Multiple instances of DNCA

You can install multiple instances of the Unica DiscoverNetwork Capture Application.

Note: The following formula and associated notes must be used as a guideline when configuring multiple instances of the DNCA. Use them to estimate your requirements and be prepared to make adjustments based on traffic patterns and CPU usage.

To compute the recommended maximum number of DNCA instances in your Discover environment, use the following formula:

# of DNCA instances = # of physical cores - # of DNCA pipelines - 1.

For example, if your environment has 16 physical cores, you can expect to have as many as 15 DNCA instances to use.

Note: For each additional DNCA pipeline within a DNCA application instance, you must deduct one from the maximum number of DNCA instances, as indicated in the previous formula.
Note: Do not count hyperthreaded virtual processors as available cores. Hyperthreaded processing provides little performance enhancement to highly CPU-intensive DNCA processing and is not be counted in the expected usage.

The above limit assumes that each DNCA core is using over 60% capacity. If the cores are using significantly less than this capacity, you can increase the number of DNCA instances over this limit.

If you are using an accelerator card, you can increase this maximum number, as the impact is offloaded to the card's hardware.

Note: When offloading encryption to an SSL accelerator card, you can need a larger number of instances to effectively capture and process the traffic load.

Segmenting traffic across multiple DNCA instances

You can add DNCA instances through the DNCA web console. The DNCA supports multiple methods of traffic segmentation:

For non-TLB DNCA instances:

  • Web Server Host IP/Port Addresses Filtering: The typical and preferred method for segmenting traffic by DNCA instance is to filter on web server host IP/Port addresses.
  • TCP Client Port Segmentation Filtering: TCP client port segmentation can be used when the capture traffic is presented as a single virtual web IP address (VIP).
Note: DNCA instances are IP/Port sensitive. Do not add DNCA instances if you lack the IP addresses or ports to segregate your capture traffic.
Note: If you do not have IP/port segregation enabled in your environment with multiple CPUs, at least you can create two DNCA instances. The first instance handles non-SSL traffic on port 80, while the second handles SSL transactions on port 443. This arrangement does not take much advantage of any SSL accelerator cards.

Some options:

  • Move the point of capture after any load balancers.
  • Use client-side IP addresses to segregate traffic in multiple instances. If you have a reasonable number of NAT IP addresses, you can group incoming addresses in netmask blocks or discretely based on IP addresses to deliver to the appropriate handler.

For TLB DNCA instances:

When TLB mode is enabled, the process of determining how to segment the network capture traffic is no longer needed. Network capture traffic is automatically segmented and distributed to create a transparent load balanced environment. TLB mode does not require as much configuration to your network interface as non-TLB mode.

For more information about adding DNCA instances, see DNCA Web Console - Interface Tab.