& cplSiteName &

Network Visibility Architectures: One Size Does Not Fit All

Jeff Harris
5/15/2017
50%
50%

The term "network visibility" has been in the networking space for ages, but has never been as important or relevant as it is today. New and exciting methods of automation -- whether virtualization, the cloud, IoT or even best practices like network segmentation -- tend to emphasize innovation over visibility. As such, networks develop blind spots that mask network problems and even faulty devices.

In this environment, understanding what visibility truly means is just as important as having it. Visibility is what allows IT to control and optimize the network, along with applications and IT services. Without it, organizational speed decreases, network problems take longer to resolve and security threats increase. Knowing how to measure what "good" looks like is critical in modern, complex networking environments. Determining the best strategy to accomplish this requires serious consideration.

Here are a few tips for making your decision.

End-to-end visibility architecture
An end-to-end visibility architecture lets you see across physical and virtual network elements, into cloud environments, and of course, into your network traffic. Achieving it requires a plan. Many organizations grow into their networks, adding on components, analytics, compliance and security, one appliance at a time. While it is possible to piecemeal visibility components along the way, the method can create its own blind spots while leading to unnecessary complexity and higher costs. Instead of waiting until a problem arises, it is important to annually reevaluate network visibility infrastructure and plan accordingly. Assess network segments to make sure they are being monitored -- look into virtual cloud monitoring for your public cloud resources and test your existing infrastructure with realistic high-volume traffic.

If done well, a strong visibility architecture will dramatically increase your visibility depth and breadth, whether it is physical, virtual, out-of-band or inline security. And depending on the solution, scaling doesn’t have to be a problem. VaaS can scale up or down, with cost based on consumption.

Setting up for immediate return
Visibility architectures typically yield immediate benefits that improve security, from reduced troubleshooting times to decreased network downtime. Realizing a return on investment (ROI) typically takes less than a year and can happen in as little as six months when visibility is applied effectively.

To start, there needs to be access to the proper data. This usually involves physical or virtual taps capable of being implemented at any switch point to access data from relevant segments of your network. When implemented correctly, it removes the bottleneck caused by limited access points (e.g., SPAN ports). And if you have planned well and overprovisioned your SPAN ports, it is recommended to intelligently aggregate them before getting them to your performance monitoring and compliance tools.

Next comes the filtering component to optimize the flow of relevant data to the right monitoring tools. Intelligent network packet brokers (NPBs) aggregate data, as well as filter, de-duplicate, time-stamp and even load balance the data sources to ensure monitoring tools are not overwhelmed. NPBs provide greater control while extending the life of existing network, application and security tools housed in the network -- especially for higher speed networks. When selecting a network packet broker, be sure it is the right size for your network.

Most NPBs have some level of context-aware data handling capabilities, though some perform at high speeds better than others. Having security intelligence awareness is very rare. By authenticating applications at high speeds, it is possible to send good traffic, like Netflix or Amazon Prime streams, for lower levels of security analysis. This is not possible if you cannot identify those applications at full network speed. Security intelligence can also identify what applications are running, the bandwidth used by each, the geolocation of application use, device types, routing of information and perform SSL decryption -- all within the visibility infrastructure layer.

Why it matters
Complex networks need good visibility to keep them safe. Besides the obvious, there are four typical and important use cases for a strong visibility architecture.

  1. Strengthening security defenses. If your network infrastructure is dropping packets at high network speeds, it is only a matter of time before an attacker will sneak in and exploit this weakness. Network and troubleshooting visibility needs to keep up with these high speeds and easily digestible insight into traffic sources and destinations.

  2. Network failure prevention. Prevention (not remediation) should be the goal on any network. The right visibility approach will have bypasses for inline devices, high availability failover paths that revert immediately, and can tell you which applications or network segments are underperforming.

  3. Faster time to repair. The two biggest fears of every IT manager is (1) being breached and (2) network downtime. Remediation of either of these is all about troubleshooting time, which is driven by your visibility layer. Having a properly sized, intelligent visibility layer can reduce mean time to repair by up to 80%.

