Profitap IOTA Use Case: Quickly isolating cloud-based application issues

Solutions for Complete Access and Visibility into Network

Profitap IOTA Use Case: Quickly isolating cloud-based application issues

  PROBLEM

Users at a remote office experience poor application performance with a cloud-hosted application.

  CLAIM

The IT organization feels the server is under resourced. The provider says the problem is the client network. Neither side has proof.

Information needed

The server ping roundtrip time seems to be ok, at least when engineers run occasional tests from the central office. However, this test only validates the network path between the client network and the cloud environment. They needed packet-level detail of the problem while it was happening. This was difficult to get because the problem was not always happening while engineers were onsite. They needed a way to simply and persistently capture traffic from the client side so the problem could be caught in the act.

The application was recently migrated to the cloud, so the network engineering team no longer had access to capture on the server side.

Once the problem was properly captured during a problem period, statistics like the network roundtrip time, server response time, TCP retransmission frequency, and other TCP outliers can be measured to isolate the true problem domain – whether client, network, or cloud-server

Profitap IOTA All-In-One Network Analysis Solution

IOTA Made Things Easy

IT engineers were able to install the IOTA at the remote site by putting it inline between the client network and the edge router. This vantage point allowed them to see the activity of several clients, not just one. They could contrast client activity between problem periods and times with good performance.

After a few hours, clients reported that they again experienced the performance problem. Engineers were able to immediately access the IOTA using the web-based interface from the central office and begin troubleshooting. Within minutes they had access to the core details needed to isolate the problem domain.

Read the full use case (pdf) by clicking the following link: Profitap IOTA Use Case
Link to product pages: Profitap – Network Visibility Solutions

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Solutions for Complete Access and Visibility into Network

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Packet-level visibility into your virtual traffic

Profitap vTAP provides complete visibility of VM traffic (including inter-VM) for security, availability, and performance monitoring.

Within the span of a decade, the use of server virtualization has become a standard industry practice. This shift has dramatically improved IT efficiency in companies around the world, benefiting from improved scalability, high availability and greater workload portability. Businesses can now do more with less.

This shift also means that you need a new, scalable and easy to manage approach to get complete visibility into (inter-) VM traffic, in order to monitor for performance, security and availability.

To gain visibility in virtual traffic and forward filtered network traffic to network security and network monitoring tools, you need a Virtual TAP (vTAP).

Virtual TAP

Complete visibility of VM traffic (including inter-VM east-west traffic flows) for security, availability, and performance monitoring. Profitap vTAP taps directly on the VMware infrastructure, which means no extra privileged access to the hypervisors is required.

The vTAP controller is able to manage visibility of thousands of VMs in a simple and comprehensive way. Based on your requirements, Profitap vTAP can scale at the click of a button and grow with your network.

Flexible filters with L3 and L4 criteria and exclude & include filters can be set up to make efficient use of available bandwidth, ultimately preventing network congestion. Filtered data can be forwarded to any available interface.

One single interface to manage visibility of all your virtual datacenters. This enables you to set up and manage your virtual monitoring system quickly and easily.

Filtered traffic flows of interest can be forwarded to any type of traffic collector, analyzer, located in the same virtual datacenter or remote, as well as Profitap physical Packet Brokers.

Features

  • Enables security, availability, and performance through proactive monitoring of virtual data centers
  • Complete visibility of traffic in virtual environments, eliminating blind spots
  • Central management interface for a single overview of the entire virtual visibility system
  • Filtering helps bring down the virtual traffic to actionable data and prevent network congestion
  • Easily scalable
  • Forward virtual traffic back into physical network for analysis

The Importance of Network TAPs Recovery Time

Solutions for Complete Access and Visibility into Network

The Importance of Network TAPs Recovery Time

When it comes to network monitoring, Ethernet TAPs are crucial because SPAN ports on switches may have been compromised and drop packets because of overload. TAPs are the one and only way to get access to see what’s really happening on the physical link without dropping packets.

Using network TAPs will allow you to get in the path of the packets and to relay traffic to the monitoring device without altering the timing between packets. Most importantly, network TAPs provide a fault-tolerant means of getting inline. As a network administrator, you need to be alert for the case when the network TAPs fail, for instance, due to loss of external power.

In the case of power loss, some TAPs are designed to fail-over and continue to pass packets through. The main challenge here, however, is about selecting a network TAP that can recover the fastest, after power outage.

