Any-to-any switching with aggregation and filtering reduces monitoring costs



Similar documents
Network Instruments white paper

Secure Access Complete Visibility

Choosing Tap or SPAN for Data Center Monitoring

Observer Probe Family

Analyzing Full-Duplex Networks

Enhancing Cisco Networks with Gigamon // White Paper

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

How To Monitor A Network With A Network Probe

Table of Contents. Network Critical NA LLC Tel: Franklin Street, Suite

Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

Efficient Network Monitoring Access

Application Note Gigabit Ethernet Port Modes

Observer Probe Family

Networking and High Availability

Net Optics and Cisco NAM

White Paper. Intrusion Detection Deploying the Shomiti Century Tap

Load Balancing ContentKeeper With RadWare

Truffle Broadband Bonding Network Appliance

Deploying Network Taps for improved security

How To Use A Network Instrument Ntap

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for qgbe/10gbe Networks. Aggregation and Filtering DATA SHEET

Intelligent Data Access Networking TM

The ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager

Edge Configuration Series Reporting Overview

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

Cisco Application Networking Manager Version 2.0

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Installation Guide for. 10/100 to Triple-speed Port Aggregator. Model TPA-CU Doc. PUBTPACUU Rev. 1, 12/08. In-Line

Observer Analysis Advantages

Networking and High Availability

WHITEPAPER. VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter

Network Simulation Traffic, Paths and Impairment

Troubleshooting and Maintaining Cisco IP Networks Volume 1

CTS2134 Introduction to Networking. Module Network Security

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Optimized Network Monitoring

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center

Diagnosing the cause of poor application performance

Lab Diagramming Intranet Traffic Flows

Cisco Network Switches Juniper Firewall Clusters

Multi Stage Filtering

HIGH-PERFORMANCE SOLUTIONS FOR MONITORING AND SECURING YOUR NETWORK A Next-Generation Intelligent Network Access Guide OPEN UP TO THE OPPORTUNITIES

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

WAN Traffic Management with PowerLink Pro100

Network Analysis Modules

6/8/2011. Document ID: Contents. Introduction. Prerequisites. Requirements. Components Used. Conventions. Introduction

EXINDA NETWORKS. Deployment Topologies

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

TOTAL RECALL MAX Potential Connection Diagrams CALL RECORDING. Product Specifications YOU NEED TOTAL RECALL MAX

Net Optics xbalancer and McAfee Network Security Platform Integration

Understanding VLAN Translation/Rewrites using Switches and Routers

Networking Topology For Your System

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Virtualized Security: The Next Generation of Consolidation

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

WHITE PAPER. Static Load Balancers Implemented with Filters

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

July, Figure 1. Intuitive, user-friendly web-based (HTML) interface.

IP Office Technical Tip

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

QRadar Security Management Appliances

TITANXR Multi-Switch Management Software

Flow Analysis Versus Packet Analysis. What Should You Choose?

Enhancing Cisco Networks with Gigamon // White Paper

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Installation Guide for GigaBit Fiber Port Aggregator Tap with SFP Monitor Ports

Lab Developing ACLs to Implement Firewall Rule Sets

GigaVUE-420. The Next Generation. Data Access Switch. Gigamon Systems. Intelligent Data Access Networking

Improving Network Efficiency for SMB Through Intelligent Load Balancing

Network Agent Quick Start

Are Duplicate Packets Interfering with Network Monitoring? White Paper

WHITE PAPER. Network Traffic Port Aggregation: Improved Visibility, Security, and Efficiency

Region 10 Videoconference Network (R10VN)

Best Practices in Gigabit Capture

GlobalSCAPE DMZ Gateway, v1. User Guide

FatPipe Networks

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Cisco NetFlow Generation Appliance (NGA) 3140

Configuring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)

hp ProLiant network adapter teaming

Optimizing Data Center Networks for Cloud Computing

VCStack - Powerful Simplicity. Network Virtualization for Today's Business

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Testing VoIP on MPLS Networks

CriticalConneX. 100/1000 CriticalTAP User Guide

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

What s New in VMware vsphere 5.5 Networking

50. DFN Betriebstagung

Evaluation of Dell PowerEdge VRTX Shared PERC8 in Failover Scenario

Transcription:

Any-to-any switching with aggregation and filtering reduces monitoring costs Summary Physical Layer Switches can filter and forward packet data to one or many monitoring devices. With intuitive graphical user interfaces the switch traffic can be configured to aggregate packet data and move it to a monitoring device. In addition, filtering this information improves monitoring tool performance as the tools do not need to process non-relevant packets. By using a physical layer switch the number of monitoring devices can be reduced. Problem Too many network monitoring devices: Too few capture points: Intrusion Detection\Prevention Span or monitoring ports limited Sniffer or Network Analyzer To many TAP s required Network Recorder Unwieldy connection management Network Performance Monitor Compliance Reporting Systems Web Monitor VoIP Monitor SPAN/Monitoring Ports A SPAN or monitoring port is a feature on a switch that copies the packets from ports or a VLAN to a port used for analysis. The monitoring function, typically allows, one destination port per SPAN session. Many switches allow you only one monitoring port per switch. Large Chassis/Blade switches support a fixed number of monitoring ports. The diagram illustrates an expensive worse case example where monitoring the red and green links each require a monitoring port and an attached monitoring device.

