|
![]() Ron Nevo, Erik Rudin, and Mark Grodzinsky presented for cPacket at Networking Field Day 38 |
This Presentation date is July 10, 2025 at 8:00-9:30.
Presenters: Erik Rudin, Mark Grodzinsky, Ron Nevo
Follow on Twitter using the following hashtags or usernames: #NFD38
cPacket Introduction with Mark Grodzinsky
Watch on YouTube
Watch on Vimeo
cPacket’s presence kicked off by revisiting highlights from previous Networking Field Day and Security Field Day events, providing an overview of the evolution of cPacket’s Network Observability platform and introducing AI-driven innovations, framed by their Value Equation and Customer Value Journey frameworks. Mark Grodzinsky, Chief Product and Marketing Officer, emphasized that while AI is currently at a peak of hype, cPacket views it as a tool, not a standalone solution. Their focus is on how AI, integrated within their network observability platform, drives tangible business outcomes. This approach is rooted in their belief that packet data remains the “single source of truth” for understanding the “what, where, when, and why” of network events, even as other telemetry data (metrics, events, logs, traces) serve important purposes.
cPacket’s observability platform has evolved significantly since its 2007 inception, highlighted by its role in the 2012 Olympics’ 10 GBe network. Key components include a packet broker with FPGA on every port for high-precision data delivery, and advanced packet capture and analytics capabilities, supporting up to 200 GBps concurrent write-to-disk with indexing. Their solutions address challenges like microbursts, which cause packet drops even when overall network capacity seems sufficient. Furthermore, cPacket emphasizes the convergence of network and security operations, advocating for a single source of truth–packet data–to enhance both operational efficiency and security posture, aiding in protection, detection, response, digital forensics, and compliance. AI, in this context, serves as a smart companion for setting deterministic thresholds and identifying anomalies proactively.
The company’s core mission is service assurance, achieved through pervasive, independent, open, and scalable observability. Erik Rudin, Field CTO, highlighted the increasing complexity of modern hybrid and multi-cloud environments, stressing the critical need for monitoring key links to ensure mission-critical application performance. cPacket’s solution begins with nanosecond-precision packet acquisition and immediate metric collection, enabling the identification of patterns like microbursts and low-level latency. This rich data is integrated into their own capture devices for session analytics and correlation, and also exposed through open APIs for integration with existing customer tools and data lakes. They introduced the Value Equation, a framework that connects raw data and AI insights to measurable business outcomes, and the Customer Value Journey, which guides customers through understanding their business problems, integrating cPacket’s technology, validating its impact, and achieving continuous improvement in network and security operations.
Personnel: Mark Grodzinsky
cPacket Service Assurance: Realtime Video Production
Watch on YouTube
Watch on Vimeo
Real-time video environments demand precision and speed. Troubleshooting can’t wait for decoding or downstream analysis. In this session, cPacket explored how packet-level observability enables immediate detection of transport-layer issues like encoder faults, fiber/switch errors, and edge-to-cloud latency disruptions. They demonstrated how their observability solution, with real-time alerts, dynamic dashboards, and ServiceNow integration, empowers proactive monitoring and MTTR (Mean Time To Resolution) reduction across complex, long-path video delivery networks. Erik Rudin, Field CTO, introduced the scenario of live video streaming, emphasizing the critical importance of video quality for businesses. Ron Nevo, CTO, further detailed the intricate environment of live streaming, involving multiple cameras, production vans, cloud processing, transcoding, and distribution, all of which can introduce potential points of failure.
The core of cPacket’s approach is to deploy monitoring points throughout the video delivery path to quickly determine if an issue is network-related. For real-time video, the presence of even minimal packet loss is a clear indicator of a problem. cPacket’s solution continuously analyzes RTP (Real-time Transport Protocol) streams, triggering real-time alerts (e.g., via Slack) when packet loss increases. These alerts provide direct links to detailed analytics, allowing operators to pinpoint the exact location and nature of the fault, whether it’s a physical cable issue, a video machine problem, or a cloud link disruption. Furthermore, the system automatically creates tickets in existing IT service management tools like ServiceNow, ensuring that identified issues are integrated into the customer’s operational workflows for prompt resolution.
