Enhancing Cisco Networks with Gigamon // White Paper
|
|
- Dennis Sherman
- 8 years ago
- Views:
Transcription
1 The Smart Route To Visibility Enhancing Cisco s with Many Fortune 000 companies and beyond implement a Cisco switching architecture. When implementing a large scale Cisco network, the infrastructure to effectively monitor these networks is often overlooked. To monitor the networks customers will use Cisco technologies such as SPAN, RSPAN, ERSPAN, VACL. Many times these technologies are not scalable to support the diverse needs of network and security groups as they strive for maximum uptime within the network infrastructure. This white paper will discuss the various monitoring functions Cisco provides and how you can enhance these technologies using the Traffic Visibility Fabric and TAP solutions. and Non-VLAN traffic to be sent to the same port. In summary, SPAN sessions are good for spot analysis but are limited in terms of scaling to support company monitoring initiatives. SPAN ports are typically best for small to medium environments where monitoring needs are not great. Source Data Port Cisco SPAN SPAN stands for Switch Port Analyzer. The SPAN functionality is offered in all Cisco switching solutions. A SPAN port copies data SPAN Port from one or more source ports to a destination port. Figure shows an example of how the SPAN function operates. With most Cisco switching products, users are limited to two SPAN sessions per switch. For most large enterprises this is not suitable enough for monitoring purposes. In most large organizations between the network and security groups there are commonly four or more monitoring or analysis tools that all need to contend for the same data. Examples of some of the Figure Cisco SPAN example Inside a Cisco Switch data is copied from a network port (in this example the port the router is connected to) to a SPAN port which has a monitoring tool connected tools that are utilized are Application Performance Monitors, Intrusion Detection Tools, Data Recorders, Web Monitoring Tools, and many more. There are also limitations that prevent users from sending data from one source port to both of the available SPAN sessions as well as limitations that allow VLAN
2 The Smart Route To Visibility Enhancing Cisco s with Figure Cisco ERSPAN example Source Data In GRE Tunnel In GRE Tunnel Monitoring Tool Source Data In GRE Tunnel Routed Cisco RSPAN Cisco RSPAN stands for Remote Switch Port Analyzer. RSPAN works very much like SPAN with the exception that data can be sent between remote monitoring ports in the switching architecture using VTP and reflector ports. Users are only allowed to send data to two RSPAN destinations. Just like SPAN, data from the same source port or VLAN cannot be shared across the two sessions. RSPAN has additional configuration complexity as users have to configure the correct VTP domains on each switch that RSPAN data traverses. There is a potential for duplicate packets in RSPAN configurations. RSPAN ports will not pass Layer data as well. Originating switch with reflector port RSPAN VLAN RSPAN VLAN SPAN Data Monitoring Tool Figure CISCO RSPAN example Data on the originating switch is sent over a RSPAN VLAN created using VTP and Reflector Ports. Cisco ERSPAN ERSPAN stands for Encapsulated Remote SPAN. With ERSPAN data from remote switches can be forwarded to a source monitoring tool over a routed network or Internet using a GRE Tunnel that is configured on the Cisco Switches. ERSPAN is a feature that is only supported on Cisco Switches that support the Supervisor Engine 0 manufactured with PFCA. This means this feature is limited to a few Cisco switch families like the Catalyst 00 family. This functionality has not translated to the newer Cisco Nexus product line as an option. Packets of an ERSPAN session are tagged with a 0- byte header and replace the CRC. Items you need to be aware of are fragmented frames and jumbo frames. ERSPAN does not support fragmented frames and all switches have to be configured to support jumbo frames or else frames that increase past the 00 byte limit with the 0 byte tagged data will be dropped. Just like all other SPAN technologies you can only create two ERSPAN destinations per switch. ERSPAN requires additional configuration complexity to ensure that the tunneling and frame sizes are correct for proper routing of data. Cisco VACL VACL stands for VLAN Access List. VACLs overcome most SPAN limitations in addition to providing the ability to filter for certain types of traffic such as a TCP port or IP Address. VACLs are ACLs that only apply to data within a VLAN that are separate from ACLs that would be used in router configurations. The maximum number of VACLs a switch can support is determined
