IPAM

Problems in network flow monitoring and control 

Many enterprises have already deployed various types of flow monitoring and control tools which are nevertheless distributed across the network and poorly interconnected. As a result, the utilization ratio of flow monitoring and control tools is substantially reduced and there are many blind spots in the network. Distributive deployment also makes it hard for operation and maintenance and increases costs. Moreover, network flow monitoring and control tools normally capture data in SPAN (mirror) mode, which is restricted by network equipment ports and functionalities, lacking necessary data source pretreatment, scheduling and distribution measures. 

Uniform flow monitoring and control platform solution 

By establishing a platform for network flow capture between the network infrastructure and the network flow monitoring and control system, and making the network flow capture platform take charge of capture and distribution of network flows according to actual needs and the flow monitoring and control system take charge of analysis and handling of flows in order to realize uniform data capture, controllable data source distribution and scheduling as well as global monitoring and control. The schematic diagram of the uniform flow monitoring and control platform is as follows:

 

 

The following are two typical network flow monitoring and control deployment plans:

 

Online banking system monitoring and control platform deployment plan 

The security of online banking exit is essential to a financial enterprise and therefore IDS, WEB analysis, DB analysis, network flow analysis and various other flow monitoring and control tools need to be deployed. For the sake of global monitoring and control, one flow capture platform shall be deployed between the network architecture and flow monitoring and control system of the online banking exit in order to capture the flows at various network sections and distribute them to relevant network monitoring and control tools according to actual needs. Please see the following Figure for the online banking monitoring and control platform deployment plan:

 

 

Trunk network, core network and server monitoring and control platform deployment plan 

For the monitoring and control of trunk network and WAN links, inline light splitters may be deployed to send the flows onto the flow capture platform which further forwards them to the network monitoring and control system. For the monitoring and control of core network and server cluster, flows may be captured in inline or SPAN mode, concentrated onto the flow capture platform and distributed to various flow monitoring and control systems. Please see the following Figure for trunk network, core network and server monitoring and control platform deployment plan: