Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance



Similar documents
Cisco NetFlow Generation Appliance (NGA) 3140

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco Prime Network Analysis Module Software 5.1 for WAAS VB

Cisco Network Analysis Module Software 4.0

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Gaining Operational Efficiencies with the Enterasys S-Series

Enhancing Cisco Networks with Gigamon // White Paper

Cisco Nexus 7000 Series Network Analysis Module (NAM-NX1)

Cisco Prime Network Analysis Module Software 5

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Cisco and Visual Network Systems: Implement an End-to-End Application Performance Management Solution for Managed Services

Cisco Virtualized Multiservice Data Center Reference Architecture: Building the Unified Data Center

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Visualization, Management, and Control for Cisco IWAN

Cisco Prime Virtual Network Analysis Module

Business Benefits. Cisco Virtual Networking solutions offer the following benefits:

LiveAction Visualization, Management, and Control for Cisco IWAN Overview

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

Deliver Fabric-Based Infrastructure for Virtualization and Cloud Computing

Cisco Prime Data Center Network Manager Release 6.1

Seminar Seite 1 von 10

Migrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches

Cisco Prime Network Analysis Module Software 5.1 for Nexus 1010

Analyze hop-by-hop path, devices, interfaces, and queues Locate and troubleshoot problems

Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches

QRadar Security Intelligence Platform Appliances

End-to-End Visibility

What s New in VMware vsphere 5.5 Networking

Cisco NetFlow Generation Appliance 3240

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Network Analysis Modules

Data Center Network Evolution: Increase the Value of IT in Your Organization

How To Design A Data Centre

Implementing Cisco Data Center Unified Computing (DCUCI)

Traffic Monitoring using sflow

Designing Cisco Data Center Unified Fabric Course DCUFD v5.0; 5 Days, Instructor-led

Enhancing Cisco Networks with Gigamon // White Paper

Implementing Cisco Data Center Unified Fabric Course DCUFI v5.0; 5 Days, Instructor-led

Cisco Data Center Optimization Services

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center

Cisco Data Center Network Manager for SAN

VMware vcloud Networking and Security Overview

Cisco Data Center Network Manager Release 5.1 (LAN)

Cisco IWAN and Akamai Intelligent Platform : Maximize Your WAN Investment

Whitepaper Unified Visibility Fabric A New Approach to Visibility

Brocade One Data Center Cloud-Optimized Networks

Configuring Cisco Nexus 5000 Switches Course DCNX5K v2.1; 5 Days, Instructor-led

Virtualizing the SAN with Software Defined Storage Networks

Network Performance Management Solutions Architecture

LiveAction: GUI-Based Management and Visualization for Cisco Intelligent WAN

Active Visibility for Multi-Tiered Security // Solutions Overview

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Cisco Advanced Routing and Switching for Field Engineers - ARSFE

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

What s New in VMware vsphere 5.0 Networking TECHNICAL MARKETING DOCUMENTATION

Securing Virtual Applications and Servers

Cisco Performance Agent Data Source Configuration in the Branch-Office Router

Observer Probe Family

Cisco Nexus Family Delivers Data Center Transformation

VMDC 3.0 Design Overview

Benefits of virtualizing your network

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Simplified Management With Hitachi Command Suite. By Hitachi Data Systems

NetFlow Configuration Guide, Cisco IOS Release 12.4

Windows Server 2012 Hyper-V Extensible Switch and Cisco Nexus 1000V Series Switches

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

Oracle SDN Performance Acceleration with Software-Defined Networking

Cisco and EMC Solutions for Application Acceleration and Branch Office Infrastructure Consolidation

PROPRIETARY CISCO. Cisco Cloud Essentials for EngineersV1.0. LESSON 1 Cloud Architectures. TOPIC 1 Cisco Data Center Virtualization and Consolidation

Data Center Security That Accelerates Your Business

Intelligent WAN 2.0 principles. Pero Gvozdenica, Systems Engineer, Vedran Hafner, Systems Engineer,

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

Net Optics and Cisco NAM

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Flow Analysis Versus Packet Analysis. What Should You Choose?

What Is Microsoft Private Cloud Fast Track?

WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS?