This use case exemplifies cPacket’s broader strategy for service assurance, focusing on delivering actionable insights rather than just raw data. By acquiring and contextualizing packet data at line rate, integrating it into existing ecosystems, and leveraging AI for anomaly detection, cPacket aims to proactively identify and prevent service degradations. The emphasis is on improving the triage process and providing measurable outcomes, such as reduced MTTR and improved customer experience. The session underscored that AI serves as an augmentation to existing analytics, enhancing the ability to predict and prevent outages by identifying subtle patterns like under/overutilized links and their correlation to service degradation or security concerns.
Personnel: Erik Rudin, Ron Nevo
cPacket Service Assurance: MTTR Reduction
Watch on YouTube
Watch on Vimeo
When service disruptions or connection issues impact key applications, speed of diagnosis is everything. This session highlighted how cPacket enables real-time monitoring, anomaly detection, and triage using packet-level data. It showcased how IT teams can use LLM-powered interaction, Observability AI baselining, and SIEM integration to accelerate resolution, reduce MTTI/MTTR, and deliver a better user experience across distributed infrastructure and business-critical workflows. Erik Rudin, Field CTO, set the stage by describing a reactive scenario where users are experiencing application issues, and the network appears normal initially. Ron Nevo, CTO, presented a real-world example from a large bank where a specific branch experienced intermittent remote desktop access failures due to a WAN acceleration device adding significant latency. This underscored the challenge of pinpointing issues in complex, multi-hop network paths without pervasive monitoring.
cPacket’s approach to reducing MTTR involves enhancing the user experience through AI-powered interaction. Instead of manually sifting through logs and dashboards, network operators can “chat” with the system, asking natural language questions to gain insights into service performance. The LLM (Large Language Model), in conjunction with AI agents and the MCP (Model Context Protocol), helps to process and contextualize data. A crucial aspect is Observability AI baselining, where cPacket’s machine learning pipeline automatically establishes baselines for various network metrics, accounting for service, time of day, and day of week. This allows the system to identify deviations from normal behavior, even if not immediately surfaced as an alert, and visually present these anomalies against the baseline to the user.
While acknowledging that advanced network engineering knowledge is still valuable, the aim is to simplify the troubleshooting process. The system can identify logical and physical network topologies and pinpoint where latency or other issues reside within the path. This AI-assisted workflow accelerates triage by providing relevant data and insights, shortening the time to detect, understand context, and identify the responsible component or team. cPacket emphasizes that this integration with existing IT workflows–including SIEM, ticketing systems like ServiceNow, and communication platforms like Slack–is critical for achieving measurable outcomes and continuous improvement in service delivery. The ultimate goal is to empower human operators with intelligent tools that streamline diagnostics and decision-making, rather than completely automating the resolution process.
Personnel: Erik Rudin, Ron Nevo
cPacket Proactive Service Assurance and Compliance
Watch on YouTube
Watch on Vimeo
Latency issues don’t always wait for end users to notice and neither should your operations team. In this session, cPacket demonstrated how they enable proactive latency detection using leading indicators, full-path packet monitoring, and anomaly detection. With integrations into LLM-powered workflows and platforms like Slack and ITSM, teams can resolve issues faster, tune alerts more precisely, and continuously improve visibility through real-time data and trend reporting. The core focus was on achieving proactive service assurance, shifting from a reactive “firefighting” model to one where issues are identified and resolved before they impact users, ideally reducing human-created incidents.
Ron Nevo elaborated on this “nirvana” state, where network operators can proactively assess network health using cPacket’s Observability AI. The system processes trillions of packets to distill vast amounts of data into a manageable handful of “insights,” highlighting what’s most important for a specific operator’s responsibilities. A key use case demonstrated this: querying the system for new insights over the past 24 hours. The LLM (Large Language Model) identified client latency issues and resource utilization problems on a core engineering server. While the interaction still requires a certain level of network engineering sophistication to interpret the insights, the goal is to simplify the discovery process and guide operators to critical areas.
cPacket’s approach relies on dynamic baselining, where the AI learns normal network behavior over time across various metrics and services, detecting anomalies that might indicate a problem before an outage occurs. While the presented prompts were complex, the long-term vision is to abstract this complexity, making the system more intuitive and capable of providing precise, actionable guidance. The ultimate value lies in accelerating the triage process, shortening the Mean Time To Detect (MTTD) and Mean Time To Resolve (MTTR) by integrating AI-driven insights with existing workflows and tools like Slack and ServiceNow. This approach aims to augment human operators, providing them with a powerful tool to proactively manage the network and ensure continuous service reliability.
