By Paul Brett
In my previous blogs I described the importance of deploying a Network Packet Broker as a component of network visibility solutions that help organizations meet their business and IT objectives by improving network performance, security posture, network planning, business continuity, and the ROI of network infrastructure and network tools. The advanced capability of traffic filtering provided by a Network Packet Broker reduces the traffic loading on network tools to help improve their effectiveness, efficiency and extend their life span.
Traffic filtering is carried out on out of band traffic that has been duplicated and aggregated by a Network Packet Broker, unless configured otherwise, so that the original network traffic is unaffected. Traffic filtering is the ability to include or exclude specific network traffic that is sent to network performance, security and analytics monitoring tools for analysis and action, and the type of filtering required by a network tool will depend on the use case. For example, for network trouble shooting and diagnostics or specific application analysis, it may be more effective and efficient for the network monitoring tool to only receive the network traffic that is relevant to a particular problem, application or user, while all other network traffic is filtered out and removed.
This approach means that the network tool does not have to waste processor cycles and time analysing network traffic that is irrelevant to identifying and diagnosing the problem. An example is when monitoring a specific mobile user’s service experience by filtering in only network traffic related to their IMSI ( unique mobile user identity) and filtering out all other network traffic.
In other cases, such as when specific applications do not include a security risk, for example, it may be more effective for a network security tool to receive all network traffic except for traffic related to a specific application. When encrypted Netflix traffic is transmitted across a network alongside regular unencrypted data, voice and video network traffic, if the Netflix traffic has known secure origination and destination locations it could be categorized as low security risk and therefore acceptable to filter out all Netflix traffic and send all other traffic to the network security tool for security analysis and action. This can significantly reduce the loading on the security tool.
In yet other cases, specific types of network traffic may require special treatment before it can be analysed by a network tool. For example, encrypted network traffic may need to be decrypted before it can be analysed by a network tool, so a Network Packet Broker can recognize when traffic has been encrypted and can filter the encrypted traffic out from the remaining network traffic. The unencrypted traffic is sent directly to the network tool for analysis while the encrypted tool is sent to be decrypted, either by the Network Packet Broker ( depending on its functionality ) or by an external traffic encryption/decryption device, before being sent to the relevant network tool or tools.
Network Packet Brokers that are capable of filtering network traffic must also be able to execute multiple types of filtering simultaneously to multiple duplicated network traffic streams and at varying speeds, up to and including line speed filtering rate, according to the requirements of the use case, and deliver the filtered traffic to one or multiple network tools simultaneously, for the user to realize the full benefits of network traffic filtering.
So, apart from ensuring the minimum quantity of necessary network traffic is sent to network tools, network tools do not waste time and processor cycles analysing irrelevant network traffic, network tools’ effectiveness and efficiency is increased while their purchase price and total cost of ownership is reduced, network tools’ life span and return on investment is increased, and IT sustainability is improved – what has Network Traffic Filtering ever done for us!!!