Packet brokers are very versatile devices that have many uses within the network, and assist in (or control) such critical tasks as load balancing, filtering, aggregation, etc. Let’s take a detailed look at their role in the following typical scenarios.
Most customer service centers record the dialogue between the customer and the service rep. This is partly for tracking and improving customer service, but very often, also for legal purposes.
When a customer makes a call to the service center and is answered by the service agent (customer support rep), that information is preserved. Note, however, that both the caller’s and the agent’s data is actually composed of two streams of data. Foremost, is the actual conversation (RTP), but no less important is the signaling information that identifies the server connectivity at both ends: that is, which servers were involved in carrying the traffic. The network needs to record both types of data, and does so on separate devices.
To get a better perspective and understanding of how the network packet broker supports and enhances the network monitoring requirements, we need to take a behind the scenes look at a typical scenario for a large enterprise. A typical setup would be as we see it in the following image (usually, there would be several recording devices as well as IP analyzers. The NPB would normally be placed out-of-band):
A call scenario, from the point of view of the network, would go something like this:
There is a good reason why the call’s data and IP information are stored separately. This ensures that anyone trying to hack the system will not have access to both pieces of related data. If the data needs to be brought to court, for example, then the system will know how to synchronize between the two to pull up the required call information.
Ensuring network security is a mission critical task of the network manager and the network operation teams. This begins at the stage of the network design, and the capacity planning. Although the network packet broker is not directly involved in the security aspect, it can play a very real and essential role in the overall design, thanks to its powerful load balancing and aggregation capabilities. In some cases, an even indispensable role.
In the following scenario, we’ve set up a network security scheme where a network packet broker supports several firewalls that protect a network from outside malicious attacks.
In our scenario, we have a 40 GB network pipe going through various routers and switches carrying all the production traffic. We need to break that down so we can send the traffic to an uplink that can only handle up to 10 GB (maximum). These are our 10GB firewall (FW) devices. Here, we’ve placed our NPB in-line within the traffic, so that it can pass the data packets to the several FWs. In this case, we’ve set up four FWs (thus evenly distributing the 40GB max capacity).
After the FWs do their job and send the data back to the NBP, it aggregates the data back to a 40GB (max) data flow, and sends this on to the network for whatever further processing is needed. The responsibility of the NPB here is to make sure that the session is preserved and maintained through all devices – in this case, the correct firewall. This is known as “maintaining sessions”.
In a scenario with encrypted traffic, there is no change in the process. The data packet is made up of the encrypted data and the header, and since the NPB only looks at the header, which is not encrypted, there is no difference in how it works with non-encrypted data.
In theory, the NBP could be set to work with less firewalls and be able to manage the splitting and distribution of the data, say with just three FWs. This would be the case in a failure scenario, where one FW goes offline and the NPB would know how to redistribute the load efficiently. Alternatively, we could have set up five (or more) FWs, with the extra one(s) being on standby to switchover, in case any fail or need to be taken out of service for maintenance, etc. Of course, this would need to be a business decision – based on the cost of each redundant firewall.
Take into account, that if the traffic capacity over the network is 40GB, then most likely the real traffic flow on a regular basis is about half of that – say, 20GB. If the actual flow is significantly higher, then the network designer would most likely go for a higher capacity – of 100 GB. This is part of the capacity planning, and would be a business decision of the enterprise.
As we can see from the above examples, network packet brokers (NPBs) play significant roles in various network monitoring scenarios. Their advanced capabilities of load balancing, aggregating, and filtering enhance the network monitoring capabilities in various essential network use cases, both in-line and out-of-band, offering cost-effective and productive solutions to network topologies.
Niagara Networks – a key player in the field of network packet brokers and other network supportive devices, offers its services and expertise to help you solve your network problems and deal with your various network issues. Feel free to contact our networking specialists.