The system connects securely to the customer’s backbone to receive traffic data, then processes and visualizes it via the BENOCS Analytics Web Interface. Installation, operation, and maintenance are handled by BENOCS throughout the trial.
BENOCS Analytics is offered as a full SaaS (Software as a service) solution which means installation, operation and maintenance will be fully covered and conducted by BENOCS throughout the life cycle of the Trial Application.
Due to the sensitive information handled, BENOCS Analytics is designed as different modules that can operate independently and support separation of concerns. This allows for an operation of different security levels within an organization.
How it works
BENOCS Analytics is a platform that gathers information from the customer’s network, converts it into a flow-based representation through data correlations and allows users to run easy and efficient queries on the data. The basis for operating BENOCS Analytics is data-gathering from the customer’s network. The customer is involved only in this part of operations while using BENOCS Analytics.
Data-gathering from a customer’s network is split into two parts: Control Plane and Data Plane. While configuration for both is required, the configuration settings for the Control Plane are especially important as this heavily impacts the efficiency and accuracy.
a. Control Plane
BENOCS Core Engine (ce00) gathers the data for the Control Plane inside the BENOCS Analytics platform. The CE collects Data from BGP and correlates it into an abstract graph-based network model to work with any network setup.
The BENOCS Core Engine (ce00) establishes BGP sessions with the customer’s routers to collect routing information. It operates as a passive listener and does not participate in route reflection or IGP.
b. Data Plane
Information for the Data Plane is gathered through multiple protocols. The most data-heavy protocols in this are flow protocols, commonly referred to as NetFlow (BENOCS also supports sFlow, IPFIX, cFlow, jFlow, netstream, etc.).
Scaling traffic is a normal operation, since all of these protocols are using sampling. BENOCS suggests a sampling rate of 1:1000 to 1:10000, depending on the traffic throughput. Sampling rates lower than 1:1000 can be configured, but require a lot of hardware for marginally more accurate information. Sampling rates under 1:1000 are useful if the throughput for a router is below 5Gbit/s. Multiple concurrent flow protocols can be transparently configured and the sampling rate for each router can be set individually. Regarding sampling direction, BENOCS works with ingress as well as ingress and egress. It will automatically detect and remove double entries to make sure that traffic counts are as accurate as possible. Finally, sampling should be enabled on all interfaces, regardless of whether they are internal or external. This gives the best overview of the traffic and allows for the most detailed view for the automated link classification feature to work.
BENOCS Analytics can also gather information via telemetry protocols. SNMP is the most common protocol supported, but others are also supported. When enabled, additional information such as link byte counters, bundles and external BGP connections are regularly queried from all routers that export NetFlow towards BENOCS Analytics.
Hosting options
Kubernetes trials are hosted in BENOCS Infrastructure. This minimizes customer setup effort and allows fast deployment. Customer-hosted trials can be discussed if needed.
Implementation plan
The implementation plan for Kubernetes trials gives a step-by-step overview of the tasks that the customer and BENOCS need to undertake to get the trial up and running.
K8s trial - help section
Find out here answers to some commonly asked questions surrounding BENOCS Analytics Kubernetes trials.
Further information
Find out more technical details surrounding required data-gathering protocols, connectivity requirements and BENOCS Analytics functionalities here.