The volume of traffic is growing exponentially on networks both large and small on every continent around the world. Responding to this growth, network data-rates have been increasing in order of magnitude from 100/1000Mbps to 10/40Gbps and will be breaching the 100Gbps threshold within the next 18 to 24 months. The increasing raw performance of the network coupled with the wide spread adoption of converged, next generation networks carrying voice, video, and data are all enabling a proliferation of devices and network end-points. At the same time, and amplifying the complexity of IT professionals, is a user-workforce that is significantly mobile which demands additional infrastructure to maintain and enhance the inter-departmental and inter-organizational communications.
Ensuring the health of a network is paramount to enable organizational revenue generation, sustain and enhance the customer experience, to protect confidential information, to secure intellectual property, and to allow the organization to maintain compliance to appropriate standards. Monitoring the network, and specifically the traffic on the network, for malware, network attacks, performance, and internal theft has become paramount for IT teams around the globe. In an effort to address this objective, IT professionals deploy numerous monitoring and security appliances to specifically address these individual requirements. However, these monitoring systems are only as effective as the information and traffic that they can see. Limit visibility to the traffic, and the value of these systems is equally limited. Therefore, to effectively deliver pervasive insight, the monitoring, management and security systems that IT deploys, demands visibility to traffic at every network segment.
Not an easy challenge to address.
However, IT teams are turning to a new approach – the Traffic Visibility Fabric – that delivers pervasive insight while also ensuring that monitoring and security devices see only the traffic and packets that are appropriate and required by intelligent filtering of the traffic flows in the Fabric prior to the monitoring appliances receiving the packets.
There were two primary methods for filtering traffic in the network – at ingress and egress of the switch deployed to provide visibility to the traffic. Inherent downfalls exist in both approaches. Connection-based filtering on the ingress can only forward one protocol at-a-time as it eliminates all other traffic at the point of entry. For example, when a VoIP recorder is the desired destination, only VoIP packets can be delivered by the filter; all other packets are dropped or ignored. Similar problems occur when filtering on the egress ports. Since no filtering takes place until the traffic is sent across the switch architecture, oversubscription can result if the sum of all ingress traffic exceeds the performance of the egress port. The excess packets will be dropped randomly before ever reaching the monitoring tool. Alternatively, rule-based filtering can quickly become unmanageable. As the number of ingress points increases so does the rule and configuration complexity. Changes become very complex – if not impossible – because each connection rule and the associated decision logic is created separately. Furthermore due to the nature of switch ‘rule processing logic’ and as ingress or egress flows increase, new connection rules need to be added manually and usually cannot be added to existing rules.
With all these challenges, a new approach was required and therefore we started from scratch and developed a technology called “Flow Mapping®”. Flow Mapping is combination of both software logic and algorithms in combination with purpose built hardware platforms that perform traffic pattern matching to fully configurable rules and ‘Boolean’ logic. Enabled by Flow Mapping, IT network, management and security teams can specifically select traffic to forward, to specifically define one or many destinations for the traffic and whether the traffic should be manipulated in route. By deploying Flow Mapping, users can include or exclude traffic based on many criteria including, MAC addresses, IPv4/IPv6 source and destination addresses, application port numbers, ethertypes, VLAN IDs, protocols, and many more.
With Flow Mapping installed within the visibility fabric, each monitoring and security tool receives only the information that best suits its individual strengths and nothing else. Traffic arriving at a single ingress network port can be sent to multiple destination tool ports to overcome tool port oversubscription when the aggregate ingress traffic exceeds the capacity of a single egress port & monitoring tool. If two 1Gbps ingress ports are sending traffic to a single 1Gbps monitoring tool, there are likely to be situations where the tool port would become oversubscribed and drop packets. This can be addressed with Flow Mapping by removing irrelevant parts of the data stream that are not required by a specialized tool. For example, there is no value for a Web Performance Monitor to receive SMTP, SNMP, or UDA traffic. This capability will free up processing cycles and capacity on various monitoring tools as they no longer face higher volumes of traffic. Modifications to Flow Mapping logic can be applied to all ingress ports, to a subset or a single port, so that change can be made rapidly and pervasively across a complete Visibility Fabric if required.