The increasing sophistication of network equipment and design combined with the increased traffic on networks have changed the face of network management. With advanced application-level traffic-shaping techniques, network hardware can now slice and dice distinct data flows and treat them accordingly. This increasing focus on Layer 4-7 services requires more sophisticated network monitoring. Some businesses need monitoring for certain functional needs whereas it is required for security purposes or by law in other cases. A typical functional use case would be the recording of conversations, for example, recording an executive’s conversation with a customer to provide feedback/improvement suggestions or to provide training to new staff.
All businesses that need monitoring require the deployment of a specialised Intelligent Network Packet Monitoring solution, a Network Packet Broker (NPB). There are multiple ways in which the NPB can be deployed. One method of classification is in-line, wherein the NPB sits in the path of traffic and performs certain functions. This method is suitable for situations where the throughput needs are not very high, and the application is not latency sensitive. However, in situations where there is high throughput, and latency requirements are low, an offline method is chosen, wherein the data packets are mirrored on the SPAN ports and sent to the device, which is sitting off to the side rather than in-line.
Challenges for Data Centre
Networks are critical for traditional uses: client/server communications, server/storage data transfer, and long distance communications for branch or internet access. In these traditional uses, the computational workloads or storage has tended to reside on one side of the connection, and the network was used to access the results. In more modern workloads, the computation and data are distributed. By examining and controlling the network, we can gain better control over program behaviour, and maintain visibility over its actions.
Perhaps one of the most significant challenges that today’s data centres face is identifying the correct mirroring point in the scenario of east-west traffic, i.e. the traffic that flows within the data centre. North-south traffic, i.e. the traffic coming in and going out of the data centre, is less of a challenge, as we can enable the SPAN at the data centre entry/exit point since that is a single point through which all north-south traffic flows. However, the amount of east-west traffic increases daily and optimisation by determining the correct mirroring point can reduce duplicate traffic flowing through the data centre network.
Functions of a typical Network Packet Broker
Advantages of Cubro’s Sessionmasters for Data Centres
Best practice recommendations around NPBs include finding a solution that delivers true link layer visibility. In some cases, this simply means implementing tools to monitor network devices and individual links. In other cases, monitoring all the way to the application layer is required.
Cubro’s Sessionmaster offers the ability to monitor network-only functions, as well as to monitor and alert the customer regarding network and application issues that may arise. Deep Packet Inspection (DPI), deeper
examination of the packet up to layer 7, is one such application which our Sessionmaster is capable of performing. Cubro Sessionmaster is the only device in the market that offers VXLAN /GRE applications and is capable of filtering on tunnel ID.