When measuring your network’s performance while dealing with power loss conditions, you should consider looking at the network recovery time especially in mission-critical environments. This is to prevent any interruption in traffic flow to or from the network. The question is, how long does it take for a network TAP to recover from a power failure? Well, this can vary greatly depending on the TAP vendor.

Let’s have a look at the test results of Profitap Gigabit Copper TAPs recovery time compared to other Gigabit TAP vendors on the market. The test was done by Mike Pennacchi to measure the recovery time of the Gigabit TAPs by calculating the amount of time it takes for each TAP to recover from a power failure and then to recover from regaining power.

Profitap Network TAP
TAPs Recovery Time Test Results

Ensuring short network recovery time

As you have seen in the video, when being compared with other network TAPs, Profitap’s network TAPs can perform recovery between 27-289 milliseconds. A faster recovery time when a single fault occurs on the network than other TAPs vendor. Sure, it’s milliseconds-fast, but does it matter? YES! Most of network TAPs are typically used in inline applications, which is why any delay above 300 milliseconds will cause the network link to renegotiate.

In designing and creating our network TAPs, we wanted to ensure on a very short network recovery time. Profitap’s network TAPs has a functionality which dramatically reduce fail-over time. This means, the traffic received from the network will pass through the network TAPs even when the power is disrupted.

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

Solutions for Complete Access and Visibility into Network

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

The new Profitap X2-6400G is a Next-Generation Network Packet Broker (NGNPB) with a total throughput of 6.4 Tbps. It offers an extensive set of features, such as packet slicing, GTP IP filtering, ERSPAN tunneling & de-tunneling, GTP Correlation, packet deduplication, and timestamping.

X2-6400G NGNPB provides aggregation, replication, powerful filtering and load balancing in very high bandwidth port monitoring and analysis scenarios.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Feature Highlights

  • Packet Slicing: Remove payload that is irrelevant to network monitoring and security analysis, conserving disk space and load on capture devices.
  • GTP IP Filtering: Filter by IP in GTP sessions based on information contained in the data stream, identifying source and destination.
  • Timestamping: Leverage accurate timing information for accurate forensic analysis, legal and criminal investigation.
  • ERSPAN Tunneling & De-Tunneling: Integrate the X2-6400G as a single, centralized point for ERSPAN stripping in a new or already existing monitoring system based on data ERSPAN encapsulation.
  • GTP Correlation: Stateful detection of mobile data sessions using subscriber ID (IMSI) to filter, replicate and forward to the appropriate monitoring tools.
  • Packet Deduplication: Optimize network efficiency and traffic storage eliminating redundant packet copies.

Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Solutions for Complete Access and Visibility into Network

Capturing in Time-Sensitive Networking Environments with ProfiShark 1G

Time-Sensitive Networking (TSN) is a set of standards defining mechanisms for the time-sensitive transmission of data over Ethernet networks. Deterministic communication is critical to multiple industries (Audio Video Bridging, Automotive, Industrial and Power automation, Mobile Fronthaul Networks).

The purpose of this article is to demonstrate the benefit of ProfiShark 1G in TSN environments and to describe its usage. In order to support TSN, a TAP has special requirements in terms of latency, jitter and capture capability.

Time-Sensitive Networking

Transparent In-Line

Like all Profitap’s in-line TAPs, the ProfiShark is protocol agnostic and L1 passthrough for all frames, tags, and encapsulations. This includes preempted frames (IEEE 802.1Qbu/802.3br), fragmented and CRC-invalid frames.

The in-line latency and the jitter introduced by the in-line circuit is minimal, making it suitable for IEEE 802.1AS and 1588 v2.

DEVICE
LATENCY
JITTER
L1 PASS-THROUGH
ProfiShark 100M
2 ns
100 ns
Yes
ProfiShark 1G/1G+
400 ns
32 ns
Yes
ProfiShark 10G/10G+
300 ns
40 ns
Yes

Capture Capabilities

The ProfiShark 1G is capable of capturing any type of frame, including preempted frames (IEEE802.1Qbu/802.3br), fragmented and CRC-invalid frames.

FRAME TYPE
PREAMBLE COUNT
SMD
FCS
Standard / Express
7
0xD5
CRC
SMD-lx Premptable frame start
7
0xE6, 0x4C, 0x7F or 0xB3
CRC
SMD-Cx Non-initial fragment
6
0x61, 0x52, 0x9E or 0xAD
CRC ^ 0xFFFF0000

Moreover, the ProfiShark Manager offers an option to capture the entire L1 Ethernet frame in direct capture. When ‘capture full frames’ option is enabled, the frames are captured with the preamble (0x55), the SMD and the CRC.

Wireshark Integration

With ‘capture full frames’ option enabled, the PCAP-NG Link-Layer Header is set to LINKTYPE_ETHERNET_MPACKET. This Link-Layer type is fully supported by Wireshark since 2.6.0 and allows proper dissection of L1 frames (see Wireshark view below). Once dissected, the additional L1 data is displayed in the Packet detail view and doesn’t conflict with higher protocols. Additionally, fragmented preempted frames can be reassembled in Wireshark.

The ProfiShark Manager offers different capture options. The different capture options and their effect are listed below.

All-In-One Advanced Gigabit Network TAP

ProfiShark 1G is one of the most powerful, compact portable network tap devices. It’s a portable troubleshooter dedicated to network monitoring, combining both performance and flexibility.

This pocket-sized Gigabit TAP is the equivalent of an aggregator tap and two NICs, requiring only a laptop or a desktop PC with a free USB 3.0 port. ProfiShark 1G is the ultimate solution for your field testing and monitoring performance.

All our ProfiShark products also include other important features, as are hardware filters, statistics and configuration options, through our own ProfiShark Manager application.

ProfiShark 1G+ combines all the features of ProfiShark 1G but with added GPS and PPS features for advanced timestamping.

All-In-One Advanced Gigabit Network TAP
ProfiShark 1G+ with laptop
Link to product pages: ProfiShark Portable Network TAPs

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Solutions for Complete Access and Visibility into Network

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

SPAN ports were the preferred approach to network visibility for years. However, when the limitations of using SPAN became clear, the adoption of network TAPs started to increase. As we all know, network TAPs are more reliable than SPAN ports, and provide complete visibility into the network. But SPAN ports and network TAPs are just one link in the network visibility chain.

As enterprises have grown more dependent on networks for success, network architectures are being challenged by the evolution of digital business. More and more people and devices find their way to the connected world. All wanting their fair share of bandwidth. As a result, more tools are deployed in order to help the visibility and security to the network, increasing the network complexity. So, how do you make sure your visibility and cybersecurity appliances get the right data to look at, from any point in your IT infrastructure? A Network Packet Broker will help you out here. Read on to learn how this device can help optimize the performance of your network analysis and security tools.

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Efficient traffic management with Network Packet Brokers

Network Packet Broker (NPB) is a device that helps optimize the access and visibility of a variety of network monitoring, security and acceleration tools to traffic from one or many network links. This device plays a critical role in gaining visibility into complex networks.

Deployed between the network TAPs and the traffic analysis hardware, the main function of the packet broker is to filter specific network traffic to a specific monitoring tool. It receives data from multiple network links and then acts as a “broker” sending the right packet data out to all devices that need it. By maintaining a many-to-many (M:M) port mapping of network ports to monitoring ports, Network Packet Broker can direct network traffic more efficiently.

One thing that sets NPBs apart from other standard aggregation devices is the set of advanced packet manipulation features this device offers, such as packet slicing, GTP IP filtering, GRE tunneling & de-tunneling, VXLAN de-tunneling, ERSPAN stripping and timestamping. This enables network engineers to filter actionable data only, allowing the network tools to analyze in a more efficient way.

NPBs are not all made equal and quite costly, however. Therefore, in selecting the right NPBs for your network, you should opt for the one that performs all functions required for an optimally performing network architecture.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Optimizing your NPB's ports

With the NPB deployed between tools and infrastructure layers, its ports can fill up quickly when connecting all infrastructure elements. That’s where Profitap’s Booster Aggregation TAP comes into play. This device is specially designed to improve your Network Packet Broker’s ports efficiency.

By connecting 4 1G in-line links or 8 1G SPAN connections to one 10G SFP+ monitoring port (M:1), the Booster optimizes the number of used ports on your Network Packet Broker, without any impact on the performance and packet loss a standard aggregation would face. This way you will be able to monitor traffic from 4 full-duplex in-line or 8 SPAN connections on a single port on your NPB. A significant saving in port space on your device and ultimately in costs.

The optimal solution

A Network Packet Broker paired with a Booster are key in managing and securing the network infrastructure that’s rapidly evolving. It is a cost efficient and easy to deploy solution to help you improve the density performance of your monitoring system.

The Benefits of Using ProfiSight Network Traffic Analyzer

Solutions for Complete Access and Visibility into Network

The Benefits of Using ProfiSight Network Traffic Analyzer

As networks get faster and more complex, new performance issues appear. Conventional network monitoring takes too much time, that’s why network analysts are looking for tools that not only help them get to the source of problems as fast as possible, but also optimize their workflow.

