Data Retention Applications will typically only store call information (who is talking to who, when and for how long, and how much data was transferred). In many countries it is mandatory for Internet providers to perform data retention (in the US it is defined by the Communications Assistance for Law Enforcement Act (CALEA) and in EU it is defined by the EU Data Retention Directive). Data Retention Applications are supported by the Napatech Network Adapters via functionality, such as:
- Zero Packet Loss: Ensures that all network frames are captured for any network load condition.
- Deduplication: Supports removal of the duplicate frames sometimes seen in MPLS networks. Removing the duplicate frames can save considerable amounts of disk space and save the host CPU from the very time-consuming job of identifying and removing the duplicate frames.
- Slicing: Conditional dynamic slicing can be used to discard all payload data that is not needed. The adapter can, for instance, be set up so that all UDP and TCP data is sliced away except for VoIP call setup frames where the full packet is captured. Conditional dynamic slicing can dramatically reduce the amount of data that an application needs to handle. Since host memory bandwidth can be a limiting factor for the system performance, this is a very important feature.
- Multi-CPU Support: Data retention applications will often perform some processing of the captured data before the result is written to the disk. To easily increase the CPU processing power available for this task the Multi-CPU Buffer Splitting functionality can be used. It allows the captured data to be distributet to multiple host buffers where it can be handled by multiple CPU cores. The 2/5-tuple hash keys ensure that the same flows are always delivered to the same host buffers and therefore always handled by the same CPU core, whereby the CPU cache performance is improved.
Data Logging Applications will typically capture data to and from specific IP addresses, and for that traffic the full network flow will be captured. Data logging is supported by the Napatech adapters via functionality, such as:
- Time-stamping: Captured frames are time-stamped, enabling retrieval of the captured frames with exact timing information.
- Programmable Filtering: Adapter filters can be set up so that only relevant frames are captured.
- Channel Merging: Enables network frames from several ports to be merged in reception time order and placed in one host buffer, simplifying retrieval of the frames in time order.
-
Multi-CPU Buffer Splitting: For data logging applications Multi-CPU Buffer Splitting can be used to utilize multiple CPU cores.
Forensic Analysis Applications will often record all the traffic on a network to large RAID disk arrays for later analysis. In some cases this will be supplemented with some on-the-fly analysis. The recorded data can later be used for in-depth analysis of network events, e.g. how a virus attack has affected a network. Forensic Analysis can also be used for criminal investigation. Forensic Analysis is supported by the Napatech adapters via functionality, such as:
- Zero Packet Loss: All frames can be captured on any network load condition so that a full network story can always be retrieved.
- Time-stamping: Captured frames are time-stamped, enabling the retrieval of exact timing of the captured frames.
- Programmable Filtering: Adapter filters can be set up so that only relevant frames are captured.
- Multi-CPU Buffer Splitting : For Forensic Analysis, Multi-CPU Buffer Splitting can be used to utilize multiple CPU cores.
-
Packet Classification: The adapter can classify the frames before they are delivered to the host CPU (e.g. find the byte offset to the IP, TCP or UDP payload), whereby the host processing can be accelerated.