Are Network Packets really becoming increasingly difficult to collect?
2021-01-08 | 6 min read
I recently read the Gartner Market Guide for Network Performance Monitoring and Diagnostics (NPMD). Within the report it states that “Network Packets are Becoming Increasing Difficult to Collect” the reasons detailed were:
- Increased Virtualisation within the Data Center
- TLS 1.3 Encryption
- Dynamic Applications & Network Infrastructure
There certainly have been a number of changes over recent times which have led to challenges when capturing Packet level data, but these are challenges which are easily overcome…. if you are using the right technology. So, is this really true statement from Gartner? I believe not for the following:
If we look at how organisations traditionally deploy and feed traffic to their Network Monitoring and Security toolset within their data centre. Network SPANs on Switches and Routers at key transit points in the Network are configured along with Network TAPs on key links deployed, allowing users to obtain copies of the Network Packets – the lifeblood of the network.
The outputs from the SPANs Ports and TAPs are connected to the Tools, in many cases via a Network Packet Broker (NPB), which optimises the flow of packets between the Network and Tool(s) by applying Filtering, Aggregation, Load Balancing, Data Replication, Packet DeDuplication Algorithms policies to the packets before they are handed off to the tools, improving the tools efficiently and scalability.
As Networks have evolved and challenges have become evident, the necessity to ensure the same level of visibility and blind spots are eliminated, as your network embraces the next generation of technology is imperative.
Virtual TAPs have been available for a number of years, allowing extraction of east-west traffic from inside virtual hosts. Indeed, some Virtual TAPs allow you to capture intra-container traffic from within a single VM if you are running a micro-compute service such as Docker or Kubernetes. Traffic from the Virtual TAPs can be forwarded straight to Network Packet Broker or Monitoring toolset.
Next-Generation Network Packet Brokers (NGNPB) have been designed with high-density inputs, ensuring you can deploy and connect outputs from Network TAPs and SPAN in all of the relevant positions in the network which will have increased flows, due to the dynamic nature of network traffic with the advent of SDN Fabrics, such as those available from Cisco, Arista, Juniper, HP, etc…. Many of these NGNPB have built-in TLS/SSL Decryption, including support for TLS 1.3, allowing you to eliminate encryption blind spots on your network, even if you don’t have the private certificate used for the encryption.
Two other major challenges in relation to networking and the services that users consume, including 1) Public Cloud Adoption and 2) SaaS (Software-as-a-Service) Offerings.
Virtual TAPs which are deployed in data centres often have variants which are suitable for deployment in the Public Cloud, thus allowing you to have the same, or similar level of visibility in your Public Cloud environment as common in the data centre. As a side note regarding deploying Virtual Taps in the Public Cloud: Be aware of data transfer costs, often moving copies of data within a local zone is free but between zones/regions can have cost implications.
SaaS services are becoming more widely utilised and the adoption of many services has accelerated during the Coronavirus pandemic. These services are remotely hosted and are not managed by the organisation who is utilising them and in many cases are mission-critical to the function of the business. The services are designed to be very robust and resilient, however, the performance and availability, particularly at peak times, can be less than desirable.
How do you troubleshoot performance issues of a service doesn’t belong to you? This challenge gets more complicated when you factor in that the user who is accessing the service may be remote from the business.
There are solutions in the market which allow you to measure the performance of services, which can be both internal and external services – such as a SaaS platform, on a regular ongoing basis. These are referred to as Active Monitoring Solutions, as they continuously check the availability and performance of a resource, rather than wait for a client to access the service to highlight a problem. Active Monitoring is particularly useful if both the user and service are remote and have no access to the network traffic.
Keysight’s market-leading solutions address the challenges in of these key areas: Virtual Tapping for Public, Private and Cloud, Next Generation Network Packet Brokering with Active TLS/SSL Decryption, and Proactive Network and User Experiencing Monitoring
If you would like to learn more, please feel free to send me a message or drop me an e-mail to firstname.lastname@example.org