Enterprise networks are becoming more complicated as IT staffs converge multiple services onto a single IP-based platform. Increasingly, corporate networks must support voice over IP (VoIP) and IP videoconferencing solutions without impacting the quality and performance of other applications. The increasing sophistication of real-time applications and ever-changing networks create constant network-management challenges. Network executives often decide to either build a network-management solution or outsource this work to a third party. A service-embedded wide-area network (WAN) management solution, however, is another alternative.

This option captures the session header information inside the provider edge network, eliminating the need for hardware or software on the enterprise side. This approach involves leveraging deep-packet processing, enabled through the service-packet mirroring feature. The mirroring feature allows the service provider to capture all session header information for network traffic on a given circuit, not just a five-minute traffic sample, and store the information on servers placed in a secure location inside the service provider's network.

Although the traffic is mirrored and recorded on the provider edge of the network, the service actually records the session header information when the traffic enters and leaves the customer edge of the network-at the demarcation point. Analysis of the session header information can begin within seconds of when the traffic has traversed the WAN. This gives the enterprise an immediate and detailed reading of its WAN traffic.

The deep-packet processing is an essential part of the service-embedded approach. The session header information is stored on secure servers inside the provider network, while customers are provided secure access to network statistics. The service provider, however, should have sophisticated Web-based tools to allow the enterprise network administrator access to this information for viewing and reporting.

Because all session header information is captured, robust tools should be able to present granular and dynamic network performance analysis and reporting capabilities. These tools should allow network administrators to perform network traffic forensics to study application performance in several ways. For example, some of the tools available today provide network traffic analysis by application type, IP address, port address, protocol and quality-of-service level.

Other tools include active network-at-a-glance capabilities to understand network traffic flows at primary locations quickly. This information presents ingress and egress traffic patterns at major locations, with information on recent changes in traffic levels and immediate access to traffic information to all locations from any site on the managed network.

Network managers also should have visual cues to alert them if available bandwidth utilization at any location is approaching designated alarm levels. These cues would be in addition to alarm levels set by the administrator on specific network traffic metrics, allowing the administrator to quickly assess potential problem areas and send various alerts to designated personnel when those thresholds are exceeded.

There are several advantages to the service-embedded network management approach. All session header information, for example, is mirrored inside the provider edge router as the application packets take their normal path through the network. Because the application is not redirected or touched in any way, there is no impact on network traffic; therefore, there is no impact on latency.

In addition, the service is completely embedded in the provider's network, so network bandwidth or equipment is not tied up. The network administrator can view network performance securely and conveniently from anywhere Internet access is available.

The service also is always available at any time without any equipment or integration effort required. There is no waiting to begin getting meaningful network statistics and reports. The service is simply turned on, and the session header traffic is recorded for viewing.

The embedded network-management service can be offered on a circuit-by-circuit basis, making the solution easy to scale. The network administrator can implement this service at any and all locations at any time. New locations are simply turned on and automatically integrated into the service for immediate viewing.

Finally, the costs for an embedded management service can be substantially lower than the cost of an in-house solution. There are no hardware, software or integration costs, and no maintenance fees to pay. The service is offered at a monthly rate.

Embedded network management also opens the door for future advanced network services. For example, some providers are developing network service-oriented architectures (SOAs) that allow network events or scheduled activities to drive network adjustments. Using network conditions and actual (or predictive) customer demand, fine-tuning network policies managed by the enterprise can trigger network modifications, including bandwidth reallocation or increases, as well as deployment of network optimization routines. Other capabilities will include the network SOA that will allow for resource allocation based on regional, time-of-day, day-of-week or monthly requirements.

Tony Hurtado is vice president of global marketing and public relations at Masergy, Plano, Texas.

For more information (click here)