Enhancing Cisco Networks with Gigamon // White Paper

Size: px
Start display at page:

Download "Enhancing Cisco Networks with Gigamon // White Paper"

Transcription

1 The Smart Route To Visibility Enhancing Cisco s with Many Fortune 000 companies and beyond implement a Cisco switching architecture. When implementing a large scale Cisco network, the infrastructure to effectively monitor these networks is often overlooked. To monitor the networks customers will use Cisco technologies such as SPAN, RSPAN, ERSPAN, VACL. Many times these technologies are not scalable to support the diverse needs of network and security groups as they strive for maximum uptime within the network infrastructure. This white paper will discuss the various monitoring functions Cisco provides and how you can enhance these technologies using the Traffic Visibility Fabric and TAP solutions. and Non-VLAN traffic to be sent to the same port. In summary, SPAN sessions are good for spot analysis but are limited in terms of scaling to support company monitoring initiatives. SPAN ports are typically best for small to medium environments where monitoring needs are not great. Source Data Port Cisco SPAN SPAN stands for Switch Port Analyzer. The SPAN functionality is offered in all Cisco switching solutions. A SPAN port copies data SPAN Port from one or more source ports to a destination port. Figure shows an example of how the SPAN function operates. With most Cisco switching products, users are limited to two SPAN sessions per switch. For most large enterprises this is not suitable enough for monitoring purposes. In most large organizations between the network and security groups there are commonly four or more monitoring or analysis tools that all need to contend for the same data. Examples of some of the Figure Cisco SPAN example Inside a Cisco Switch data is copied from a network port (in this example the port the router is connected to) to a SPAN port which has a monitoring tool connected tools that are utilized are Application Performance Monitors, Intrusion Detection Tools, Data Recorders, Web Monitoring Tools, and many more. There are also limitations that prevent users from sending data from one source port to both of the available SPAN sessions as well as limitations that allow VLAN

2 The Smart Route To Visibility Enhancing Cisco s with Figure Cisco ERSPAN example Source Data In GRE Tunnel In GRE Tunnel Monitoring Tool Source Data In GRE Tunnel Routed Cisco RSPAN Cisco RSPAN stands for Remote Switch Port Analyzer. RSPAN works very much like SPAN with the exception that data can be sent between remote monitoring ports in the switching architecture using VTP and reflector ports. Users are only allowed to send data to two RSPAN destinations. Just like SPAN, data from the same source port or VLAN cannot be shared across the two sessions. RSPAN has additional configuration complexity as users have to configure the correct VTP domains on each switch that RSPAN data traverses. There is a potential for duplicate packets in RSPAN configurations. RSPAN ports will not pass Layer data as well. Originating switch with reflector port RSPAN VLAN RSPAN VLAN SPAN Data Monitoring Tool Figure CISCO RSPAN example Data on the originating switch is sent over a RSPAN VLAN created using VTP and Reflector Ports. Cisco ERSPAN ERSPAN stands for Encapsulated Remote SPAN. With ERSPAN data from remote switches can be forwarded to a source monitoring tool over a routed network or Internet using a GRE Tunnel that is configured on the Cisco Switches. ERSPAN is a feature that is only supported on Cisco Switches that support the Supervisor Engine 0 manufactured with PFCA. This means this feature is limited to a few Cisco switch families like the Catalyst 00 family. This functionality has not translated to the newer Cisco Nexus product line as an option. Packets of an ERSPAN session are tagged with a 0- byte header and replace the CRC. Items you need to be aware of are fragmented frames and jumbo frames. ERSPAN does not support fragmented frames and all switches have to be configured to support jumbo frames or else frames that increase past the 00 byte limit with the 0 byte tagged data will be dropped. Just like all other SPAN technologies you can only create two ERSPAN destinations per switch. ERSPAN requires additional configuration complexity to ensure that the tunneling and frame sizes are correct for proper routing of data. Cisco VACL VACL stands for VLAN Access List. VACLs overcome most SPAN limitations in addition to providing the ability to filter for certain types of traffic such as a TCP port or IP Address. VACLs are ACLs that only apply to data within a VLAN that are separate from ACLs that would be used in router configurations. The maximum number of VACLs a switch can support is determined

