Skip to content
  • Network Security Works Only If You See The Right Traffic

Security is nowadays an important part of network management. Secure networks are vital for running an uninterrupted business, preventing data loss and maintaining the overall image of the business. Security challenges are increasing because networking is getting more complex, more dynamic and virtual.

The existing approach of network visibility like in legacy times to tap a link and feed this to a tool is no longer valid. This approach is not appropriate because this “link” is not a physical link anymore. It is a virtual link on top of the physical network. The reason is that today more and more networks are designed as overlays.

​These overlay networks are actually the operating network which should be monitored but a network TAP and a classical network packet broker (NPB) is a physical device which works on one layer below the overlay.

This would not be such a problem in theory if we expect to have only one overlay technology but in reality, overlay technologies are stacked and there are different overlays on the same physical network. In some cases, dozens or even hundreds of overlays are seen in large networks.

Based on this situation we have several challenges to tackle:

​1. Current tools do not support these kinds of networks. If these tools are used, then it is necessary to separate these logical overlay networks and feed only the correct network to the tools.

  • To do this, advanced NPBs are needed, which can filter in these virtual overlay networks.
  • These virtual networks are more dynamic and are often triggered by the network itself, and unknown to the user because they are fully transparent to the overlay. “This is an advantage for usage, but a disadvantage for monitoring.”

2. Typically, such networks have more links to tap and often these links are 100 Gbit but the load is much higher. To deal with this issue, you need an NPB with features like smart filtering and steering in multiple 100 Gbit line speed. The solution to aggregate this traffic to a “smart device” and handle the traffic there will lead to other issues like:

  • overload, over subscription and loss of packets
  • extreme complex aggregation and dis-aggregation configurations
  • adding additional delay
  • cost

Thank you to Cubro for the article.

Join our Newsletter

Categories

Related Posts

Understanding Precision Timing in 5G and O-RAN Networks

Understanding Precision Timing in 5G and O-RAN Networks

5G is doing more than just speeding up our downloads—it’s completely changing how mobile networks are architected. Unlike the LTE…
The Heartbeat of Quantum: How White Rabbit Synchronization is Moving Innovation from the Lab to the Network

The Heartbeat of Quantum: How White Rabbit Synchronization is Moving Innovation from the Lab to the Network

Why Sub-Nanosecond Timing is the Missing Link for Distributed Quantum Computing and QKD For quantum scientists and researchers, the challenge…
Precision, Visibility, and Validation: Optimizing 5G Open RAN with Aukua Systems

Precision, Visibility, and Validation: Optimizing 5G Open RAN with Aukua Systems

In the world of 5G and Open RAN (O-RAN), “good enough” testing simply doesn’t cut it. As networks disaggregate into…
Introducing Cubro’s EXA48800: Advanced Network Visibility for High-Speed Infrastructure

Introducing Cubro’s EXA48800: Advanced Network Visibility for High-Speed Infrastructure

In today’s complex digital environments, where data moves at extreme speeds and network architectures span multiple layers, visibility is no…
WiFi vs 2-Wire Systems for Synchronized Clocks in your Facility

WiFi vs 2-Wire Systems for Synchronized Clocks in your Facility

In facilities such as schools, hospitals, and corporate offices, synchronized clocks play a critical role in ensuring order, punctuality, and…