All businesses that need monitoring require the deployment of a specialised Intelligent Network Packet Monitoring solution, a Network Packet Broker (NPB). There are multiple ways in which the NPB can be deployed. One method of classification is in-line, wherein the NPB sits in the path of traffic and performs certain functions. This method is suitable for situations where the throughput needs are not very high, and the application is not latency sensitive. However, in situations where there is high throughput, and latency requirements are low, an offline method is chosen, wherein the data packets are mirrored on the SPAN ports and sent to the device, which is sitting off to the side rather than in-line.
Challenges for Data Centre
Networks are critical for traditional uses: client/server communications, server/storage data transfer, and long distance communications for branch or internet access. In these traditional uses, the computational workloads or storage has tended to reside on one side of the connection, and the network was used to access the results. In more modern workloads, the computation and data are distributed. By examining and controlling the network, we can gain better control over program behaviour, and maintain visibility over its actions.
Perhaps one of the most significant challenges that today’s data centres face is identifying the correct mirroring point in the scenario of east-west traffic, i.e. the traffic that flows within the data centre. North-south traffic, i.e. the traffic coming in and going out of the data centre, is less of a challenge, as we can enable the SPAN at the data centre entry/exit point since that is a single point through which all north-south traffic flows. However, the amount of east-west traffic increases daily and optimisation by determining the correct mirroring point can reduce duplicate traffic flowing through the data centre network.
Functions of a typical Network Packet Broker
- Traffic/Packet Filtering – Analyse and store only those packets which are needed by applying packet matching rules.
- Traffic/Packet De-duplication – Remove the duplicate packets that are being monitored.
- Load balancing – Load balancing is another factor that makes network packet brokers the prime devices to enhance network security. They effectively delegate all network traffic to the relevant monitoring tools.
- Removal of Repetitive Data – During the deep packet inspection process, a Network Packet Broker, checks each packet for redundant or repeating data. It removes all such packets that contain redundant data, which ultimately saves your monitoring tools from becoming overloaded. During this secure removal process, original packets remain intact without having to face the threat of data compromise or data loss and are successfully delivered to the monitoring tools.
- Optimization of Packets – Apart from deep packet inspection and possessing the ability to remove repetitive data packets, network packet brokers optimise the packets in a number of other ways as well, including conditional packet slicing and time stamping. Optimizing packets allows monitoring tools to function more effectively and efficiently.
Advantages of Cubro’s Sessionmasters for Data Centres
Best practice recommendations around NPBs include finding a solution that delivers true link layer visibility. In some cases, this simply means implementing tools to monitor network devices and individual links. In other cases, monitoring all the way to the application layer is required.
Cubro’s Sessionmaster offers the ability to monitor network-only functions, as well as to monitor and alert the customer regarding network and application issues that may arise. Deep Packet Inspection (DPI), deeper
examination of the packet up to layer 7, is one such application which our Sessionmaster is capable of performing. Cubro Sessionmaster is the only device in the market that offers VXLAN /GRE applications and is capable of filtering on tunnel ID.