by Meghan Fuller
Networking equipment historically has relied on standard, inexpensive network interface cards (NICs) built by commodity players. Those NICs do not need to capture all the packets on the fiber, thanks to the TCP/IP protocol, which is layered on top of the Ethernet physical layer. This protocol is designed for networks that are intrinsically “lossy” or unreliable; it determines which packets, if any, did not reach the intended destination and simply retransmits them.
But at the University of Waikato, about 100 km south of Auckland, New Zealand, researchers realized this method would no longer be sufficient once networking speeds increased and monitoring requirements became more onerous. They set themselves the task of developing a technology that would capture every single packet off the fiber all the time. In theory, if you could do that, you could remove protocol layers like TCP, and the network would become more efficient. Latency would decrease, and the data received would be 100% reliable.
The resultant technology, dubbed Data Acquisition Generation (DAG), was commercialized in 2004 by Auckland-based Endace (www.endace.com), led by Dr. Ian Graham, then dean of the School of Computing and Mathematical Sciences at the University of Waikato and now chief scientist at Endace. In those days, DAG cards were purchased primarily by research universities and telecommunications operators, both of which saw the value of monitoring and capturing every packet on the network.
“If you can capture all the traffic off the wire, you can analyze all the traffic off the wire,” explains Mike Riley, vice president of worldwide marketing at Endace. “And if you can truly understand what’s going on without missing anything, you can model better, you can plan better, and you can build better systems, be they switching, transmission, etc.”
Since 2004, Endace has sold “thousands and thousands and thousands of DAG cards,” according to Riley. Customers would then build homegrown monitoring systems based on those cards and either write or buy commercial software to run the systems. But as networks have transitioned to 10 Gbits/sec and higher, these homegrown systems are “just falling over,” admits Riley. “Supplying cards to people had been good for them up to a point, but now they are really struggling,” he says. For this reason, Endace decided to offer its own monitoring system.
In March, the company delivered its first NinjaProbe devices, which Riley defines as “an appliance powered by our DAG cards that sits on the network and watches what is going on.” The key, he says, is that the device is invisible to the traffic on the network, hence the “NinjaProbe” moniker. The NinjaProbe doesn’t even have a MAC address.
Endace also sells NinjaProbe devices to government agencies, particularly in the U.S. But in recent months, the financial services market has emerged as a key customer base. In all the major verticals, says Riley, “the ability to monitor and see every single packet and not miss a thing and truly understand what is going on is becoming more and more important.”
To keep pace with its telco customers-Endace claims its sells to many of the Tier 1 players across the globe-the company recently unveiled the NinjaProbe 40G1, which it claims is the first monitoring platform to support 40-Gbit/sec (OC-768) transmission rates.
Looking ahead, Endace plans to expand its product portfolio further, “so an operator can put probes everywhere in the network, from the edge to the core,” says Riley. And further out on the roadmap is a 100G device.
Furthermore, the company is working to broaden its capabilities from monitoring and capturing traffic to analyzing and, ultimately, intervening. Many of Endace’s customers are asking for “the ability to do something, whether it’s turn it off, send it back, block it, change it, or just put it to one side and have a closer look at it,” reports Riley. He confirms that Endace is on track to offer some form of intervention by the end of the year.