So, how can we get from a broad view of the network to a pinpoint view of the traffic, anywhere, in seconds, drill down and find the potential weak spots, server congestion, ports usage and more?

With a network traffic analyzer

Before getting into how this type of traffic analyzer can make a difference to your network forensics and troubleshooting techniques, let’s talk first about the most common methods used these days: packet analysis and flow analysis.

Packet analysis technology is widely used to dig down into what is happening over a network by focusing on the individual packets that cross your traffic rather than on the flow of the network.

Even though this method generally provides the most insights into your network traffic, as complete packets can be captured and further analyzed, it also gives you huge amounts of data. This makes it almost impossible for you to take real-time decisions and immediately expose the worst-performing parts of the network. You need time to shift through a lot of data for evidence of an issue or an intrusion, just like finding a needle in a haystack.

Also, in high-speed networks, packet analysis requires expensive hardware and substantial infrastructure for storage and analysis.

And that’s where a flow analysis tool can come in handy

Instead of giving you loads and loads of data that will also come with added cost, a flow-based tool focuses on the flow of the network, the “who,” “what,” and “when” of network transactions.

Flow analysis tools are based on a technology that provides insights about who is communicating with whom, with which devices or end-points, and which protocol. It gives you a lot of visibility of your network’s traffic without the added weight of a packet analysis tool.

It makes it easier to dig into certain conversations, giving you a fast and efficient way to understand what type of traffic is traversing the network. Also, since this data is so light, you can store it for as long as you want, and network forensics and security monitoring tools can make use of it to monitor and alert for traffic abnormalities.

For all those reasons and more, our engineers created ProfiSight

ProfiSight is Profitap’s Network Traffic Analyzer, specially built to give you fast visibility into the traffic that matters. What does that mean? Its accurate insights about your network bandwidth utilization, application usage and statistics, LAN, talkers and conversations, performance and errors, or user activity will tell you how your network resources are allocated and used in real-time.

Basically, it’s a network monitoring tool that tracks the flow of applications and key services over all areas of the network — devices, servers, link connections — and offers insights into network bandwidth utilization, helping you adjust resources for optimal performance.

It’s optimized for fast indexing and has the ability to filter large amounts of network traffic, improving your monitoring workflow and saving valuable troubleshooting time.
All its dashboards support flexible user queries by fields and timestamps to allow a faster analysis of the problems. ProfiSight covers a large array of network troubleshooting indicators, designed to help you pinpoint issues or highlight trends that would otherwise pass unnoticed.

Moreover, when a deep packet-level analysis of the traffic flow is needed, you can choose to pair it with top packet analyzers (like Wireshark) for multiple visual histograms, graphs and statistics.

So, can I use packet analysis and flow analysis together?

Profitap ProfiSight Network Traffic Analyzer

Yes, you can. As you know, even though flow analysis is perfect for determining traffic statistics overall, it can fall short when you need to analyze a specific issue in depth.

For example, in the event of a data breach, you need to be able to quickly understand what or how it happened, and which systems or data sources have been compromised. Packet capture and analysis provides a complete and accurate historical record of network traffic, giving you the means to reconstruct events and dig down to the actual network packets to pinpoint exactly what took place.

That’s why ProfiSight can be integrated with any of our ProfiShark portable packet capture devices (or any other capture tool of your choice). In this way, it allows for a quick view of the flow data by extracting the metadata of a captured packet stream. This can help you get an overview of the main talkers in a few clicks and determine if they are a security or performance issue.

When combined with our portable packet capture devices, you can capture every packet on the line and get a complete overview of the network for in-depth analysis. Also, you can easily connect to your ProfiShark remotely so that you can track down network issues anywhere, anytime.

For a hands-on experience of how you can capture, monitor and analyze network traffic with ProfiSight, watch the video below made by Chris Greer:

The benefits of a network traffic analyzer paired with the deep-dive of a packet capture device are multiple, but one of them is that you can reduce the load that a packet capture requires while still providing the raw data when you need it. Time is essential in most of the cases, and pairing these tools will help you spot network issues in minutes rather than in hours or days.

Monitoring the Industry 4.0 Network Infrastructure with Profitap IOTA

Solutions for Complete Access and Visibility into Network

Monitoring the Industry 4.0 Network Infrastructure with Profitap IOTA

Profitap IOTA 10G All-in-One Network Analyzer

The Internet of Things, commonly known as IoT, is no longer “the next big thing”. In the last two decades, the technology has evolved massively transforming the industrial and manufacturing operations. But there are also other hot topics that are just as prevalent, the Industrial Internet of Things (IIoT) and Industry 4.0. Chances are that you might have used them interchangeably. No big deal, right? Wrong.

