Network requirements are constantly changing in enterprises. The network goal of every enterprise is to be more efficient and cost-effective while embracing the changes. There are several network visibility solutions/vendors available in the market. However, each network has a different requirement and not solutions fit every network architecture.

​Gartner mentioned in its report that since enterprises work with many vendors/service providers, and it is very difficult to be knowledgeable let alone an expert in all areas, therefore enterprises should not blindly choose large well-known vendors/providers without validating functionality, financial condition, ability to execute, pricing and a long-term road map.

​Whenever an enterprise takes new network initiative, it should focus on the end goal and accordingly decide the features of the tools it needs to deliver these goals. All businesses that need monitoring require the deployment of a specialised Intelligent Network Packet Monitoring solution, a Network Packet Broker (NPB). There are multiple ways in which the NPB can be deployed. One method of classification is in-line, wherein the NPB sits in the path of traffic and performs certain functions. This method is suitable for situations where the throughput needs are not very high, and the application is not latency sensitive. However, in situations where there is high throughput, and latency requirements are low, an offline method is chosen, wherein the data packets are mirrored on the SPAN ports and sent to the device, which is sitting off to the side rather than in-line.

​Network Packet Brokers (NPBs) make monitoring and security platforms more effective by feeding them data from the entire network stack. These products broker network traffic from multiple SPAN/TAP ports, manipulating this data and sending only relevant data to the monitoring devices which allows the more efficient use of monitoring devices.

​Until a while ago the NPB architecture was entirely based on proprietary hardware. However, nowadays some enterprises opt for generic white boxes because they believe this would save money and provide them scale needed for the growing networks. Unfortunately, the white boxes do not offer the best solution because you end up getting limited features because not all hardware support different software. To add to this, when you have any issue with the box, you end up with blame game because you do not know if it is hardware related or software related. In the end, you waste time and lose money with the generic product.

​Enterprises should identify their specific requirements and while deciding they should ensure that the tools are addressing the problems/use cases. They should carefully determine what value the features deliver rather than merely assuming from the name what the function does. Best practice recommendations around NPBs include finding a solution that delivers true link layer visibility. In some cases, this simply means implementing tools to monitor network devices and individual links. In other cases, monitoring all the way to the application layer is required.

Thank you to Cubro for the article.