WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency



Similar documents
Fail-Safe IPS Integration with Bypass Technology

WHITE PAPER. Addressing Monitoring, Access, and Control Challenges in a Virtualized Environment

WHITE PAPER. Gaining Total Visibility for Lawful Interception

WHITE PAPER. Static Load Balancers Implemented with Filters

WHITE PAPER. Extending Network Monitoring Tool Performance

WHITE PAPER. Net Optics Phantom Virtual Tap Delivers Best-Practice Network Monitoring For Virtualized Server Environs

Taps vs. SPAN The Forest AND the Trees: Full Visibility into Today's Networks

WHITE PAPER. Tap Technology Enables Healthcare s Digital Future

Network Management and Monitoring Software

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

EBOOK. The Network Comes of Age: Access and Monitoring at the Application Level

WHITE PAPER. Realizing ROI from Your Network Visibility Investment

IxChariot Virtualization Performance Test Plan

Data Center Automation - A Must For All Service Providers

Analyzing Full-Duplex Networks

BIG-IP ASM plus ibypass Switch

WHITE PAPER. Best Practices for Eliminating Duplicate Packets

Reduce Your Network's Attack Surface

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

EBOOK. Software Defined Networking (SDN)

Network Instruments white paper

WHITE PAPER. How To Compare Virtual Devices (NFV) vs Hardware Devices: Testing VNF Performance

WHITE PAPER. Best Practices for Network Monitoring Switch Automation

Choosing Tap or SPAN for Data Center Monitoring

Observer Analysis Advantages

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Efficient Network Monitoring Access

Deploying Network Taps for improved security

WHITE PAPER. Enabling 100 Gigabit Ethernet Implementing PCS Lanes

Network Management & Security (CS 330) RMON

Gaining Operational Efficiencies with the Enterasys S-Series

Intelligent Routing Platform White Paper

How To Monitor A Network With A Network Probe

WHITE PAPER OCTOBER CA Unified Infrastructure Management for Networks

Installation Guide for. 10/100 to Triple-speed Port Aggregator. Model TPA-CU Doc. PUBTPACUU Rev. 1, 12/08. In-Line

Evaluating Wireless Broadband Gateways for Deployment by Service Provider Customers

WHITE PAPER. SDN Controller Testing: Part 1

Best Practices in Gigabit Capture

Best Practices for Network Monitoring

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

Installation Guide for. 10/100BaseT Port Aggregator Tap with Active Response. Models PA-CU-AR, PAD-CU-AR. Doc. PUBPACUARU Rev.

An Executive Brief for Network Security Investments

Observer Probe Family

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller

Unified network traffic monitoring for physical and VMware environments

Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports

Secure Access Complete Visibility

Observer Analyzer Provides In-Depth Management

Observer Probe Family

Any-to-any switching with aggregation and filtering reduces monitoring costs

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

How To Use A Network Instrument Ntap

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

WHITE PAPER September CA Nimsoft For Network Monitoring

Wireless Network Analysis. Complete Network Monitoring and Analysis for a/b/g/n

Application Performance Management - Deployment Best Practices Using Ixia- Anue Net Tool Optimizer

Guidebook to MEF Certification

On-Premises DDoS Mitigation for the Enterprise

Network Analysis Modules

RAVEN, Network Security and Health for the Enterprise

Enhanced Visibility, Improved ROI

Best Practices for Security Monitoring

HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES

Net Optics and Cisco NAM

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Deploying Probes and Analyzers in an Enterprise Environment

Table of Contents. Network Critical NA LLC Tel: Franklin Street, Suite

Technical Note. ForeScout CounterACT: Virtual Firewall

Nimsoft for Network Monitoring. A Nimsoft Service Level Management Solution White Paper

SNMP Monitoring: One Critical Component to Network Management

Implementing Network Monitoring Tools

Network Monitoring White Paper

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Optimal Network Connectivity Reliable Network Access Flexible Network Management

Using RMON to Manage Remote Networks Gilbert Held

Cisco Bandwidth Quality Manager 3.1

AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Intelligent Data Access Networking TM

