2014 marks the first year that Gartner has released a magic quadrant report for Network Performance Monitoring and Diagnostics (NPMD)1 – a strong indicator of this market’s increasing importance—valued at approximately $1 billion. The authors of this Gartner study note that the number of technologies and services that must be supported is constantly increasing. Multiple, new applications appear every day for mobile and desktop users and devices, along with the control protocols that run behind the scenes to make those applications work. New versions of these applications also roll out constantly which include changes in their behavior making them difficult to identify. We also expect increased use of automation as software-defined networking (SDN) and network functions virtualization (NFV) increases to grow in prevalence, feeding into the volume and complexity of the growing pool of available applications.
As a result of the steady increase in applications and protocols the NPMD landscape will continue to become increasingly complex for the foreseeable future. Application identification via Deep Packet Inspection (DPI) is needed to address this rise in complexity so that NMPD tools can keep up with the ever-changing application landscape.
The NPMD market itself has evolved as a result of the increasing intricacy of today’s networks. NPMD tools provide the ability to detect, identify, and prevent issues related to the many applications traversing the Internet and the networking devices and appliances that are the Internet’s physical infrastructure. These tools drill down using various analytic and diagnostic applications to monitor the components in a network with the goal of reducing outages, providing troubleshooting information when incidents occur, and optimizing performance.
IT professionals have utilized a number of tools over the years to troubleshoot their networks, but these primitive, reactive solutions have lost their efficacy due to the network’s evolution. To be useful in the modern environments, NPMD tools must now have built-in application intelligence to take a more proactive approach and to provide better identification of new apps as they appear in the network.
So how are NPMD tools advancing to meet these new requirements?
NPMD tools leverage three key technology areas to accomplish their objectives: SNMP polling, flow-based technologies, and packet-based technologies. SNMP polling was a useful first-generation element management technology, but it has significant limitations in that it requires explicit support of the SNMP protocol, SNMP polling itself can have an impact on resource utilization on managed network elements, and it was never designed to provide a detailed real-time view of application traffic. Flow-based technologies (NetFlow, Jflow, Sflow, IPFIX, and others) can provide more timely information, but they were designed to provide summary information, often taking a traffic sampling approach, and can also cause resource utilization issues. Both SNMP and flow-based techniques lack the ability to provide granular application info, especially metadata about application flows, in real time.
DPI is an essential, packet-based technology that has evolved to enable NPMD solutions with real-time visibility into application traffic. To accurately classify and identify the complex mix of traffic flowing across the network, a combination of DPI classification techniques must be used to achieve the real-time visibility and accuracy required by NPMD tools.
Procera’s embedded DPI engine – the Network Application Visibility Library (NAVL) – takes a data driven approach to identification of application traffic. It examines the packets of an application flow via a robust set of classification techniques to provide visibility in real-time by using: deep protocol dissection, behavioral analysis, future flow awareness and flow association, surgical pattern matching, conversation semantics, and deep protocol dissection. The Procera NAVL team also provides proactive coverage of new applications as they emerge, along with metadata from ongoing application flows. NAVL’s combined use of these techniques provides the Layer 7, real-time visibility that NPMD solutions need with the rapidly increasing complexity of today’s networks.
Topics: Expert Insights