It's certainly possible to monitor all the traffic in a network, packet by packet. The problem lies in doing it cheaply enough — and then doing something useful with the truckloads of data you've just collected.

Startup Jolata claims to do both. It's built a network monitoring system that watches everything, absolutely everything, and lets an operator peer into the results with 100-ms precision.

Which is great, but there's a third problem to solve: finding a milieu where these capabilities can be put to a concrete, practical use, instead of just being nifty to talk about.

Jolata has started to crack that one, too, with mobile carriers that have used the company's software to decode network problems that had been relegated to the X-Files.

But the 2-year-old startup suspects it can do more. It's using next week's Interop show in Las Vegas as a coming-out party, to take advantage of the concentration of media there but also to bend the ears of potential data-center and enterprise customers.

Founded by Charles Barry, who in 2011 sold startup Brilliant Telecommunications to Juniper for $4.5 million, Jolata watches the network through software-based meters placed at key spots — the network core, or the gateways sitting at the boundaries between networks, for instance.

The platform is called Truflow, and while it does a powerful job interpreting that data, a lot of its intellectual property involves simply collecting the data. Truflow's agents send metadata about every packet to a common database. Some of the information is simple, such as the packet header, but Jolata also assigns a unique ID to each packet, which helps Truflow recognize flows in the network.

That's in contrast to most monitoring approaches, which sample packets periodically and use extrapolation to figure out what's been happening.

"We're looking at up to every single packet in a network, in real time, over an extended period of time," CEO John Loiacono says. "Now, the more important thing than packet identifications is to look at flows — I want to identify that, 'Oh, that's a voice call.' So while we say we're at the packet level, what we're really looking at are flows."

Jolata monitors at the nanosecond level and presents its data in 100-ms snapshots. The company is working on 1 ms reports for the financial industry's sake, Loiacono.

All this metadata gets stored in a database for examination later. Data at a granularity of one hour is saved forever. Data at the 100-ms level sticks around for just one to seven days, depending on customer preference, but it takes up the majority of the database — 70 percent is one ballpark figure Barry suggested.

Truflow provides a slick web portal for presenting this information. It can tell you what paths each packet took, for instance, or how a flow behaved overall. The data is presented within five seconds of the actual events (typical network monitoring takes 15 to 30 seconds at best, Barry says).

Some of the portal views are creative and do seem visually helpful. Chord view, as Jolata calls it, places the network nodes in a circle, representing node interconnections with colored lines across the circle's interior. It's a quick-glance way of seeing which connections aren't keeping up with traffic; you can see it in the top-right-hand corner of the diagram at right.

The 1.0 version of Truflow is due to come out at the end of this month, but the system has been in some wireless carriers' hands for a while, and it's produced some surprises.

Jolata's most prized case study comes from one European carrier aiming for 40-ms round-trip latency between the edge and the core. The operator was meeting that goal on average but still running into occasional performance problems.

In collecting its network snapshots, using only four meters around the network, Truflow isolated the spikes of latency. They were too brief to offset the average network performance but vicious enough to cause noticeable problems. And it wasn't happening in the access network, as suspected, but in the network core, where the carrier had assumed its 10-Gb/s connections could handle the traffic.

"They were absolutely stunned by that," Barry says. "Not only the magnitude but the fact that it was in the core at all."

This example might provide Jolata's bridge to the SDN and data center worlds, because the problem turned out to be the number of packets being transmitted per second. The bandwidth was manageable, but the work to process each packet was killing the core. And that's a problem that could affect any environment that uses small packets — network virtualization and the Internet of Things being two candidates.

"As we go to SDN and more virtualization, the limitation is in the computation — that's my opinion. That's what I saw here," Barry says.

So, some of the gory details. First: How do all these meters get into the network?

They're meant to be hosted by whatever CPU is driving the network gear at that point — whether it's physical gear or a server running virtual machines. So, deployment does take some effort — but some equipment vendors are embedding Jolata software into their gear, at the behest of carriers, Loiacono says.

Embedding the software won't always be practical, so Jolata also offers an appliance, smaller than a 1U server, that hosts a meter. The company is working on shrinking it down, embedding the meter in an SFP optical module, which could then be plugged into any unused port.

As for all that data that Truflow collects — it does require a massive database. Jolata supplies one that's For one "representative-sized, European country carrier," the size comes out to about 40 TBytes, Barry says.

(Photo: Loiacono (left) and Barry.)