Monitoring Service Delivery in an MPLS Environment

Solving Monitoring Challenges in the Data Center

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

Are Duplicate Packets Interfering with Network Monitoring? White Paper

PROFESSIONAL SECURITY SYSTEMS

Name. Description. Rationale

Introduction. The Inherent Unpredictability of IP Networks # $# #

LAN Switching and VLANs

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Transcription:

WHITE PAPER Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency www.ixiacom.com 915-6893-01 Rev. A, July 2014

2

Table of Contents Summary... 4 Introduction... 4 Differing Goals of Network Departments... 4 Providing Optimum Performance in the Network... 5 Established Monitoring Devices... 5 Established Industry Methods Using Span Ports with Monitoring Devices.5 In-line Devices... 6 Network Test Access Ports (Taps)... 6 Port Aggregation... 6 Expanding the Function of Taps... 7 Port Aggregation - itap... 7 Information Visible Through an itap... 7 Accessibility and Control... 8 Software Management Tools... 8 Conclusion... 9 Endnotes...10 3

Summary Efficient monitoring of network traffic is an everyday challenge for network and security managers. Deploying monitoring devices, such as Protocol Analyzers, so that they are in position to respond quickly to situations critical to network health. Net Optics itap Dual Port Aggregator monitors traffic while it aggregates bi-directional traffic to devices that utilize only one NIC. Remote interfaces display these statistics in real-time from any computer in the network. The intelligence in the itap Port Aggregator assists enterprise entities to achieve optimal use of its security measures, to implement efficient, seamless network operation, and to provide uninterrupted network service to all departments in the organization. Introduction More than 78% of respondents reported one or more unreported insider-related security breaches within their company. Enterprise entities rely on network systems for internal operations and external communications. Companies of all sizes require that these communication paths function at top speed and transfer data accurately, completely, and consistently. Network systems are also expected to keep the transfer of information exclusively between authorized users, both internal and external to the enterprise. The 2006 ecrime Watch Survey shows that 58% of security events were committed by intruders or people outside of the organization, whereas 27% of events were committed by people within the organization. The number of organizations reporting at least one insider event has increased 16% over the previous year. Financial and operational losses combined with harm to an enterprise s reputation are significant results of these security events. (1) The Ponemon Institute and ArcSight, Inc. surveyed 450 experienced IT security professionals. The results show that more than 78% of respondents reported one or more unreported insider-related security breaches within their company. (2) Maintaining privacy and keeping proprietary information within the appropriate departments of an organization are critical goals for the business community. Each day, enterprise managers require more statistics to achieve visibility, security, and efficiency in network systems. More hardware is required increasing cost and physical space as additional monitoring units are placed in the system. The value of intelligence within networks is becoming accepted as the norm in network operations. Because industries that rely on the network to drive competitive differentiation, like those in finance to transmit real-time market data, benefit the most from network-resident intelligence. We expect that the less bleeding-edge industries like manufacturing will seek smart networks in a few years time as these capabilities become more commonplace, writes Robert Whiteley of Forrester Research, Inc. (3) Differing Goals of Network Departments In small organizations, visibility, security, and efficiency may be the goals of the same person, and the needs of the organization and the network may be more easily addressed. More often, separate departments within the organization having different priorities are responsible for achievement of security and performance in the network. Network 4

engineers are responsible for the overall reliability of the network. These employees need to know baseline statistics, application responses, and the general health of the network at any one point in time. Meanwhile, network security staff tend to focus on the detection and prevention of unauthorized use of the network by hackers (external) or unauthorized use by company personnel (internal). Providing Optimum Performance in the Network In order to achieve optimum performance, network engineers want to know the following information: Is every link functioning? Is the data being transferred completely and accurately? Are there high and low use periods? When and where do they occur? How do these trends affect network service? What affect do new applications have on the network? The answers to these questions assist network engineers with providing smooth uninterrupted service to the enterprise. In the finance industry, a breakdown in the network typically results in the loss of irreplaceable dollars by disrupting precisely timed transfers. Established Monitoring Devices Remote monitoring (RMON) probes, and protocol analyzers or sniffers, are monitoring devices that are deployed on networks and allow managers to observe network activity from remote locations. These devices assist network personnel to troubleshoot faulty links, monitor network usage, gather and report network statistics, and filter for suspicious content. In the finance industry, a breakdown in the network typically results in the loss of irreplaceable dollars by disrupting precisely timed transfers. Network security managers use one or more devices to secure incoming and outgoing traffic. Security devices have differing capabilities and provide different purposes to an enterprise. Intrusion Detection Systems (IDS) provide information regarding viruses, threats, and denial of service on the network. IDS devices monitor network links enabling managers to view the activity. The managers then decide whether to act on the information. Intrusion Prevention Systems (IPS) are placed in-line where they serve to notify network security of suspicious activity and respond to the activity by blocking traffic. Established Industry Methods Using Span Ports with Monitoring Devices Network engineers use switched port analyzers (span ports) to copy, or mirror, the transmission stream to their network monitoring devices. However, the monitoring devices connected to span ports do not always see the characteristics of the traffic on a link. Network traffic consists of packets that can become damaged or corrupt, may fall below minimum size, or become too large. These errors in physical layers 1 and 2 are not visible 5