In summary, IIoT is a subset of IoT which is specific to industrial applications. The manufacturing phase of the product lifecycle is where the IoT and Industry 4.0 meet, originating to the IIoT with smart manufacturing currently on the forefront. So, what is the Industry 4.0 anyway? Here is what you need to know.

The rise of digital industrial technology

Industry 4.0 is driven by trends on connectivity, advanced materials and processing technology, along with collaborative advanced manufacturing networks controlled by computers combining them into a physical – digital environment. Anything from the smart robotic machines in a factory to the engines inside an airplane, there has been a wide range of innovative uses of this industrial evolution.

Going forward, the question is not to be left behind and prepare for the fourth industrial revolution. If enterprises can’t evolve with continuous changes, they will shortly find themselves left behind while the ones who learn to keep pace will receive the rewards.

The fourth industrial revolution also begins with the development of new technologies applied to production processes. Today, this industrial revolution has impacted almost every sector be it healthcare, finance, manufacturing or any other industry. That said, the most critical technologies for this revolution are expected to be Intelligent Production, Simulation, Connected Devices, Systems Integration, Business Operation and Big Data.

Ultimately, it’s the network of machines or devices that are digitally connected with one another which then create and share information that results in the true power of Industry 4.0. With digitalization and IoT, there is no doubt that it will continue to be the biggest driving force behind the revolution as it will have a potential economic impact of up to $6.2 trillion by 2025 according to McKinsey.

How to monitor network infrastructure

An unfortunate fact of everyday life

Most of the disclosure around the Industry 4.0 focuses on Information Technology (IT) aspects. However, for industrial sectors, there is an equally important technology, which is the Operational Technology (OT). Simply put, OT includes any hardware and software that are used to sense and capture data as well as monitor and control the behavior of physical devices, processes and events of entire Industrial Control System (ICS). Typical OT networks are comprised of switches, monitors, sensors, valves and manufacturing devices managed by an ICS system.

Supporting all these systems requires a network and server architecture that enables the essential interoperability and provides the appropriate resilience. As the output of ICS relates to physical processes, avoiding unplanned downtime is a huge motivator for enterprises embarking on Industry 4.0. Outdated OT represent significant downtime risk. And when they fail, the costs are high.

How much money is your business losing with every minute, hour or day when your systems are down? Not sure? Well, according to research by IHS, downtime is costing over US$700 billion a year. This is no surprise. Every passing second when there’s trouble on the network, equals loss of production, data and even your company’s credibility. It is an unfortunate fact of everyday life. Network or process failures due to misconfigurations, software or device errors, and erroneous commands still can occur daily.

Today’s digital marketplace requires enterprises to integrate things, for instance real-time data collection and analysis as well as real-time remote management tools into OT networks. Constant operational issues have increased the demand for a special tool that can help to handle troubleshooting quickly and keep the connections healthy.

As industrial networks have grown larger and more complex than ever before, network monitoring tools are quickly becoming a necessity. Network access control solutions can help with managing industrial devices, including keeping track of every connected device on your network.

Help is on the way! What is needed?

To get a fast and reliable real-time overview of what is happening on your network, your enterprise requires visibility and control over your OT and IT environments without impacting the integrity of the network. As many modern enterprises have their operations spread over multiple locations, the ideal scenario is to have network traffic analysis tools that can be easily transported and deployed onsite, but controlled remotely. This eliminates the time-consuming and expensive onsite travels for IT specialists, while still offering fast drill-down to the network issues.

All-in-one network traffic analysis solution

Profitap recognizes the digital industry evolution and wants to make things even quicker and easier for you. An easy-to-use, lightweight and intelligent network probe is available for the industry to ensure productivity and ultimately increase your revenue.

IOTA has been developed to meet the needs of the industry’s top network analysts and engineers. As an all-in-one network analysis solution, IOTA can be deployed easily anywhere in the field, both as a portable and as a rack-mounted data center solution. This way, IOTA gives you full remote access and analysis capabilities into your 1G/10G networks, anywhere you want.

IOTA’s combination of features in a single and compact device, make it a complete network capture and analysis solution, and an essential addition to any network engineer’s toolkit.

Profitap IOTA functional description
Link to product pages: IOTA All-in-One Network Analyzer