3 Batt Mgmnt () A B A B Batt Mgmnt () OUT OUT OUT OUT OUT OUT A B A B Mgmnt () Batt OUT OUT OUT OUT A B A B OUT OUT The Smart Route To Visibility Enhancing Cisco s with by the amount of VLANs in a switch. For example if a switch only has configured VLANs then you can create VACL capture ports. Users will mainly use VACLs to free up SPAN resources as a bandaid to a complete monitoring infrastructure. Configuring VACLs is usually reserved for more senior networking staff as VACLs require the most configuration attention of all the Cisco Visibility Technologies. Many users can mistakenly block data from the VACL capture port if care is not taken when configuring the VACL. Like SPAN s, VACLs source data cannot be sent to multiple VACLs limiting the benefit of having extra VACL ports as many times monitoring tools will have to see many VLANs at once leaving the user with one or two VACL capture ports that can be used. GigaVUE Traffic Visibility Nodes GigaVUE Traffic Visibility Nodes are purpose built appliances create an out-of-band network that provides enhanced visibility to all monitoring, data capture, and security tools. With Traffic Visibility Nodes users can connect inputs and aggregate, replicate, and filter data all at line-rate speeds to any number of tools. Users can connect SPAN s, RSPAN s, VACL s, ERSPAN, and TAP input ports to control the traffic flow from all network inputs to all monitoring inputs. ou can think of the Traffic Visibility Node as the central hub of your monitoring infrastructure that is becoming a key component in new 0G and G data centers. Load-Balancing data from multiple 0G and G network links to multiple 0G and G network tool interfaces Advanced features such as time-stamping, port tagging, and packetslicing Source Data port that belongs to VLAN 00 VLAN 00, IP... VACL Port Monitoring Tool Figure Cisco VACL example Data from IP address... in VLAN 00 is forwarded to a VLAN capture port T R T R T T There are many benefits that users can gain by implementing a Traffic Visibility Node such as GigaVUE: Eliminating SPAN, RSPAN, ERSPAN, VACL contention issues Providing secure access to monitoring data Accessing 0G network links with G monitoring tools Enabling visibility into data across asymmetric links Filtering of any field Layer - within a packet as well as userdefined filters that delve deeper into packet structures Consolidating monitoring resources to one centrally managed location G-Tap Switch Switch Monitoring Tool Figure Logical TAP Traffic Flow Diagram G-TAP A-T G-TAP A-T G-TAP A-T Figure G-TAP and G-TAP A-Series TAP s
4 Batt Mgmnt () A B A B G-TAP A-Tx 0GigaPORT- GigaVUE-0MB Mgmt 0GigaPORT- 0/00/000 (SFP) G G G G G G G G SLOT 9 SLOT G-G - SLOT Mgmt 0/00/000 G G/0G The Smart Route To Visibility Enhancing Cisco s with Figure Sample configuration in a Flat GigaVUE- GigaVUE-0 G Monitoring Tools Figure Example of Flow Mapping technology 0G Map-Rule 0G R Map-Rule 0G VACL Data Map-Rule Map-Rule 0G ER Map-Rule Map-Rule G Full-Duplex Tap Data The Map-Rules represent different flows that are strategically directed to the monitoring ports G-TAP A-Tx Ingress and Egress Port Filters can applied in addition to Map-Rules GigaVUE Data Access Switch
5 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- GigaVUE- Mgmt 0/00/000 G G/0G SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT S ystems Mgmnt 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga PORT SLOT 9 SLOT G-G - SLOT 0GigaPORT- GigaVUE-0MB 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0/00/000 (SFP) G G G G G G G G 0GigaPORT- SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT The Smart Route To Visibility Enhancing Cisco s with Flow Mapping The key technology that enables these benefits in GigaVUE is the patented Flow Mapping technology. Flow Mapping creates traffic distribution maps that can direct traffic from any ingress traffic ports to any number of monitoring ports at linerate with no dropped traffic. Flow Mapping is different from port filtering that is found on other Traffic Visibility Nodes. engineers create Map rules that direct data to the desired monitoring port. Once a Map is created, input ports can be bound to the Map. This allows for dynamic changes to data flows that would be impossible using port filters as network engineers would have to change the filtering on each port individually. Using other technology such as collectors and pass-alls that are unique to, users can have access to unfiltered traffic while traffic is being filtered using the Map. This is functionality unique to and only. users can augment the power of the Flow Mapping technology by further reducing traffic loads on egress tool ports as well. All these features create a powerful Traffic Visibility Fabric. WAN Edge GigaVUE-0 GigaVUE-0 Core 0G and G Tool Farm Distribution Layer Data Center Fibre Channel SAN GigaVUE-0 Access Layer GigaVUE-0 GigaVUE-0 GigaVUE-0 0G Tool Farm VM Cluster VM Cluster GigaVUE- GigaSTREAM Diagram Legend Multi-Layer Switch GigaSTREAM Bundle G Link 0G Link Wireless Devices End User Workstations Access Switch TAP Connection Point G TAP Traffic Router 0G TAP Traffic Firewall Cascaded Traffic Figure Example of Flow Mapping technology
