Having packet visibility by way of a network recorder to troubleshoot intermittent network problems is a good problem to have. Complement that with a good network monitoring tool (i.e. netflow collector and visualizer) and you’ll typically have all you need at the most granular level when investigating network issues. However, trying to manage the data deluge for any network related investigation is like trying to find a needle in a haystack. To minimize your investigation time you’ll need to “reduce the noise”. Don’t save what you don’t need.
If your network recorder has built-in hardware filtering then you’re in luck. You can selectively store only what is of interest. Since filtering is done at the hardware level, a performance hit on the network recorder won’t be an issue. Common network recording filter configurations are:
- VLAN ID
- IP Address
- QoS Value
- Layer 2 or 3 application
- …or some value at a fixed offset
A more comprehensive solution involves a network packet broker that can provide packet visibility from different parts of your network, centralize it, then forward it to tools that may benefit. For example, Garland Technologies has a great solution. With Garland’s EdgeLens, you’ll have complete packet visibility for any Ethernet interface (1G/10G/40G/100G). Since EdgeLens supports 100Gb/s interfaces, no network is too large. Pair it with a matching 100Gb/s network recorder like TOYO Corp’s SYNESIS and you’ll always have the packets needed for your network investigations.
Solutions Consultant Director