3 Batt Mgmnt () A B A B Batt Mgmnt () OUT OUT OUT OUT OUT OUT A B A B Mgmnt () Batt OUT OUT OUT OUT A B A B OUT OUT The Smart Route To Visibility Enhancing Cisco s with by the amount of VLANs in a switch. For example if a switch only has configured VLANs then you can create VACL capture ports. Users will mainly use VACLs to free up SPAN resources as a bandaid to a complete monitoring infrastructure. Configuring VACLs is usually reserved for more senior networking staff as VACLs require the most configuration attention of all the Cisco Visibility Technologies. Many users can mistakenly block data from the VACL capture port if care is not taken when configuring the VACL. Like SPAN s, VACLs source data cannot be sent to multiple VACLs limiting the benefit of having extra VACL ports as many times monitoring tools will have to see many VLANs at once leaving the user with one or two VACL capture ports that can be used. GigaVUE Traffic Visibility Nodes GigaVUE Traffic Visibility Nodes are purpose built appliances create an out-of-band network that provides enhanced visibility to all monitoring, data capture, and security tools. With Traffic Visibility Nodes users can connect inputs and aggregate, replicate, and filter data all at line-rate speeds to any number of tools. Users can connect SPAN s, RSPAN s, VACL s, ERSPAN, and TAP input ports to control the traffic flow from all network inputs to all monitoring inputs. ou can think of the Traffic Visibility Node as the central hub of your monitoring infrastructure that is becoming a key component in new 0G and G data centers. Load-Balancing data from multiple 0G and G network links to multiple 0G and G network tool interfaces Advanced features such as time-stamping, port tagging, and packetslicing Source Data port that belongs to VLAN 00 VLAN 00, IP... VACL Port Monitoring Tool Figure Cisco VACL example Data from IP address... in VLAN 00 is forwarded to a VLAN capture port T R T R T T There are many benefits that users can gain by implementing a Traffic Visibility Node such as GigaVUE: Eliminating SPAN, RSPAN, ERSPAN, VACL contention issues Providing secure access to monitoring data Accessing 0G network links with G monitoring tools Enabling visibility into data across asymmetric links Filtering of any field Layer - within a packet as well as userdefined filters that delve deeper into packet structures Consolidating monitoring resources to one centrally managed location G-Tap Switch Switch Monitoring Tool Figure Logical TAP Traffic Flow Diagram G-TAP A-T G-TAP A-T G-TAP A-T Figure G-TAP and G-TAP A-Series TAP s

4 Batt Mgmnt () A B A B G-TAP A-Tx 0GigaPORT- GigaVUE-0MB Mgmt 0GigaPORT- 0/00/000 (SFP) G G G G G G G G SLOT 9 SLOT G-G - SLOT Mgmt 0/00/000 G G/0G The Smart Route To Visibility Enhancing Cisco s with Figure Sample configuration in a Flat GigaVUE- GigaVUE-0 G Monitoring Tools Figure Example of Flow Mapping technology 0G Map-Rule 0G R Map-Rule 0G VACL Data Map-Rule Map-Rule 0G ER Map-Rule Map-Rule G Full-Duplex Tap Data The Map-Rules represent different flows that are strategically directed to the monitoring ports G-TAP A-Tx Ingress and Egress Port Filters can applied in addition to Map-Rules GigaVUE Data Access Switch

