Network Security

2015: Trends in network performance measurement and application virtualization


Since 2009, if not earlier, investment banks have been pushing the technology envelope to achieve the absolute lowest latency for high frequency trading. This was accomplished by using state of the art switches, servers and with significant latency reductions contributed by software solutions such as operating system (OS) bypass also called user-level networking.  But not all electronic trading applications need the absolute lowest latency.

During 2015 we will see many banks and financial trading companies in New York, Chicago, and London move trading to virtualized infrastructure. Industry observers are calling this “HFT in the cloud.” The goal is to achieve trading latency that is low enough to serve business needs while at the same time take advantage of the many benefits of virtualization such as server consolidation and flexibility and ease of management. To mitigate the well-known performance penalties of virtualization, IT shops are combining OS bypass with hypervisor bypass (also called single root I/O virtualization (SR-IOV) PCI pass through) to give the trading application direct access to the network to achieve near bare-metal performance. This combination bypasses the overhead of both the guest operation system running in the VM and the virtual operating system's hypervisor respectively in both Linux KVM and VMware ESXi environments.

For the past two or three years the European and Asian service providers have been using the ETSI NFV (network functions virtualization) standards process to encourage their vendor ecosystem develop products to enable specialized clouds. These specialized clouds will support various use cases such as evolved packet core mobile networks and virtualized content delivery networks (CDN).

These specialized cloud architectures deploy so-called virtualized network functions (VNFs) that run on virtual machines. These virtualized functions include switches, routers, filter engines and intrusion detection. While service providers have driven the NFV architecture, we predict that many of the early adopters of virtualized network functions will be Fortune 100 enterprises. Because virtualized functions suffer performance degradation from the overheads of the virtual OS described above, these early adopters will use technologies to accelerate the performance of the network functions such as user-level networking libraries and interfaces as well as hypervisor bypass with PCI pass through that are becoming available.

This past year has highlighted some of the significant gaps in many companies' cyber security. Because of the major security breaches at big Fortune 500 banks and retail companies like Target and Home Depot, red flags have been raised. It is now assumed that business networks will be breached.  Many threat mitigation strategies will shift away from the prevention of breaches to the detection of breaches and the prevention of exfiltration of sensitive assets from the servers. To this end, many companies will want to capture and build the capability to analyze all the data on their networks. For 2015, we will see a big push on data capture, collection, and analysis. All of the latest state of the art security technologies need data from sensors either on the public internet or inside the firewalls of corporate networks. This data will be used for everything from forensic analysis of distributed denial-of-service (DDoS) attacks, to inputs into Big Data security analytics engines, to the creation of compliance and audit reports.

In the larger business to consumer space, video is king whether it is streaming video delivered over mobile packet networks or VOD delivered over the top or to a set top box. The content delivery network industry is growing fast and has prompted a very public policy debate on net neutrality. IP video is the fastest growing source of traffic on the internet today. The service providers all want to add value to their transport networks and complement if not actually deliver over the top services, especially video. But these service providers need to deliver a meaningful quality of experience to the ultimate consumer of the video.  To deliver a good experience to the end customer, the providers need to build their networks to deliver against more rigorous service level agreements (SLAs). In 2015 we shall see both service providers and content delivery network providers invest in sensors, instrumentation, precision time, and analytics to build these new SLA management systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.