6 The Smart Route To Visibility Enhancing Cisco s with Figure 9 shows an example of a large Cisco network with a Traffic Visibility Fabric overlay. In this diagram all major switch to switch connections are tapped using G-TAP network TAP s or using integrated taps into the GigaVUE appliances. By tapping at strategic locations, network engineers have increased visibility into traffic. For example, by tapping the interface between the Internet and the firewall or the firewall and router, engineers can view all traffic coming into and out of the network from the internet. Because TAP s are used, all traffic at full line rate can be viewed without missing traffic or degrading the switch fabric. SPAN port traffic from the visibility nodes are routed to the GigaVUE appliance where all traffic can be aggregated, replicated, and filtered to multiple monitoring tools. In most new 0G infrastructures SPAN traffic is usually limited to the access layer as an easy way to view end-user traffic. All GigaVUE appliances are stacked together or cascaded to be controlled from one central interface that can dynamically route specific traffic to specific tool ports. This aids in decreasing resolution times and increased performance of monitoring and capture tools as they are only receiving the traffic that they desire. About provides intelligent Traffic Visibility ing solutions for enterprises, data centers and service providers around the globe. Our technology empowers infrastructure architects, managers and operators with unmatched visibility into the traffic traversing both physical and virtual networks without affecting the performance or stability of the production environment. Through patented technologies, the GigaVUE portfolio of high availability and high density products intelligently delivers the appropriate network traffic to security, monitoring or management systems. With over seven years experience designing and building intelligent traffic visibility products in the US, serves the vertical market leaders of the Fortune 000 and has an install base spanning 0 countries. For more information about our products visit: Conclusion By leveraging the power of GigaVUE devices network engineers utilizing Cisco networks and monitoring technology such as SPAN, RSPAN, and VACL can improve flexibility, performance, and security of monitored data as the data is routed to various monitoring, capture, and security tools. A Traffic Visibility Fabric allows network engineers to future proof their monitoring infrastructure for speeds today and tomorrow. Copyright 0, LLC. All rights reserved., GigaVUE, GigaSMART, G-TAP, Flow Mapping are registered trademarks of, LLC and/or affiliates in the United States and certain other countries. Visibility Fabric, Traffic Visibility Fabric (TVF), Citrus, and The Smart Route To Visibility are trademarks of. All other trademarks are the property of their respective owners. 9 Gibraltar Drive Milpitas, CA 90 PH
Enhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationEnd-to-End Visibility
End-to-End Visibility for Your Cisco Infrastructure SOLUTIONS GUIDE GIGAMON TABLE OF Contents Introduction... 1 Overview of Cisco Technologies... 1.Monitoring Cisco Application Centric Infrastructure (ACI)...
More informationSolutions Guide End-to-End Visibility for Your Cisco Infrastructure
Solutions Guide End-to-End Visibility for Your Cisco Infrastructure Table of Contents Introduction 3 Overview of Cisco Technologies 3 Monitoring Cisco Centric Infrastructure (ACI) 3 CISCO 40Gb BiDi Links
More informationSecure Access Complete Visibility
PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web
More informationTraffic Visibility Fabric for Revenue and Differentiation in the Cloud Provider Market // White Paper
Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Market Cloud provider landscape and challenge As a Cloud Service (CSP) there are many services that you can offer. Based on your core
More informationVisibility into the Cloud and Virtualized Data Center // White Paper
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
More informationIntelligent Data Access Networking TM
Gigamon TM delivers intelligent data access solutions to enhance monitoring of service provider and enterprise data centers. The company s world-renowned GigaVUE orange boxes aggregate, filter and replicate
More informationVisibility in the Modern Data Center // Solution Overview
Introduction The past two decades have seen dramatic shifts in data center design. As application complexity grew, server sprawl pushed out the walls of the data center, expanding both the physical square
More informationDifferentiating Your Healthcare Institution While Improving Profitability // White Paper
The Smart Route To Visibility Healthcare, an industry in transition your services and healthcare professionals online through The demand for high-quality, safe and low-cost healthcare web portals, mobile
More informationEnabling Visibility for Wireshark across Physical, Virtual and SDN. Patrick Leong, CTO Gigamon
Enabling Visibility for Wireshark across Physical, Virtual and SDN Patrick Leong, CTO Gigamon 1 Agenda A review of the network then and now Challenges in network monitoring and security Introduction to
More informationWhitepaper Unified Visibility Fabric A New Approach to Visibility
Whitepaper Unified Visibility Fabric A New Approach to Visibility Trends Networks continually change and evolve. Many trends such as virtualization and cloud computing have been ongoing for some time.
