I’m doing a couple of blogs about tools for monitoring user experience (fancy term for response times, drop rates, etc.).
A prior blog covered NetBeez and started with some general comments about what this type of tool does. See also my NFD26: NetBeez blog. The prior blog also discussed some of the competitors to Cisco ThousandEyes.
This blog covers Cisco ThousandEyes, which is now the “elephant in the room” – probably the biggest competitor in this space.
Disclosure: NetCraftsmen is a Cisco partner and is certainly willing to sell you ThousandEyes. I’m going to try to tell you the differentiating features in ThousandEyes. Also note there’s no major gripes or issues I know of with ThousandEyes.
I’ve certainly blogged enough about this kind of tool before – try putting “thousandeyes site:netcraftsmen.com” into your browser!
TL;DR So this blog is a summary of capability for those unfamiliar with ThousandEyes, and an update on new capabilities for those already having some familiarity with ThousandEyes.
What Is ThousandEyes?
ThousandEyes uses monitoring agents to collect statistics for TCP (usually web) or ping (ICMP) traffic to targets you define from the cloud management platform. You can do that outbound to various websites or SaaS providers your users use, or inbound, from ThousandEyes’ agents at various locations around the world to targets in your data centers or in the cloud. The inbound monitoring simulates what customer response times (etc.) / experience is like from various remote locations.
I checked what ThousandEyes runs on, expecting to see physical devices and software forms. ThousandEyes is now apparently completely software agent-based.
It can be deployed in the following forms:
- VM for ESXi, Oracle Virtual Box, and hyper-V
- Linux package for Red Hat Enterprise Linux
- Native integration with Cisco Catalyst® 9300 and 9400 Series Switches (requires Cisco DNA Advantage or Premier software subscription)
- CentOS and Ubuntu
- Docker container
- Ubuntu-based AMI through predefined CloudFormation templates for AWS
- Intel® NUC
- Raspberry Pi
What Can ThousandEyes Do?
ThousandEyes sends packets to one or more target URLs you specify. From that, it can provide:
- Network path visualization—L3 hop-by-hop, various paths are seen, stats along the paths
- End-to-end and per-hop network performance and metrics (via bursts of TCP and UDP to measure packet loss, latency, and jitter), including QoS re-markings
Here are some screen captures from a Cisco demo.
The first (below) shows averaged latency across a number of sites.
The next screen capture shows a Path Visualization, showing the path(s) to several target sites. Note that it also indicates heavy packet loss on the initial VPN connection.
For Internet issues, ThousandEyes adds:
- BGP route visualization
- DNS availability, integrity (validation and monitoring of DNSSEC), and performance
- Cloud Agent vantage points across hundreds of cities around the globe
- Internet Insights – health of portions of the Internet, service provider availability over time, etc.
So you can set up monitoring from a number of sites to a given target address. (And potentially use up your monthly polling credits quickly if you’re not unlimited.)
For enterprise WAN, ThousandEyes can:
- Provide SD-WAN overlay and underlay visibility
- Collect SNMP network device metrics from your infrastructure
- Do auto-discovery of your network topology (via SNMP and CDP/LLDP)
- Monitor with enterprise agents deployed on a variety of platforms and devices
- Perform synthetic VOIP monitoring
The below screen capture shows the sort of reporting you can get from that. Note the MOS (synthetic VoIP Mean Opinion Score).
Here’s another sample, showing a RUM waterfall test (stages of a web page), and showing where there was an outage.
There are many more features. Here are some noteworthy capabilities:
- Rest API
- ThousandEyes can also show you BGP visualization based on prefix tracking and data collection from “dozens of global BGP collectors.” It automatically tracks prefixes that are targets for tests.
- Synthetic web monitoring. You can even script simulations of user interactions with a web-based app. The tool permits you to view transaction time and page load statistics or report on response time for various web page waterfall markers.
So, What Is Special about ThousandEyes?
Well, Cisco now owns it, and some usage is apparently being included in, e.g., the higher levels of DNAC licensing. That would be for outbound monitoring, e.g., from switches in various places in your network to your datacenter edges and to key apps in your data centers. (Comparing tells you where the slowness is.)
And Cisco has been doing some clever things with ThousandEyes, making it available with the Cat 9K switches, installable via DNAC. (Still cloud-managed as far as stats and reporting.) Cisco has announced plans to include the functionality with the SD-WAN routers as well as running as a Linux package in Nexus 9K datacenter switches! (Targeted for the second half of 2021.)
There is now also a remote worker agent, which not only can do synthetic test traffic but can monitor web the user’s interaction with specified SaaS and other web applications. It also monitors the user’s WiFi statistics.
I’m not closely tracking the pricing. Be aware that you likely get some free monitoring from your devices, but there is likely a charge for monitoring originating from ThousandEyes’ distributed agents.
If you start with the ThousandEyes main web page, you’ll find a link to a display of Internet outages. It is apparently based on their global sensor network: sensors in various CoLo/cloud etc., locations that can also be used by customers to probe response time (etc.) from various parts of the world to on-premises or cloud-based apps. “Customer Digital Experience.”
Relevant Prior NetCraftsmen Blogs
NetCraftsmen has several posted blogs on the topic of digital experience / user experience:
Cisco is aggressively expanding the ways to use ThousandEyes, which has now become a key member of the network management toolkit. This sort of tool is particularly useful for Internet-based apps, where you do not have SNMP access to intervening routers in the ISP or in the cloud. (The thought of users doing SNMP to them is enough to make the ISP or CSP cringe – crush a router’s CPU with end-user polling…).
Being able to get a fairly direct read on user experience with applications is a good first step towards getting alerted to problems and diagnosing where the problem lies.