IT departments are increasingly focused on major technological innovations that ultimately require frequent network infrastructure upgrades. Just look at the growing prominence of IoT, edge computing and software-defined networks. But according to Enterprise Management Associates, navigating the complexity of network architecture and attempting to scale or expand infrastructure are two of the top challenges for businesses when dealing with their networks. The problem: when networks aren’t built to scale, emerging technologies end up out-pacing current network capacities, adding unnecessary cost and complexity.
Network Packet Brokers play a critical role in gaining visibility into these new complex networks. They deliver the packet data and information IT and security teams need to identify problems, recognize security issues, and ensure overall network performance. However, not all Packet Brokers are created equal when it comes to scalability. Simply “scaling up” your network infrastructure at every growth point is a more complex and more expensive endeavor over time – cutting into business profitability and productivity. Instead, building network architectures that can “scale out” – quickly adding ports, changing speeds or capabilities – is often a better approach.
Let’s explore three ways the “scale up” approach to infrastructure growth impedes NetOps and security professionals (and the business as a whole). Based on these shortcomings, we can then dive into the benefits of scale-out visibility, which can help organizations grow when new technology initiatives alter network requirements.
When it comes to network infrastructure (including Packet Brokers), the “scale up” approach for hardware often includes buying a big box solution with a bazillion ports. Those ports get used as needed (which often translates to just a small fraction of them), while the unused ports sit idle for “future use” – a simple but wasteful growth solution. With networks growing at a faster rate than budgets these days, investing in idle-assets is often sub-optimal.
The other “scale up” approach is to purchase only the unit that matches today’s exact needs, and then when required, decommission the existing unit and buy the next model up. Vendors like to promote the “product family” idea as scaling up. For example, if you purchase the X-1 now, you can later purchase the X-2, X-3, X-4 when you need more ports or power. This family scaling certainly can keep the customer loyal to a vendor by providing a simple upgrade path with familiar operation and management, but it’s also wasteful as the smaller product is usually replaced well before the end of its useful life.
For many organizations, a better approach is to “scale out.” Buy a smaller base unit that meets your immediate needs and build incrementally as you grow. This includes purchasing a right-sized base unit for initial requirements (call it the “mothership” appliance), then transparently adding on to the initial purchase as growth requires with modules that easily integrate (and leverage the intelligence of the “mothership” unit). This approach protects budget disciplined teams, while still providing a path for seamless (and less disruptive) growth in the future. The IT stakeholder no longer has to pay for something it might use in the future or purchase expensive new appliances along the way.
Features, Features, Features
“Scale up” versus “scale out” doesn’t just apply to hardware investments, it also has an impact on product features. “Scale up” promotes buying the feature set you think you need now, then adding “feature modules” and licenses as you discover additional feature requirements are needed. Often as networks grow in size they also grow in complexity. For example, network monitoring and security tools connected to links through a Packet Broker don’t always keep pace with the speeds of the newly installed links. This can require upgrading the feature set of the Packet Broker to offer advanced features to mitigate these issues.
When it comes to Packet Brokers, features such as port mapping and basic filtering are standard. Advanced features such as packet slicing, packet manipulation and various methods of load balancing, are often offered as discreet modules or annual licenses. Vendors, therefore, offer options to add-on advanced features by offering firmware modules and software licenses. This “scale up” approach allows the customer to purchase a stripped down feature set to keep the initial CAPEX low and add advanced features later as network complexity grows. This maintains a constant revenue and loyalty stream for vendors. Unfortunately, it can have the customer paying a lifetime of license fees for a one-time purchase. It may be helpful with CAPEX, but overtime this approach can put a strain on OPEX as ongoing fees pile up.
The “Scale-Out” approach literally tackles this problem by looking at advanced features as inherently valuable to the core product. For example, Packet Brokers built around the “scale out” principle include load balancing to help spread incoming traffic as new faster links are added. They include packet manipulation to help organizations deal with new privacy rules (such as GDPR) that require packet data payloads be masked. And they offer packet slicing to help increase the performance of monitoring and security tools. When needed these sorts of advanced features can be leveraged at will without ongoing licensing costs or additional modules.
Management of the Rules, Filters and Maps
If you’re responsible for planning, writing, testing and deploying a new set of filter rules and port maps for an entire network system at each growth phase, you understand the massive amount of work it requires, and the challenges associated with the “scale up” approach. Writing filter maps so the right information is passed to the right tool can be a very complex operation with hierarchical filtering systems. Furthermore, assigning ports to links and tools can also be very time consuming and error prone. While most vendors have the same operation and management systems, which are used when new units are deployed and decommissioned, it still requires a tremendous amount of time to transition from one model to the next. The net result: any sort of change often hurts when the underlying hardware is swapped out.
Packet Brokers that scale out eliminate the need to swap hardware, which can have a monumental impact on NetOps. All of a sudden, you can add and deploy new filter rules and port maps ad-hoc as needed, with no impact on existing rules and system operations. Deployment programing no longer starts from scratch with each growth phase. Simply by adding a hardware extension module to an existing system, network managers only need to map and apply filters to the new links. And these “scale out” solutions often have management software that automates provisioning by leveraging sophisticated computational engines that do the hard math in the background. Filter rules become independent rather than hierarchical. This added software saves time, money, and makes incremental changes easy.
As networks continue to become more and more complex, it has never been more important for the underlying infrastructure to adapt as well. Traditional approaches to Packet Broker solutions are quickly proving unsustainable when dealing with the traffic increases driven by IoT, SDN and more. As you look to scale your network to meet these modern-day requirements, consider looking at new “scale out” visibility solutions designed to simplify your NetOps world.