Knowledge is Power: NPMD’s, NPB’s, and the Network Visibility layer

Yigal Amram By: Yigal Amram August 08, 2018

The great English philosopher, Sir Francis Bacon known for his influence in promoting scientific method, held that the aim of scientific investigation is practical application of the understanding of nature to improve man's condition. He rightly expressed, that “Knowledge is Power”. In a similar manner, visibility and control via NPMD – is a necessary ‘knowledge’ power in the world of networking.

Network Performance Monitoring and Diagnostics (NPMD) tools is a catchall phrase coined several years ago by Gartner Inc., to describe tools that allow “IT operations to understand
the performance of application, network and infrastructure components via network
instrumentation, including insight into the quality of the end-user experience”.  

In addition to monitoring and inspecting network traffic and infrastructure, NPMD tools also offer diagnostics, analytics, and root cause analysis that help identify optimization possibilities, as well as help develop solutions to various undesirable events or states such as power outages and network degradation.

In general NPMD should be considered as part of an overall network management solution  included in a larger availability and performance monitoring strategy. These adjacent components and technologies include, amongst others, Application Performance Management (APM) and IT Infrastructure Monitoring (ITIM).  While APM focuses on the dimensions of digital experience monitoring, application discovery, tracing and diagnostics and application analytics; ITIM focuses on focuses on the availability and health of systems that are part of the general IT infrastructure.

Some NPMD solutions may have offerings that may combine APM and ITIM functionality. But NPMD is often confused with those adjacent components and technologies and IT and Network Managers should clearly define their requirements when assessing their needs.  

Blog 17-01

So what are the common inputs into an NPMD solution? NPMD’s typically support at least one, and sometimes all of the following input sources:

Raw data packets - the NPMD, as an out-of-band monitoring device needs to tap into copies of the raw data packets. Analysing raw data packets can offer insights into the traffic that might not be available when digesting other sources.  Analysing raw data packets will also be the more processor intensive of the sources.

Traffic meta data - instead of analysing the raw data packets, the NPMD relies on another device that already processes the data traffic, and generates metadata that ‘summarizes’ a flow’s characteristics and parameters. The common traffic metadata standards are Netflow and IPFIX and to a lesser extent sFlow.  Traffic metadata results in a fraction of the velocity of the raw data inteself, commonly accounting for a few percentages of the original raw traffic data packets.

SNMP polling - here the NPMD actively queries/polls various devices and endpoints using SNMP to collect data on the health, traffic status and performance.  SNMP messages contain a lot of information and the device, its components, traffic characteristics and other information that devices are collecting and generating about themselves. Other methods of polling data may be based on API’s, and other SDN related protocols.

NPBs to leverage and augment NPMDs 

Network packet brokers (NPBs) are essential devices for leveraging and augmenting the power and versatility of NPMD devices.

In order for the comprehensive cycle of data gathering by NPMD inspection and monitoring, analysis and diagnosis (with relevant alerts – as applicable) to be most effective, there is a business-critical requirement for pervasive network visibility. Otherwise, the tool is not providing the maximum amount of information what we can refer to as ‘knowledge’.

The key is to create a network visibility layer that comprises strategically placed network taps, network bypasses, and in particular network packet brokers (NPBs). A pervasive visibility layer not only increases network security, but also holds key advantages in reducing downtime in maintenance periods, improving network service recovery time, and increasing your overall ROI. If your network visibility layer is not pervasive, you risk blind spots, potentially compromising your security and network efficiency.

7 ways that the Network Visibility Layer supports the efficiency of your NPMD deployment

  1. Ensuring that the critical network traffic gets to the NPMD NPMD value is only as good as the traffic that it has access to.  One way to feed traffic to the NPMD is via SPAN ports. However SPAN ports are limited in their bandwidth and typically cannot reflect the full traffic load passing through the switch.  Moreover access to the SPAN traffic is often time-shared across multiple appliances so that the connected NPMD will not have a 24x7 continuous visibility to the network. Deploying network taps at critical network points alleviates SPAN port limitations and provides the NPMD the coverage that it needs to be a critical business companion to the IT manager.

