Defining the word enabler is interesting. According to Merriam-Webster.com, an enabler can be a good thing or a bad thing… same word, two very different connotations. The two definitions of an enabler are:
• One that enables another to engage in self destructive behavior
• One that enables another to achieve an end
At Network Critical, our products are enablers for others to achieve an end.
Not in the Forefront
This discussion will focus, therefore, on the positive side of enablement. By definition, enablers do not work alone. There must be others benefiting from the actions of the enabler. Often, those who benefit from the enabler are most likely the ones in the spotlight, not the enabler themselves. This is true in networking as well. When looking at access and visibility products for many monitoring, security and performance tools the enabler helps the tool perform faster and more efficiently.
Network managers and architects sometimes focus solely on the tool itself because that is the device that performs the strategic function required. However, the method used to connect the tool to network links is a critical piece of the design and often overlooked. For example, the right TAP may provide more complete traffic information to a monitoring tool thus increasing the accuracy of traffic reports. Here are some ideas where including access and visibility early in the design process can save on budget and help increase actual tool performance.
Let’s look at passive monitoring applications, such as connecting probe and sniffer tools to network links. The first consideration is the safety of connection. If the tool is connected directly to a network link and the tool goes offline for any reason, the link will go down unless there is a failsafe option in the tool. Failsafe is an option in some tools but is always a standard function of a TAP. When connecting tools with TAPs you can rest assured that network traffic will continue to flow even if the monitor tool goes offline. This also makes it easier to schedule maintenance windows and firmware upgrades when tools must go offline. Failsafe seems like a simple issue, but when multiplied by numerous links and complicated by hybrid cloud connections, this issue is worth serious attention early in the design process.
Enhancing the accuracy of monitoring tools is also a critical consideration. When SPAN or mirror ports are available, there is a temptation to take the path of least resistance and simply connect the tool to a SPAN port. This may not be the best idea, however, if you are relying on the accuracy of your traffic reports to manage network bottlenecks and plan for future growth. SPAN ports increase the internal traffic in a switch and randomly drop packets when the switch gets busy. This process will cause inaccurate reporting by the tool effectively canceling the purpose of using the tool in the first place. If you cannot get accurate data for planning and analysis, the traffic capture process becomes irrelevant and can sometimes even be counterproductive.
Port mapping, aggregation and filtering are additional enabling functions of TAPs that can help tools perform better and save on budget. In larger complex networks, it can be cost prohibitive and wasteful to permanently deploy a monitoring tool on every link. Many links do not operate at full capacity. Therefore, it is a good idea to aggregate traffic from multiple links to a single tool. This allows tools to operate a full capacity and saves money by using fewer tools throughout the network. Using the filtering feature provides additional efficiency by sending only relevant traffic to tools for processing. This further lowers the traffic sent from links and also removes the filter processing function from tools allowing them to work faster. Combining aggregation, mapping and filtering enables fewer tools to provide better results at less cost.
Another great enabler is the Packet Broker. It is easy to confuse packet brokers with TAPs because some of the features and functions are similar. However, the primary purpose of a packet broker is to manage multiple tools in larger, more complex networks.
Reports have shown that larger networks can have seven tools or more per link providing various monitoring, security and performance functions. All these tools cannot be directly connected to every link for cost and reliability reasons. If seven tools were connected to every link and any one of those tools goes offline, the link goes down. You can easily see that this configuration will have a severe effect on network reliability and availability.
Packet brokers allow the connection of multiple tools and help manage traffic through to the tools and back into the network. Using advanced features such as packet manipulation and load balancing as well as the aggregation, filtering and port mapping features available with TAPs, packet brokers are invaluable for efficient deployment of multiple tools. Typically packet brokers do not provide fail safe as discussed in the TAP section so TAPs will also need to be considered when planning tool deployment with packet brokers.