More informationActive Visibility for Multi-Tiered Security // Solutions Overview
Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern
More informationIn-Band Security Solution // Solutions Overview
Introduction The strategy and architecture to establish and maintain infrastructure and network security is in a rapid state of change new tools, greater intelligence and managed services are being used
More informationOut-of-Band Security Solution // Solutions Overview
Introduction A few years ago, IT managed security using the hard outer shell approach and established walls where traffic entered and departed the network assuming that the risks originated outside of
More informationRedefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance
White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,
More informationThe Visibility Fabric Architecture A New Approach to Traffic Visibility // White Paper
The Smart Route To Visibility We live in exciting times with business and society embracing Virtualization and Cloud Computing work and lifestyles that are enhanced and enabled through Organizations are
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationWhat s New in VMware vsphere 5.5 Networking
VMware vsphere 5.5 TECHNICAL MARKETING DOCUMENTATION Table of Contents Introduction.................................................................. 3 VMware vsphere Distributed Switch Enhancements..............................
More informationActive Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA
Active Visibility for Multi-Tiered Security Juergen Kirchmann Director Enterprise Sales EMEA Billions are Spent on Security Annually $18.4B SPENT BY ENTERPRISES WORLD-WIDE ON SECURITY IN 2014 ENTERPRISE
More informationCisco Network Analysis Module Software 4.0
Cisco Network Analysis Module Software 4.0 Overview Presentation Improve Operational Efficiency with Increased Network and Application Visibility 1 Enhancing Operational Manageability Optimize Application
More informationCisco Dynamic Workload Scaling Solution
Cisco Dynamic Workload Scaling Solution What You Will Learn Cisco Application Control Engine (ACE), along with Cisco Nexus 7000 Series Switches and VMware vcenter, provides a complete solution for dynamic
More informationCisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches
Implementing Cisco Catalyst 6500 Series Switches (RSCAT6K) Fast Lane is proud to be once again on the cutting edge with this intensive 3-day Authorized course on the latest features and functionality of
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationVisibility into the Cloud and Virtualized Data Center // White Paper
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationTechnical Bulletin. Enabling Arista Advanced Monitoring. Overview
Technical Bulletin Enabling Arista Advanced Monitoring Overview Highlights: Independent observation networks are costly and can t keep pace with the production network speed increase EOS eapi allows programmatic
More informationSPAN Port or TAP? TAP is the only viable data access technology for today s business critical networks
TAP is the only viable data access technology for today s business critical networks Is SPAN port a viable data access technology for today s business critical networks, especially with today s ever increasing
More informationDisaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs
Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more
More informationPacket Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring
Packet Optimization & Visibility with Wireshark and PCAPs Gordon Beith Director of Product Management VSS Monitoring 1 Market Trends - Innovation MOBILE LTE INFRASTRUCTURE COMPLEXITY BIG DATA BUSINESS
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationI1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise
I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise J. Scott Haugdahl Architect, Blue Cross Blue Shield MN; scott_haugdahl@bluecrossmn.com Formerly Asst. VP, Architect,
More informationAny-to-any switching with aggregation and filtering reduces monitoring costs
Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationJuniper / Cisco Interoperability Tests. August 2014
Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper
More informationESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK
VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was
More informationEfficient Network Monitoring Access
Abstract Organizations that rely on the reliability, security, and performance of their networks can no longer afford to wait for outages or security breaches to occur before installing test access points.
