Within enterprise networks there are a multitude of requirements for precise and accurate timestamping of raw network traffic. The ability to apply a consistent time identifier is crucial within security, performance, forensic, and analytical applications when capturing or storing network packets. A few examples of use cases involve identifying the time of a specific event or incident, performance monitoring, identifying network delay, and gathering Telemetry information for network optimization.
While many tools can apply timestamps to network traffic as it arrives at the interface they typically do so at modest resolutions and challenges arise when tools utilize different timestamping standards or, perhaps due to misconfiguration or the lack of an accurate time source, vary slightly in the relative time recorded. Such problems are simply not acceptable for applications where the timestamps serve a centralized, shared resource.
The Solution From Cubro
Cubro’s Network Packet Brokers provide the option to apply a timestamp to all traffic on a given interface with a resolution between 20 and 200 nanoseconds. By contrast, typical network devices offer timestamping resolution in the range of milliseconds. In networks with higher throughput, such as 10Gbps and faster links, such a low resolution can lead to numerous packets sharing the same timestamp and thus reducing the overall usefulness of any telemetry data.
The timestamp can be configured locally or synchronized with a network time source via NTP (Network Time Protocol) or PTP (Precision Time Protocol). This creates a precise, consistent timestamp, with a finer resolution detail than typical network monitoring tools offer, for all traffic destined for a wide range of enterprise applications. The In-Band-Telemetry data gathered from the use of these timestamps can form the foundation for network optimization and increased efficiency by identifying specific times where network congestion is higher and implementing routing changes and modifying forwarding policies as a result.
- Increased resolution for analytics and forensics
- Greater capability to detect network delay
- Uniform Timestamp standard across all devices