Networking visibility is a critical factor when it comes to warding off application performance issues, data breaches, outages and attacks against large-scale distributed networks. Yet until recently, there was no way to gain complete and unrestricted network visibility to see any part of a large-scale distributed network, in real-time, at the packet level.
That’s changing. The old method, born of financial necessity, relied on switched port analyzer (SPAN) ports and inline network TAPs at the local level instead of analytical devices at every point in the network. This necessarily limited what could be seen.
The new approach, distributed traffic capture, consists of intelligent traffic capture devices deployed anywhere they need to be, tied together as one virtual system. It offers better flexibility, redundancy and monitoring optimization.
“Because it functions as one system, distributed traffic capture offers network monitoring, for the first time, fault tolerance, ultra low latency, infinite flexibility and full optimization,” said VSS Monitoring (News - Alert) in a recent white paper on the topic. “A distributed traffic capture system not only adapts as rapidly as conditions require but also delivers multiple views of the network simultaneously, so that each monitoring group can see the view appropriate to its function.”
When designing a distributed traffic capture system, VSS Monitoring advised in the white paper, it is important to play of the system’s core strengths.
Network traffic capture architects have many data-related considerations to consider before implementation.
Those considerations include “the speeds, nature of traffic and its location in the network’s core, distribution, access and/or gateway layers, the analytical equipment on hand and to be implemented, the level of traffic-capture redundancy required, and how the traffic capture and monitoring systems will be managed—e.g., permission levels for management views of device configurations and port assignments—and the personnel available for monitoring,” the network TAP provider revealed.
Because distributed traffic capture systems introduce additional capabilities, system architects have additional choices to make.
“First is to specify the desired level of redundancy,” VSS Monitoring said. “Triple redundancy is adequate in all but the most critical installations. Second is to design contingency plans should the traffic capture system default to slower speeds and increased number of hops in the event that multiple high-speed links between traffic capture devices fail. One of the most important elements in this is to set alerts to be generated by a change in link status, and to have these alerts sent to IT personnel, as well as, if desired, to third-party monitoring companies via multiple methods: pager, text message, and email.”
Traffic capture architects should use the system’s selective aggregation, filtering, and load balancing data grooming capabilities to ensure each device is fully subscribed to relevant traffic.
“Examples of these decisions include splitting voice and data signaling traffic to respective analyzers, sending the same traffic to analyzers in different regions, and using multiple 1-Gigabit analyzers to monitor a 10 Gbps stream,” the company added.
There are eight main design criteria that architects should take into account when planning their distributed traffic capture system:
- The number of networks being monitored
- Whether their media is copper, fiber or mixed
- The location and number of capture points, whether SPAN ports or inline
- The speed for each link associated with a capture point
- The type and volume of traffic being monitored
- The performance capability/bandwidth of the analytical equipment and its location
- Available rack space
- The topologies of traffic capture depending on desired visibility and redundancy
In the white paper, VSS Monitoring also noted that the most efficient design process for setting up a distributed traffic capture system is to determine the traffic that the network monitoring tools must see, identify the traffic capture points, map the capture points to the best combination of port densities, speeds and grooming capabilities of the traffic capture device connected to that capture point, and configure the monitor output ports to send traffic customized for each monitoring device for each view.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.
Stay in touch with everything happening at ITEXPO. Follow us on Twitter.
Edited by Jamie Epstein