Search form

Upcoming Webinars

Eradicate service outages and performance issues from your network with OpManager
April 23, 2024
Master Class: Optimizing CX through 4 Pillars of Internet Resilience
May 01, 2024

On-Demand Webinars

Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack
May 2023 Product Launch: Learn about Catchpoint's New Capabilities

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
The 2024 Observability Landscape — a survey of observability decision-makers
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
The SRE Report 2024
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
2024 State of IT Operations Report: Journey to Agility
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure
Best Ways to Map Impact of Application Performance Issues on Business Goals
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
Quick Tips: Network and Application Infrastructure Checklist for the “Work From Home” Admin
Application Management Solutions for Enterprises

All White Papers...

The Pros & Cons of Flow & Packet Data - Part 2
February 23, 2022

Jay Botelho
LiveAction

Share this

What are the cons or challenges of Flow and Packet data?

Start with: The Pros and Cons of Flow and Packet Data - Part 1

While Flow data offers a high level of traffic visibility, it has little detail about what's actually flowing. For example, you can't see microbursts, or the amount of time an application spends churning on a request. It can also present complications for flow monitoring at the edge (small, remote offices), since many edge routers aren't full-featured enough to offer xFlow.

And although xFlow come "for free," it does put an extra processing load on the router, especially when the router is very busy, and this can lead to gaps in visibility when you need it most.

Finally, flow sampling is sometimes used to reduce the processing load on the router, making security detection much less effective since some flows, and perhaps the flows in question, may not be reported on due to sampling.

When it comes to Packet data, dedicated hardware and cabling are required between mirror ports on a router and a DPI application or appliance. This means there's more equipment to purchase, configure and maintain. Furthermore, when routers get busy the processing power required to mirror data can be reduced, resuling in some data not being mirrored, thereby reducing the effectiveness of the mirrored data. This can be addressed by using network taps or packet brokers, but this introduces even more hardware into the solution.

Packet data also requires specialized tools for analysis and a high level of expertise to be used effectively. To reap the benefits of packet data, organizations need to invest in solutions like protocol analyzers and have NetOps teams that understand how to use them. It also adds more complexity to network management, as network engineers need to be very aware of what data they want to monitor, and then ensure that the data mirroring they originally configure remains relevant as other network changes are made.

And the use of HTTPS and VPNs that create privacy tunneling is making packet payload analysis more challenging, often limited to specific instances where the keys for decryption are known for specific network flows.

What are some common ways to use Flow and Packet data to troubleshoot network performance?

The more complex underlying network problems are, the more sleuthing and expertise in protocol and packet analysis are needed. End-to-end visibility extrapolated from Flow and Packet data aids network troubleshooting at the most critical levels and sets the stage for further monitoring integrations that track application performance and sophisticated user experiences.

By using network monitoring solutions (like NPMD and NDR), finding the answers to common issues can be simplified. Here are four ways Packet and Flow data can help.

Topological Views

These views use Flow and Packet data to provide a comprehensive map of network performance. This helps Netops teams to identify infrastructure components in need of upgrading or replacement, and perform capacity planning. They also help when maintaining a real-time comprehensive device inventory, can trigger automatic device discovery, can help to proactively identify choke points on the network, and can be used to compare different performance metrics.

Flow Path Analysis

This is used to identify possible routes, hops, and network latency impacts across endpoints based on IP address. Packet and flow data allows Netops to identify issues caused by load balancing and to identify other issues caused by routing, such as sudden changes in network latency and poor performance of real-time protocols, typically voice and video.

Application Monitoring

Establishing performance baselines that can be used to monitor for abnormal traffic levels is crucial for application performance. Flow and Packet data allows NetOps to uncover insight into how the network is being used at the application level. For example, by identifying policy weaknesses that have allowed unwanted usage.

Intrusion Detection and Prevention Monitoring

Having insight into Flow and Packet data allows NetOps and SecOps to identify a known attack or type of attack based on its signature (signature-based). Teams can also identify deviations from the norm of network behaviors (anomaly-based) or the norms of protocol use (stateful protocol analysis).

Oftentimes, enterprises have seen Flow and Packet data as mutually exclusive — that one can be utilized without the need for the other — but the truth is that when combined NetOps teams can gain more complete visibility. This helps to protect against security threats, investigate alerts and ensure the overall performance of the network and applications.

Jay Botelho is Senior Director of Product Management at LiveAction
Share this

Related Links

www.liveaction.com
The Pros and Cons of Flow and Packet Data - Part 1

Hot Topics

NPM/NetOps

The Latest

AI, Security, and Sustainability Are Major Drivers for IT Modernization
April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...

The Past, Present and Future of DEX
April 24, 2024

Over the last 20 years Digital Employee Experience has become a necessity for companies committed to digital transformation and improving IT experiences. In fact, by 2025, more than 50% of IT organizations will use digital employee experience to prioritize and measure digital initiative success ...

Cloud Barriers Impact the Bottom Line
April 23, 2024

While most companies are now deploying cloud-based technologies, the 2024 Secure Cloud Networking Field Report from Aviatrix found that there is a silent struggle to maximize value from those investments. Many of the challenges organizations have faced over the past several years have evolved, but continue today ...

Full-Stack Observability in 2024 and the Importance of End-to-End Visibility for IT Teams
April 22, 2024

In our latest research, Cisco's The App Attention Index 2023: Beware the Application Generation, 62% of consumers report their expectations for digital experiences are far higher than they were two years ago, and 64% state they are less forgiving of poor digital services than they were just 12 months ago ...

MEAN TIME TO INSIGHT Podcast - Episode 5: Network Source of Truth
April 19, 2024

In MEAN TIME TO INSIGHT Episode 5, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses the network source of truth ...

Rapid Tech Expansion Creates Chaos for the Majority of Businesses
April 18, 2024

A vast majority (89%) of organizations have rapidly expanded their technology in the past few years and three quarters (76%) say it's brought with it increased "chaos" that they have to manage, according to Situation Report 2024: Managing Technology Chaos from Software AG ...

IT Trend: Growing Need for Automation
April 17, 2024

In 2024 the number one challenge facing IT teams is a lack of skilled workers, and many are turning to automation as an answer, according to IT Trends: 2024 Industry Report ...

Cloud-Native Technologies Produce Explosion of Data Beyond Human Ability to Manage
April 16, 2024

Organizations are continuing to embrace multicloud environments and cloud-native architectures to enable rapid transformation and deliver secure innovation. However, despite the speed, scale, and agility enabled by these modern cloud ecosystems, organizations are struggling to manage the explosion of data they create, according to The state of observability 2024: Overcoming complexity through AI-driven analytics and automation strategies, a report from Dynatrace ...

Challenges and Trends in Observability Adoption 2024
April 15, 2024

Organizations recognize the value of observability, but only 10% of them are actually practicing full observability of their applications and infrastructure. This is among the key findings from the recently completed Logz.io 2024 Observability Pulse Survey and Report ...

Calling for a New Era of Digital Observability: The Imperative for Comprehensive Internet Performance Monitoring
April 11, 2024

Businesses must adopt a comprehensive Internet Performance Monitoring (IPM) strategy, says Enterprise Management Associates (EMA), a leading IT analyst research firm. This strategy is crucial to bridge the significant observability gap within today's complex IT infrastructures. The recommendation is particularly timely, given that 99% of enterprises are expanding their use of the Internet as a primary connectivity conduit while facing challenges due to the inefficiency of multiple, disjointed monitoring tools, according to Modern Enterprises Must Boost Observability with Internet Performance Monitoring, a new report from EMA and Catchpoint ...