IPDR Compliance FAQs For ISPs

Our blog on IPDR Compliance resulted in a lot of follow up questions about the technology.  We thought of answering them in this short FAQ.

1)     Can IPDR data be utilized for Network Analytics and Security Monitoring?

While IPDR data consisting of flow records, Syslog, AAA, and NAT is sufficient for Compliance. ISPs require more data like SNMP, BGP, DNS and software suites like Trisul Network Analytics for network analytics and security monitoring. IPDR Logging helps with regulatory compliance whereas Network Analytics enables ISPs to make informed decisions about network upgrades, capacity planning, and service expansion, thereby staying ahead of evolving customer demands and market trends.

2)     How does IPDR guarantee privacy and protection?

The primary use case of IPDR Logging is for regulatory compliance. IPDR plays a significant role in ensuring data privacy and protection by capturing and storing only the essential network flow parameters required for compliance. All login access and queries are logged, there is no external access provided to the IPDR system, this process safeguards sensitive user data thereby minimizing the risk of privacy breaches and ensuring adherence to regulatory regulations.

3)     What are the scalability challenges for IPDR Solution?

DoT guidelines pointed out that the data traffic is bound to increase phenomenally on the rollout of 5G services in India. There will be substantial IPV6 traffic in the case of 5G. Modern IPDR solutions should offer scalable architectures that can seamlessly expand to handle increasing data loads without compromising performance or efficiency.  With the increasing rollout of 100G links, the problem of capturing the flow data becomes quite acute.  Therefore, the challenges are two-fold:

1. Ability of networking equipment to export flow records at line rate.
2. Very high storage requirements.  

NetFlow sampling of 1:1000 is a practical way to address the requirements for those customers who are unable to deploy expensive optical tapping infrastructure.  Storage challenges can be met by using effective compression technology and a tiered storage architecture.  The practical goal is to balance maximum visibility and logging within a reasonable cost.

4)     Are cloud solutions suitable for IPDR?

For smaller ISPs with < 10Gbps throughput a cloud-based solution makes a lot of sense.  They can simply point their IPDR data to a cloud-based solution through a secure tunnel. ISP should check if the data is stored as per the prevailing security and privacy regulations in a local data centre.  The cloud solutions use a combination of online and bucket storage to optimize the costs.  Larger ISP will find an on-premises solution more attractive due to the lower storage costs.

5)     What are the common mistakes ISPs make while deploying IPDR Compliance solutions?

Some of the common mistakes ISPs fail to make while deploying IPDR Compliance are

1. Failing to log all the flow traffic which results in blind spots.  ISPs should ensure that all perimeter points are fully logged.
2. Failing to deploy proper hardware. The server and disk loads on for IPDR can be really high for busy ISPs, if the hardware is not up to mark it can result in failures and downtimes.
3. Failing to implement high availability or disaster recovery.  IPDR Compliance might require archival of data for 1 to 5 years, a DR node can help in maintaining a backup copy.
4. Failing to integrate AAA and NAT syslogs.
5. Failing to implement high-performance IPDR logging.  A good IPDR Logging system should not only be able to process very high input volume but also use the best compression to optimize disk costs and improve query times.

 

---