Towards zero downtime: DPI delivers new levels of visibility for application performance monitoring

Magnus Bartsch portrait

by Magnus Bartsch
published on: 28.02.2024

Reading time: ( words)
#AI, #APM, #eti, #dpi

Application performance monitoring (APM) involves tracking and optimizing applications through monitoring techniques and telemetry data. It enables application providers to uphold expected service levels and keep tabs on user experience. Modern enterprises manage vast portfolios of diverse applications including SaaS apps, such as Asana, Zoom and Slack, as well as several tailored, in-house applications. These applications are crucial for business operations, seeing as poor performance and downtime impact employee productivity and customer loyalty. This ultimately affects the bottom line by up to $400,0001 per hour of downtime. APM tools identify and diagnose performance issues, allowing IT teams, DevOps, product owners and site reliability engineers (SREs) to ensure operational efficiency and optimal user experience.

Usually, APM tools deploy agents at various application layers to collect and analyze diverse metrics. These metrics include resource usage at the infrastructure layer, page load times at the user interface layer and error rates across database and middleware layers. APM tools can monitor metrics through real user monitoring (RUM), which involves actual user interactions and experiences in real time, and synthetic monitoring, which simulates user-like transactions to monitor and measure performance metrics from various endpoints.

A stack too complex: APM’s new visibility challenges

Emerging network trends create new challenges for agent-based APM tools. Most organizations support distributed, hybrid and multi-cloud environments. Serverless computing takes abstraction to the next level, removing any visibility and control. Network security services like SSE add new, edge-based middlemen functions for distributed applications. Each service processes different kinds of traffic, like CASB for cloud traffic and SWG for web traffic. However, they also add latency and potential bottlenecks. Unlike homogeneous environments and monolithic applications, managed, hybrid cloud and microservices architectures make it difficult to deploy agents across all functions and components to diagnose and troubleshoot issues.

Moreover, development trends like DevOps and CI/CD pipelines release frequent iterations, demanding rapid performance monitoring, testing and debugging. The applications themselves are also becoming increasingly bandwidth-intensive and latency-sensitive. For instance, minute service degradation in URLLC 5G applications like autonomous systems, such as robotic surgeries and self-driving cars, can become life-threatening, making APM more critical than ever.

Cloud and the AI boom are also paving the way for the next generation of cloud-based APM tools that require visibility capabilities and capacity suitable for the cloud. They leverage AI and automation engines to auto-configure and auto-scale their data collection and analysis, mandating access to more granular data points with high accuracy.

In this regard, ipoque’s DPI software R&S®PACE 2, which uses scalar packet processing, and R&S®vPACE, which is based on vector packet processing, empower APM tools through service-level classification and metadata extraction for all network traffic. This includes both east-west and north-south traffic. Both DPI engines use pattern matching and advanced behavioral, heuristic and statistical analysis to classify thousands of applications and services. Let’s take the example of an Oracle app: network administrators can identify not only that it is Oracle Unified Communications Suite, but also that the service in use is a video call. This granular classification even extends to encrypted and obfuscated traffic flows, thanks to integrated encrypted traffic intelligence (ETI) using advanced AI/ML algorithms. In addition, metadata extraction enables APM tools to collect performance metrics, such as response times, throughput and latency, across individual transactions and services.

Monitoring the right performance metrics across diverse environments

Applications running in various environments require different metrics for performance monitoring. DPI software by ipoque provides APM tools insights into those metrics. For instance, private applications need monitoring across the infrastructure, software and all the different layers of an application stack based on RUM and STM. However, cloud workloads need tracking across the application stack, middleware, and integration points between different collaborating services and entities. SaaS applications like Zoom rely solely on software-level performance monitoring. DPI software such as R&S®PACE 2 and R&S®vPACE help track a wide range of performance metrics from all these different application categories:

