This is a continuation of our blog series on the advanced functions for network visibility solutions with fully programmable data pipelines. Read our introduction to the series here.

Another great example of the power behind fully programmable pipelines is the ability to gain insight into the actual visibility solution itself. Solutions such as the MantisNet RFP-NG are able to leverage the processing logic of these pipelines to better visualize what types of events are unfolding on the wire over time and provide metrics related to the rules that are running. Once again, let’s simplify things here for a moment to best understand this concept….


With a traditional NPB put in place, you can filter out traffic of interest, redirect traffic to multiple monitoring tools, break down bigger pipes into smaller pipes for analytics- the list goes on. However, do you have insight into what is occurring at a higher level? Do you understand how the trends associated with your network composition change over time? Keep in mind the fact that a network packet broker is essentially a product that allows you to set rules that dictate how the device handles traffic. For example- filter out DNS traffic on ports 1&3, block all IP addresses across X values on ports 4&6, etc. Rules (or ACLs) are put in place to better manipulate and efficiently distribute network traffic across your toolset. However, these rules serve one purpose- that is, to either allow, deny, redirect, or replicate certain traffic types across the visibility solution. The rules in place, funnel the traffic according to the requirement, but what if you had metrics on each rule that was running?

 

Metrics of your rules/ACLs have arrived

With a network visibility solution that is built with a fully programmable pipeline, you can now gain more meaningful insight from the rules you are putting in place. For example, MantisNet’s RFP-NG allows you to not only set unique rules in place, but to also generate statistics associated with those rules anytime the rule/ACL fires. Instead of having a simple rule that says, “filter out DNS traffic”, you can now monitor and receive an alert (with statistics and a time stamp) any time that particular filter sees a DNS packet. These alerts/statistics (AKA telemetry) can be visualized over time with readily available open source tools.

time series rule tracking of ACLs MantisNet

You now have a solution that not only allows you to manipulate the traffic itself, but also provides you a look at how often that manipulation (AKA how often DNS traffic is present) occurs on that specific port. The device is now self-reporting statistics that allow you to create a baseline for your particular network, and will help you better understand trends and deviations from the base over time.

All in all, the fully programmable pipeline is a game changer when it comes to network visibility solutions. The key to network visibility is to see every piece of information that is available on the network, and process that information in the most efficient way possible. Fully programmable pipelines allow users to do this in a way that now puts them in the driver seat, as opposed to being driven by the technology available at the time.

Expand your visibility and obtain metrics for an improved network management experience with with MantisNet’s RFP-NG.

 

You can read more about our list of advanced functions made possible with fully programmable data pipeline in our 'Can your packet broker do this?' series:

  • Complex parsing / identifying unknown packets / de-parsing of packets
    • Identify packets that don't match existing header definitions and parse graph (e.g. packets that don't parse) and direct packets out to a follow-on system for reverse engineering and further characterization
    • Unique header / network overlay stripping capabilities (multiple VLANs, 802.1aq)
    • Can hash and load balance based on innermost IP information in complex packet formats
  • Can generate time-series data metrics for all applied ACLs (via ONT)
    • Ability to set ACLs (filters) and generate octets and packet stats natively
    • Cloud native instrumentation via Prometheus and Grafana
  • INT (in-band network telemetry): ability to insert metadata headers with specific data of interest
  • ONT (out-of-band network telemetry): ability to export metadata with specific data of interest
  • Software-based, extensible, architecture; dynamic addition of protocols for full programmability of the pipeline

 

 

Topics: network preformance, cyber security, IT operations, Real-Time Monitoring, DNS Monitoring, mantis

Mike Fecher

Written by Mike Fecher

Mike's a leader in developing client solutions for data center infrastructure, cybersecurity, and network visibility. He has worked with commercial telecom providers, the US Intelligence Community, and various other government agencies to help implement data-centric solutions.