Network Point of Failure
Stingray’s primary task is to filter traffic for classification and management purposes. DPI technology allows analysis of all packets passing through it up to the 7th level of the OSI model, rather than just by standard port numbers. Behavioral (heuristic) traffic analysis provides us with information about specific applications that do not use predefined headers and data structures for data exchange.
To implement the full functionality that Stingray can provide, it is necessary to use a “in-line” connection scheme, where DPI is connected after the border router, inline of the operator’s external channel (uplink).
This setup immediately identifies the main point of network failure: if the device fails, the traffic chain is interrupted and the connection is lost. When implementing a traffic mirroring scheme, this problem is eliminated. If Stingray stops working for some reason, the network loses its functions but continues to operate. However, only the in-line scheme can implement all DPI system functions, such as prioritization, shaping, notifications, and others, which require filtering all traffic.
In the latest versions of Stingray, the developers have implemented a feature that is very relevant for telecom operators and Internet service providers: Carrier-Grade NAT (CG-NAT) network address translation. Since DPI devices are designed for huge traffic filtering loads, Stingray copes with the CG-NAT feature perfectly. However, we understand that if a NAT device fails, users will no longer receive network addresses and will be unable to continue working with the network. In this case, it does not matter whether Stingray is connected in-line or mirroring—the subscriber will no longer receive services.
How to ensure fault tolerance
There are two main ways to ensure fault tolerance and solve the problem of communication failure in the event of a Stingray failure installed “in-line”:
- Use a DPI Bypass device (copper or optical) as part of the system, which, in the event of a failure of the main Front-End server or a break in the Bypass link, will drive traffic through itself, ensuring connectivity without supporting the traffic analysis function.
- Use a backup DPI platform that will filter traffic in the event of a failure of the main one.
Bypass devices
Since a ready-made DPI system is a software and hardware complex, the choice of equipment on which the software is installed must be approached with great care, especially when it comes to network cards. One of the mandatory requirements for network cards used in a DPI system is the presence of a bypass mode.
Bypass connects network interfaces at the first OSI level. This means that if the server loses power, the link between the ports continues to operate and pass traffic without filtering, using power from a backup battery, with a switchover speed to bypass of approximately 0.5 seconds.
Choosing this solution for fault tolerance deprives you of all analysis and CG-NAT functions, but does not impede traffic flow, meaning that it does not interrupt the connection.
Backup DPI platform
A backup platform is a second device identical to the first one, which takes over all traffic processing functions if the first one stops working. Routing is configured on the network core and border router, which is responsible for redirecting traffic in case one of the Stingrays fails.
The license cost for the backup device is only 25% of the cost of the main device if it is in standby mode and does not process traffic in operating mode.
If you have installed an additional Stingray for fault tolerance, purchasing a full license will allow you to configure load balancing using link aggregation (LAG).
Traffic balancing is performed by selecting a physical channel by the frame sender using a specific algorithm. The following algorithms are among the most common and frequently used:
- by the sender’s MAC address or the recipient’s MAC address, or by taking both addresses into account;
- by the sender’s IP address or the recipient’s IP address, or by taking both addresses into account;
- by sender port number or recipient port number, or by taking both ports into account.
This method allows you to “kill two birds with one stone”:
- increase the throughput of the DPI system, thereby providing a reserve for network growth;
- ensure network fault tolerance in the event of Stingray equipment failure.
For more information about the functional features of Stingray and how to organize fault-tolerant operation, please contact the specialists at VAS Experts, the developer and supplier of the Stingray traffic analysis system.