5 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- GigaVUE- Mgmt 0/00/000 G G/0G SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT S ystems Mgmnt 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga PORT SLOT 9 SLOT G-G - SLOT 0GigaPORT- GigaVUE-0MB 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0/00/000 (SFP) G G G G G G G G 0GigaPORT- SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT The Smart Route To Visibility Enhancing Cisco s with Flow Mapping The key technology that enables these benefits in GigaVUE is the patented Flow Mapping technology. Flow Mapping creates traffic distribution maps that can direct traffic from any ingress traffic ports to any number of monitoring ports at linerate with no dropped traffic. Flow Mapping is different from port filtering that is found on other Traffic Visibility Nodes. engineers create Map rules that direct data to the desired monitoring port. Once a Map is created, input ports can be bound to the Map. This allows for dynamic changes to data flows that would be impossible using port filters as network engineers would have to change the filtering on each port individually. Using other technology such as collectors and pass-alls that are unique to, users can have access to unfiltered traffic while traffic is being filtered using the Map. This is functionality unique to and only. users can augment the power of the Flow Mapping technology by further reducing traffic loads on egress tool ports as well. All these features create a powerful Traffic Visibility Fabric. WAN Edge GigaVUE-0 GigaVUE-0 Core 0G and G Tool Farm Distribution Layer Data Center Fibre Channel SAN GigaVUE-0 Access Layer GigaVUE-0 GigaVUE-0 GigaVUE-0 0G Tool Farm VM Cluster VM Cluster GigaVUE- GigaSTREAM Diagram Legend Multi-Layer Switch GigaSTREAM Bundle G Link 0G Link Wireless Devices End User Workstations Access Switch TAP Connection Point G TAP Traffic Router 0G TAP Traffic Firewall Cascaded Traffic Figure Example of Flow Mapping technology

6 The Smart Route To Visibility Enhancing Cisco s with Figure 9 shows an example of a large Cisco network with a Traffic Visibility Fabric overlay. In this diagram all major switch to switch connections are tapped using G-TAP network TAP s or using integrated taps into the GigaVUE appliances. By tapping at strategic locations, network engineers have increased visibility into traffic. For example, by tapping the interface between the Internet and the firewall or the firewall and router, engineers can view all traffic coming into and out of the network from the internet. Because TAP s are used, all traffic at full line rate can be viewed without missing traffic or degrading the switch fabric. SPAN port traffic from the visibility nodes are routed to the GigaVUE appliance where all traffic can be aggregated, replicated, and filtered to multiple monitoring tools. In most new 0G infrastructures SPAN traffic is usually limited to the access layer as an easy way to view end-user traffic. All GigaVUE appliances are stacked together or cascaded to be controlled from one central interface that can dynamically route specific traffic to specific tool ports. This aids in decreasing resolution times and increased performance of monitoring and capture tools as they are only receiving the traffic that they desire. About provides intelligent Traffic Visibility ing solutions for enterprises, data centers and service providers around the globe. Our technology empowers infrastructure architects, managers and operators with unmatched visibility into the traffic traversing both physical and virtual networks without affecting the performance or stability of the production environment. Through patented technologies, the GigaVUE portfolio of high availability and high density products intelligently delivers the appropriate network traffic to security, monitoring or management systems. With over seven years experience designing and building intelligent traffic visibility products in the US, serves the vertical market leaders of the Fortune 000 and has an install base spanning 0 countries. For more information about our products visit: Conclusion By leveraging the power of GigaVUE devices network engineers utilizing Cisco networks and monitoring technology such as SPAN, RSPAN, and VACL can improve flexibility, performance, and security of monitored data as the data is routed to various monitoring, capture, and security tools. A Traffic Visibility Fabric allows network engineers to future proof their monitoring infrastructure for speeds today and tomorrow. Copyright 0, LLC. All rights reserved., GigaVUE, GigaSMART, G-TAP, Flow Mapping are registered trademarks of, LLC and/or affiliates in the United States and certain other countries. Visibility Fabric, Traffic Visibility Fabric (TVF), Citrus, and The Smart Route To Visibility are trademarks of. All other trademarks are the property of their respective owners. 9 Gibraltar Drive Milpitas, CA 90 PH 0..0

Enhancing Cisco Networks with Gigamon // White Paper

Enhancing Cisco Networks with Gigamon // White Paper Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,

More information

End-to-End Visibility

End-to-End Visibility End-to-End Visibility for Your Cisco Infrastructure SOLUTIONS GUIDE GIGAMON TABLE OF Contents Introduction... 1 Overview of Cisco Technologies... 1.Monitoring Cisco Application Centric Infrastructure (ACI)...