through a span port. Although the span port makes a copy of all traffic, it cannot transmit errors to monitoring devices. As a result, network engineers can only view passed traffic and are unable to make an educated assessment without the full traffic. Additionally, using span ports to monitor operations on a routine basis requires extensive set-up and reconfiguration time. Network monitoring through span ports also limits visibility to the data you have defined. Network security and network engineers must coordinate their schedules and hardware in order to access the network through the limited number of NICs and span ports. Often, multiple monitoring devices are required to be connected to the network to meet the needs of the organization. Since each monitoring device requires an available NIC to receive the traffic, network engineers may need to connect and disconnect hardware to pinpoint network issues. If multiple devices are required by security demands of the enterprise, a shortage of NICs becomes a limiting factor that may result in reduced service and or increased costs for equipment and space. Taps are placed between any two network devices and allow full-duplex traffic to pass through without affecting the data stream. In the past, additional NICs could be added to computer hardware through expansion slots; currently, computers normally have one integrated NIC. In-line Devices Another fairly recent development in network monitoring is the placement of IDS and IPS devices directly in the networks path, allowing network managers to collect or manipulate traffic as it passes through the device. The critical drawback to placing devices in the traffic path is that if and when a device fails or requires servicing, the physical stream is blocked and network service is interrupted. Network Test Access Ports (Taps) Permanent access to the physical link between two devices was achieved by the development of test access ports, or Taps. Taps are placed between any two network devices and allow full-duplex traffic to pass through without affecting the data stream. Taps have two ports that connect directly to the monitoring device enabling the manager to passively view all traffic without affecting the traffic. Taps are an improvement over span ports because taps send all traffic in the physical 1 and 2 layers to the monitoring device, including errors. By using taps, network engineers gain visibility into the network to look for packet errors and bandwidth anomalies that were not visible using span ports. Although taps are placed in-line just as monitoring devices can be placed in-line, the passive design of the tap means that the device does not affect the physical stream if the tap fails. Industry-leading features include dual power supplies providing increased reliability. Port Aggregation Although having two ports on a tap was beneficial to network managers, the issue then became how to monitor data if the IDS had only one NIC. This recurring shortage of ports when using monitoring devices instigated the development of combined port functions. 6