  • Infrastructure Metrics: DPI assists in tracking metrics like resource utilization, including CPU, memory and disk usage and I/O rates for each application through app classification and metadata extraction. It also tracks hardware-level latency by examining the packet traversal times between different nodes across various environments.
  • Container or VM Metrics: DPI software can identify packet data specific to containers or VMs, such as hypervisor flags and virtualization-specific protocol headers for VMs and container IDs, API call formats or message headers indicative of inter-container communication for containerized microservices. DPI can also identify acknowledgment patterns or TCP window sizes specific to container or VM traffic to allow APM tools to capture and analyze metrics such as throughput, transaction times, latency and response times for cloud applications.
  • OS-level Metrics: DPI software captures error flags or codes within packet metadata to provide insights regarding OS-level error rates. Other metrics such as timestamps, acknowledgment delays and packet sizes can also help APM tools to identify inefficiencies at the OS-level that are causing latency. Combined with resource utilization metrics, IP address tracking, and pattern and signature analysis, DPI can also highlight security events at the OS-level, such as intrusion attempts or malware infection.
  • Database Metrics: By capturing database metrics such as query response times and error rates from packet flows related to database queries and responses, DPI assists APM tools in analyzing and quantifying performance for database interactions.

DPI enables granular analysis of packet-level data, allowing APM tools to track performance metrics across various distributed components. For instance, DPI can differentiate cloud traffic from web traffic, allowing APM tools to analyze other DPI-enabled metrics like response times, connection establishment times and latency differences between direct routes, and traffic routed through CASB or SWG. This enables these tools to pinpoint the exact cause of inefficiencies across distributed environments, components and the service edge. Faster, more accurate and precise diagnostics make APM tools with integrated DPI a must-have for modern CI/CD as well.

    Minimizing performance dips

    DPI-delivered metrics enable accurate assessments and elaborate root-cause analysis of performance issues, allowing modern APM tools to leverage advanced AI algorithms and automation to correlate application data and performance metrics. This makes precise diagnostics and prompt mitigation for issues specific to any code snippet, function, service or infrastructure component possible. The VPP DPI engine R&S®vPACE is especially optimized for the high-performance needs of cloud computing environments with its lowest-in-the-market memory footprint and linear scalability. This allows modern APM tools to extend their capabilities across all applications, whether private, cloud based or SaaS.

    AI for automatic diagnosis, healing and optimization

    Without integrated DPI, APM tools and, consequently, enterprises would struggle to ensure consistent app performance and get to the root cause of performance dips and inefficiencies, especially across clouds and edge services. DPI paves the way for AI-enabled, cloud-based APM tools for granular monitoring and complex root cause analysis, across distributed systems and applications. It powers the next generation of APM suites that bank on the emerging wave of AI to automatically diagnose, heal and optimize applications. This ensures the delivery of optimal performance and top-notch QoE for xSPs and enterprises.

    To learn more on how next-gen DPI software by ipoque empowers APM solutions, download our whitepaper.


    Sources

    [1] https://medium.com/stclab-tech-blog/heres-how-much-downtime-is-really-costing-your-business-1ee6d2667287

    Magnus Bartsch portrait

    Magnus Bartsch

    Contact me on LinkedIn

    Magnus has always had a keen interest in computer science. From the start, he has had a particular fascination for deep packet inspection and the broader technologies utilizing this powerful software. Based on this interest, Magnus joined ipoque, a market leader in the DPI field.
    During his 13 years at ipoque, he has worked in development, pre-sales and consulting. Throughout this time, he has not only been able to motivate, coach and advise people from around the globe, but also to expand his personal experience by providing full-stack support from rapid prototyping over integration support up to application architecture design. When he is not out promoting ipoque, he has a passion for seeing the world from his motorbike.

    ipoque blog - discover the latest news and trends in IP network analytics

    Sign up for the ipoque newsletter

    Stay informed about the latest advances and trends in
    deep packet inspection and network traffic visibility