More information

Solutions Guide End-to-End Visibility for Your Cisco Infrastructure

Solutions Guide End-to-End Visibility for Your Cisco Infrastructure Solutions Guide End-to-End Visibility for Your Cisco Infrastructure Table of Contents Introduction 3 Overview of Cisco Technologies 3 Monitoring Cisco Centric Infrastructure (ACI) 3 CISCO 40Gb BiDi Links

More information

Secure Access Complete Visibility

Secure Access Complete Visibility PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE PACKET CAPTURE APPLIANCE Intrusion Detection Switch TAP Data Recorder VoIP Analyzer Switch Secure Access Complete Visibility Web

More information

Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Provider Market // White Paper

Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Provider Market // White Paper Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Market Cloud provider landscape and challenge As a Cloud Service (CSP) there are many services that you can offer. Based on your core

More information

Visibility into the Cloud and Virtualized Data Center // White Paper

Visibility into the Cloud and Virtualized Data Center // White Paper Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.

More information

Intelligent Data Access Networking TM

Intelligent Data Access Networking TM Gigamon TM delivers intelligent data access solutions to enhance monitoring of service provider and enterprise data centers. The company s world-renowned GigaVUE orange boxes aggregate, filter and replicate

More information

Visibility in the Modern Data Center // Solution Overview

Visibility in the Modern Data Center // Solution Overview Introduction The past two decades have seen dramatic shifts in data center design. As application complexity grew, server sprawl pushed out the walls of the data center, expanding both the physical square

More information

Enabling Visibility for Wireshark across Physical, Virtual and SDN. Patrick Leong, CTO Gigamon

Enabling Visibility for Wireshark across Physical, Virtual and SDN. Patrick Leong, CTO Gigamon Enabling Visibility for Wireshark across Physical, Virtual and SDN Patrick Leong, CTO Gigamon 1 Agenda A review of the network then and now Challenges in network monitoring and security Introduction to

More information

Differentiating Your Healthcare Institution While Improving Profitability // White Paper

Differentiating Your Healthcare Institution While Improving Profitability // White Paper The Smart Route To Visibility Healthcare, an industry in transition your services and healthcare professionals online through The demand for high-quality, safe and low-cost healthcare web portals, mobile

More information

Whitepaper Unified Visibility Fabric A New Approach to Visibility

Whitepaper Unified Visibility Fabric A New Approach to Visibility Whitepaper Unified Visibility Fabric A New Approach to Visibility Trends Networks continually change and evolve. Many trends such as virtualization and cloud computing have been ongoing for some time.

More information

In-Band Security Solution // Solutions Overview

In-Band Security Solution // Solutions Overview Introduction The strategy and architecture to establish and maintain infrastructure and network security is in a rapid state of change new tools, greater intelligence and managed services are being used

More information

Solutions Guide End-to-End Visibility and Security for Your Cisco Infrastructure

Solutions Guide End-to-End Visibility and Security for Your Cisco Infrastructure Solutions Guide End-to-End Visibility and Security for Your Cisco Infrastructure Table of Contents Introduction 3 Overview of Cisco Technologies 3 Monitoring Cisco Centric Infrastructure (ACI) 3 CISCO

More information

Active Visibility for Multi-Tiered Security // Solutions Overview

Active Visibility for Multi-Tiered Security // Solutions Overview Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional security approaches such as firewalls and anti-virus protection are not equipped to mitigate and manage modern

