As converged networks become a reality, network operators are facing complex challenges with respect to network monitoring. Because monitoring is a vital factor in the health of any network, tools that monitor specific services traveling in the same converged pipe are inundating the network. However, most of these tools only need access to a small fraction of the data in a high-speed line. The process of isolating the service of interest for each tool is exhausting the resources of the monitoring equipment, which, in turn, is increasing capital and operating expenses.
Network operators have to make a choice: either refit the network with new monitoring equipment and distribute the traffic, or eliminate the traffic that is not of interest. This article will drill down into this problem, discuss solutions that have been implemented in the past, and present a new, innovative approach to converged network monitoring access.
The network core is the optimal location to install network monitoring equipment because all of the traffic throughout the network will typically traverse the core. This approach to monitoring is not without its problems though. Namely, because there are increasingly faster data rates at the core, existing monitoring equipment can quickly exhaust processing resources when sifting through the massive amounts of data in an effort to find only the traffic that is relevant to its specific monitoring requirements.
As network topology continues to grow, converge and increase in speed, existing monitoring equipment often can be rendered obsolete since it can no longer attach to the network. Compounding this problem is the reality that networks generally have not just one, but multiple best-of-class tools attached at the core-each of which needs access to only a small fraction of the traffic that is traveling through the core network on the same high-speed lines. As a result, none of the tools operate at their peak performance levels.
SPAN Ports and TAPs
SPAN ports and TAPs
In the past, network operators have addressed the challenge of how to access network core traffic for monitoring purposes through the use of switch port analyzer (SPAN) ports and/or optical TAPs. Both of these data access methods have their advantages and disadvantages, but the underlying common issue for both approaches is that there remains too little access to satisfy the needs of the growing number of monitoring tools.
Figure 1 shows a typical data access configuration employing a mix of SPAN ports and optical TAPs. In this scenario, several different flavors of monitoring equipment are receiving data from either the router or a TAP. Each tool receives most, if not all, of the traffic from the converged pipe, requiring it to process a massive amount of data in order to get to the data it is trying to monitor.
Figure 1: Configuration employing a mix of SPAN ports and optical TAPs
SPAN ports provide a fairly straightforward approach to providing access and can even offer some level of aggregation, assuming the router platform is lightly utilized. The problem with this method of data access is that the primary function of a router is not to provide monitoring access, so burning SPAN ports on these platforms for this purpose can quickly become cost-prohibitive. Moreover, higher level processing functions are contingent upon the amount of resources not being utilized for other router tasks.??í??í
Optical TAPs eliminate the cost issues related to SPAN ports but have their own restrictions. TAPs are dedicated to a particular test or monitoring device which, by definition, eliminates the possibility of sharing or switching data between multiple tools. Although they provide access at a better price point, they do so while draining optical power. This, in turn, limits the distance between network devices. Further, without their own processing resources, TAPs do not alleviate the monitoring equipment’s burden of too much data.
Monitoring Access Optimizers: A New Approach
Monitoring access optimizers: A new approach
An effective solution that addresses the processing resources challenge has emerged in the monitoring access market space. The solution revolves around a class of smart access products called monitoring access optimizers. These products focus on providing access to high-speed data in the network core and optimizing the traffic prior to monitoring equipment. Here, the term “optimization” is an umbrella term for aggregation, filtering, interface translations and other tactics intended to streamline the data for specific monitoring needs.
By filtering core traffic prior to the monitoring tools, each device is only presented with the traffic relevant to that application. This method greatly reduces each tool’s bandwidth requirements which, in turn, prolongs the useful life of the existing tools and decreases tool-related capital expenditures (CAPEX). Conversely, the same traffic may be sent to more than one monitoring tool for highly-differentiated analysis of multiprotocol backbones.
Another added benefit of this monitoring access solution is that tools do not become obsolete as core data speeds increase. This is a result of the monitoring access optimizer’s ability to translate network traffic to match the interface type and speed on the monitoring devices.
Figure 2 shows the same data access configuration, but this time employs a monitoring access optimizer. The optimizer virtualizes the access to physical and logical layers of a wide range of WAN and LAN interfaces and protocols by converging them to IP interfaces and protocols. In this scenario, the monitoring access optimizer isolates the traffic that needs to be monitored and directs it to the appropriate equipment. The SPAN ports on the network router are thereby recovered for other uses, and the resources on the monitoring tools are freed up to function more efficiently.
Figure 2: Configuration employing a monitoring access optimizer
Conclusion
Monitoring access optimizers provide an efficient and cost-effective way to leverage several best-of-class monitoring tools simultaneously. In an environment where increasingly diverse traffic is being fed through the fire hose of converged networks, this solution translates directly into a decrease in tool-related CAPEX and an increase in tool performance. By introducing new access means and methods, monitoring access optimizers protect the user’s investment in existing and new network monitoring tools by reducing their obsolescence.