Learn more! [ Ссылка ]

How do you access network data? [ Ссылка ]

Picture this. You’re in a super-important virtual meeting, and someone’s voice starts clipping or video starts stuttering and cutting out. It kinda makes you crazy, right? Well, congratulations! You’ve experienced packet loss firsthand. It’s a pain most gamers have felt. Heck, it’s happened to me more times than I’d care to admit. But that’s small potatoes compared to the very real consequences packet loss can have on IT organizations, ranging from performance bottlenecks and network outages to network intrusions and data breaches.

That’s because nowadays, almost all of your most important monitoring tools rely on the detailed data found inside network packets to keep everything running smooth and secure. But your tools are only as good as the data you feed them — and missing data can shield attackers from your SecOps team, leave your NetOps team powerless to troubleshoot performance problems, or reduce the effectiveness and lifespan of your monitoring tools themselves.
But even if you’ve deployed an array of taps, SPAN ports, and virtualized solutions to capture packets, and are filtering, aggregating, and load balancing that data with network packet broker, you’re still not home free. That’s because your SPAN ports and packet brokers can actually drop critical packets before your tools ever get the chance to see them!

Let’s talk about SPAN ports first, which is an acronym for switched port analyzer, Now, instead of making a complete copy of all the packets that pass through it — like, say, like a network tap does — a SPAN port utilizes “port mirroring”, where it copies traffic from one or more ports to another, using ports on your switch to replicate the work of a tap. In theory, this should forward all the traffic — but it’s not quite that smooth in practice. The trouble is that SPAN ports are notorious for dropping packets, especially when the switch gets busy — since SPAN traffic is the first data to get dropped. And therein lies the issue. With a SPAN port, you’re not getting the whole picture. By contrast, a tap would have forwarded a complete copy of all the packets that passed through it, which could have helped a security tool indicate a potential intrusion.

Now, you might not expect a network packet broker to drop packets. It kinda seems counter-intuitive, right? After all, NPBs are essentially built to aggregate, filter, and send network data to monitoring tools. But here’s the problem: a lot of them can’t do all that without dropping some of their traffic in the process. Sure, they work all fine and dandy at lower processing speeds, but as soon as you start adding things like malicious traffic and streaming video, they can’t keep up and start dropping packets left and right. In fact, an independent test proved that one leading packet broker didn’t just drop packets, it failed to report the loss! After all, the only thing worse than missing data is not knowing that it’s missing in the first place!

I mean, the whole point of a visibility fabric/architecture is to ELIMINATE BLIND SPOTS, not CREATE them. I simply can’t think of a more frightening thought than to build a mission-critical visibility architecture with a solution that drops packets. That means your best-case scenario is still flying partially blind, since your mission critical appliances can’t be relied on to not drop packets.

And that is why we put such a premium on lossless visibility here at Keysight. From network taps to proven packet brokers that deliver uncompromising performance with zero packet loss, we don’t settle for anything less than the full picture. But enough about us. If there’s one takeaway I want to leave you with, it’s this. Don’t settle for anything less than the full picture. Your network, users, and security are simply too important to leave to chance.

#networkvisibility #networkpacketbroker #NPB #Keysight #PacketBoi #PacketLoss #PacketData #NetworkBlindSpots #networktaps #SPANports

свернуть