More information

Out-of-Band Security Solution // Solutions Overview

Out-of-Band Security Solution // Solutions Overview Introduction A few years ago, IT managed security using the hard outer shell approach and established walls where traffic entered and departed the network assuming that the risks originated outside of

More information

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications,

More information

The Visibility Fabric Architecture A New Approach to Traffic Visibility // White Paper

The Visibility Fabric Architecture A New Approach to Traffic Visibility // White Paper The Smart Route To Visibility We live in exciting times with business and society embracing Virtualization and Cloud Computing work and lifestyles that are enhanced and enabled through Organizations are

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

Active Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA

Active Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA Active Visibility for Multi-Tiered Security Juergen Kirchmann Director Enterprise Sales EMEA Billions are Spent on Security Annually $18.4B SPENT BY ENTERPRISES WORLD-WIDE ON SECURITY IN 2014 ENTERPRISE

More information

Configuring SPAN and RSPAN

Configuring SPAN and RSPAN CHAPTER 23 This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used

More information

What s New in VMware vsphere 5.5 Networking

What s New in VMware vsphere 5.5 Networking VMware vsphere 5.5 TECHNICAL MARKETING DOCUMENTATION Table of Contents Introduction.................................................................. 3 VMware vsphere Distributed Switch Enhancements..............................

More information

Cisco Dynamic Workload Scaling Solution

Cisco Dynamic Workload Scaling Solution Cisco Dynamic Workload Scaling Solution What You Will Learn Cisco Application Control Engine (ACE), along with Cisco Nexus 7000 Series Switches and VMware vcenter, provides a complete solution for dynamic

More information

Cisco Network Analysis Module Software 4.0

Cisco Network Analysis Module Software 4.0 Cisco Network Analysis Module Software 4.0 Overview Presentation Improve Operational Efficiency with Increased Network and Application Visibility 1 Enhancing Operational Manageability Optimize Application

More information

Solution Overview Active Visibility for Multi-Tiered Security

Solution Overview Active Visibility for Multi-Tiered Security Solution Overview Active Visibility for Multi-Tiered Security Introduction Cyber threats are becoming ever more sophisticated and prevalent. Traditional edge and endpoint security approaches such as firewalls

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,

More information

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview Technical Bulletin Enabling Arista Advanced Monitoring Overview Highlights: Independent observation networks are costly and can t keep pace with the production network speed increase EOS eapi allows programmatic

More information

Cisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches

Cisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches Implementing Cisco Catalyst 6500 Series Switches (RSCAT6K) Fast Lane is proud to be once again on the cutting edge with this intensive 3-day Authorized course on the latest features and functionality of

More information

Visibility into the Cloud and Virtualized Data Center // White Paper

Visibility into the Cloud and Virtualized Data Center // White Paper Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business

More information

Whitepaper Gigamon Intelligent Flow Mapping

Whitepaper Gigamon Intelligent Flow Mapping Whitepaper Gigamon Intelligent Flow Mapping In today s competitive world where more and more business-critical applications are moving from the physical confines of the corporate organization to the Internet,

More information

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds

Virtual Private Cloud-as-a-Service: Extend Enterprise Security Policies to Public Clouds What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their

More information

Any-to-any switching with aggregation and filtering reduces monitoring costs

Any-to-any switching with aggregation and filtering reduces monitoring costs Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical

More information

Efficient Network Monitoring Access

Efficient Network Monitoring Access Abstract Organizations that rely on the reliability, security, and performance of their networks can no longer afford to wait for outages or security breaches to occur before installing test access points.

