The challenge: more than 50% copies
Duplicate packets are a major burden for today’s network monitoring and security applications. In worst cases, more than 50% of the received traffic is sheer replication. This not only adds excessive pressure in terms of bandwidth, processing power, storage capacity and overall efficiency. It also places severe strain on operations and security teams as they end up wasting valuable time chasing false negatives. Napatech’s intelligent deduplication capabilities solve this by identifying and discarding any duplicate packets, thus enabling up to a 50% reduction in application data load.
Misconfigured SPAN ports
For passive monitoring and security applications, duplicate packets can make up more than 50% of the total traffic volume. This is partly due to TAP and aggregation solutions collecting packets from multiple points in the network – and partly due to misconfigured SPAN ports; a much too common issue in today’s datacenters.
Solution: intelligent deduplication
With deduplication built in via a SmartNIC in the applicance, it is possible to detect all duplicate packets. By analyzing and comparing incoming packets with previously received/stored data, deduplication algorithms discard any replicas, thus easing the burden on the system and greatly optimizing Performance.
Significant cost benefits
By adding deduplication in hardware via a Napatech SmartNIC, significant cost benefits can be achieved at various levels:
- At a performance level
For the vast majority of capture deployments, deduplication will dramatically save system resources. By efficiently discarding redundant copies, deduplication can reduce the processing load, PCIe transfer, system memory and disk space requirements by as much as 50%.
- At an operational level
At an operational level, the main issue with duplicate packets is that they distort the overview. But with deduplication, operations and security teams avoid wasting valuable time investigating false positives.
- At an application level
Similar functionality is available on network packet brokers, but for a sizeable extra license fee. On Napatech SmartNICs, deduplication is just one of several powerful features delivered at no extra charge.
- Deduplication in hardware up to 2x100G
- Deduplication key calculated as a hash over configurable sections of the frame
- Dynamic header information (e.g. TTL) can be masked out from the key calculation
- Deduplication can be enabled/disabled per network port or network port group
- Configurable action per port group: Discard or pass duplicates / Duplicate counters per port group
- Configurable deduplication window: 10 microseconds – 2 seconds
Want to reduce data duplication by as much as 50%? Contact us today!