Page 443 - Handbook of Modern Telecommunications
P. 443
3-234 CRC Handbook of Modern Telecommunications, Second Edition
Operator UI API Reports
Analysis Software
Probe
Probe Probe
Probe Analysis NIC
Parsing Engine
FIGu RE 3.9.7 Packet-flow sensory product architecture.
3.9.3.5 Packet-Flow-Based Sensor Networks
The final category of sensor technologies are deep packet inspection (DPI) products that watch the flow
of actual revenue traffic across the delivery network and build a finely granular and complete view of all
services and control traffic flows. These solutions are typically provided via purpose-built probe appli-
ances that attach passively to key points of aggregation in the service delivery network and inspect each
and every stream of packets that comprise connectionless services. Since these sensory systems start
with packets, but ultimately tie those packets together into common threads, or flows, they are referred
to here as packet-flow solutions. While this type of technology has long been available for test and trou-
bleshooting purposes, and has been broadly deployed in the predominantly IP realms of government
and enterprise networks, its application to communications service provider operating environments
is relatively recent.
The basic elements of packet-flow sensory systems include (see Figure 3.9.7) high-speed network
interface cards that are responsible for providing a live, real-time window into the packet streams, com-
bined with a parsing engine that inspects each packet and categorizes it in terms of service user, service
type, service volume, and key quality indicators, and analysis software for harvesting and presenting
the collected metrics.
The more advanced systems of this type will include additional functional elements such as:
• Stream-to-disk for complete reconstructive forensic analysis of extended packet sequences
• Detailed packet decode and expert analysis functions (may reside directly on the instrumenta-
tion devices)
• Automated recognition and tracking of traffic types within core traffic categories (such as indi-
vidual Web URLs or sub-URLs versus aggregate HTTP or HTTPS-based Web traffic), individual
application transaction types, and bit sequence pattern matching
• Advanced, predictive analysis of key performance metrics for recognizing relevant early indica-
tions of service quality degradations
• Integration with other OSS products for alarm forwarding and data sharing
The primary challenge with architecting packet-flow solutions is in handling the speeds at which
service delivery networks operate. Unlike other sensory approaches that deal with summary or
sampled data, or with only control traffic, packet-flow sensors must watch every bit and byte of the
service traffic traversing the instrumented links and select the appropriate information from which
operational information will be interpreted. Current state-of-the-art sensors can accomplish this
goal at line rates of up to 10 Gbps, and vendor suppliers continue to working on raising that rate to
keep pace with the global growth in IP traffic and the commensurate steady increase in transport
technology speeds.
