Intelligent Traffic Analysis

Posted on Apr 3, 2024 by

 67

What Is Intelligent Traffic Analysis?

Intelligent traffic analysis is a cutting-edge technology that monitors and analyzes network traffic. It provides precise performance data, such as packet loss rate and nanosecond-level delay, for specific service flows. This helps O&M personnel monitor network status, locate faults, and visualize network traffic.

Why Is Intelligent Traffic Analysis Required?

With the rapid digital transformation of industries, the deployment of critical services and applications on user networks is increasing. This leads to larger and more complex networks with diverse application types and data flows. These complexities give rise to challenges in network operation and maintenance (O&M), such as TCP connection failures and abnormal delays in service flows. It is crucial to swiftly identify and precisely locate faults, restore services promptly, and enhance O&M efficiency. Additionally, network traffic visualization has become a prevailing trend for implementing effective service management in intricate network environments.

Intelligent traffic analysis technology effectively addresses these challenges through the following means:

1. Leveraging the device's built-in chip, this technology ensures minimal impact on device forwarding performance and reduces the processing load on remote analyzers.
2. Intelligent analysis is performed based on unique characteristics of each service flow, enabling comprehensive examination of packet loss rate, delay, and nanosecond-level round-trip time (RTT).
3. Real-time monitoring of network status allows for swift and accurate identification of faulty nodes, enhancing network stability and reducing maintenance costs.
4. The analysis results can be seamlessly exported to iMaster NCE-FabricInsight, providing robust support for network-wide visualized traffic management.

What Are the Components of the Intelligent Traffic Analysis System?

An intelligent traffic analysis system typically comprises three components: the traffic-analysis data exporter (TDE), traffic-analysis processor (TAP), and traffic-analysis data analyzer (TDA).

1. The TDE is a device equipped with intelligent traffic analysis capabilities. It determines the specific service flows to be monitored and forwards them to the TAP.
2. The TAP is an embedded chip integrated into the CPU of a device. It receives and processes the service flows transmitted from the TDE, performing in-depth analysis. The TAP then exports the analysis results to the TDA.
3. The TDA refers to iMaster NCE-FabricInsight, which serves as a network traffic analysis tool. It offers a user-friendly graphical user interface (GUI) that enables users to easily access, visualize, and analyze the collected data.

In practical implementations, the TDE and TAP are typically deployed together on the same device. In the depicted network scenario, the intelligent traffic analysis functionality is configured on DeviceA.

How Does the Intelligent Traffic Analysis System Work?

The intelligent traffic analysis system functions through a series of steps including flow matching, flow analysis, and flow table export, as depicted in the accompanying diagram.

Flow Matching

To detect a specific service flow, the TDE configures an ACL rule for flow matching. Once a service flow is matched, it is mirrored and forwarded to the TAP via the forwarding chip. In cases where the TAP is unable to process the received packets, such as unsupported packet types or exceeding processing capabilities, the TAP discards the packets.

Flow Analysis

Upon receiving the matched packets, the TAP proceeds to analyze and process them. Leveraging the 5-tuple information (source IP address, source port number, destination IP address, destination port number, and transport layer protocol) and key values within the packets, the TAP generates flow tables. It also gathers statistics on crucial fields within the flow tables, enabling analysis of flow characteristics such as discarded packets, delay, packet count, and flow creation time.

Flow Table Export

Intelligent traffic analysis allows users to access and review the analyzed service flow characteristics within the TAP. However, for a visualized and user-friendly display of analysis results, the flow tables need to be transmitted to the TDA. Currently, the only supported TDA is iMaster NCE-FabricInsight, which consists of the FabricInsight collector and FabricInsight analyzer.

As illustrated in the diagram, intelligent traffic analysis flow tables, containing the results of flow analysis, are initially stored in the device's cache. When the flow tables in the cache meet the aging conditions, the TAP within the device adds the statistical fields of the flow tables to the NetStream V9 extended template for encapsulation. The forwarding chip then searches for routes for the encapsulated packets and forwards them to the FabricInsight collector. Upon receiving the exported packets from the intelligent traffic analysis system, the FabricInsight collector summarizes the service flow characteristics based on packet information, such as source addresses. Finally, the summarized characteristics are sent to the FabricInsight analyzer for processing and display.

Application of Intelligent Traffic Analysis

Intelligent traffic analysis proves beneficial in managing complex network environments, enabling O&M personnel to implement visualized network management. The accompanying diagram illustrates an enterprise's data center hosting various services, with an application deployed on VM1 and VM3. Service flows carrying this application's packets traverse a specific path between VM1 and VM3. Each switch along the path has the capability to capture bidirectional traffic for this service flow. To monitor the application traffic, O&M personnel can deploy the intelligent traffic analysis function on one or multiple switches through which the application traffic passes. This facilitates monitoring and analysis of the service flows. In the event of anomalies such as packet loss or significant delays, O&M personnel can swiftly and accurately identify the fault's location. Additionally, the analysis results can be transmitted to iMaster NCE-FabricInsight for further analysis and visualization.