Seeking a Performance Advantage
As enterprises, government agencies, and service providers upgrade networks to 10G, 40G, and 100G, key concerns are the ability of security and monitoring tools to support accelerated speeds and throughput, and maximizing the business contribution and investment provided by these tools. Uncompromised visibility, where the organization has end-to-end views of each and every critical packet, becomes a business imperative, resulting in greater security and meeting essential performance thresholds.
Research from IT analyst firm Enterprise Management Associates shows 47% of businesses are not properly utilizing the tools they have in place, and 25% of tools are often overloaded and dropping packets. Inserting a Network Packet Broker (NPB) into an inline security solution or in front of network and security tools to filter, load balance and distribute traffic not only provides a welcome performance improvement, but invariably represents a leap forward in the solution value and return on investment.
An NPB can extend the lifetime of slower monitoring tools and enable others to more effectively process traffic when duplicate packets and non-suspect data is filtered out. But not all NPBs are created equal. NPB technology continues to rapidly evolve with increasing customer requirements and solutions addressed. Keysight offers customers patent-protected engines and functionality, resulting in NPB performance advantages and usability you can leverage to generate business benefits that provide a competitive edge.
Keysight commissioned The Tolly Group, the premier independent test lab and provider of third-party validation, to evaluate the advanced packet processing capability (deduplication, in particular) and the application intelligence of its Vision X network packet broker and compare them with Gigamon GigaVUE-HC3 with Control Card version 2 (CCv2) multi-purpose visibility fabric.
According to Tolly, Keysight Vision X delivers architectural superiority through its innovative design and memory optimization, as well as stable and consistent application intelligence even when the CPU is overloaded. Vision X demonstrated clear architectural superiority, 2.5 times more packet processing power with no drop, and fast and accurate application detection and metadata generation.
The Tolly Test Report[1] highlights that Keysight’s Vision X NPB delivers:
- Greater system-wide advanced packet processing capacity of 2Tbps to Gigamon’s 800Gbps.
- High performance packet deduplication with no packet drop where Gigamon drops packets at 512-byte payloads and below.
- Accurate application detection within seconds under load where Gigamon requires over two minutes and product inaccurate results.
Function of a High Performing Security Architecture
The network packet broker is a key component of a high performing security architecture. The goal of creating an inline security architecture is to enable adequate security inspection at maximum efficiency while adding only minimal latency to your network. This is achieved by creating an additional layer of control between live traffic and your monitoring tools. This control layer becomes an essential element of your overall security architecture with the ability to increase accuracy, efficiency, and cost effectiveness in the following areas.
A well-designed security architecture strengthens security, but does not allow security monitoring to slow or disrupt network response times. The goal is to allow IT teams to proactively take action before either of these events occurs.
Monitoring for security, compliance, and performance will be more efficient if each tool has only the data it needs. A security architecture can support this process by gathering traffic from across a network and eliminating any traffic that is irrelevant to each tool, thus reducing the volume of packets being processed and the risk of tool congestion leading to tool failure.
A security architecture built with modular external bypass switches and powerful NPBs enables incrementally increased resiliency over time to achieve very high uptime for security monitoring. Figure 1 features a diagram of high availability through Active-Active configuration.
Figure 1: High Availability through Active-Active configuration
With redundancy of the external bypass switches, NPBs, and security monitoring solutions, a security architecture can be configured with alternative monitoring paths that ensure traffic inspection will survive the outage of any device. With NPBs that can be configured for concurrent processing with complete synchronicity, known as active-active configuration, failover is automatic.
The NPBs work together to ensure each security tool receives a full set of traffic, even if transmitted on two different links, and coordinate load balancing. Adding other tools requires configuring only one NPB, because it shares logic with its peer. Designs of this type provide marked improvement in throughput during normal operations, since both NPBs are actively processing traffic. And if one NPB goes down, the synchronous configuration ensures the other NPB can take over seamlessly with no lost packets. With a fully redundant security architecture, an organization can maximize security monitoring while protecting the network for a well-balanced approach.
References
[1] The Tolly Group, Tolly Test Report-Network Packet Broker Performance and Features, September 2020
