Why You Need Network Intelligence at the Visibility Layer

The underlying objective of the visibility layer, as a layer of devices sitting between the network itself and the network tools and appliances, is to serve as an adaptation layer responsible for delivering the right traffic to the right tool. By doing this we are increasing the efficiency of the tools, streamlining the enterprise's operations and reducing overall total cost of ownership.

What does Niagara’s Network Intelligence offer?

A
Taking the motto of “getting the right traffic to the right tool” to the next level.

By performing more advanced traffic processing, the network appliance will receive traffic from the NPB more efficiently, in a manner that it can actually process. For example, TLS decryption, traffic that the network tool cannot otherwise process if its encrypted. With Niagara NI, the NPB can perform more advanced traffic processing so that the network tool can be off-loaded to focus its resources on its designed task. See list of supported applications.


Many of the same advanced traffic processing tasks are required by different network tools. It’s only natural to perform these in the visibility layer in a centralized manner. In the visibility layer NI Application processing can be performed once and fed efficiently to multiple tools.

intelligent network

The figure depicts offloading of TLS Decryption and De-duplication from each individual network tool to the NPB in a centralized and optimized manner. This can equally apply if the network tool did not have these advanced processing capabilities in the first place

Network Intelligence applications

The figure depicts the users ability to apply multiple NI Applications inside the NPB, and to determine the order of operation sequence by which they will be applied on the network traffic

Users can combine multiple NI Applications on the same Packetron module. NI Applications will be applied at a user defined sequence on the data traffic.

All Network Intelligence applications are seamlessly integrated into the FabricFlow operation of the host multipurpose visibility node. Users can apply the NI Application on the traffic from user friendly, hassle-free menu screens.

B
Open Visibility Platform

Open Visibility Platform is a Niagara’s pioneering vision enabling those customers interested in taking the next step in on-demand, optimized intelligent network solutions.


Typically we view the visibility layer in terms of ‘getting the right traffic to the right tool’, but what if you could seamlessly integrate the network tool with the NPB to be part of the NPB and visibility layer? With the OVP users can spin-up on-demand applications onto the NPB, benefitting from the NPB’s deployment at key points on your network infrastructure.

Easily deploy any 3rd party best of breed application to augment your security, monitoring and performance needs. Here we are not merely off-loading processing from the network appliance, but can actually fully accommodate and host the appliance inside the NPB.

Open Visibility Platform

Figure depicts installing best of breed applications inside the NPB, saving on operational costs and deployment complexity and improving reliability

With OVP you can easily install the latest and best applications, and seamlessly tool chain their execution based on your needs.

OVP is not limited to a single application, but enables users to combine multiple applications inside the NPB; for example Network Traffic Analysis (NTA) and a Firewall (FW) - thus achieving a powerful security multiplier against dynamic threats.

C
Tool Sprawl Consolidation

Enable consolidation of the tool sprawl by physically deploying the network tools together within the network packet broker. The enterprise is able to significantly reduce operational costs and deployment complexity. Here we are leveraging the ability to accommodate and host multiple network appliances in each in their own virtual machine or as bare-metal integration all inside the NPB.

All diagrams for network intelligence page_V4_4

This figure depicts consolidating multiple network tools into a single NPB. Processing modules can be added to the NPB to scale performance to meet user’s needs.

The Packetron

Niagara’s Network Intelligence is achieved using the Packetron packet processor acceleration hardware module. This module fits into the network packet broker and enables the user to add more modules in cases where more traffic intelligence processing power is needed.

Network Intelligence using Packetron

Figure depicts NPB<-->Packetron combo. Combining Packet broker functionality with application layer processing agility.

Applications running on the Packetron automatically and seamlessly benefit from aggregation, replication, filter, load balance, inline bypass and other traffic manipulation capabilities of a fully featured NPB. By connecting to the non-blocking switching core, traffic from any port and to any port can be easily accomplished.

Network Intelligence for out-of-band and inline deployments

The Packetron module occupies a single bay in the multi-purpose visibility node. This provides superior packet processing density per form factor. Input traffic from packet broker ports, bypass ports or tap ports via the non-blocking switching fabric, enables the Packetron to provide Network Intelligence application for both out-of-band monitoring deployments and for inline deployments.

A multi purpose visibility node is powered by a switching fabric that is able to deliver great processing and forwarding capabilities on packets, up to Layer 4. The Packetron module is directly connected to the host switching fabric. The Packetron is able to handle sophisticated application level and L7 level processing on packets, sessions and flows.

