The Year in Review... and Ahead

Among my predictions for 2007 were continued growth in WiFi with 802.11n settling down, accelerated developments in 10 Gigabit due to passing of the 10GBASE-T copper media standard, accelerated data analysis on large volumes of captured traffic, advancements in forensics, and a couple of miscellaneous other things.

Of the above, accelerated data analysis and advancements in forensics fell far short of my expectations.  The only real advancements were in the sheer volume of storage offered by various data mining probes from the likes of Network General/NetScout, Network Instruments, Niksun, Solera, WildPackets, etc.  Besides SANs, these advancements essentially piggybacked the astonishing advancements in 3.5” hard drive technology, namely higher capacity and lower cost, thanks to Perpendicular Magnetic Recording (PMR).  The hardware is down to twenty cents a gigabyte.  Unreal.

Meanwhile, where were advancements in analyzing terabytes of packets? Better search tools?  Faster results?  Smarter expert systems? In the field, I continue to apply my own techniques over a variety of tools to achieve the results I’m looking for.  The vendors have disappointed in this area.  Enough with the whining and on to predictions for 2008.

More Network Analysis Acquisitions.  Fluke started off the year by announcing its acquisition of Crannog.  More recently, analysis vendors like Network Physics and Network General were snapped up for a song.  What will be the first analysis acquisition of 2008?  Possibly privately held performance analysis vendor NetQoS, but not for a song.  The company is showing some nice growth as late and the rumor on the street is that IBM is seriously courting.  Other analysis companies with acquisition potential include Network Instruments, WildPackets, and one or two others.  Stay tuned for an interesting year.

Virtualization Buzz Levels Off.  Datacenter consolidation, growth in blade servers, the green movement, multi-core processors, cheap high density memory and cheap storage added to the virtualization hyperbole in 2007.  Sure it will be hot in 2008, but highly commoditized making it a household word.  I’m not sure what will be hot and new in virtualization in 2008.  Maybe a push to deploy those analysis engines on the virtual machine (to capture packets from the virtual Ethernets).  Minor problem #1: Where to store all that data?  Minor problem #2: How to analyze all that data without impacting the core CPUs already running all those virtual machines?  One solution is for the analysis engine (or stand-alone for that matter) running in the VM and capturing packets off virtual networks to share a high performance back-end data store.  Let’s hope that 2008 will finally bring us some real innovation in high volume data analysis and forensics.

802.11n Soars, Analysis Lags.  No surprises here.  802.11n Draft 2.0 passed early this year, multi-vendor interoperability is real, the WiFi alliance has certified some 200+ Draft 2.0 products, Cisco announces its push into the enterprise, and 300 million WiFi chipsets were shipped in 2007, up 41% from the previous year.  802.11n will also resurrect interest in deploying WiFi in the 5 GHz band where it makes the most sense to not only stay out of the way of legacy 802.11 b/g and general interference, but to also provide more spectrum for non-overlapping dual channel 40 MHz coverage.  New wireless analysis challenges will result, especially in monitoring highly location dependent reception of dual channel MIMO traffic.  Stationary wireless monitoring tools are inadequate (except in niche situations) and 802.11n portable laptop analyzers can easily lose a lock on promiscuous MIMO reception while moving around, unlike their 802.11 a/b/g brethren.

10Gig (and TAPs) Take Off.  I’m cheating a little since at the end of 2006 I already figured 2008 to be the year of 10 Gigabit Ethernet.  So I’m making it official.  Look for this to be the big year as well as unprecedented announcements from TAP vendors in the areas of density, price drops per port, and new products.  Look for TAPs to be smarter too (filtering, buffering, stream aggregation, stream splitting, timestamp generation, etc), to help offload the strain from those aforementioned overloaded terabyte analysis probes that are dropping packets like flies.  Come to think of it, perhaps this is where the next innovation in analysis and forensics will come from - the TAP vendors.

Quality of Experience (QoE) Takes Center Stage.  The buzz surrounding quality of service (QoS) for not only VoIP but data applications as well and how it affects the end user QoE will continue to garner attention in the coming year.  I’m working on an interesting enterprise network analysis process showing how faster infrastructure response times in a series of tasks leads to a faster response from the user in between the tasks. User behavior needs to come into the equation along with how servers react to certain events, something that cannot be easily measured by TCP transactions alone.  Another area to keep a close watch on is how highly tuned converged networks carrying large volumes of VoIP traffic can impact data.  Have we forgotten about our mission critical data applications on the path to VoIP?  There’s so much more to QoE that I can’t possibly see how it will escape attention in 2008.

I wish you all the best in the New Year!