Pipeline Publishing, Volume 5, Issue 5

	This Month's Issue:
	What's New in Performance Management?

Gateway to Traffic Intelligence
Providing Intelligence for Traffic Management & Security

article page | 1 | 2 | 3 | 4 |

Measure Impact to Network Protocols, Services, and Applications

Detecting the presence of a network problem (normal or malicious) without a deep understanding of the effects to the QoS of the services and applications involved is meaningless to network operators. What matters the most to an operator is satisfying the SLA signed with their customers by meeting the QoS metrics. Consequently, a GTI system must provide visibility into QoS metrics for SLA compliance. A GTI system captures, creates, and profiles IPSLA metrics used to monitor the correct behavior of network protocols, services, and applications. Those metrics such as RTT, jitter, packet losses, and Layer-7 SLA metrics specific to the most used protocols are generated either using information collected from DPI appliances or by a close interaction with network routers whose IOS supports such functionality. When any of the metrics being baselined violate a specific criteria being configured by the operator, an alert is triggered and detailed reports are displayed. Operators might decide to prioritize their tasks by using this metric as an example (since it is the one they measure as a source of revenue with their customers).

Real-Time Forensic Analysis

Forensic analysis is another key feature of a GTI system. Operators must have a converged operational view across the network traffic, routing, topology, service, and application behavior. The operator must access tabular and graphical reports before, during, and after a problem has occurred and corrective action has been taken. A GTI system allows an operator to dig deeper into an alert detected by close interaction with DPI boxes or routers that have seen the malicious stream. Raw flow and packet information can be captured and extensively analyzed by security personnel.

The GTI system provides two ways for the operator to carry out the forensic task: passive or active. Passive forensic analysis allows the operator to store flow and packet records in an external database. Active forensic analysis, also known as forensic on-demand, allows the operator to retrieve information directly from the network as required.

Suggest Where and How to Take an Action

As part of their duties, operators must be in a position to react to a problem quickly and precisely. This means that the GTI system has to pinpoint to the operator which network elements have seen the anomaly being detected and suggest which network

A GTI system can quantify the impact of security events on customers and service using the existing technology in network equipment.

element to act on in order to resolve the problem promptly and with minimal network intrusion. Thus, the GTI system must guide the operator through the entire troubleshooting process. It must monitor in real-time the effectiveness of the action put in place in the network and create reports for the operator. The GTI system provides a vast pool of actions that can be taken, ranging from policy enforcement to specific appliances, or automated generation of ACL, or blackholing and sinkholing, or integration with third-party mitigation devices.

Scalability

The GTI system is designed to meet scalability requirements of operators. It can incrementally scale to support changes in traffic volume, number of events, and network coverage. While each collector can collect up to 150,000 events per second, the system can load balance across additional modules to collect and process traffic from as many points in the network as required. The GTI system can process millions of events per second in real-time by using sophisticated load-balancing algorithms to spread the load across the available servers. Similarly, it uses parallel data streams algorithms designed to process a voluminous amount of data and data reduction techniques.

In Conclusion

Operators now regard the ability to see every bit of information traversing their network not only as a potential source of revenue, but also as a key differentiator in the market to deliver advanced services in the most reliable manner. As a consequence, from a service provider's perspective, efficient traffic management is imperative. In other words, the reliability and efficiency with which ISPs deliver content to their customers and the protection of every single bit of information is a major differentiator that enables them to attract new customers and decrease operational cost. Using a GTI system will make achieving this differentiator easily attainable.

article page | 1 | 2 | 3 | 4 |

© 2006, All information contained herein is the sole property of Pipeline Publishing, LLC. Pipeline Publishing LLC reserves all rights and privileges regarding
the use of this information. Any unauthorized use, such as copying, modifying, or reprinting, will be prosecuted under the fullest extent under the governing law.