evaluation interval records a red status or when the status changes from:

green to red
yellow to red
blue to red

In addition, some agents generate a green incident report when the status changes from:

red to green
yellow to green

The figure below shows an example incident report for a High Bandwidth Host agent. The incident report lists all the hosts for the interval, with the host using the most bandwidth at the top of the list.

You may view incident reports from the browser interface of the PacketShaper or from PolicyCenter.

Feature Requirements

Packeteer’s adaptive response feature requires that you download and install the adaptive response plug-in from the Packeteer support site. If you are using an earlier adaptive response plug-in, you still must upgrade to the latest adaptive response plug-in for this release. The unit it runs on must have both PacketWise 7.0 or higher and at least 128MB of memory. Earlier 2500 models with less than 128MB of memory may require a memory upgrade. The adaptive response feature also appears in PolicyCenter.