Meeting the challenge of real time monitoring

In this interview with Napatech vice president of marketing Daniel Joseph Barry, we find out why real-time network monitoring is so vital for operators looking to succeed in today’s competitive marketplace. 

The telco industry is moving from circuit switched to packet based. How do Napatech’s tools enable telcos to meet that challenge?

Napatech products and technology are central to meeting the challenges that carriers and vendors are facing today. The move from circuit-switched to packet-based networks is a paradigm shift, which we as an industry have come to terms with on the switching, routing and transport level, but not at the network management level. It’s a serious challenge that we all have to face.

The issue is that packet based networks behave in a totally different way to circuit switched networks and there is not as much support for management information in packet network protocols. For example, a SONET/SDH network is highly engineered and traffic can only flow in the paths that have been defined centrally. Performance monitoring, configuration and detection of faults can all be performed centrally because management overhead information is available in the SONET/SDH protocol. In contrast, Ethernet/IP networks are expected to define the best paths through the network themselves using routing protocols. The traffic is bursty and dynamic and if there are errors, data is simply re-transmitted. There is therefore no need to have large amounts of management information available in the protocols themselves.

This is where the network management challenge comes in – how can you manage this network within the centralised management concept of a circuit switched network? The answer is that you can’t! At least not in the same way.

The packet network is changing all the time with new routes and new content. The only way to keep up with what is going on is to monitor the network in real-time, capturing the situation as it is happening. This information can be stored and analysed to understand what has happened, but since packet networks now operate at speeds up to 40Gbps and soon 100Gbps, the situation can change within nanoseconds. This means that the management systems that we use to operate and monitor the network must be capable of keeping up in real-time.

Napatech provides the technology and products that enable system vendors to build solutions for monitoring, testing, securing and optimising Ethernet/IP networks using standard off-the-shelf servers. We guarantee that all the data that needs to be analysed is delivered in real-time even at line-rate. With this fundamental capability in place, it is possible to deploy analysis systems at critical points in the network that can react in real-time to events as they happen and provide a complete picture of what is happening in the network with nanosecond precise timing.

Your network analysis tools can provide a huge amount of data. How can operators best use the data your tools can provide?

Our customers use the stream of data we provide to analyse what is happening in real-time. They also store this information for historical analysis. For example, this can be very useful for troubleshooting purposes.

The type of analysis they perform depends on the need and application. Some focus on network and application performance where Napatech, together with our Deep Packet Inspection software partners, can recognise applications and even extract key meta-data to provide insight on what kinds of services are being used. This allows monitoring of key performance thresholds so that issues can be identified before they affect customers.

Other applications are focused on test, measurement and troubleshooting to help identify the root-cause of a performance issue based on analysis of recorded data with nanosecond precise time-stamping of each and every packet

Security applications can be implemented in the same way, where the focus is on identifying potential threats as they occur and taking action immediately

Finally, optimisation applications can use real-time information on network and application usage to enforce policies to optimally re-assign resources or take other actions to improve the customer experience

All of these solutions can be implemented in systems close to the network itself, where it is possible to receive reports from all of these systems for central management. In this way, it is possible to support many of the current management practices, while more of the activity is performed closer to the network in real-time.

With this approach, it is possible to keep up with events as they occur, get a network-wide view, but be confident in the fact that the systems can react in real-time to events as they occur according to the thresholds and rules that have been established.

The Broadband World Forum is taking place on the 22nd – 24th October 2013 at the RAI Exhibition and Convention Centre, Amsterdam. Click here to download a brochure for the event and here to register for a conference pass.

How can your tools help operators respond to network errors and security breaches?

Some of our customers build systems that can capture and store network data in real-time. Each and every Ethernet frame is stored together with key information such as the nanosecond-precise time at which it was received, the protocols from layer 2 to 4 in the frame, checksum information and more. With this information, it is possible to build a highly accurate historical timeline of what has happened at this point in the network that is being monitored. You could think of this as a usage profile.

When network errors occur, it is possible to consult this information to determine what happened and when. This information can even be replayed with exactly the same timing so that the error can be re-produced.

For security breaches, this historical usage information can be compared with real-time information to detect anomalies. Historical usage information will show a trend of “normal” usage. By comparing this with real-time information, it is possible to detect a deviation from this pattern that could be an indication of a security breach.

This information can be compared against the information provided by security systems to verify whether a breach is occurring. If the security systems cannot confirm that there is a breach, this does not mean that there isn’t one – it could be what is known as a “zero-day threat” or a threat that has not been seen before. In any case, the deviation from the norm provides the impetus to investigate further and determine if there is an issue or not.

How would you address any operators concerns over the impact of monitoring on network performance?

The vast majority of the systems that our customers deploy are passive in nature. In other words, they operate off-line on copies of the network traffic provided by taps or a Switched Port Analyzer (SPAN) port on a switch or router. This means that the analysis has no effect on network performance as it is not part of the network path.

In some applications, there is a need to sit “in-line” or as part of the transmission path. In these cases, the systems strive to be transparent with bypass mechanisms available should any issues occur. So, again, there should be no impact on network performance.

How can use of data analysis translate to improved revenue for operators?

Operator strategies vary with some operators focusing on providing the best network for others to deliver their content and services and other operators focusing on providing their own content and services. In either case, the ability to monitor, manage and react in real-time is crucial to the success of both strategies.

For operators focusing on providing the best network, the key success factor is optimised use of network resources. The ability to monitor network usage in real-time and compare this to historical usage information helps these operators to continuously optimise how the network is being used and resources are deployed. This not only translates to cost-optimisation, but also better customer experience and thereby revenue.

For operators focusing on providing superior content and services, the same approaches can be used to better understand customer behaviour with network and application usage. This will help customers to not only identify potential lucrative services, but also the ability to offer these services in real-time based on customer activity.

If you had only one key message for operators what would it be?

The network is changing in real-time, so to take advantage of this we need to ensure that the management systems and processes that are implemented can also react in real-time to changes in network and service usage behaviour. This requires a rethink of how management is performed today, but it also opens opportunities to explore new strategies for providing greater value to customers.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.