In order to ensure the stable operation of financial services and provide value-added services, it is necessary to perform raw data collection and business data analysis on the financial service bearer network (production network). These network traffic visualization analysis includes: network performance analysis, business performance analysis, security analysis, database auditing, etc. Through these analysis tools, financial companies can obtain business data in real time, quickly locate network failures, and backtrack analysis of historical data at any time.
The basis of the service analysis is the capture of the original packet. The traffic bypass monitoring is usually performed by means of port mirroring, optical splitting, and Ethernet TAP. In the traditional solution, each analysis tool needs to capture the data packet from service networks, and then decode, synthesize, analyze and present. When there are many analysis tools, there will be various problems such as performance, security, manageability and so on. On the one hand, it will affect the performance and accuracy of the analysis tool itself, and on the other hand, it will also bring hidden dangers to the stable operation of the production network.
The construction of a unified management data collection platform has become the mainstream solution. Through a unified network traffic collection and distribution platform, an “adaptive layer” is established between the production network and the network traffic visualization analysis tool. Through this platform, the following characteristic can be achieved.:
□ Data unified management and scheduling, and the adjustment of data collection is carried out within the platform without affecting the production network.
□ Mirrored data can be copied and distributed to multiple analysis tools to meet different collection needs.
□ Realize the collection of collection traffic, make full use of the processing performance of analytical tools, and save investment.
□ Adapt the port characteristics and processing performance of existing analytical tool probes to protect existing investment.
□ Filter specific flows and improve the processing efficiency of analytical tool probes through flow filtering and packet pre-processing.
l Traffic replication: Multiple copies of traffic are distributed to different analysis tools.
l Traffic aggregation: Packets collected by multiple mirrored ports are aggregated and distributed, which can reduce quantity of probes.
l Traffic filtering and forwarding: Filters relevant traffic according to needs of analysis tools.
l Traffic filtering discard: Discards irrelevant traffic according to needs of analysis tools.
l Source port ID: Adds a user-defined ID to packets for fault location in tools.
l Load-balanced output: Adjust number and bandwidth of output ports to fit performance limit of tools.
l Packet deduplication: Automatically deduplicate packets that are repeatedly collected to avoid packet duplication.
l Packet slicing: Slices payloads and only outputs headers to reduce traffic.
l Packet encapsulation: Identifies package of various complex protocols (such as MPLS, GRE, VxLAN, VN tag, etc.), and removes header labels.
l Privacy-sensitive data processing: Masks key fields (user names, passwords, etc.) to ensure information security.
l Keyword filtering: Filters packets or sessions with keywords in payloads.
l SSL/TLS decryption: Decrypts and outputs SSL/TLS packets (such as https packets) on the network, which is convenient for analysis tools to analyze.