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts 1-800-COURSES www.globalknowledge.com vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor

More information

SPAN Port or TAP? TAP is the only viable data access technology for today s business critical networks

SPAN Port or TAP? TAP is the only viable data access technology for today s business critical networks TAP is the only viable data access technology for today s business critical networks Is SPAN port a viable data access technology for today s business critical networks, especially with today s ever increasing

More information

The ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager

The ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager The - Cisco Connection, and how it interacts with Cisco's CallManager Executive Brief The installation of Teleformix's digital recording solution requires no changes to a Cisco-equipped Private Branch

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Network Agent Quick Start

Network Agent Quick Start Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense

More information

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Expert Reference Series of White Papers. VMware vsphere Distributed Switches Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,

More information

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Extending Network Visibility by Leveraging NetFlow and sflow Technologies Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more

More information

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need

More information

I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise

I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise J. Scott Haugdahl Architect, Blue Cross Blue Shield MN; scott_haugdahl@bluecrossmn.com Formerly Asst. VP, Architect,

More information

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction

More information

Juniper / Cisco Interoperability Tests. August 2014

Juniper / Cisco Interoperability Tests. August 2014 Juniper / Cisco Interoperability Tests August 2014 Executive Summary Juniper Networks commissioned Network Test to assess interoperability, with an emphasis on data center connectivity, between Juniper

More information

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring Packet Optimization & Visibility with Wireshark and PCAPs Gordon Beith Director of Product Management VSS Monitoring 1 Market Trends - Innovation MOBILE LTE INFRASTRUCTURE COMPLEXITY BIG DATA BUSINESS

More information

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco NetFlow Generation Appliance (NGA) 3140 Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance

More information

Visibility for Security. A Security Delivery Platform: See More. Secure More.

Visibility for Security. A Security Delivery Platform: See More. Secure More. Visibility for Security A Security Delivery Platform: See More. Secure More. Our Vision 2 Gigamon Customers Today AS OF Q2 2015 Enterprise Service Providers TECHNOLOGY INDUSTRIAL RETAIL FINANCE HEALTHCARE

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Eric Choi < echoi@brocade.com> Senior Manager, Service Provider Business Unit, APJ 2012 Brocade Communications Systems, Inc. EPF 7 2012/09/17 Software-Defined Networking

More information

Extending Networking to Fit the Cloud

Extending Networking to Fit the Cloud VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at

More information

GigaVUE-420. The Next Generation. Data Access Switch. Gigamon Systems. Intelligent Data Access Networking

GigaVUE-420. The Next Generation. Data Access Switch. Gigamon Systems. Intelligent Data Access Networking GigaVUE-420 The Next Generation Data Access Switch Gigamon Systems Intelligent Data Access Networking GigaVUE is a Data Socket Part of the Reliable Network Infrastructure Plug-in multiple out-of-band tools

More information

Monitoring Load-Balancing Services

Monitoring Load-Balancing Services CHAPTER 8 Load-balancing is a technology that enables network traffic to follow multiple paths to a specific destination. It distributes incoming service requests evenly among multiple servers in such

More information

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads

Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads White Paper Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads What You Will Learn Application centric infrastructure (ACI) provides a robust transport

More information

RECORDING VoIP TRAFFIC via PORT MIRRORING

RECORDING VoIP TRAFFIC via PORT MIRRORING Recording. Solutions. Redefined. OrecX will easily record your VoIP traffic once your VoIP traffic is seen on the server interface. Use (SPAN, port spanning or port monitoring) to get the right traffic

More information

Fiber Channel Over Ethernet (FCoE)

Fiber Channel Over Ethernet (FCoE) Fiber Channel Over Ethernet (FCoE) Using Intel Ethernet Switch Family White Paper November, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR

More information

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG This document provides best-practice guidance for Brocade ServerIron ADC deployments using Transparent Cache Switching (TCS) with

More information

Virtualizing the SAN with Software Defined Storage Networks

Virtualizing the SAN with Software Defined Storage Networks Software Defined Storage Networks Virtualizing the SAN with Software Defined Storage Networks Introduction Data Center architects continue to face many challenges as they respond to increasing demands

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION...

