This paper explores how monitoring tools can achieve higher levels of performance without forklift upgrades. It proposes a variety of ways to extend their efficiency, including the use of a stand-alone content filtering device to offload monitoring tools by pre-filtering traffic and assisting with common tasks.
®
Extending Network Monitoring Tool Performance
Benefits Table of Contents. Handle higher bandwidth traffic without a total Introduction ............................................... 1 reinvestment in new tools Understanding Monitoring Tools ................. 1. Improve efficiency of network administration Extending 1 Gigabit Monitoring Tool Performance .............................................. 2 and problem solving Finding the Right Solution ........................... 2. Increase return on monitoring tool investments Conclusion .................................................. 4About Net Optics ........................................ 4
AbstractMany organizations have invested in network monitoring equipment such as protocol analyzers, intrusion detection and prevention systems, and stream-to-disk traffic loggers. The challenge is to extend the performance capabilities of these tools to handle the high-speed, multi-protocol, security threat-laden traffic of today's and tomorrow's networks, without a total reinvestment in new tools, and without sacrificing security. This paper explores how monitoring tools can achieve higher levels of performance without forklift upgrades. It proposes a variety of ways to extend their efficiency, including the use of a stand-alone content filtering device to offload monitoring tools by pre-filtering traffic and assisting with common tasks.
Solution Brief®Extending Network Monitoring Performance
Solution Brief
IntroductionIn today's IT-driven organizations, network performance is key to providing excellent customer experiences, driving business process efficiencies, growing revenue, and maintaining competitive advantage. Network administrators, charged with keeping networks responsive to the needs of both internal and external customers, rely on network monitoring tools for a continuous stream of information to baseline and assess the network's health. These tools enable administrators to ensure high application availability and good response times, to enforce network usage policies, and to justify and measure the impact of network upgrades. Network administrators can choose from an array of monitoring tools, ranging from open-source host-based software tools to sophisticated hardware appliances and platforms. Solutions include:
. Protocol analyzers, RMON probes, and NetFlow collectors for performance tuning. Intrusion detection systems (IDS) and intrusion protection systems (IPS) for security. Stream-to-disk traffic loggers and e-mail monitors for compliance auditing, forensics, and lawful intercept
The industry's challenge is to leverage investments in existing monitoring Handle higher tools as they confront increasing network speeds, higher network utilization, and the explosion of new network services and threats. The bandwidth key is to find new and innovative ways to extend tool performance traffic- without a and improve network security by modifying the traffic flow or its basic total reinvestment, characteristics rather than entirely replacing the tools. The following or sacrificing sections explain where opportunities exist for implementing new enhancements, and for extending tool performance. security
Understanding Monitoring Tools Most network monitoring tools are task-specific, high-performance software packages running on PC or server hardware. Proprietary boxes sold as "appliances" may consist internally of standard hardware components running proprietary software, often based on the Linux operating system. The performance of these tools is determined by the speeds of the processors and memory buses, and the size of the memory utilized both for caching and for buffering packets from the network. The performance of the network interface cards (NICs) is obviously critical, too, for monitoring high-bandwidth 1Gbps and faster network links. More advanced tools help alleviate these bottlenecks by adding more processors and more dedicated buffers, typically using standard integrated circuit (IC) components on custom-designed boards with proprietary architectures. The highest performing tools go one step further, using custom-designed application-specific integrated circuits (ASICs).
The type, speed, and number of processors in a tool dictate its processing performance. As network speeds increase, the number of packets that can be processed at wire speed (in other words, keep... [download for more]