  2. Ensuring that the NPMD processing capacity is not overloaded so that it does not experience performance degradation.  NPMD processing capacity is limited, with appliances typically not being able to handle more than 10GbE network link at full line rate.  By using a combination of filtering and load balancing techniques a NPB could limit the amount of traffic that an NPMD appliance handles, or load balance the network traffic between multiple NPMD’s so that each is performing at optimal efficiency, and together as a group they are able to process the full traffic load.

  3. Enabling the NPMD access to traffic from higher speed links.  As network bandwidth demand continues to grow and datalinks move from 1GbE to 10GbE and to 100GbE the IT manager will be challenged in how to expose the high speed links to the deployed NPMD solution.  NPB are designed to address these use case scenario ensuring that the right tool continues to get the right traffic.

  4. Utilizing NPB Netflow/IPFIX support for improved coverage and performance.  Traffic metadata is an important source for NPMDs.  Netflow - one of the common practices of in metadata implementations is typically generated by the switch or router.  As Netflow generation is not the primary task of the network switch or router, its generation may be affected by the routers load and moreover even under regular conditions only a subset or sample of the traffic is processed for Netflow.  An NPB feeding into an NPMD can generate Netflow/IPFIX on all traffic thus providing better coverage of the network for the NPMD. Also by aggregating multiple inputs from the network into a single NPB translates into a more efficient NPMD deployment.  The NPB will generate the traffic metadata for all traffic links and can forward both selected raw data packets and traffic metadata at the sametime to the NPMD.

  5. Utilizing NPB de-duplication support for improved NPMD performance and efficiency.  A network is likely to have duplicate packet scenarios, and dependent on the network design, the percentage of duplicate packet can increase.  Having the NPMD process duplicate packets (i.e the same packet multiple times) may affect the accuracy of the results reported and detected by the tool.  Moreover the performance and efficiency of the NPMD is degraded when handling duplicates. If the NPMD can process 1GbE of traffic and the network experiences 15% duplicates - thats a 15% degradation or 15% more traffic the NPMD could have processed if not handing duplicate traffic. An NPB feeding traffic to the NPMD can perform a deduplication process on the packets, only sending one copy of the packet and removing the duplicates.

  6. Centralized NPMD deployment for higher efficiency and reduced TCO.  By using a network visibility layer on network taps, bypass switches and NPB the IT manager can backhaul selected traffic for monitoring and analysis from remote sites to a centralized location thus optimizing NPMD usage and deployments.

  7. High performance filtering so that the NPMD process only the raw data traffic that it needs. In many scenarios the NPMD processing of raw data packets is limited.  Moreover, for advanced troubleshooting use cases the network engineer typically needs access only to selected packet capture traces. The NPB can be configured to dynamically filter raw data packets to the NPMD depending on its needs and to facilitate and trigger packet capture process only when needed.  An additional layer of dynamic configuration capabilities can be achieved by the overlay of Niagara Visibility Controller (NVC). This SDN based architecture serves to manage all of the Niagara Networks network visibility layer as single logical switching fabric.


Network Performance Monitoring and Diagnostics (NPMD) devices are mission-critical utilities and applications that offer IT professionals all-inclusive insight and control over the various components of the enterprise network. Their diagnostics and analytics also assist in identifying and developing solutions to various undesirable events or states such as network degradation.

When a network packet broker (NPB) is added to the equation, the resulting enhancements and possibilities further empower IT in their difficult tasks of managing the enterprise network and ‘staying on top of things’.

We at Niagara Networks recommend to get the best of both the NPMD and NPPB worlds when analyzing your overall network strategy and deployment.   Choosing a vendor agnostic NPB would also mean that you will be able to easily combine multiple complementary performance management, analysis and diagnostic solutions. Independent NPBs offer much greater power and versatility – and that is good ‘knowledge’ to be ‘em-powered’ by.

Talk with a Niagara Networks visibility expert to further explore the range of visibility solutions available to you, or learn more on our resources page.


Contact A Network Visibility Expert