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION... Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST 1.3 MIRROR EXAMPLES 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-1... 1-2... 1-3 CHAPTER

More information

Deploying Probes and Analyzers in an Enterprise Environment

Deploying Probes and Analyzers in an Enterprise Environment Network Instruments White Paper Deploying Probes and Analyzers in an Enterprise Environment As an IT manager, you need visibility into every corner of the network, from the edge to the core. A distributed

More information

Analysis of Network Segmentation Techniques in Cloud Data Centers

Analysis of Network Segmentation Techniques in Cloud Data Centers 64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology

More information

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric Stretched Active- Active Application Centric Infrastructure (ACI) Fabric May 12, 2015 Abstract This white paper illustrates how the Cisco Application Centric Infrastructure (ACI) can be implemented as

More information

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches Virtual Networking Features of the vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches What You Will Learn With the introduction of ESX, many virtualization administrators are managing virtual

More information

LAN Switching and VLANs

LAN Switching and VLANs 26 CHAPTER Chapter Goals Understand the relationship of LAN switching to legacy internetworking devices such as bridges and routers. Understand the advantages of VLANs. Know the difference between access

More information

Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches

Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches White Paper Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches What You Will Learn Network Traffic monitoring using taps and Switched Port Analyzer (SPAN) is not a new

More information

Routing Security Server failure detection and recovery Protocol support Redundancy

Routing Security Server failure detection and recovery Protocol support Redundancy Cisco IOS SLB and Exchange Director Server Load Balancing for Cisco Mobile SEF The Cisco IOS SLB and Exchange Director software features provide a rich set of server load balancing (SLB) functions supporting

More information

Understanding Flow and Packet Deduplication

Understanding Flow and Packet Deduplication WHITE PAPER Understanding Flow and Packet Deduplication Riverbed Technical Marketing 2012 Riverbed Technology. All rights reserved. Riverbed, Cloud Steelhead, Granite, Interceptor, RiOS, Steelhead, Think

More information

Overview of Routing between Virtual LANs

Overview of Routing between Virtual LANs Overview of Routing between Virtual LANs This chapter provides an overview of virtual LANs (VLANs). It describes the encapsulation protocols used for routing between VLANs and provides some basic information

More information

Multi Stage Filtering

Multi Stage Filtering Multi Stage Filtering Technical Brief With the increasing traffic volume in modern data centers, largely driven by e-business and mobile devices, network and application performance monitoring has become

More information

6.1. Why do LANs tend to use broadcast networks? Why not use networks consisting of multiplexers and switches?

6.1. Why do LANs tend to use broadcast networks? Why not use networks consisting of multiplexers and switches? TUTORIAL 2 (EKT 332) 6.1. Why do LANs tend to use broadcast networks? Why not use networks consisting of multiplexers and switches? Why broadcast network? -The computers in a LAN are separated by a short

More information

Qfiniti Enterprise and VoIP for Avaya. Qfiniti Enterprise and VoIP. An etalk Technical White Paper

Qfiniti Enterprise and VoIP for Avaya. Qfiniti Enterprise and VoIP. An etalk Technical White Paper Qfiniti Enterprise and VoIP for Avaya Qfiniti Enterprise and VoIP An etalk Technical White Paper Table of Contents etalk Product Briefing...3 Integration Overview...3 VoIP Connection...4 Layer 2 Connectivity...4

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 SFLOW CONFIGURATION... 2-1 CHAPTER 3 RSPAN CONFIGURATION...

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 SFLOW CONFIGURATION... 2-1 CHAPTER 3 RSPAN CONFIGURATION... Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST... 1-1 1.3 MIRROR EXAMPLES... 1-2 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-3 CHAPTER

More information

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was

More information

Switching in an Enterprise Network

Switching in an Enterprise Network Switching in an Enterprise Network Introducing Routing and Switching in the Enterprise Chapter 3 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Compare the types of

More information

Introduction to LAN Protocols

Introduction to LAN Protocols CHAPTER 2 Chapter Goals Learn about different LAN protocols. Understand the different methods used to deal with media contention. Learn about different LAN topologies. This chapter introduces the various

