Seeing the unseen: enhancing application observability through DPI

Christine Lorenz portrait

By Christine Lorenz
Published on: 07.06.2021

Reading time: ( words)
#observability, #APM, #application monitoring
Aerial view of a busy intersection at night representing enhanced observability with DPI
Aerial view of a busy intersection at night representing enhanced observability with DPI
Zoom in

Enterprise applications provide software for businesses to handle various aspects of their operations, such as resource planning, customer service, sales, human resource and marketing. This kind of software can be used to cohere operations to maximize productivity and efficiency. Top enterprise software vendors today include Salesforce, SAP and Oracle. More popular brands such as Microsoft, IBM, Adobe and Dell also hold a significant share in this space.

Going behind the scenes

It is valuable for companies to appraise the performance of enterprise applications, to see whether they are working for their purposes and gauge where they can be improved. This is done through application performance monitoring (APM). APM is usually implemented on two levels: the front‑end and the back‑end. Front‑end performance pertains to how an application works on the user’s end. It focuses on metrics such as page load times, the time taken to complete a transaction and the success and failure of each transaction.

What is observability?

The front-end is essentially a function of the application back-end, which in turn encompasses all the software stacks, infrastructure and networks involved in delivering an application to the user screen. Back-end performance metrics, better known as telemetry, refer to performance and security metrics such as CPU performance, runtime errors, network speed and application bandwidth. Telemetry determines the ‘observability’ of an application because it observes the application delivery pathways and elements along these pathways. The deeper and more comprehensive the application telemetry, the higher the observability of said application. Observability can therefore range from broad data on network conditions such as latency and speed, to granular insights on each server. It sheds light on each individual transaction which collectively make up the performance of the application.

An APM software used to deliver observability typically relies on traffic visibility tools that provide fine-grained traffic information. One such tool is deep packet inspection (DPI). DPI is a technique for observing the data passing through a network using traffic classification, metadata extraction and advanced statistical analysis. Advanced DPI engines such as R&S®PACE 2 can gather data in three ways: (i) identification of applications and protocols (ii) metadata extraction, and (iii) statistical and behavioral analysis. In combination, these enable an APM software to measure overall traffic conditions, single out each application and their attributes, and report on each transaction taking place on the network. R&S®PACE 2 extends this capability to encrypted data, and performs all these functions in real-time.

Seeing beyond the clouds

Observability becomes a challenge as application architectures become more complex. The prevalence of distributed architectures, and the growth in cloud-native applications for example, introduce new delivery pathways and inter-dependencies. If left unmonitored, they can leave huge gaps in application performance visibility. Distributed applications run through multiple servers that are spread across a network, which are connected to multiple local or remote clients. As such, performance issues for distributed applications are spread across many nodes. Cloud-native applications are delivered as micro-services, i.e., as on-demand instances of an application hosted elsewhere. This way, computing resources and data do not have to be stored locally. In this model, applications are packaged into containers encompassing micro-services, along with the requisite configuration files, dependencies and libraries. These containers are then deployed and managed dynamically to optimize resource utilization.

Diving deeper into telemetry

The ability of DPI to draw deep network insights in real time can be used to establish strong telemetry for both distributed applications and cloud-native applications. Moreover, DPI enhances observability for the main classes of telemetry—logs, metrics, traces and dependencies—which are key to the observability of these applications.

Logs are complete, detailed, time-stamped records of application events. They are vital for troubleshooting and debugging. Making them as granular as possible (ideally in the millisecond range) is valuable for enterprises. DPI is perfect for this job. DPI registers processes in real-time all over the entire network. It can handle extensive processes, offering an average throughput of 14 gbps per core. This level of observability can be handy for cloud-native applications, in which issues can occur in any microservice, including those which only exist temporarily. The observability afforded by DPI keeps track of the performance of all microservices, containers and pods. So even after certain instances cease to exist, issues can be pinpointed, diagnosed, resolved and predicted accurately through comprehensive logs.

Doing the performance math

A DPI engine can also be a treasure trove of performance metrics, which measure application, infrastructure and network health during a given process. R&S®PACE 2 can provide telemetry about both application-level traffic, such as average page download times and average transaction completion times, speed, latency, and bandwidth consumption, as well as application attribute-level traffic, such as average content download time, average search results display time, and average call connection time. The depth of observability brought by DPI lets enterprises know just where to tweak and tune its setup to maximize results.

Traces look at how a user request is managed by the system from one end to another. A core part of this is network connectivity itself. A DPI engine brings observability regarding bandwidth, throughput, latency and jitter, not just for the application as a whole, but for each application attribute. This applies to both distributed and cloud-native applications, both across individual links and network areas. Moreover, through its pattern-matching capability, DPI can make out any security threats at any node. Advanced DPI engines such as the R&S®PACE 2 can look at all the more advanced parts of a given user request, from bandwidth consumption to TCP round-trip time (RTT), as well as out-of-order and retransmission counters.

How dependencies influence observability

Dependencies are information about how the performance of remote components and third-party resources impact application performance. DPI is deployed as a network function and able to provide full network observability. This is especially critical for distributed applications, in which multiple devices and servers, in various locations, share responsibility for running an application. Distributed applications can add dependencies that wouldn’t be present in a localized system. With the dawn of the API-first era, these dependencies will become even more critical, as API connections come with their fair share of vulnerabilities and threats that can potentially impair application performance. This in turn calls for expanded visibility into all nodes across the network, including API gateways. This is where DPI tools such as R&S®PACE 2, which is offered as a platform-agnostic software library with well-defined APIs, come into play. These DPI tools enable implementation throughout a distributed application with ease and ubiquitous observability.[1]

Admittedly, complexities that abound in the hosting and delivery of enterprise applications have a direct impact on an enterprise’s day-to-day operations and performance. APM is thus of serious consequence for these entities. As software solutions and systems evolve towards more dispersed components interconnected in a web of codes, servers and links, enterprises are best served through APM tools that can hold up a magnifying glass to the entire ecosystem that governs an application. DPI, with its ability to look at all the data moving through an enterprise network, and thus flowing through each component in an application ecosystem, provides just this advantage.

Download our white paper on DPI for application performance monitoring.

Sources

[1] ibid

Christine Lorenz portrait

Christine Lorenz

Contact me on LinkedIn

Christine is DPI marketing expert at ipoque, joining the company in 2013. With her background in marketing communications, she is passionate about making people aware of the capabilities of traffic analytics and DPI use cases. Christine is a lover of Vietnamese food and spends most of her spare time running and cycling, exploring nature and the outdoors and dreaming of becoming a ranger in a national park.

Related material

Whitepaper deep packet inspection (DPI) for Application performance monitoring (APM)
Whitepaper

DPI for application performance monitoring

More information
Blurry tunnel with lights.
Blog post

R&S®PACE 2: a lightweight DPI engine for big network performance gains

More information
A motherboard with a padlock and key on top, representing the importance of container security in the cloud
Blog post

Keeping containers and pods safe in the cloud: How network visibility helps

More information
An aerial view of a busy intersection at night, showcasing the intricate network of roads and the vibrant city life unfolding below.
Blog post

Unlock 5G speeds and low latencies with high-performance DPI for ultra-fast networks

More information
ipoque blog - discover the latest news and trends in IP network analytics

Sign up for our newsletter

Stay informed about the latest news and insights from ipoque

Sign up now