  4. Test your network periodically. A good practice is periodic network testing, which requires capturing data for analysis. It makes isolating issues and resolving anomalies much easier and faster. To do this, you need to capture the data and have the ability to play it back within your network staging area. This kind of "traffic rewind" capability is simple to implement but can only be done with proper planning.

Ultimately, one-size does not fit all in terms of visibility architectures. You need one that is sized to your network’s specific configuration and needs. When done effectively, though, it can prevent and solve a lot of the daily problems faced by your network operations and security teams. Not all visibility architectures perform equally.

— Jeff Harris, Vice President, Solutions Marketing, Ixia


CALLING ALL TEST, ASSURANCE AND MONITORING COMPANIES:
Make sure your company and services are listed free of charge at Testapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the telecom test and measurement industry.



(0)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
More Blogs from Column
Unlicensed spectrum will help the 3GPP's 5G specification proliferate.
Outages are inevitable, but how can we deal with them better?
The arrival of NFV and IoT is driving a greater need for Service Quality Management (SQM) capabilities, argues Sandeep Raina.
An updated architecture, new approach to software and the ability to launch new services will give telcos a successful path to 5G within the next few years.
From The Founder
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
BT's McRae Sheds Light on 4K Strategy

5|25|17   |   4:45   |   (0) comments


At Light Reading's Big Communications Event 2017 in Austin, Texas, BT Group's Chief Network Architect Neil McRae talks about what it took for BT to broadcast live sports in 4K. Catch up with all our BCE coverage at http://www.lightreading.com/bce.asp.
From the Founder
How the NIA Aims to Advance NFV

5|25|17   |   08:07   |   (0) comments


Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
LRTV Custom TV
Better Solutions That Address Growing Scale

5|25|17   |     |   (0) comments


For Comcast, the X1 rollout and 17-fold increases in broadband speeds in the past 16 years are among factors driving the need for Energy 2020 solutions that reduce cost and consumption, says Mark Hess.
LRTV Custom TV
Ethernity Network Delivers Instant Offloading of Network Functions With All-Programmable Intelligent NIC

5|25|17   |     |   (0) comments


David Levi, CEO of Ethernity Networks, explains that programmability of the hardware makes the company's All-Programmable Intelligent NIC uniquely beneficial for communications service providers that need advanced data appliances with agile support of virtualization. Utilizing the company's patented network processing technology, Ethernity offers data path ...
LRTV Documentaries
BCE 2017: Vodafone Gets Obsessed With Cloud-Native

5|25|17   |     |   (0) comments


Vodafone's Matt Beal updates us on Project Ocean and explains why simple virtualization isn't enough of a goal for network transformation. Catch up with other BCE 2017 keynotes and news at http://www.lightreading.com/bce.asp.
LRTV Documentaries
BCE 2017: Intel's Take on Network Transformation

5|24|17   |     |   (0) comments


In this BCE 2017 keynote, Lynn Comp discusses Intel's vision for areas such as analytics, automation and service assurance. For more videos and BCE coverage, see http://www.lightreading.com/bce.asp.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
LRTV Documentaries
Agent of Change: A Q&A With AT&T's John Donovan

5|18|17   |     |   (0) comments


Carol Wilson talks with the man leading AT&T's transformation efforts about the challenge of change.
LRTV Documentaries
BCE Service Provider Panel: The New Business Realities

5|18|17   |     |   (0) comments


For virtualization to happen, the telecom industry first has to grapple with key functional aspects of SDN and NFV that need to be universal, such as onboarding of virtualized network functions and federation of software-defined networks.
LRTV Interviews
BCE Service Provider Keynote: CenturyLink

5|16|17   |   22:32   |   (0) comments


Aamir Hussain leads the Product Development and Technology organization at CenturyLink, which includes the company's information technology function. He is an experienced senior technology executive with more than 25 years of proven success in the implementation of global technology operations, operationalization of complex technology, infrastructures and business ...
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Cities Clamor for More Clout at FCC
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Sonus & Genband Finally Combine to Form $745M Company
Dan Jones, Mobile Editor, 5/23/2017
Fright Wigs & Cocktails: BCE 2017 in Pics
Mitch Wagner, Editor, Enterprise Cloud, 5/19/2017
Apple Looking to Cook 5G Test Devices
Dan Jones, Mobile Editor, 5/24/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.