More informationIncrease Simplicity and Improve Reliability with VPLS on the MX Series Routers
SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation
More informationThe ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager
The - Cisco Connection, and how it interacts with Cisco's CallManager Executive Brief The installation of Teleformix's digital recording solution requires no changes to a Cisco-equipped Private Branch
More informationNetwork Management for Common Topologies How best to use LiveAction for managing WAN and campus networks
Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction
More informationExpert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor
More informationStretched Active- Active Application Centric Infrastructure (ACI) Fabric
Stretched Active- Active Application Centric Infrastructure (ACI) Fabric May 12, 2015 Abstract This white paper illustrates how the Cisco Application Centric Infrastructure (ACI) can be implemented as
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationExtending Network Visibility by Leveraging NetFlow and sflow Technologies
Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks
More informationFlow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION...
Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST 1.3 MIRROR EXAMPLES 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-1... 1-2... 1-3 CHAPTER
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking
More informationGigaVUE-420. The Next Generation. Data Access Switch. Gigamon Systems. Intelligent Data Access Networking
GigaVUE-420 The Next Generation Data Access Switch Gigamon Systems Intelligent Data Access Networking GigaVUE is a Data Socket Part of the Reliable Network Infrastructure Plug-in multiple out-of-band tools
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationLAN Switching and VLANs
26 CHAPTER Chapter Goals Understand the relationship of LAN switching to legacy internetworking devices such as bridges and routers. Understand the advantages of VLANs. Know the difference between access
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationRouting Security Server failure detection and recovery Protocol support Redundancy
Cisco IOS SLB and Exchange Director Server Load Balancing for Cisco Mobile SEF The Cisco IOS SLB and Exchange Director software features provide a rich set of server load balancing (SLB) functions supporting
More informationDigi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
More informationFlow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 SFLOW CONFIGURATION... 2-1 CHAPTER 3 RSPAN CONFIGURATION...
Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST... 1-1 1.3 MIRROR EXAMPLES... 1-2 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-3 CHAPTER
More informationMulti Stage Filtering
Multi Stage Filtering Technical Brief With the increasing traffic volume in modern data centers, largely driven by e-business and mobile devices, network and application performance monitoring has become
More informationMonitoring Load-Balancing Services
CHAPTER 8 Load-balancing is a technology that enables network traffic to follow multiple paths to a specific destination. It distributes incoming service requests evenly among multiple servers in such
More informationDeploying Probes and Analyzers in an Enterprise Environment
Network Instruments White Paper Deploying Probes and Analyzers in an Enterprise Environment As an IT manager, you need visibility into every corner of the network, from the edge to the core. A distributed
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationCisco NetFlow Generation Appliance (NGA) 3140
Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance
More informationWhitepaper Active Visibility into SSL Traffic for Multi-tiered Security
Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security Faced with a landscape of dynamic and expanding threats, many organizations today are compelled to take a multi-tiered approach to
More informationExpert Reference Series of White Papers. VMware vsphere Distributed Switches
Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationEnterprise Data Center Topology
CHAPTER 2 This chapter provides a detailed description on how to harden and modify enterprise data center topologies for data center security. It includes the following sections: Overview Network Design
More informationVirtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches
Virtual Networking Features of the vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches What You Will Learn With the introduction of ESX, many virtualization administrators are managing virtual
More informationEVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE
EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need
More informationNet Optics Learning Center Presents The Fundamentals of Passive Monitoring Access
Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access 1 The Fundamentals of Passiv e Monitoring Access Copy right 2006 Net Optics, Inc. Agenda Goal: Present an overview of Tap
More informationRECORDING VoIP TRAFFIC via PORT MIRRORING
Recording. Solutions. Redefined. OrecX will easily record your VoIP traffic once your VoIP traffic is seen on the server interface. Use (SPAN, port spanning or port monitoring) to get the right traffic
More informationTransparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG
Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG This document provides best-practice guidance for Brocade ServerIron ADC deployments using Transparent Cache Switching (TCS) with
More informationCisco Nexus 1000V Switch for Microsoft Hyper-V
Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.
