The rise of the network analysis infrastructure

The impending network analysis infrastructure will provide new opportunities for telecom carriers and allow for optimized communications services into the future.

3We probably have experienced more change in the last 20 years than in the entire previous history of telecom. But, even though the cliché of “next-generation networks” has now worn thin, the next decade promises continued change driven by what can only be described as the network analysis infrastructure.

Network analysis, and the application or service analysis that it supports, is fast becoming a critical part of any telecom carrier’s infrastructure. Not only is it critical to understanding what is happening in Ethernet/IP networks, but it is also enabling new network management techniques, network optimization, and new business models. It is also critical to securing networks and services both from a private user perspective and from a national security perspective.

How we got here: The impact of Ethernet/IP

Traditional telecom protocols are characterized by careful design, with great attention paid to reliability and manageability – availability and visibility are paramount. For that reason, telecom protocols typically include a great deal of network management information. Traditional telecom networks are often connection-oriented and controlled centrally so carriers know where traffic is flowing at any given time. These attributes support high levels of service and efficient billing, which are cornerstones of a telecom carrier’s business.

Ethernet/IP, on the other hand, is a complete paradigm shift. Instead of dedicating bandwidth to each service and customer in a connection-oriented network, bandwidth is shared in a connectionless network. Instead of configuring connections centrally, the network routes traffic itself with minimum overhead. This makes for more efficient use of bandwidth and resources but poses a network management headache, as now it is virtually impossible to tell with certainty where traffic is going at any one time.

Efforts have been made to make Ethernet/IP behave more like traditional telecom protocols, but there are obvious limitations; if taken too far, then it ends up undermining the benefits of introducing Ethernet/IP in the first place.

Solving the dilemma of Ethernet/IP network management

In this regard, the Enterprise world has already found the solution: network analysis probes. The only way to know with certainty what is happening in an Ethernet/IP network is to capture and analyze data traffic in real time. Network analysis probes analyze copies of network traffic provided by either Switch Port ANalyzer (SPAN) ports on routers, or switches or dedicated devices known as Test Access Ports (TAPs). The network analysis probe can then parse the Ethernet/IP frame and packet information to determine who is sending the data, where it is going, and what kind of application is being used to send it.

With this information, network analysis probes can be used for a wide variety of applications:

  • Network and application performance monitoring
  • Network test and troubleshooting
  • Network data recording and collection

These are applications based on understanding the contents of Ethernet and IP headers and payload. However, there are more complex applications based on deeper analysis of packet information that are proving to be very important in telecom carrier networks:

  • Network security – detection and blocking of suspect traffic
  • Lawful interception – supporting law enforcement in detection of illegal activity
  • Network optimization – traffic shaping or policy enforcement

Network security is of paramount performance, but requires a multi-layer approach that depends on more than just antivirus software on users’ computers. It also requires network security appliances based on network analysis probes that have the power and intelligence to detect more sophisticated attacks, such as Distributed Denial of Service (DDoS). According to network security specialist Trend Micro, the number of unique malware samples has exploded in the last 10 years (Figure 1), requiring even more sophisticated network security solutions.

21
Figure 1: The appearance of malware unique samples exploded in the decade between 1998 and 2008, and continues to grow.

Lawful intercept has long been a requirement in telecom networks, allowing law enforcement agencies to “tap” traffic as part of an investigation under warrant. In the Ethernet/IP world, network analysis probes are used to capture data traffic and provide this to law enforcement agencies upon request.

Network optimization is becoming highly topical, especially in mobile networks where there is a concern that the growth in data traffic (Figure 2), and the inherent network extension costs to support this growth, will not be covered by service revenues. This is prompting two actions on the part of mobile carriers: traffic shaping and new business models.

22
Figure 2: Compound Annual Growth Rate (CAGR) of data traffic between 2009 and 2014.

Network analysis probe-based appliances can be used to detect certain types of traffic, for example peer-to-peer traffic, and ensure that this traffic does not overly consume available bandwidth, thus depriving other customers of access to services. This is a type of policy enforcement and the first step in implementing network optimization. Further steps include optimization of business models using real-time data collected from the network, which provides more tailored services based on time-of-day, location, device used, on-demand bandwidth adjustment, and so on.

Policy enforcement is thus enabling more differentiated services and the most efficient use of network resources. In essence, it is a continuation of the transformation process for telecom carriers from utility providers to retailers of communication services.

The network analysis infrastructure

Network analysis probes can thus be seen to be forming the foundation for not only better network management, but better business practices. Network analysis probe-based appliances are forming a complementary operational and business management infrastructure alongside the data transport infrastructure that has, until recently, been the focus.

Why not absorb this functionality in routers and switches?

The idea of a parallel infrastructure might seem counterproductive, but there is good reason to keep things separated. The first and most important reason is division of labor. Network analysis probes were first introduced in enterprise networks to offload network analysis from routers and switches that were simply overloaded and could not keep up with the task. The logic was that these routers and switches should be primarily used for routing and switching, which seems rational.

The same arguments can be made in telecom networks. The data transport nodes are in place primarily to support routing and switching of data traffic. Data traffic is growing, so these nodes should be focused on their primary task. Alternatively, because incremental data traffic can often mean higher cost without higher revenue, it is important that routing and switching resources are used optimally. Offloading the network analysis task leads to an efficient division of labor. In addition, since many network analysis probes can be deployed passively, they need not affect network traffic and can be managed and maintained by the organizational groups to which they provide the most value, namely the network management teams and product managers responsible for new service models. This makes it easier for telecom organizations to introduce support for the aforementioned applications.

Change is the only constant

The rise of the network analysis infrastructure in telecom carrier networks is a continuation of the constant changes that we have experienced over the last 20 years. But, these are positive changes providing new opportunities to better test, manage, secure, and optimize carrier networks, and additionally help telecom carriers to be even more effective in facing the challenges of delivering high-quality communication services in the future.

Daniel Joseph Barry is VP of Marketing at Napatech and has more than 17 years of experience in the IT and Telecom industry. He has an MBA and BS in Electronic Engineering from Trinity College Dublin.

Napatech

djb@napatech.com

www.napatech.com