The Pros & Cons of Flow & Packet Data - Part 1
February 22, 2022

Jay Botelho
LiveAction

Share this

Designing and maintaining a network that delivers uninterrupted performance is a crucial function of most NetOps teams. But with new technology challenges around cloud and software defined architectures, many struggle to optimize and troubleshoot the high-performance networks of today.

According to a recent survey from LiveAction, 20% of NetOps teams are focused on improving application performance across the network, 19% are focused on improving network monitoring, and 15% are focused on improving performance at remote sites. Doing this effectively requires visibility into flow and packet data. When aggregated and analyzed properly, NetOps teams can gain valuable insights and operate more predictable, high-performing networks.

NetOps teams traditionally rely on network performance monitoring solutions to collect this data, but what are the pros and cons of flow and packet data and how is it used to troubleshoot networks?

First, let's quickly define flow and packet data. The goal of network flow monitoring is to tally, log, and analyze all network traffic as it passes through routers and other network devices, essentially creating a summary model of network usage. Deep Packet Inspection (DPI) is a process commonly used to inspect the payload content of each packet to make determinations about whether to act on that packet by rejecting it or allowing it to pass through the network. DPI can also be used to passively collect the traffic traversing the network to add visibility and troubleshooting capabilities into network monitoring solutions.

Packet capture is also used to store a mirror copy of network packets for detailed network analysis, using forensic search and filtering. The stored mirror copy can later be examined for a particular time frame, when new performance, security, or forensic incidents arise. When network messages are packetized (broken into pieces), they are then routed over the internet to other connections to be reassembled at their destination. Each packet is generally organized into three segments regardless of size — the header, payload and footer. As packets flow through the network routers, their headers are read and "fingerprinted" based on five to seven packet header attributes.

Today, most routers have some brand of xFlow export feature that allows flow data to be sent from the router to a collector and analyzer. Netflow is the de facto industry flow protocol (originating from Cisco), but other popular protocols include IPFIX, J-Flow, and sFlow. Source and Destination addresses tell who the originator and receiver of the traffic are. Ports and Class of Service tell what applications are in use and their traffic priority. Device interfaces tell how devices are utilizing traffic. By tallying packets, the total traffic flow amount can be determined. Timestamps are useful for placing flows in time and determining their rates. And finally, Application and Network Latency provide measurements about how long each transaction takes.

What are the pros of flow and packet data?

First, flow data is simple to set up. Most routers and switches come standard with the xFlow protocol feature. This means you get vendor-agnostic visibility across just about every network segment. Capturing flow data also requires no extra cabling or equipment, and in most cases no extra licensing, providing excellent network visibility essentially "for free." It also has low network bandwidth overhead since flow data approximates only 0.5% of network traffic, and no clients are necessary on end systems.

For Packet data, it's valuable because it contains every bit of information for every transaction on the network. It allows NetOps to understand bandwidth usage by analyzing details of application and user behavior.

Excessive bandwidth utilization often occurs over very small time periods, typically referred to as "microbursts" since these event happen over microseconds to milliseconds. These events are hidden by the typical reporting rates of xFlow data, but are easily exposed by packet data.

Packet data is also ideal for detailed monitoring and troubleshooting on critical applications, servers and connections. This helps with answering critical questions, like whether the network or the application is the root cause of a problem. Packet data provide specific, interpacket timing, and can expose critical data in payloads that provide proof of application problems. Packet data also offer significant name discovery, such as application names, file names, website URLs, and hostnames, which can be used for both detailed troubleshooting and reporting on custom, web-based applications.

Go to: The Pros and Cons of Flow and Packet Data - Part 2

Jay Botelho is Senior Director of Product Management at LiveAction
Share this

The Latest

October 09, 2024
A well-performing application is no longer a luxury; it has become a necessity for many business organizations worldwide. End users expect applications to be fast, reliable, and responsive — anything less can cause user frustration, app abandonment, and ultimately lost revenue. This is where application performance testing comes in ....
October 08, 2024

The demand for real-time AI capabilities is pushing data scientists to develop and manage infrastructure that can handle massive volumes of data in motion. This includes streaming data pipelines, edge computing, scalable cloud architecture, and data quality and governance. These new responsibilities require data scientists to expand their skill sets significantly ...

October 07, 2024

As the digital landscape constantly evolves, it's critical for businesses to stay ahead, especially when it comes to operating systems updates. A recent ControlUp study revealed that 82% of enterprise Windows endpoint devices have yet to migrate to Windows 11. With Microsoft's cutoff date on October 14, 2025, for Windows 10 support fast approaching, the urgency cannot be overstated ...

October 04, 2024

In Part 1 of this two-part series, I defined multi-CDN and explored how and why this approach is used by streaming services, e-commerce platforms, gaming companies and global enterprises for fast and reliable content delivery ... Now, in Part 2 of the series, I'll explore one of the biggest challenges of multi-CDN: observability.

October 03, 2024

CDNs consist of geographically distributed data centers with servers that cache and serve content close to end users to reduce latency and improve load times. Each data center is strategically placed so that digital signals can rapidly travel from one "point of presence" to the next, getting the digital signal to the viewer as fast as possible ... Multi-CDN refers to the strategy of utilizing multiple CDNs to deliver digital content across the internet ...

October 02, 2024

We surveyed IT professionals on their attitudes and practices regarding using Generative AI with databases. We asked how they are layering the technology in with their systems, where it's working the best for them, and what their concerns are ...

October 01, 2024

40% of generative AI (GenAI) solutions will be multimodal (text, image, audio and video) by 2027, up from 1% in 2023, according to Gartner ...

September 30, 2024

Today's digital business landscape evolves rapidly ... Among the areas primed for innovation, the long-standing ticket-based IT support model stands out as particularly outdated. Emerging as a game-changer, the concept of the "ticketless enterprise" promises to shift IT management from a reactive stance to a proactive approach ...

September 27, 2024

In MEAN TIME TO INSIGHT Episode 10, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses Generative AI ...

September 26, 2024

By 2026, 30% of enterprises will automate more than half of their network activities, an increase from under 10% in mid-2023, according to Gartner ...