Personnel: Erik Rudin, Ron Nevo
cPacket NOC–SOC Convergence: Compliance
Watch on YouTube
Watch on Vimeo
At Security Field Day 13, cPacket explored how Network Observability empowers SecOps teams to elevate their threat detection and response. In this session, they shifted the lens to NetOps, examining the growing convergence between NOC (Network Operations Center) and SOC (Security Operations Center) workflows. As performance and security become inseparable in hybrid and zero-trust environments, NetOps teams must adopt tools and practices that support both operational resilience and threat visibility. cPacket demonstrated how packet-based observability bridges this gap, enabling NetOps to detect lateral movement, validate policy compliance, and collaborate more effectively with security teams through shared context and real-time data. They emphasized that security is a top concern for all organizations, and the network provides crucial insights to surface issues like malware and vulnerabilities.
Ron Nevo explained how cPacket’s solution empowers NetOps to contribute significantly to the organization’s security posture. Their Deep Packet Inspection (DPI) engine extracts relevant information from every session, including DNS queries and HTTPS queries, even from encrypted traffic (e.g., domain names, TLS certificate validity). This raw data can be used to generate dashboards and reports that feed into security tools. A compelling demonstration involved using an LLM (Large Language Model) to prompt the system to generate a Grafana dashboard tailored to specific HIPAA regulations. This highlights the platform’s ability to create customized compliance reports without requiring deep knowledge of the underlying visualization tools, extending the reach of network observability for security and auditing purposes.
The discussion acknowledged that while AI can create sophisticated reports and highlight suspicious activities (e.g., identifying suspicious domain names by filtering out known benign traffic), human expertise remains crucial for validation and full compliance. The goal is not to replace human operators but to provide them with powerful tools that streamline data analysis, automate report generation, and surface critical insights. By integrating network insights directly into SOC tools and workflows, cPacket enables proactive detection of anomalies and alerts, strengthening the overall security posture and fostering better collaboration between network and security teams. The ultimate aim is to provide the right data to the right person or tool at the right time, enhancing the ability to respond to and prevent security incidents.
Personnel: Erik Rudin, Ron Nevo
cPacket Observability for AI
Watch on YouTube
Watch on Vimeo
Modern AI workloads rely on high-performance, low-latency GPU clusters, but traditional observability tools fall short in diagnosing issues across these dense, distributed environments. In this session, cPacket explored how they augment GPU and storage telemetry (DCGM/NVML/IOPS) with full-fidelity packet insights. They covered how to correlate job scheduling, retransmissions, queue depth, and tensor-core utilization in real time, and how to establish performance baselines, auto-trigger mitigations, integrate with SRE dashboards, and continuously tune topologies for maximum AI throughput and resource efficiency. Erik Rudin and Ron Nevo introduced the emerging challenge of AI factories moving into enterprises, contrasting these inference workloads with the well-understood elephant flows of AI training in hyperscale data centers. Inference presents unique, less-understood traffic patterns, often driven by user or agent interactions and characterized by varying query-response ratios and KV cache management policies, all demanding optimal GPU utilization without sacrificing latency.
The core of cPacket’s solution for AI observability lies in supplementing traditional GPU telemetry with packet-level visibility, particularly on the north-south (front-end) network that connects AI clusters to the rest of the enterprise. This integration is crucial for pinpointing the exact source of latency (whether from the cluster, switch, or storage), identifying microbursts that internal switch telemetry might miss, and understanding session-level characteristics that impact AI workload performance. Unlike traditional network monitoring, which often falls short in these highly dynamic and dense environments, cPacket’s approach aims to provide the granular, real-time data necessary for continuous tuning and optimization of AI infrastructures.
Ultimately, cPacket emphasizes that observability for AI is essential for enterprises making significant investments in GPU workloads at the edge. The rapid evolution of AI necessitates a comprehensive approach that integrates packet insights, session metrics, and AI-driven analytics into existing SRE and NetOps workflows. This allows for proactive identification of anomalies, establishment of performance baselines, and continuous optimization of network topologies to ensure maximum AI throughput and resource efficiency, directly impacting the often high costs associated with AI downtime. The overarching message is to start with the business problem–understanding the specific challenges and desired outcomes for AI workloads–and then leverage cPacket’s integrated, open, and AI-infused platform to drive measurable improvements.
Personnel: Erik Rudin, Ron Nevo