skip to Main Content

Complete network visibility
up to 100G

Case Study

Challenge

A global data center engaged ntop to help develop a 100G line-rate traffic monitoring solution. Their current solution only provided them a fractional overview of who had been on their network and what action they had taken.

Solution

ntop developed a compact 100G capacity solution that would both deliver complete packet capture while also providing a 1:1 overview of the NetFlow. ntop partnered with Napatech to ensure zero packet loss and full compatibility of the 100G hardware accelerators.

Benefits

The combined power of this packet and flow-centric solution helped the data center to attain complete network visibility and, consequently, realize a drastically stronger network security with a minimum strain on resources.

ntop in brief
ntop is an engineering-driven company that provides software for network traffic analysis, capture-to-disk and traffic generation applications optimizing the performance of Commercial Off-The-Shelf (COTS) hardware. ntop software is considered the de facto standard for packet capture applications in both commercial and open source communities.

Industry pain points
In the current threat environment, the data center is often the last line of defense. And with advanced malware and cyber-attacks rapidly escalating, there is a critical need for network visibility.

Previously, standard packet capture and data filtering solutions were sufficient to gain visibility. But as applications are growing in number and complexity – and with speeds approaching 100G, monitoring solutions are struggling to keep up.

Client challenges
In facing these challenges, a leading global data center engaged ntop to help develop a 100G line-rate traffic monitoring solution focusing both on network performance measurement and security traffic analysis. Their current solution was based on Random Sampled NetFlow, which only provided them a fractional overview of who had been on their network and what action they had taken. In essence an unreliable and insecure approach.

The Cento 100 Gbit Capacity Solution

To reinforce their network security, the data center needed to gain full visibility. Losing even a single data packet could potentially expose their critical infrastructure and compromise the safety of assets and resources. Hence they needed a solution that would guarantee 100% packet capture, even at 100G. To enhance efficiency, they also needed a 1:1 overview of the NetFlow statistics while only storing selected flows to disk. That way they could focus on processing any suspicious activity – rather than committing resource to investigate each single packet.

Our solution
To develop a compact 100G capacity solution that would both ensure complete packet capture while also providing the needed 1:1 NetFlow overview, ntop partnered with Napatech.

The Napatech SmartNICs were integrated with ntop’s nProbe™ Cento software to guarantee full packet capture and enable analysis of network data at 100G. That would provide the data center with full visibility of all activity on their network. After capturing the packets, the Cento NetFlow probe classified the packets and converted them into flows.

The n2disk™ network traffic recorder made it possible to write packets from suspicious flows to disk for extensive periods of time, enabling subsequent forensic investigation.

Benefits

By combining the high-speed Cento software with Napatech SmartNICs, we successfully developed a 100G capacity solution that would both ensure zero packet loss while also providing a reliable 1:1 overview of the NetFlow.

The combined power of this packet and flow-centric solution helped the data center to realize a drastically stronger network security with a minimum strain on resources.

nProbe™ Cento

nProbe™ Cento is a high-speed NetFlow probe able to keep up with 10/40/100 Gbit. Besides capturing ingress packets and computing flow data, it can be used to classify the traffic via DPI (Deep Packet Inspection) and perform optional actions on selected packets/flows when used as traffic forwarder in combination with other applications such as IPS/ IDS, traffic recorders, etc.

Napatech SmartNICs

Napatech SmartNICs capture data from networks at high speed and high volume using patented packet capture technology, enabling real-time insight into network traffic. With a portfolio that scales from 1 to 100 Gbit, we provide more efficient data delivery through such features as zero packet loss and nanosecond time precision.

Back To Top