Networking Deep Dive
by Sergey Okinchuk
CDNs and Edge CachingNTP and Time Synchronization

Chapter 11

Services and Observability

The supporting services and the visibility layer: keeping clocks in sync, and seeing what the network is actually doing.

4 topics

Everything earlier in this course moves packets. This chapter covers the services that keep that machinery honest and the tools that let you watch it. Time synchronization is the quietest dependency in the stack — until a clock drifts by a few minutes and TLS handshakes start failing, signed tokens expire early, and your correlated logs line up against the wrong events. Observability is the other half: you cannot operate, debug, or capacity-plan a network you cannot see.

The four topics split into one supporting service and three layers of visibility. NTP keeps fleet clocks within milliseconds of true time. Telemetry — SNMP counters, flow records, and streaming metrics — answers what the network is doing in aggregate. Packet capture is the ground truth you reach for when the aggregate view says "slow" but not why. And alerting is the discipline of deciding which of all those signals is actually worth waking someone for, so the page that fires is a real symptom and not noise.

Four ways to see a network — from device state down to individual packets
Time
NTP — keep every clock in sync
Device state
SNMP counters — how an interface is doing
Conversations
Flow records — who talked to whom
Trends
Streaming metrics — watch it move
Packets
Capture — the ground-truth trace

Topics in This Chapter

Topic 60
NTP and Time Synchronization
The stratum hierarchy, how a clock is disciplined by slewing versus stepping, and why a few seconds of skew quietly breaks TLS validation, token expiry, and log ordering. Covers chrony and where PTP is needed.
NTP
Topic 61
Telemetry — SNMP, Flow Logs, Metrics
Three families of network visibility: SNMP polling of device counters, flow records (NetFlow/sFlow/IPFIX) that show who talked to whom, and push-based streaming metrics. Each answers a different question.
Telemetry
Topic 62
Packet Capture — tcpdump and Wireshark
The ground truth of networking: tcpdump with BPF filters to grab packets on the wire, Wireshark to dissect them, and how to read a trace — handshakes, retransmits, resets, and where the loss actually happened.
Capture
Topic 63
What to Alert On
SLI thinking applied to networks: the four golden signals, alerting on user-visible symptoms instead of raw counters, watching saturation and headroom, and why p99 latency tells you more than the average.
Alerting