Technical Field
Embodiments disclosed herein relate to monitoring a network. In particular, embodiments disclosed herein relate to determining characteristics of user plane and control plane traffic based on data from the user plane and control plane traffic selected and processed by a plurality of network elements.
Related Art
Network traffic, which can include wired or wireless traffic, is monitored by deploying appliance-based probes. The probes are developed by third-party vendors that use proprietary hardware and software to examine, collect, and process control plane and user plane traffic.
In order not to disrupt the network traffic, monitoring entails deploying proprietary taps near each network element or virtual network function of the network to replicate raw control plane or user plane traffic output by the network element or virtual network function. The traffic collected by the taps is aggregated by proprietary aggregation switches. The aggregation switches deliver the aggregated data to proprietary physical or virtual probes. The probes process the replicated control plane and user plane packets. This processing by the probes includes replicating some processing that is performed by the network elements or virtual network functions. Processes that are replicated include decrypting control plane packets and inspecting user plane packets. Decryption requires an exchange of decryption keys between the network element, or virtual network function, and the probe. Third party vendors charge license fees to provide data analysis and records output by the probes to analytic application servers that perform additional analysis on the records provided by the probes.
Costs incurred using probes for network traffic monitoring thus include costs associated with hardware taps, aggregation switches, hardware and/or software included in physical or virtual probes, replication of network traffic, exchange of decryption keys, and licensing costs required by probe vendors.
In addition to the costs incurred, deployment of taps, aggregation switches, and probes adds complexity to network design. As virtual network functions become more widely used, complexity associated with replicating and aggregating network traffic data increases due to the dynamic and mobile nature of the implemented functions. The complexity increases even further when virtual network functions are instantiated and relocated within data centers and between data centers in near real time.