In a port aggregator tap, the full-duplex stream is combined into one port on the tap and sent to one port on the monitoring device. Monitoring devices with multiple NICs can now monitor more than one segment at a time. This Port Aggregator tap combines the two TX streams into a single output interface. This single-output device makes it easy to connect a device that has only a single monitoring interface. (4) Equipment efficiency increases using port aggregation, since fewer NICs are required within the monitoring device, enabling more ports to be available at any one time. In addition, the buffering functionality introduced by Net Optics help to better optimize the flow of traffic being forwarded to monitoring devices. If traffic flow exceeds the bandwidth capability of the link, the overflow is collected in the Tap s buffer until the load diminishes. The data is then sent on to the monitoring device without interruption or loss of information. Expanding the Function of Taps Today, network administrators are installing hardware and software that allow real-time views of the network. In a recent report from Forrester Research, Inc., Robert Whiteley describes a smart network as one with embedded intelligence like security, virtualization, and optimization technologies whereas a dumb network has simple plumbing that just routes and switches (5). The results of the Forrester research survey show that 71% of businesses prefer smart networks (6). The increasing need expressed by customers for more detailed traffic information, easy access to those statistics, more control of the taps, and the shortage of ports for monitoring devices encouraged Net Optics, Inc. to develop itap Port Aggregator technology. The intelligent technology in itap helps network managers use their monitoring and security devices more effectively, reduce response time to anomalies, and observe network status on a continual basis from remote locations. The itap Port Aggregator assists network engineers in achieving the overall security, efficiency, and reliability demanded by small companies and large enterprise organizations. It s not a replacement for probes and other network monitors, but it provides a heads-up on where and when those tools should be used, wrote Bruce Boardman of Network Computing. (7) "It provides a heads-up on where and when those tools should be used, wrote Bruce Boardman of Network Computing. Port Aggregation - itap The Port Aggregation functionality within itap solves two important network operation issues combining traffic and viewing network statistics. First, this device combines both directions of a full-duplex stream. Secondly, a display on the front panel of the unit allows network statistics to be viewed at any time. Furthermore, the itap Port Aggregator includes onboard memory for buffering excess data when traffic exceeds bandwidth capacity. When traffic volume drops below capacity, the buffer resumes sending the collected packets to the monitoring device in the order the packets were received. In March 2006, Richard Bejtlich commented, With the itap, you can see immediate and ongoing traffic statistics that ensure you re observing and collecting what you expect. (8) Information Visible Through an itap A closer look at the information available from the itap Port Aggregator reveals the 7

percent of network utilization, physical layer statistics, links, and power status to the itap. This network utilization detail is important for seamless, reliable transmission of data throughout organizations. The itap Port Aggregator front panel shows the individual current bandwidth utilization for each side of the link as a percent of total capacity as well as the separate current peak levels for A and B. Knowing peak levels is critical since packets can be dropped during high-load periods resulting in incomplete information at the destination. A manual reset button on the front panel resets the unit to record the next peak event. Unlike many taps, the itap Port Aggregator displays detailed statistics about the physical stream through the tap on a continuous basis. The Net Optics itap counts bytes, individual packets, under- and over-sized packets, and packet collisions. Packet loss, transmission latency, and errors identified by cyclic redundancy checks (CRC) are recorded as well. These facts assist network engineers and operators to identify trends and abnormalities, spot high traffic periods, and locate faulty hardware. Network managers require control in the taps they deploy. By watching the continuous statistics shown on the front panel of the itap or by viewing from remote monitoring stations, network engineers can verify that links and connections are intact. Loss of power to the itap does not interrupt the network traffic. The LED lights on the front panel indicate power on or off. Network operators can see at-a-glance that the Tap is powered and thus can pinpoint or eliminate the Tap when troubleshooting on the network. The itap is equipped with redundant power that keeps the tap operating when one electrical circuit fails, while the visible power indicator provides quick information when both fail or the unit is turned off. Accessibility and Control Network managers require control in the taps they deploy. The taps must offer functions that can be turned on and off independently, such as threshold alarms and management port visibility using IP addresses. Most importantly, network engineers demand accessibility to the statistics and functions at the site of deployment as well as the ability to retrieve statistics and control functions from remote locations. Unlike previous taps, the itap Port Aggregator incorporates threshold alarms that are both visible on the front panel via LEDs and alarms that are sent to management tools to alert network managers when traffic load is increasing. Network managers then have time to take measures to prevent packet loss and service interruption. Another control function built into the itap is the IP address assigned to the management port. Many network managers want to be able to communicate with the management port from remote locations a task requiring an IP address to be seen on the Internet. For extra security measures, network managers can disable the remote access to the itap management port. Software Management Tools But just deploying gear isn t enough, writes Robert Whiteley. To handle a more complex, more intelligent network, firms must invest in the right network management tools. (9) The demand for accessible information and control of hardware from multiple locations encouraged Net Optics, Inc. to broaden the control functions of its intelligent Taps. The itap provides managers with several tools to view and obtain statistics: 8

