The increasing sophistication of network equipment and design combined with the increased traffic on networks have changed the face of network management. With advanced application-level traffic-shaping techniques, network hardware can now slice and dice distinct data flows and treat them accordingly. This increasing focus on Layer 4-7 services requires more sophisticated network monitoring. Some businesses need monitoring for certain functional needs whereas it is required for security purposes or by law in other cases. A typical functional use case would be the recording of conversations, for example, recording an executive’s conversation with a customer to provide feedback/improvement suggestions or to provide training to new staff.
All businesses that need monitoring require the deployment of a specialized Intelligent Network Packet Monitoring solution, a Network Packet Broker (NPB). There are multiple ways in which the NPB can be deployed. One method of classification is in-line, wherein the NPB sits in the path of traffic and performs certain functions. This method is suitable for situations where the throughput needs are not very high and the application is not latency sensitive. However, in situations where there is high throughput and latency requirements are low, an offline method is chosen, wherein the data packets are mirrored on the SPAN ports and sent to the device, which is sitting off to the side rather than in-line.
Challenges for Data Centre:
Networks are critical for traditional uses: client/server communications, server/storage data transfer, and long distance communications for branch or internet access. In these traditional uses, the computational workloads or storage has tended to reside on one side of the connection, and the network was used to access the results. In more modern workloads, the computation and data are distributed. By examining and controlling the network, we can gain better control over program behaviour, and maintain visibility over its actions.
Perhaps one of the most significant challenges that today’s data centres face is identifying the correct mirroring point in the scenario of east west traffic, i.e. the traffic that flows within the data centre. North south traffic, i.e. the traffic coming in and going out of the data centre, is less of a challenge, as we can enable the SPAN at the data centre entry/exit point since that is a single point through which all north south traffic flows. However, the amount of east west traffic increases daily and optimization through determining the correct mirroring point can reduce duplicate traffic flowing through the data centre network.
Functions of a typical Network Packet Broker
- Traffic/Packet Filtering – Analyse and store only those packets which are needed by applying packet matching rules.
- Traffic/Packet De-duplication – Remove the duplicate packets that are being monitored
- Load balancing - Load balancing is another factor that makes network packet brokers the prime devices to enhance network security. They effectively delegate all network traffic to the relevant monitoring tools.
- Removal of Repetitive Data - During the deep packet inspection process, a Network Packet Broker checks each packet for redundant or repeating data. It removes all such packets that contain redundant data, which ultimately saves your monitoring tools from becoming overloaded. During this secure removal process, original packets remain intact without having to face the threat of data compromise or data loss and are successfully delivered to the monitoring tools.
- Optimization of Packets - Apart from deep packet inspection and possessing the ability to remove repetitive data packets, network packet brokers optimize the packets in a number of other ways as well, including conditional packet slicing and time stamping. Optimizing packets allows monitoring tools to function more effectively and efficiently.
Advantages of Cubro’s Sessionmasters for Data Centres:
Best practice recommendations around NPBs include finding a solution that delivers true link layer visibility. In some cases, this simply means implementing tools to monitor network devices and individual links. In other cases, monitoring all the way to the application layer is required.
Cubro’s Sessionmaster offers the ability to monitor network-only functions, as well as to monitor and alert the customer regarding network and application issues that may arise. Deep Packet Inspection (DPI) is a technology by which a deeper examination of the packet, up to layer 7, can be performed.