Session-aware load balancing to improve lifespan of monitoring devices
Managing of complex networks
A complex campus network with hundreds of terminals, server farms, and several internet uplinks should be monitored before the traffic is forwarded to several different security solutions.
The challenge was the complex routing because of several uplinks, several internet applications, intranet cloud, VPN connections to other sites and more. This means the session uses different ways to communicate to the outside world. For instance, the CRM solution is hosted on site but the authentication server is hosted in the cloud. This means simple aggregation on a port basis was insufficient to monitor the full session.
Session-aware Load Balancing Solution from Cubro
Cubro offered a two-tier session-aware load-balancing concept that was based on Cubro’s Advanced Network Packet Brokers. Cubro was able to identify the challenges the customers faced and provided the correct solution. In this case, the asymmetrical traffic was a major issue, but Cubro solved this problem by developing a learning load-balancing mechanism. It was possible to develop this mechanism because the Advanced Network Packet Brokers have a high-performance host controller. The units are continuously learning all network relationships and, based on this information, it was possible to solve the asymmetric traffic challenge. Additionally, the Advanced Network Packet Broker can remove several MPLS, VLAN, and VXLAN tags to make the traffic readable for the DPI, IDS, and Flow monitoring systems.
- Cost-effective port assignment
That is true for some other visibility vendors but not for Cubro because our NPBs can use the interface input and output independently. We are able to TAP 16 links / 32 ports to a 32 x 100G unit and still have 32 optical outputs to forward traffic to the second stage of the solution.
- Massive traffic reduction by advanced filtering
In order to handle a high amount of traffic coming from different sources, several rules are required, and Cubro offers up to 100.000 rules per unit. In the second stage, the user can perform a “simple” layer 4 dual-stack (IPv4 and IPv6) session-aware load balancing.
- High load Session-aware load-balancing
Session-aware load balancing is useful only if the session stays on the same Probe forever. This is possible using Cubro’s monitoring load balancing application which is a unique feature of Cubro products. This works differently than standard switch load balancing. Usually, hash-based load balancing is designed for live traffic. Therefore, this load balancing cannot assure that every hash has a deterministic port relation. This means the load balancing is session-aware but not necessarily forwarded to the same port. Especially when a session pauses for some time, a situation can occur that the session is forwarded to another port after the session restarts. This is not good for monitoring because this means the traffic is on another probe. At Cubro we ensure that our hash has a deterministic port relation!