Command Line Interface (CLI) Web Manager System Manager Management Information Base (MIB) Wireless Access Command Line Interface The CLI interface allows for local control of all management functions for a single device. Access is achieved via password-protected RS232 port. Web Manager Added itap intelligence provides remote access manageability per single targeted device. All network statistics and functions previously only available via CLI are now accessible through the Internet. No specialized software is required. System Manager GUI based System Manager creates centralized management of all itap devices in the network. All or select itaps can now be grouped by department or function for optimum manageability and more efficient monitoring. You can view all status, configuration, and traffic information, as well as quickly make changes to any itap in the system. MIB The System Manager software application is not required to organize and manage multiple itap Port Aggregators. Enterprises with existing simple network management protocol (SNMP) tools in place or who wish to use another SNMP product can load the itap Management Information Base (MIB) into their own software. Wireless Access The itap Port Aggregator also offers an optional wireless control capability on most Taps. itaps can be monitored and assessed using handheld wireless products; however, the products must be within close range. A network engineer passing an itap could perform a spot check with a cell phone or PDA (personal digital assistant). Accessibility to all itaps from remote locations reduces time spent inspecting each tap for errors and manually resetting after an overload situation. Network managers can monitor and troubleshoot from a central location to keep the network up and running smoothly while the enterprise operates productively and efficiently. Robert Whiteley believes that Network hardware is no longer the center of innovation software is. The network s value is in its embedded software, not hardware. (10) Network managers can monitor and troubleshoot from a central location to keep the network up and running smoothly while the enterprise operates productively and efficiently. Conclusion The intelligence in the itap Port Aggregator assists enterprise entities to achieve optimal use of its security measures, to implement efficient, seamless network operation, and to provide uninterrupted network service to all departments in the organization. The itap provides information, control, and access, allowing network engineers to more 9

rapidly pinpoint and diagnose disruptions in service, to better monitor trends in use of the network, and to use the software they prefer to access the hardware and statistics. As Robert Whiteley writes in his article The Debate is Over: Businesses Prefer Smart Networks, Companies, regardless of size, region, or industry, overwhelmingly prefer to use smart networks in their architecture. Hardware advancements, more sophisticated network software, and better management tools mean that firms can reliably embed intelligent security, mobility, virtualization, and acceleration directly into the network. (11) Further itap functionality will continue to be added to Net Optics products based upon market trends and customer feedback. This will further enable network managers to deploy the most current network equipment available to achieve optimum visibility, security, and efficiency in their networks. For more information on this and other Net Optics solutions, visit out website or contact Net Optics customer service. Companies, regardless of size, region, or industry, overwhelmingly prefer to use smart networks in their architecture. Endnotes 1. CERT Coordination Center, The 2006 ecrime Watch Survey, http://www.cert. org/archive/pdf/ecrimesurvey06.pdf, 9/29/06. 2. Ponemon Institute, Latest Ponemon Institute Study Ties Lack of Awareness in Corner Office to Insider Threat Challenges, http://www.ponemon.org/press/ Ponemon_ArcSight_Insider_Study_9.pdf, press release September 12, 2006. 3. Robert Whiteley, The Debate Is Over: Businesses Prefer Smart Networks, Forrester Research, Inc., September 8, 2006. 4. Richard Bejtlich, The Tao of Network Security Monitoring (Addison-Wesley, 2005), 72. 5. See note 3. 6. See note 3. 7. Bruce Boardman, Tap into Easy Network Management, Network Computing, December 8, 2005. 8. Richard Bejtlich, http:taosecurity.blogspot.com/2006/03/net-optics-introducesitap-this.html, 9/22/06. 9. See note 3. 10. See note 3. 11. See note 3. 10

11

WHITE PAPER Ixia Worldwide Headquarters 26601 Agoura Rd. Calabasas, CA 91302 (Toll Free North America) 1.877.367.4942 (Outside North America) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Ixia European Headquarters Ixia Technologies Europe Ltd Clarion House, Norreys Drive Maidenhead SL6 4FL United Kingdom Sales +44 1628 408750 (Fax) +44 1628 639916 Ixia Asia Pacific Headquarters 21 Serangoon North Avenue 5 #04-01 Singapore 554864 Sales +65.6332.0125 Fax +65.6332.0127 915-6893-01 Rev. A, July 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information