Hyperscale data center
steps up security
A global hyperscale data center engaged ntop to help develop a 100G line-rate traffic monitoring solution. Their current solution only provided them a fractional overview of who had been on their network and what action they had taken.
ntop partnered with Napatech to develop a compact 100G capacity solution that would both deliver lossless packet capture while also providing a 1:1 overview of the NetFlow.
The combined power of this packet and flow-centric solution helped the data center to attain complete network visibility and, consequently, realize a drastically stronger network security with a minimum strain on resources.
Industry pain points
The ability to detect threats at any speed is a challenge. In a world of software-defined everything, with trillions of endpoints, massive amounts of data and networks operating at speeds of 40G and 100G, these challenges become even more complex. To make matters worse, there is a severe lack of commercial, affordable offerings capable of addressing industry needs. Many enterprises and cloud service providers are therefore driven to build their own security monitoring solutions. But how do you build an efficient solution that provides complete traffic visibility, even at 100G?
This was the challenge faced by a global hyperscale data center as they engaged ntop and Napatech to help develop a 100G line rate traffic monitoring solution focusing both on network performance measurement and security traffic analysis. Their current solution was based on Random Sampled NetFlow, which only provided them a fractional overview of who had been on their network and what action they had taken.
The Cento 100 Gbit Capacity Solution
To reinforce their security posture, they needed to gain full traffic visibility. Losing even a single data packet could potentially expose their critical infrastructure and compromise the safety of assets and resources. What they needed was a solution that would guarantee lossless capture, even at 100G. To enhance efficiency, they also needed a 1:1 overview of the NetFlow statistics while only storing selected flows to disk. That way they could focus their further processing on any abnormal, suspicious activity, instead of committing resources to investigate each single data packet.
ntop and Napatech partnered to develop a compact high-speed solution that would both ensure complete packet capture while also providing the needed 1:1 NetFlow overview.
Napatech’s FPGA-powered FPGA SmartNICs were integrated with the nProbe™ Cento software. This provided guaranteed lossless capture and enabled traffic analysis even at 100G. When captured, the data packets were classified by the Cento NetFlow probe and converted into flows. The n2disk™ network traffic recorder made it possible to write packets from suspicious flows to disk for extensive periods of time, enabling subsequent forensic investigation.
By combining the high-speed Cento software with Napatech FPGA SmartNICs, we successfully developed a 100G capacity solution that would both ensure zero packet loss while also providing a fully reliable 1:1 overview of the NetFlow. The combined power of this packet and flow-centric solution helped the data center to realize a drastically stronger network security with a minimum strain on resources.
nProbe™ Cento is a high-speed NetFlow probe able to keep up with 10/40/100 Gbit. Besides capturing ingress packets and computing flow data, it can be used to classify the traffic via DPI (Deep Packet Inspection) and perform optional actions on selected packets/flows when used as traffic forwarder in combination with other applications such as IPS/ IDS, traffic recorders, etc.
Napatech FPGA SmartNICs
Napatech FPGA SmartNICs capture data from networks at high speed and high volume using patented packet capture technology, enabling real-time insight into network traffic. With a portfolio that scales from 1 to 100 Gbit, we provide more efficient data delivery through such features as zero packet loss and nanosecond time precision.