Network Agent Quick Start

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

IBM QRadar Security Intelligence Platform appliances

Cisco. A Beginner's Guide Fifth Edition ANTHONY T. VELTE TOBY J. VELTE. City Milan New Delhi Singapore Sydney Toronto. Mc Graw Hill Education

Cisco Unified Computing System: Meet the Challenges of Virtualization with Microsoft Hyper-V

Network Virtualization Network Admission Control Deployment Guide

Cisco Passguide Exam Questions & Answers

Cisco and Citrix Solution

IP Telephony Management

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

The Advantages of Cloud Services

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric

Windows TCP Chimney: Network Protocol Offload for Optimal Application Scalability and Manageability

Cisco Secure Network Container: Multi-Tenant Cloud Computing

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Driving Down the Cost and Complexity of Application Networking with Multi-tenancy

Transcription:

White Paper Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance What You Will Learn Modern data centers power businesses through a new generation of applications, service delivery solutions, and hosting models. The number of applications is growing, application architecture is increasingly complex, workloads are mobile, and traffic patterns are becoming difficult to predict. Virtualization, cloud computing, high-performance computing, data warehousing, and disaster recovery strategies, among other factors prevalent in the current environment, are prompting a whole new set of requirements for more detailed traffic visibility in data centers. The modern data center is also demanding new techniques and best practices for managing network and application delivery, helping ensure business continuity, and reducing any impact of failure scenarios on revenue streams. The Cisco NetFlow Generation Appliance (NGA) helps address these challenges. Management Challenges The increasing complexity of the data center is presenting numerous challenges to IT administrators: Security: Can I detect and thwart network security attacks and protect my business assets? Billing: How do I truly quantify the use of network resources for effective monetization? Troubleshooting: Are my business-critical applications getting the network resources they need to deliver committed service levels? Are noncritical applications contending for resources and affecting the performance of my business applications? Capacity planning: Do I have a good understanding of my network load and can I confidently plan for growth? Can I align my IT investment and effectively support the business goals? Resource optimization: Do I understand physical and virtual machine network traffic trends sufficiently to help ensure efficient use of network resources? How do I effectively support workload mobility and take advantage of my hybrid cloud deployment? Operations: How can I get 100 percent flow visibility without affecting network device performance? Can I get end-to-end visibility across multiple network segments without requiring network reconfiguration? 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 1

The Solution: Cross-Device Approach to Flow Analysis with Cisco NetFlow Generation Appliance Cisco NGA introduces a cross-device approach to flow analysis, facilitating hop-by-hop flow visibility across multiple network segments. This visibility is achieved by connecting Cisco NGA to multiple network devices, such as Cisco Nexus 7000 and 5000 Series Switches and Cisco Catalyst 6500 Series Switches, using Switched Port Analyzer (SPAN) or a network tap, and exporting flow information for the traffic of interest. The solution enhances operating efficiency, improves network return on investment (ROI), and reinforces network security. Overview of Cisco NGA The Cisco NetFlow Generation Appliance (NGA) 3140 (Figure 1) redefines network visibility and establishes a new standard for high-performance, cost-effective solutions for flow visibility. It empowers network operations, engineering, and security teams with actionable insight into network traffic for the purposes of resource optimization, application performance improvement, traffic accounting, and security. Figure 1. Cisco NGA 3140 High-Performance Architecture for Flow Visibility Cisco NGA is a purpose-built, high-performance solution for flow visibility in high-throughput Gigabit Ethernet networks typical in most data centers and campus core deployments. To simplify operation manageability, the appliances can be deployed at critical observation points such as the server access layer, fabric path domains, and Internet exchange points. The power of visibility is dramatically amplified when Cisco NGA is connected to multiple network devices to analyze flows hop by hop - essential for security, capacity planning, and troubleshooting. Designed for high performance and deployment flexibility, the appliance gathers network data from platforms such as Cisco Nexus 7000 and 5000 Series Switches and Cisco Catalyst 6500 Series Switches using SPAN and network taps. It implements a large active flow cache and can be configured to export NetFlow records (NetFlow Versions 5 and 9 and Internet Protocol Flow Information Export [IPFIX]) to multiple collectors. The NetFlow Data Export (NDE) records are exported using Weighted Round-Robin (WRR) to achieve load balancing or flow replication across collectors. The exports can also be customized to meet specific management application needs using 10 filters per destination (Figure 2). 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 10