More information

Enterprise Data Center Topology

Enterprise Data Center Topology CHAPTER 2 This chapter provides a detailed description on how to harden and modify enterprise data center topologies for data center security. It includes the following sections: Overview Network Design

More information

Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security

Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security Faced with a landscape of dynamic and expanding threats, many organizations today are compelled to take a multi-tiered approach to

More information

Choosing Tap or SPAN for Data Center Monitoring

Choosing Tap or SPAN for Data Center Monitoring Choosing Tap or SPAN for Data Center Monitoring Technical Brief Key Points Taps are passive, silent, and deliver a perfect record of link traffic, but require additional hardware and create a point of

More information

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------

More information

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center Expert Reference Series of White Papers Planning for the Redeployment of Technical Personnel in the Modern Data Center info@globalknowledge.net www.globalknowledge.net Planning for the Redeployment of

More information

Save Budget Dollars using Smart Data Access Technology

Save Budget Dollars using Smart Data Access Technology Save Budget Dollars using Smart Data Access Technology Data Centers can benefit from Smart Data Access Technology Fall 2011 Copyright 2011. Network Critical NA LLC. All Rights Reserved. 1. The data center

More information

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Cisco Nexus 1000V Switch for Microsoft Hyper-V Data Sheet Cisco Nexus 1000V Switch for Microsoft Hyper-V Product Overview Cisco Nexus 1000V Switches provide a comprehensive and extensible architectural platform for virtual machine and cloud networking.

More information

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino

The Network Level in Local Area Networks. Fulvio Risso Politecnico di Torino The Network Level in Local Area Networks Fulvio Risso Politecnico di Torino 1 LANs and Routers Routers are a fundamental part of a LAN We cannot imagine a network without access to the Internet and/or

More information

WHITE PAPER. Network Virtualization: A Data Plane Perspective

WHITE PAPER. Network Virtualization: A Data Plane Perspective WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable

More information

Avoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology

Avoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology Avoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology Sujal Das Product Marketing Director Network Switching Karthik Mandakolathur Sr Product Line

More information

Analyzing Full-Duplex Networks

Analyzing Full-Duplex Networks Analyzing Full-Duplex Networks There are a number ways to access full-duplex traffic on a network for analysis: SPAN or mirror ports, aggregation TAPs (Test Access Ports), or full-duplex TAPs are the three

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Fibre Channel over Ethernet in the Data Center: An Introduction

Fibre Channel over Ethernet in the Data Center: An Introduction Fibre Channel over Ethernet in the Data Center: An Introduction Introduction Fibre Channel over Ethernet (FCoE) is a newly proposed standard that is being developed by INCITS T11. The FCoE protocol specification

More information

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access 1 The Fundamentals of Passiv e Monitoring Access Copy right 2006 Net Optics, Inc. Agenda Goal: Present an overview of Tap

More information

DATA CENTRE TECHNOLOGIES & SERVICES

DATA CENTRE TECHNOLOGIES & SERVICES DATA CENTRE TECHNOLOGIES & SERVICES RE-Solution Data Ltd Reach Recruit Resolve Refine 170 Greenford Road Harrow Middlesex HA1 3QX T +44 (0) 8450 031323 EXECUTIVE SUMMARY The purpose of a data centre is

More information

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

SOFTWARE-DEFINED NETWORKING AND OPENFLOW SOFTWARE-DEFINED NETWORKING AND OPENFLOW Freddie Örnebjär TREX Workshop 2012 2012 Brocade Communications Systems, Inc. 2012/09/14 Software-Defined Networking (SDN): Fundamental Control

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

How Network Transparency Affects Application Acceleration Deployment

How Network Transparency Affects Application Acceleration Deployment How Network Transparency Affects Application Acceleration Deployment By John Bartlett and Peter Sevcik July 2007 Acceleration deployments should be simple. Vendors have worked hard to make the acceleration

More information

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family White Paper June, 2008 Legal INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL

More information