 

The Packetron has a nominal processing capacity of 80GbE. Though actual performance may vary based on the application and or number of applications that are run simultaneously on a single Packetron module. As a modular, field replaceable module, users can add Packetron modules to scale up their processing needs.

Open Visibility Platform

Figure depicts schematic deployment of Niagara's Open Visibility Platform (OVP). Security application can be deployed on Packetron modules as part of the SSL/TLS decryption platform. This powerful combination enhances the efficiency of both the decryption platform and the on-board resident security application, delivering a cyber threat detection multiplier.

Network Intelligence Applications

Packet Slicing

Packet Slicing reduces the volume of data to be forwarded for analysis and processing by a network appliance by reducing the packet length. This is especially useful for network applications that only require header analysis and or a defined set of bytes from each packet. Packet length is reduced based on user configurable rules.

Deduplication

Deduplication identifies and removes duplicate packets from being sent to a network appliance. While duplicate packets may occur on the network from backup and failovers deployment architectures, the more common occurrence is with the use of multiple SPAN ports across connected switches and routers that are feeding to a network appliance. When a network appliance handles duplicate packets, the duplicate packets consume the tools limited processing resources, resulting in significant performance degradation and may also affect the accuracy and results reported.

8@2x

Figure depicts the function of deduplication. User can optimize deduplication for his network needs by configuring the window size and refining deduplication criteria based on header attributes.

NetFlow/IPFIX and metadata

With the increase in traffic capacity on the one hand and the need for greater processing granularity on the other hand, many network tools ingest traffic metadata rather than the raw traffic data packets themselves. There are well standardized metadata frameworks as well as numerous specified fields and extensions for additional vendor specific fields. Often, metadata reports are generated by the network element itself like a switch or a router. The disadvantage is that as metadata generation is not the primary objective of the switch or router, metadata performance generated by the switch or router may be degraded in times of congestion versus Niagara’s solution where such a degradation does not take place. Furthermore, to address congestion, the switch or router utilize traffic sampling, instead of taking into account every packet in the flow.

Data Masking

Data Masking enables the enterprise to forward and share data traffic across departments, while at the same time providing them with a tool to mask private and confidential user information that is contained in the data.

Application Filtering

Identification of applications and layer 7 protocols often require deep packet inspection and analysis. Application filtering performs DPI and supports the identification of dozens of applications. Supported application list is updated on a regular basis

TLS Decryption

SSL/TLS decryption offering is an important foundation of the security visibility layer. Without SSL/TLS Decryption your organization is blind to attacks, malware and other security and cyber threats impacting your network via the TLS layer. Organizations need a way to identify threats and malware in order to protect their users and intellectual property.

 

Niagara's SSL/TLS decryption platform supports three deployment modes:

 

  • Passive out of band - the SSL/TLS decryption platform receives a copy of the encrypted traffic. The decrypted traffic can be forwarded to an out of band tool. The decryption process has no impact of the network traffic. This mode is only available with supporting TLS version and cipher suites.

 

  • Active out of band - the SSL/TLS decryption platform sits inline, receiving the encrypted traffic. The encrypted traffic is decrypted and re-encrypted back to the network. A copy of the decrypted traffic can be forwarded to an out of band appliance. The actions of the out of band appliance itself have no impact on the network traffic.

 

  • Active inline - the SSL/TLS decryption platform sits inline, receiving the encrypted traffic. The encrypted traffic is decrypted, and the decrypted traffic may be forwarded to an inline appliance. Decrypted traffic from the inline appliance is received back at the SSL/TLS decryption platform and is re-encrypted on to the network.
SSL/TLS Network Deployments

Figure depicts the three SSL/TLS network deployments. The three modes can bee support simultaneously on the same platform.

Tunnel Support

Tunnels are used to encapsulate traffic and send it from one location to another. This application supports the ability to encapsulate traffic and send it to a remote/central location. It also supports the ability to terminate a tunnels and forward the decapsulated (de-tunneled) traffic to a network tool

GTP Correlation

GTP Correlation encompases multiple applications associated with facilitating network tool connectivity in mobile environments. One of the primary challenges in mobile networks network tools, whether used for performance, monitoring, behavioral analysis, and or any other analysis that requires differentiating user traffic is that in mobile networks the user plane and control plane are decoupled. In order to correctly identify a specific user’s traffic we need to correlate it with the control/signaling plane. Other associated applications include optimized load balancing based on user traffic, IMSI filtering and more.

Header Stripping

Header Stripping is designed to facilitate and modify traffic in a manner that the intended network tool can process it and fulfill its intended purpose. Niagara’s application will strip the header from the traffic exposing the relevant packet for processing

Network Intelligence Open Visibility Partners