Network management is a big challenge in large-scale enterprise and data center environments. The network must operate reliably and provide high-performance connectivity while ensuring organizational policy management. This situation might be further compounded by provisioning high-level guarantees such as network isolation across complex network boundaries and decoupling logical and physical network using network virtualization schemes.
In traditional communication networks such as telecommunication networks like 2G, 3G and 4G mobile communication networks (i.e. second/third/fourth generation mobile communication networks), it is, hence, important to trace or capture data packets which are being exchanged on all kinds of interfaces. This is typically not only required for troubleshooting purposes but also for quality and performance monitoring.
In order to avoid any kind of dependencies and active manipulation of the traffic, a common approach is to mirror all the traffic on the interface to be captured with hardware, especially dedicated hardware. In this manner, network taps are able to copy the traffic between different points (or interfaces) within the communication network, and forward such traffic to hardware probes or other network nodes that eventually do the analysis of the captured traffic.
The concept based on network taps and probes typically requires a huge invest in hardware and is difficult to maintain since changes in the network generally require adaptation of the physical cabling and additional configuration changes for conducting the tracing. Hence, such a solution is predominantly applicable to a more or less static communication network, and hence, using such a configuration of a communication network, it is difficult to dynamically scale or grow such a communication network.
Traditionally, vendors of hardware probes are tightly coupling their software to the hardware and in many cases the software is use case specific. This leads to situations where several hardware probes need to be placed on one and the same interface (or physical node) in order to be able to tap or trace different kinds of information or use cases.
In addition, new concepts like Network Function Virtualization (NFV) and Software Defined Networks (SDN) are changing the way communication networks are built. The main benefits are the decoupling of the telecommunication software from the hardware through virtualization and a high degree of dynamic automation. However, these benefits constitute huge challenges for the traditional network tracing approach since several network points (or network nodes) might be running on one and the same physical hardware (or server entity) and, hence, traffic between such network points (or network nodes) is not leaving the physical hardware (or server entity) anymore. As a consequence, such traffic cannot be traced or mirrored via taps and forwarded to the probes.
Additionally, also the automation of such software defined networks, especially implementing network function virtualization, i.e. implying dynamic scaling and auto healing if failures of network nodes occur, renders the configuration of traditional probes almost impossible since the (virtualized) network nodes might move from one physical hardware (or server entity) to another one within minutes and even the number of such (virtualized) network nodes might scale according to the load within the communication network, either within the same physical hardware (or server entity) or even to several data centers (typically comprising a plurality of physical computer nodes). As a consequence, it is not possible to follow such a dynamic reconfiguration of the network nodes of the communication network by physically changing the cabling and/or the probe configuration.