More informationExpert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center
Expert Reference Series of White Papers Planning for the Redeployment of Technical Personnel in the Modern Data Center info@globalknowledge.net www.globalknowledge.net Planning for the Redeployment of
More informationChoosing Tap or SPAN for Data Center Monitoring
Choosing Tap or SPAN for Data Center Monitoring Technical Brief Key Points Taps are passive, silent, and deliver a perfect record of link traffic, but require additional hardware and create a point of
More informationVirtualizing the SAN with Software Defined Storage Networks
Software Defined Storage Networks Virtualizing the SAN with Software Defined Storage Networks Introduction Data Center architects continue to face many challenges as they respond to increasing demands
More informationNet Optics and Cisco NAM
When Cisco decided to break its Network Analysis Module (NAM) out of the box and into a stand-alone appliance, they turned to Net Optics for monitoring access connectivity. Cisco NAM 2200 Series Cisco
More informationUnderstanding Flow and Packet Deduplication
WHITE PAPER Understanding Flow and Packet Deduplication Riverbed Technical Marketing 2012 Riverbed Technology. All rights reserved. Riverbed, Cloud Steelhead, Granite, Interceptor, RiOS, Steelhead, Think
More informationFiber Channel Over Ethernet (FCoE)
Fiber Channel Over Ethernet (FCoE) Using Intel Ethernet Switch Family White Paper November, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR
More informationSave Budget Dollars using Smart Data Access Technology
Save Budget Dollars using Smart Data Access Technology Data Centers can benefit from Smart Data Access Technology Fall 2011 Copyright 2011. Network Critical NA LLC. All Rights Reserved. 1. The data center
More informationOverview of Routing between Virtual LANs
Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information
More informationIntel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family
Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL
More informationCisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time
Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------
More informationCisco 7600 Series Routers Cisco 7600 Series: Ethernet Services 20G Line Cards for Carrier Ethernet
. Data Sheet Cisco 7600 Series Routers Cisco 7600 Series: Ethernet Services 20G Line Cards for Carrier Ethernet The Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Cards utilize an extensible design
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationQfiniti Enterprise and VoIP for Avaya. Qfiniti Enterprise and VoIP. An etalk Technical White Paper
Qfiniti Enterprise and VoIP for Avaya Qfiniti Enterprise and VoIP An etalk Technical White Paper Table of Contents etalk Product Briefing...3 Integration Overview...3 VoIP Connection...4 Layer 2 Connectivity...4
More informationCisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches
White Paper Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches What You Will Learn Network Traffic monitoring using taps and Switched Port Analyzer (SPAN) is not a new
More informationFibre Channel over Ethernet in the Data Center: An Introduction
Fibre Channel over Ethernet in the Data Center: An Introduction Introduction Fibre Channel over Ethernet (FCoE) is a newly proposed standard that is being developed by INCITS T11. The FCoE protocol specification
More informationWHITE PAPER. Network Virtualization: A Data Plane Perspective
WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable
More informationSOFTWARE-DEFINED NETWORKING AND OPENFLOW
SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control
More informationIntroduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre
Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre Wilfried van Haeren CTO Edgeworx Solutions Inc. www.edgeworx.solutions Topics Intro Edgeworx Past-Present-Future
More informationLab 5.5.3 Developing ACLs to Implement Firewall Rule Sets
Lab 5.5.3 Developing ACLs to Implement Firewall Rule Sets All contents are Copyright 1992 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 8 Device Interface
More informationVMware vshield App Design Guide TECHNICAL WHITE PAPER
ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications
More informationCertes Networks Layer 4 Encryption. Network Services Impact Test Results
Certes Networks Layer 4 Encryption Network Services Impact Test Results Executive Summary One of the largest service providers in the United States tested Certes Networks Layer 4 payload encryption over
More informationvsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01
ESXi 5.0 vcenter Server 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationAvoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology
Avoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology Sujal Das Product Marketing Director Network Switching Karthik Mandakolathur Sr Product Line
More informationAnalyzing Full-Duplex Networks
Analyzing Full-Duplex Networks There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports), or full-duplex TAPs are the three
More informationNetworking Devices. Lesson 6
Networking Devices Lesson 6 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Network Interface Cards Modems Media Converters Repeaters and Hubs Bridges and
More information- Hubs vs. Switches vs. Routers -
1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing
More informationTechnical Note. ForeScout CounterACT: Virtual Firewall
ForeScout CounterACT: Contents Introduction... 3 What is the vfw?.... 3 Technically, How Does vfw Work?.... 4 How Does vfw Compare to a Real Firewall?.... 4 How Does vfw Compare to other Blocking Methods?...
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationConfiguring Network Address Translation (NAT)
8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and
More information