Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
IPv6 could be awesome but it is getting scary, Why?
I do not dislike IPv6, but it seems a scary transition, at this time…It has some great attributes but it has gotten out of control – where IPv4 was easy to implement and was a few steps higher than the previous version, IP Before (IPv4 )as I call it …..
IPv6 is like stepping out of an airplane at 50000’ with no parachute - It is a VERY long drop!
Currently the landing is the killer! Where will it lead us?\
Starting I do not like the fact that from the network and processor views running dual stacks eats up processor, bus and network time and traffic not to mention adding complexity to all of our current applications and communications.
I was on the IPNG and IPv6 committee back in the 90’s and I was and am an advocate for IPv6 deployment, I do not feel we have a choice! That being said we have created a BIG MESS thus hindering any easy or even reasonable deployment for IPv6. I am sorry to say but all one has to do is look at the standards and there are a bunch of them to fully understand the impossible complexity to a successful and safe deployment. BUT - I still feel we have created a giant that is NOT movable and if we do not rethink it we may never see it deployed!
I love capturing packets with my laptop – all the tools are set up the way that I need them. However, I know that it’s no longer a tool that I can use in a next-gen network. New data centers are being designed with non-blocking L2 ECMP architectures like Leaf-Spine and Clos ( Leaf-Spine video from Brad Hedlund and an IEEE ANTS Presentation PDF by Malathi Veeraraghavan U. of VA.), where it’s difficult to answer the #1 question for sniffing: where do I plug in to capture the packets I need?
What makes this more difficult is the speed of these links. It’s increasingly common to find 10G to servers and 40G in the fabric between the switches. There’s no way my laptop can keep up with those speeds. What we need is a way to have visibility baked into the network. This post will explore a few emerging methods.
When it comes to processing performance, buffering or storage capacity, a Laptop is a very cost effective solution. Limitations are mainly caused by its integrated network card. For a 1G NIC, monitoring a 2Gbps in-line gigabit is already a problem, by deciding for a full duplex TAP or an aggregation TAP, you are choosing between visibility and packet losses. Of course, you may add second USB NIC, but in such case the Rx and Tx would be in two separated files, with a probable time difference. This can be very painful, for example, for TCP analysis.
With up to 1.5 Million packets per second, 1Gbps capture is a real challenge for the processor. The NIC driver has to parse the stream in single packets, then the capture driver timestamps each frame and finally the protocol analyzer generates the capture headers and decodes the frames. In this scenario, the CPU is quickly overloaded resulting in packet losses. This loss often occurs at the NIC driver or at the Protocol analyzer. The latter may show a drop counter, while the NIC driver not always count nor report the losses. Packets can simply disappear from your stream without you knowing it.
Keep your Network under control and Available when you really need it!
As you all know I am always looking for good and technically sound white papers and recently I came across a super one on Network and Application focused monitoring strategies written by Daniel Zobel, Head of Software Development Paessler AG.
Today company productivity (business success) hinges on the smooth operation of numerous applications and devices like collaboration platforms, proprietary applications, office software internal and external website, the network..etc and if any of these critical components are interrupted productivity can grind to a halt with a loud scream. We tend to focus on monitoring the network but Applications are the life of our corporate success, they are the gold that keeps our companies running and we should have a strategy to monitor these also!
On the customer-facing side, the company website is also very crucial to profitable operations, as the website is the corporate face to the customer base and provides important and essential information to our customers thus driving sales. If the site goes down, the company goes dark to customers, potential customers and internally will shut down all forms of proactive business activity from billing to quoting including production which affects all future business. As the famous quote from Benjamin Franklin says “Time loss is never found” or phrased for today’s fast paced internet focused business world “Business lost is never found”.
That’s why it makes sense for companies to monitor the performance of these vital technology tools, including applications, email systems, data backup solutions, security updates and websites. Professional monitoring software can help ensure that availability, bandwidth and infrastructure usage levels remain sustainable and within normal levels, giving IT professionals the complete transparency they need to meet demand and support vital business functions. Visibility is no longer a nice to have it is an essential yet few companies have designed and deployed any visibility architecture, read the recent article on building the much needed “Real View” visibility architecture - http://www.lovemytool.com/blog/2014/02/best-practices-for-building-scalable-visibility-architecture-by-the-oldcommguy.html#more .
From my perspective here are 5 important considerations to a successful strategy -
What is SDN? Plus your chance to tell us what you see for SDN!
Well today’s networks are full of hardware and software with a bit of magic and lots of hard work we use the network to work through communications using applications.
The problem is that everything runs separately so if one device changes or crashes usually so does the network.
Today’s network is mainly made up on three planes
The Data Plane (user, carrier, bearer..etc plane) – this is where the data is passed to the correct user or device, then we have
The Control Plane – this is where routing and switching parts occur assuring that the packets are sent (controlled) to where they need to go, then
The Management Plane – this is where the administration of things like logging, authentication…etc occur.
SDN basically takes the hardware heavy Control Plane and implements it in software in a controller format, a single point of network view an advanced fabric for configuration and control.
This flexible and programmable implementation allows for better network response to issues and increases the ability to better control or shape traffic and data flows. SDN helps by centralizing control and management allowing for better control and response to issues from failures to attack mitigation. The single controller format is easier to secure and update.
Tell us what you think about SDN in your future..........Read on and join the survey!
A super free webinar that gets you thinking about real network visibility needs!
A must read for every network and security manager!
You the readers know how passionate I am about having a professional, deployable and easy to use network and application visibility. Jim Frey and Scott Register recently did this webinar and I believe it has a lot of good points for all network and security managers to consider.
Network and security managers spend a lot of time preparing access and deploying monitoring and analysis equipment to look for issues and find problems.
Today we need to be proactive and not reactive to monitoring and analysis so the design and deployment of a viable, easy to use, flexible and expandable visibility architecture is not a luxury it is a necessity to be able to respond to the many issues that face us from application monitoring, security it in all its forms, compliance, auditing and focused analysis!
This timely webinar covers the considerations for such a deployment and covers the many keys to a successful design and deployment. Whether you use TAPs or SPAN or a combination of these to access your data flows, a true visibility architecture is a must for successful management and security of your network.