Complex protocol chains: what are the observability challenges?
Here is our two bits about one of our core fondamental value. This piece should be viewed as the white board upon which we created NANO Corp. And we wanted to share it with you !
The article Explosion of flows: what power is needed to supervise them tomorrow? addressed the fact that the processing parallelization inherent in hardware (like in network cards and processors, for example) provided a relevant answer to the race for speeds. But it left open the question of preserving the uniqueness of sessions in this parallelization processes.
Complexification of networks and encapsulation
The first problem that a network (and network admin) must address is to ensure efficient and fast routing. In order to better exploit the many opportunities offered with current speeds, operators (like TELCO, FAI, data centers, etc.) use routers with new capabilities such as tunneling management. Optimized routing enables superior network convergence and virtualization. It then offers an improvement both in the field of quality of service and in network security, by logically separating the network into several entities.
Tunneling consisting here in inserting protocols into another to simplify network management by encapsulating data to new routing layers.
What about quality of service and monitoring for network security?
Designed before tunneling became so massive, *network probes used for monitoring were happy with processing only simple protocol sequences (also called protocol chaining) starting from the IP layer. They had no particular interest in dealing with low-level protocols.
For these classic probes, difficulties started to appear when it came to processing protocols located before the IP layer. Indeed, the explosion of tunneling has generated problems of preserving the uniqueness of sessions during the processing parallelization. In order to circumvent this problem, conventional probes have developed software and hardware solutions to access the IP layer by avoiding tunneling. The direct consequence was to blind them to Layer 2 protocols and run the risk of missing some crucial information.
Getting rid of an analysis at the tunneling level: what are the risks?
Being able to analyze low-level protocols and in particular routing protocols, is particularly important to ensure quality of data in transit, the correct configuration of equipment and, in general, the good health of the network.
Nowadays, it is not possible to fully guarantee quality of service and security without also supervising low-level protocols that network equipment exchanges with on a second-to-second basis. Otherwise, the network finds itself at the mercy of how the equipments were set up after installation. If these equipments have not been properly configured, or if they have been corrupted by an attack or an unfortunate update, it is necessary to wait until consequences on the network are sufficiently visible to note there are malfunctions.
Dealing with these protocol analysis issues only from the IP-layer and up, and not looking at what is happening below level 3 are now becoming errors portended potentially serious consequences, since they amount to depriving ourselves of both the vision over encapsulation (loss of granularity), but also over protocols dedicated to network management.
“New generation” probes: essential allies for effective supervision
Since trust does not exclude control, it is essential to verify the correct configuration of the networks. With probes capable of exploiting low level protocols, it then becomes possible to have a real mapping of the network routing and not a theoretical mapping aligned with the configurations of the machines. For example, in the event of an anomaly, this type of probe makes it possible to precisely detect which equipment might be faulty.
It is with this in mind that the NANO Corp teams have designed a new generation of probes that can be installed both at the heart and at the periphery of networks (on the backbone or at the edge). Unlike the solutions actually on the market, these probes are not part of a logic of circumventing the problems encountered but on the contrary in an expert response to the reality of the issues.
- Full Visibility
- Up to 100Gbit/s