System fine tuning is an unavoidable necessity that requires knowing exactly what happens within a system. For instance, it is almost impossible to adjust a combustion engine without having detailed information on the revolutions, temperature or compression, etc. Said information is vital for any system, be it Smart Grid, air traffic or even our own organism.
In IP networks, real time information, more accurately known as visibility, is essential for smooth efficient system operations together with network and system dimensioning. This involves tasks such as problem diagnostics, analyzing communication links, or nodes, for congestion issues during peak traffic or, in more complex cases, detecting traffic abnormalities (viruses, worms or other cyber-attacks).
To achieve IP network visibility, remote systems (routers, switches or polling) generate real time reports, analyzing packets (to detect layer 3 and 4 sessions) and accounts statistics per session, and periodically deliver these to a reception collector. This compatible feature appears under various brand names (Netflow from Cisco, Rflow from Ericsson and NetStream from 3Com/HP/Huawei, etc.), but is more commonly known as Netflow (not to be confused with SFlow, which, although similar, analyzes a portion of the total, unclassified, traffic and flows for statistical purposes only).
The latest Netflow release (9) provides in-depth information on each session, with up to 71 different parameters per flow (bytes, packets, addressing, protocol, TOS, interfaces, Autonomous System, next hop, VLANs etc.).
With the aim of both standardizing and improving Netflow, IEFT published the first IPFIX (IP flow Information Export) standard in 2008. IPFIX is basically Netflow with extensions, which maintain protocol essence together with Netflow information formatting (including Netflow v.10), aggregating more data and exporting proprietor parameters with each implementation. IPFIX thus opens up a world of possibilities, such as mail servers delivering data on source/destination addresses, subject, attachments and bytes, or webpage servers exporting flow records on viewed pages, browsing time per page and even access history from other countries.
With IP networks, Netflow provides visibility up to layer 3 and 4 (ports and protocols) while IPFIX extension potentially goes much further, providing data on applications through Deep Packet Inspection (DPI) for example.
Application visibility is becoming more prominent as networks evolve from transport based architectures, mainly MPLS where applications are interlocked, to applications based architectures. This is where the transport network adapts to them, rather than the other way around, with new architectures based on MPLS and/or Internet hybrid accesses materializing. Said networks are known as Hybrid or SDWAN (Software Defined Wide Access Network).
These application-orientated networks have arisen, in part, to accommodate the wave of new on-demand (client) services, such as mobility and BYOD, video, Internet of Things (IoT), cloud applications, etc. Tools providing application visibility means greater network comprehension on applications, particularly those over HTTP/HTTPS, the latter being a universal application support platform (HTTP, new TCP).
How to tackle visibility in new Hybrid Networks
a) Distributed Intelligence: Activating DPI and IPFIX in remote routers.
While DPI has all the advantages of source flow information, necessary to determine an application, it unfortunately has an enormous impact on resources in each and every network router .
b) Centralized analysis: Through Netflow and intelligent collector.
A priori, collectors only have session statistic data available and, therefore, less information than distributed intelligence. However, methods such as reverse name resolution and heuristic algorithms (which provide very similar information to the above case), a good example being the Polygraph collector (a locally developed high-tech product), allow far greater use of network resources and scalability as well as the necessary data. An advantage is definitely the fact that Netflow has far less impact on routers so, practically speaking, this is an excellent choice.
Future of Hybrid Networks
The evolution of Hybrid, or SDWAN, networks to pure SDN, will bring about direct dynamic control over network behavior for applications, where visibility will play a vital role. Teldat has a wealth of experience on implementing hybrid networks and visibility, providing our clients with versatile networks, not just effective for today, but also for the future.