Remember the days when all it took to control traffic on your network was to look at the TCP port numbers? Unfortunately, as soon as applications - especially applications that might be considered of questionable business value - became controllable, the writers of those applications also took steps to get around these controls.
Look at RealAudio's RealPlayer as an example. It was easy for corporate firewalls to block this application as long as the default port number was used. But then the option was added for using RealPlayer over port 80, making it look like any old browser traffic. And the next generation of applications even started using port-hopping to make them even more difficult to detect.
The good news is that the more sophisticated traffic management products can recognise applications based on the signature of the session. In fact, we understand that even encrypted traffic can be identified by the more sophisticated products based on the pattern of the traffic without having to inspect the content.
But even this capability doesn't necessarily mean that the work is over. Now you also have to decide whether the information being carried by a given traffic type has merit to your organisation.
The simplest example of this difficult decision is whether to allow browser traffic on your network. Once upon a time, browser traffic might have been blocked because it was assumed to signify users surfing the Internet instead of doing their jobs. But now that many corporate applications are becoming Web-based, browser traffic has moved from being a toy to a business necessity.
Peer-to-peer traffic is another example. One of the original peer-to-peer applications was KaZaA, which was used for a lot of file sharing under circumstances that are questionable at best. Now, however, the same technology is used by Skype, a peer-to-peer VoIP app that may indeed have excellent business benefits.
Consequently, in addition to having to make traffic management decisions up to Layer 7, enterprise network managers are being faced with making a "Layer 8" decision that involves a value judgement as to whether an application has merit.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials.Com