Oversubscription for these SPAN/monitoring ports frequently occurs when more than one packet monitoring device may need access. An alternative to SPAN/monitoring ports is the full duplex or aggregation TAP. TAP s A full-duplex TAP will guarantee that all of the network traffic, including error information, makes it to the analysis device without delay. It requires the analysis device to have two receive ports one for ingress and another for egress traffic. Taps are useful because they are non-obtrusive, non-detectable and will passthrough traffic even if the tap stops working or loses power. An Aggregator TAP merges ingress and egress data into single streams for transmission to a single port analysis device with minimal delay. These are also designed to pass-through traffic even if the tap stops working or loses power. However Aggregation TAP s are quite a bit more expensive. Although high end switch vendors will claim that SPAN/monitoring ports will not impact switch performance, TAP makers claim span ports are apt to consume switch resources, degrading its overall performance. A TAP may be a better solution for full-duplex monitoring devices as two SPAN/monitoring ports would be required. Oversubscription can occur with both SPAN/monitoring ports and Aggregation TAP s. This can occur when SPAN ports have been configured in such a way that the traffic being sent to the monitoring port exceeds the ports capacity. Where traffic is aggregated, for example 100Mbps Ethernet port with 70% utilization in both directions, ingress and egress traffic is aggregated and sent to a single port, that port would be oversubscribed at 140Mbps. Switch ports and monitoring device may also not be able to perform at line rate, in the case above at 100Mbps. When that occurs it is possible to oversubscribe a monitoring device with a full-duplex TAP. The problem is the same if you substitute 70% for 1 Gig and 10 Gig. Switches and monitoring devices have performance limits. Testing devices will provide you with answers to those limits.

Physical Layer Switch Physical layer, matrix or aggregation switches can be used with monitoring ports and TAP s to solve some common problems. Either there is contention for the same monitoring port by multiple monitoring devices or purchasing dedicated devices for all monitoring points on a network is cost prohibitive. These switches also are great for test labs as devices are wired once and then reconfigured via software. One to many With a Physical Layer Switch the number of capture points is reduced, when a one to many relationship is established, it sends the packet information from a single capture point to different monitoring devices. Enterprise versions of these switches come with highavailability and fault-tolerant features such as dual power supplies and controllers and hot-swappable components. Expandable Chassis and Blade designs are available. Inline Tapping Physical Layer Switches can be configured to serve as an in line TAP. Generally network TAP s are preferred and then connected to the physical layer switch, as they reduce possible points of failure on the network. The diagram on the right illustrates how a physical layer switch can act as a TAP between multiple devices and send packet information to a monitoring device.

Many to Many Aggregating the capture point data and forwarding to a single monitoring device rather than having many devices at each capture point reduces costs. In the diagram at the right TAP s or SPAN/Monitoring ports 1 through 5 are aggregated and sent to the application analyzer. Physical Layer Switches that also filter and aggregate better facilitate critical monitoring and reduce the costs associated with acquiring monitoring solutions. In the diagram Web traffic is filtered from the monitoring ports 3 and 5 and sent to the Web Performance Monitor. If VoIP traffic was all that was moving through port 4 it could be sent directly to the VoIP monitor. But a filter could also be applied to monitor specific VoIP traffic. In addition, the use of filtering makes it possible to monitor 10 Gig links with 1 Gig tools. Most network monitoring devices only need to see a small fraction of network traffic to do their jobs. In some cases, sending more data than is required actually degrades efficiency because tools must expend processing power to process and disregard the non-relevant packets. When working with SPAN/Monitoring ports and aggregation switches, care must be taken to not duplicate packets. For example, where multiple ports are being monitored, a packet travels through ports 1 and 2 and they have been configured to send data to the monitoring port then that packet will be sent to the monitoring port from both ports 1 and 2. Network Traffic analysis, the use of filtering; along with specific ingress and egress monitoring will prevent duplication.

DMZ Security Many monitoring products are clustered around the firewall to monitor for suspicious traffic by analyzing protocol activity, unusual traffic flows, matching signatures and other security detection and prevention. In addition, Web Server monitoring may also be required. A physical layer switch can reduce the number of monitoring devices as well support a larger number of monitoring devices. Uninterrupted Monitoring When network paths change due to failure and failover paths implement, monitoring can continue. In the diagram on the right when the physical layer switch can send to the monitoring device packet data gather from either route. This is another advantage to an aggregation switch.

Test Lab Flexibility Physical Layer Switches are ideal for Test Labs as they can quickly automate the task of reconfiguring hardware for different test scenarios. In addition they are ideal for Redundancy and Failover testing as they can be used to electronically break and reconnect links. The physical layer switch reduces test equipment costs, configuration labor and can provide for remote test lab access. Conclusion Physical Layer switches make it possible for IT engineers to design a monitoring layer into the network infrastructure. By taking advantage of filtering and aggregation capabilities, improved monitoring can be accomplished with shared monitoring devices. Total monitoring costs can be reduced not only in the acquisition of monitoring devices but also the operational costs associated with administration, rack space, power, and cooling. Operative Software Products specializes in software and appliances that helps IT professionals test, troubleshoot, manage and monitor their applications and systems. We have solutions for small/medium business, corporate divisions and corporate enterprises. 2010 Operative Software Products