The more we rely on network-connected systems and services for mission-critical processes, the more important it is to design for network visibility.
Vendors have been preaching the importance of network visibility for decades. While it’s important to have the right combination of network taps, network packet brokers, and bypass switches in place, today’s 21st-century user expectations simply demand that businesses and enterprises go a step further.
A few microseconds of error in timestamps across an LTE network can decrease its performance. High-Frequency Trading (HFT) applications need latency to be fine-tuned down to nanoseconds, for efficiency and compliance reasons. And Quality of Experience / Quality of Service management applications can only be effective at pinpointing the source of degradation if they get all of their timings right.
As rapid application response times, real-time anomaly detection, and proactive troubleshooting become the norm, your network visibility layer should include timestamping as part of network visibility arsenal - it can potentially save you from revenue losses and costly productivity issues.
What Is Timestamping in Packet Capture?
Timestamps are stored in the packet captured by network packet brokers, switches, and aggregation taps. These devices apply timestamps for both ingress and egress traffic to tell you the exact date and time of data transmission—often down to the nanosecond.
There are a number of different protocols and tactics that packet brokers and other devices use as time sources to pinpoint the moment data is forwarded through your network. Two of the most important protocols to recognize are:
- Network Time Protocol (NTP): The tried-and-true standard of network timing, NTP is a universal protocol for timestamping packet capture. While it has been sufficient for traditional business processes and systems, it may not be accurate enough for more modern services. When mission-critical applications are especially time-sensitive, you’ll need greater accuracy for more effective timestamping.
- Precision Time Protocol (PTP): When modern network services require greater accuracy in timestamping, PTP is more effective than NTP. PTP synchronizes time with clocks across the network to extreme accuracy. This protocol is becoming increasingly popular as network services grow more complex and visibility demands increase. An added benefit of the protocol is that it doesn’t require outside access to GPS signals. Niagara Networks prefers to rely on this protocol for timestamping of data packets.
Your network visibility layer is only as strong as the actions it enables you to take. Without these protocols powering timestamping, packet capture only delivers generalized network insights. Simply knowing there’s a problem (or a potential problem) isn’t enough if it takes you days to pinpoint the problem. Timestamps on all network packets can be used for accurate measurements by all network tools connected to access devices, spanning multiple use cases across your business.
How Packet Timestamping Impacts Your Business
For timing-sensitive applications, the most valuable aspect of packet timestamping is the ability to accurately track latency. By applying different timestamps to packets as they travel through your network, you can compare metrics against baselines to ensure mission-critical services operate with low latency.
Whether you need to enforce QoS, meet SLA demands, support High-Frequency Trading (HFT), improve your network security forensic analysis, or inspect end-user experience errors, timestamping gives you the information necessary to quickly make decisions.
Whether you need to enforce QoS, meet SLA demands, support High-Frequency Trading (HFT), improve your network security forensic analysis, or inspect end-user experience errors, timestamping gives you the information necessary to quickly make decisions.
Without timestamps, any networking issues result in lengthy troubleshooting processes. Often times, network admins and systems teams get stuck in a back-and-forth loop, claiming that the other is responsible for certain issues. When you don’t have timestamps and the ability to connect issues to certain packets, you can’t see whether problems are rooted on the network or server side. Accurate timestamping gives you that granular insight so you can speed up response times, avoid downtime, and maximize workforce productivity.
Precise timestamping in your visibility layer helps you identify costly issues for use cases such as:
-
VoIP and Unified Communications: Limiting jitter and other call quality issues requires minimal latency in two-way communications. While you might have thresholds for call quality in place, accurate timestamping will help measure latency accurately and allow you to proactively address issues rather than waiting for user complaints.
- Videoconferencing: You only reap the productivity benefits of video solutions when latency remains below a 300ms threshold and, just like VoIP, jitter remains low. Monitoring video packets for latency issues can keep end users from experiencing dips in quality that derail important meetings. Increased video conferencing satisfaction also cuts in travel costs, increasing any business bottom line.
- Cybersecurity: Latency isn’t the only important metric that timestamping addresses. When attackers successfully evade your defenses, your IT team needs precise insights into malicious activity. Without accurate timestamps, it is difficult to identify the order of events and resolve incidents and the vulnerabilities that caused them. With timestamping you reduce the time your security professionals take to identify and block attacks and vulnerabilities.
- Real-Time Analytics: Business users are under pressure to adapt to customer needs faster than ever and provide the absolute best Quality of Experience (QoE) through carefully managed Quality of Service (QoS). With real-time analytics, together with accurate timestamping, they can improve customer experiences to increase revenue and reduce churn. Precise timestamping allows these systems to pinpoint exactly where the degradation is and allow for the quickest Mean Time to Repair / Remediate (MTTR).
- High-Frequency Trading (HFT) - Financial institutions who cater to HFT are succeptible to breaching very demanding Service Level Agreements (SLAs). These firms need to continuously monitor areas of their network that increase delay and need to cut them down. For them, every nanosecond counts.From utilization figures to application performance, delays, and more, timestamps provide a foundation for a more productive IT team.
These are just a few of the use cases for timestamping in packet capture. Even though timestamps are most useful for latency calculations, you can’t overlook their value in making your network visibility layer as effective as possible. From utilization figures to application performance, delays, and more, timestamps provide a foundation for a more productive IT team.
Packet timestamping is part of a larger discussion of network visibility layer design, and if you want to learn more about designing the perfect visibility layer, check out our free guide to cost-effective network visibility.