48 posts categorized "Data Visualization" Feed

Cloud Networking – Once More Into The Breach (by Keith Bromley)

Cloud Networking – Once More Into The Breach

Anyone who has been in networking for several years has seen an exorbitant amount of change. Initially, businesses had physical (racks and chassis) network and switching equipment that resided on their physical premises. This was their corporate network consisting of routers, switches, servers, etc. The simple network concept expanded to include wide area networking, international and distributed offices, and then extensive security measures including IPS, IDS, DLP, WAF, etc.

The concept took a quantum leap as we went through a “virtualization” mania a few years ago. Everything needed to be moved to virtualized servers located in the virtual data center. Now we are on the precipice of another quantum leap, the use of cloud networking, where a significant majority of capabilities are being moved to either public or private cloud networks.

Scary

Whether you are a proponent of this move to the cloud or not, there are some things to consider if, and when, you decide to take the plunge. While there has been a lot of hype around the benefits of cloud computing, very little is being said about the inherent drawbacks.

One of the current challenges for IT teams is the lack of visibility that comes with the shift to the cloud. For instance, once you give up control of the network infrastructure, you lose the ability to capture important packet data from tap and span ports. This data is necessary for troubleshooting and performance monitoring analysis. Monitoring and forensic tools still need to perform deep packet inspection as part of the application performance monitoring (APM) analysis and troubleshooting activities. Log data and log files are simply not good enough.

Continue reading "Cloud Networking – Once More Into The Breach (by Keith Bromley)" »


Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective (by Yoram Ehrlich)

Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective

Today’s enterprise networks and service providers are in a conundrum: as network technologies advance, managing network security has become harder and costlier. Sure, they could continuously introduce new monitoring tools - but this adds configuration hours and management complexities to an already intricate scenario. They could also replace slow-running tools with higher-speed devices - but they’ll incur additional costs. Or, for better results, they can adopt a holistic network monitoring infrastructure that enables migration to a higher network speed while increasing the effectiveness of existing security and monitoring tools.

Today’s security landscape demands strong, holistic-visibility architecture

Security breaches are moving up to ever higher (and frightening) levels and remain a thorn in organizations’ sides. Verizon’s 2018 Data Breach Investigations Report (DBIR) indicated that in 2017, more than 53,000 security incidents were reported and 2,216 breaches confirmed. The number of actual attacks remains unknown but undoubtedly is considerably higher.

Unfortunately, the issue of network security cannot be solved with a one-time purchase, and no security product is “perfect.” Today’s organizations’ best bet is a Network Visibility architecture-based security solution that reveals hidden network dangers and inefficiencies, identifies network hiccups and outages, increases network security, and addresses potential compliance issues — all before they impact the business.

Look for these four critical components when choosing a holistic approach: high efficiency and flexible access to the network, monitoring middleware functionalities (filtering, packet grooming, etc.), advanced monitoring functions (application intelligence, NetFlow support), and monitoring tools connectivity.

...and a more efficient and cost-effective security infrastructure

Continue reading "Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective (by Yoram Ehrlich)" »


Slow Transfer, Packet Losses, Congestion Avoidance, Shaping and Policing (by Phil Storey)

Problem: Slow Transfer, Packet Losses, Congestion Avoidance, Shaping and Policing!

This is a response to a question asked on Tuesday 5th December by “u/thegreattriscuit” in Reddit’s “r/Networking” subreddit.

The original question that started the investigation! Click to go to page -

Question Summary - The problem was slow file transfer throughput across a long 1 Gbps WAN (“across an ocean”) and caused by packet losses. However, we’re told that the packet loss behaviour was consistent and readily reproducible for this particular iPerf test - but not apparent for other transfers across the same link.

The provided “topology” diagram is below. The flow is from Host-A at the left to Host-Z on the right and the packet losses occur somewhere between the two points (as indicated by the blue line between two capture points). The losses could be within the Cisco 4500, ASR1000, Force10 WAN, ASR1000 or Force10 switch).

1

A commercial packet analysis tool called NetData Pro was used to perform this analysis and provide the detrail visuals included - 

Full Details of the analysis and Conclusions following - 

*Note for larger diagrams click on image - 

Continue reading "Slow Transfer, Packet Losses, Congestion Avoidance, Shaping and Policing (by Phil Storey)" »


Scalability in Network Architecture (by Christian Ferenz)

Scalability in Network Architecture

There has been a huge surge in network traffic and no industry is immune from being overwhelmed by data. Network visibility is a requirement for all industries ranging from financial corporations, telecom companies, data centres to retailers, government and healthcare. All are vulnerable to becoming constrained due to scalability issues.

With non-scalable tools, companies are limited by the number of switches and the architecture does not allow them to address all their network visibility concerns. As a result, they end up investing huge sums in changing their entire network architecture.

If a company’s existing network monitoring setup consists of a limited number of network TAPs feeding a monitoring switch, the system provides limited visibility and is not scalable. Such a system is also not capable of addressing regular microbursts in network traffic. Furthermore, the architecture generates substantial duplicate packets that the switch is not equipped to eliminate, creating challenges for monitoring. In such cases, when a company needs to install new TAPs and new port SPANs to accommodate network expansion, the old switch is not able to handle the load.

A scalable solution which offers multi-stage filtering, de-duplication and other features helps a network operate more efficiently.

Customers can ease these problems by building scalable network monitoring visibility solutions.

  • Tools that can intelligently aggregate data and precisely channel it to the appropriate monitoring tools without missing or dropping data, and which provide 100-percent visibility. Instead of using several TAPs, SPANs and tools, a scalable tool can provide 100 percent visibility of all data passing through it.

 

Continue reading "Scalability in Network Architecture (by Christian Ferenz)" »


The Dark Side of Packet Slicing (by Mike Canney)

SiegerninjaPF

 

Packet or frame slicing our captures can be a great way to hide information in trace files if done correctly.  However, you have to really understand the reason for the captures in the first place.  For example, often times application performance issues leave many clues at layer 4 (specifically TCP).  What happens when you 'hard" slice a trace file and now cannot follow the TCP sequence numbers because the incorrect frame size value is written in the pcap file?

Other times you may need to see the specific application call (SQL/Oracle) to actually fix the problem but you no longer have that data because you've sliced it away.  

Continue reading "The Dark Side of Packet Slicing (by Mike Canney)" »