In Part I of this series, we reviewed some of the major networking challenges organizations face as new technologies like SD-WAN and IoT begin to proliferate networks. In Part II, we’ll dive into how network TAPs and Packet Brokers harvest the critical network traffic data IT teams rely on to feed a wide array of networking and security solutions. This data enables them to gain the visibility necessary to maintain network performance, prevent security breaches and support overall business objectives.
What is a Packet Broker?
So, how does it all work? To answer that question, let’s look at a packet broker in more detail.
At a high level, TAPs and Packet Brokers connect to network links in-line, make a mirror copy of the traffic and pass it to another appliance that performs analytic or other specific tasks. As networks are constantly growing in complexity, size and speed, the need for a variety of high-performance security and diagnostic tools increases. The problem then becomes how to efficiently and economically connect and provide relevant visibility to all of these appliances at ever-increasing speeds and varying physical media without compromising network availability and reliability.
The ‘Broker’ in network packet broker refers to the solution’s ability to combine, integrate, separate, manipulate and process network data inputs from a wide variety of sources, delivering traffic to a wide variety of appliance and tool destinations. Delivering the right data to the right tool at the right time is one of the most important elements when working to optimize network security and performance.
The Visibility Architecture – TAPs
So far, we’ve focused on brokering a variety of network tools for maximum efficiency – the role of the packet broker. In-line connectivity, however, must be achieved through a network TAP.
A TAP is deployed in-line on network links and feeds the data to the packet broker. Network tools are then connected to the Packet Broker ports where live data passes through the TAP and back into the network with negligible delay. The TAP then makes a copy of the data and sends it to the packet, which processes and directs the traffic to the relevant network and/or security tools.
The TAP also provides fail-safe technology to protect live network data from power failure. If the TAP loses power, the live network traffic will still pass through it, keeping the network links active. This network fail-safe feature is the primary reason why TAPs must be used as the initial point of connection to a live network link.
It’s important to note that TAPs feed data to packet brokers directly, not to network and security tools. After receiving TAP data, a packet broker will provide the necessary traffic management features before delivering the appropriate data to the appropriate tools. When considering the overall visibility deployment architecture, the safest and most efficient plan is to utilize simple TAPs in front of feature-rich, advanced packet brokers.
What Tools Are Packet Brokers Brokering?
Now that we’ve covered origin and path of critical data that ultimately provides granular visibility for network engineers and operators, let’s take a closer look at the networking and security tools that rely so heavily on it.
- Network Performance Management and Analytics Products – More and more organizations are relying on Network Performance Management and Diagnostic (NPMD) solutions from vendors like LiveAction and Riverbed. These platforms allow network operations to gather comprehensive data sets and visualize performance across complex networks (which can be especially important as they roll out new SD-WANs). Probes and sniffers are also important tools to help network managers know what is going on in their network. Traffic can’t be managed if it can’t be seen and these products allow network managers to open packets, look for warning signs and diagnose problems (some NPMD solutions now include this functionality).
- Performance Management Solutions – Problems do not exist solely on the network. Third-party applications provide services to network users and these applications provide great value to businesses, but can also provide great headaches to network managers. All applications do not act the same. Tools are needed to understand application response times and other metrics of application performance. Some of these tools are designed to accelerate application performance, increasing their value to the business and its’ customers.
- Security Platforms – Companies like Darktrace, FireEye and WatchGuard Technologies provide appliances that help identify and block malware, detect and mitigate various network attacks and generally help managers keep up with the ever-growing menace of cybercrime. There are a wide variety of security appliances and each has unique advantages. Deploying a strong cybersecurity profile requires deployment of many of these specialized security tools. A Packet Broker helps to efficiently manage the type of traffic and the amount of traffic that flows to these critical components.
- Cloud and Hybrid Network Tools – The are now plenty of solutions on the market designed to help businesses combine cloud networking, centralization of data, remote application management, storage caching and high-performance computing. As networks become more geographically diverse, more tools are required to maintain performance levels and manage remote information storage.
As you can see, in order to manage network performance and security effectively, IT teams at businesses around the world rely on granular network visibility into traffic processed and analyzed by a wide range of networking and security solutions. And network TAPS and packet brokers are the key to delivering the network packet data necessary to ensure that critical traffic streams can be effectively aggregated, filtered and load-balanced across multiple security and monitoring tools, delivering and enabling a more efficient, secure and resilient network – a next-generation network.