Designing and maintaining a network that delivers uninterrupted performance is a crucial function of most NetOps teams. But with new technology challenges around cloud and software defined architectures, many struggle to optimize and troubleshoot the high-performance networks of today.
According to a recent survey from LiveAction, 20% of NetOps teams are focused on improving application performance across the network, 19% are focused on improving network monitoring, and 15% are focused on improving performance at remote sites. Doing this effectively requires visibility into flow and packet data. When aggregated and analyzed properly, NetOps teams can gain valuable insights and operate more predictable, high-performing networks.
NetOps teams traditionally rely on network performance monitoring solutions to collect this data, but what are the pros and cons of flow and packet data and how is it used to troubleshoot networks?
First, let's quickly define flow and packet data. The goal of network flow monitoring is to tally, log, and analyze all network traffic as it passes through routers and other network devices, essentially creating a summary model of network usage. Deep Packet Inspection (DPI) is a process commonly used to inspect the payload content of each packet to make determinations about whether to act on that packet by rejecting it or allowing it to pass through the network. DPI can also be used to passively collect the traffic traversing the network to add visibility and troubleshooting capabilities into network monitoring solutions.
Packet capture is also used to store a mirror copy of network packets for detailed network analysis, using forensic search and filtering. The stored mirror copy can later be examined for a particular time frame, when new performance, security, or forensic incidents arise. When network messages are packetized (broken into pieces), they are then routed over the internet to other connections to be reassembled at their destination. Each packet is generally organized into three segments regardless of size — the header, payload and footer. As packets flow through the network routers, their headers are read and "fingerprinted" based on five to seven packet header attributes.
Today, most routers have some brand of xFlow export feature that allows flow data to be sent from the router to a collector and analyzer. Netflow is the de facto industry flow protocol (originating from Cisco), but other popular protocols include IPFIX, J-Flow, and sFlow. Source and Destination addresses tell who the originator and receiver of the traffic are. Ports and Class of Service tell what applications are in use and their traffic priority. Device interfaces tell how devices are utilizing traffic. By tallying packets, the total traffic flow amount can be determined. Timestamps are useful for placing flows in time and determining their rates. And finally, Application and Network Latency provide measurements about how long each transaction takes.
What are the pros of flow and packet data?
First, flow data is simple to set up. Most routers and switches come standard with the xFlow protocol feature. This means you get vendor-agnostic visibility across just about every network segment. Capturing flow data also requires no extra cabling or equipment, and in most cases no extra licensing, providing excellent network visibility essentially "for free." It also has low network bandwidth overhead since flow data approximates only 0.5% of network traffic, and no clients are necessary on end systems.
For Packet data, it's valuable because it contains every bit of information for every transaction on the network. It allows NetOps to understand bandwidth usage by analyzing details of application and user behavior.
Excessive bandwidth utilization often occurs over very small time periods, typically referred to as "microbursts" since these event happen over microseconds to milliseconds. These events are hidden by the typical reporting rates of xFlow data, but are easily exposed by packet data.
Packet data is also ideal for detailed monitoring and troubleshooting on critical applications, servers and connections. This helps with answering critical questions, like whether the network or the application is the root cause of a problem. Packet data provide specific, interpacket timing, and can expose critical data in payloads that provide proof of application problems. Packet data also offer significant name discovery, such as application names, file names, website URLs, and hostnames, which can be used for both detailed troubleshooting and reporting on custom, web-based applications.
The Latest
Broad proliferation of cloud infrastructure combined with continued support for remote workers is driving increased complexity and visibility challenges for network operations teams, according to new research conducted by Dimensional Research and sponsored by Broadcom ...
New research from ServiceNow and ThoughtLab reveals that less than 30% of banks feel their transformation efforts are meeting evolving customer digital needs. Additionally, 52% say they must revamp their strategy to counter competition from outside the sector. Adapting to these challenges isn't just about staying competitive — it's about staying in business ...
Leaders in the financial services sector are bullish on AI, with 95% of business and IT decision makers saying that AI is a top C-Suite priority, and 96% of respondents believing it provides their business a competitive advantage, according to Riverbed's Global AI and Digital Experience Survey ...
SLOs have long been a staple for DevOps teams to monitor the health of their applications and infrastructure ... Now, as digital trends have shifted, more and more teams are looking to adapt this model for the mobile environment. This, however, is not without its challenges ...
Modernizing IT infrastructure has become essential for organizations striving to remain competitive. This modernization extends beyond merely upgrading hardware or software; it involves strategically leveraging new technologies like AI and cloud computing to enhance operational efficiency, increase data accessibility, and improve the end-user experience ...
AI sure grew fast in popularity, but are AI apps any good? ... If companies are going to keep integrating AI applications into their tech stack at the rate they are, then they need to be aware of AI's limitations. More importantly, they need to evolve their testing regiment ...
If you were lucky, you found out about the massive CrowdStrike/Microsoft outage last July by reading about it over coffee. Those less fortunate were awoken hours earlier by frantic calls from work ... Whether you were directly affected or not, there's an important lesson: all organizations should be conducting in-depth reviews of testing and change management ...
In MEAN TIME TO INSIGHT Episode 11, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses Secure Access Service Edge (SASE) ...
On average, only 48% of digital initiatives enterprise-wide meet or exceed their business outcome targets according to Gartner's annual global survey of CIOs and technology executives ...
Artificial intelligence (AI) is rapidly reshaping industries around the world. From optimizing business processes to unlocking new levels of innovation, AI is a critical driver of success for modern enterprises. As a result, business leaders — from DevOps engineers to CTOs — are under pressure to incorporate AI into their workflows to stay competitive. But the question isn't whether AI should be adopted — it's how ...