Figure 2. Cisco NGA Solution Architecture Main Benefits Improved Network ROI Cisco NGA helps improve the effective use and monetization of both switching and network resources. It offers the option to offload the NetFlow generation function from the network device and dedicate the CPU cycles to increase forwarding performance. In addition, accurate characterization of network use allows true sizing of the network resources to support business needs. The information also becomes the basis of any billing or chargeback mechanism implemented by IT for effective monetization. Enhanced Operation Efficiency Cisco NGA allows you to combine flow visibility across different observation points in the network, drastically reducing the time it takes to solve a performance problem. This capability is especially powerful in Layer 2 networks for identifying network bottlenecks and behavior that affects performance. For example, Cisco NGA can be used for combined visibility across multiple access switches and server access VLANs and for comparing flows before and after implementing network services such as firewalls and Network Address Translation (NAT). The visibility not only helps in troubleshooting but also in validating network service policies: for instance, in isolating incidents when a firewall may be dropping flows, affecting application performance. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 10

Figure 3. Cross-Device Flow Visibility Operation design efficiency is also enhanced by the use of the same source of flow visibility for up to six collectors representing different management applications. The exports are replicated or load balanced using WRR across multiple collectors, and you can apply filters per destination to meet the needs of specific applications. For example, the security application may need visibility into every flow, whereas network troubleshooting may require visibility into specific application traffic flows. Reinforced Network Security Network threat analysis is one of the most compelling use cases for Cisco NGA. Cisco NGA can provide visibility into every flow, providing multihop flow information so that you can detect and analyze suspicious network behavior. Deploying Cisco NGA to Address Management Challenges Cisco NGA offers the deployment flexibility to enable a broad range of use cases to ease manageability in the data center. Common use cases include: Profiling of server access network traffic Characterization of traffic across Cisco FabricPath domains Visibility into hosted application traffic, such as Oracle, FTP, Microsoft Exchange, Citrix Remote Desktop, and Common Internet File Service (CIFS) traffic Application performance troubleshooting Capacity planning Quality-of-service (QoS) monitoring and validation Cyber threat detection through traffic behavior visibility Traffic utilization of IP storage, such as Small Computer System Interface over IP (iscsi, Network File System (NFS), Fibre Channel over Ethernet (FCoE), and Serial Attached SCSI (SAS) Interactions across virtual machines in a virtual server environment Characterization of peering traffic across Internet exchange points (IXPs) Monitoring of Border Gateway Protocol (BGP) traffic 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 10

Some of the use cases are discussed in greater detail in the following sample deployment topologies. Deployment Scenario 1: Visibility Across Cisco FabricPath Domain Cisco FabricPath is an innovation in Cisco NX-OS Software that brings the stability and scalability of routing to Layer2. The switched domain does not have to be segmented any more, providing data center wide workload mobility. With the scalability of the Layer 2 domain, it is critical to gain end-to-end hop-by-hop visibility into traffic flows across the domain. This visibility allows comprehensive insight into virtual machine network traffic, server access VLANs, and workload mobility to ease manageability of Cisco FabricPath domains (Figures 4 and 5). Figure 4. Cisco NGA Deployment in a Data Center Using SPAN Figure 5. Cisco NGA Deployment in Data Center Using Network Tap 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 10

Deployment Scenario 2: Profiling Server Access Network Traffic With the increasing density of the computing infrastructure (virtual or physical) in modern data centers, workload mobility, and proliferation of VLANs, one of the challenges is characterizing server access network traffic: understanding of what applications are running on the network, who is using them, and how much bandwidth they are consuming; which virtual machines or hosts are placing the most traffic on the network; etc. Cisco NGA can be deployed in the server access layer in conjunction with multiple Cisco Nexus 5000 Series Switches to provide the visibility needed to help ensure optimal use of network resources. Cisco NGA can help profile the traffic behavior by specific applications, virtual machines, hosts, and VLANs (Figure 6). Figure 6. Cisco NGA Deployment to Profile Server Access Network Traffic Deployment Scenario 3: Visibility Across Virtual Machine, Switching, and Storage Resources in a Small or Medium-Sized Business Data Center In a small or medium-sized business (SMB) data center, you can use the cross-device flow visibility from Cisco NGA to gain visibility across the entire Layer 2 and Layer 3 domains. Network and security administrators can trace the flow hop by hop from the server to the access switch to the storage, or follow the flow across network services. The visibility supports multiple use cases such as traffic utilization and capacity planning for IP storage, characterization of the effect of workload mobility on network traffic, and troubleshooting of performance problems in the server access layer (Figure 7). 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 10

Figure 7. Cisco NGA Deployment in SMB Data Center Deployment Scenario 4: Validate Firewall Policy Applying the cross-device approach to flow visibility, Cisco NGA can also be used to gain flow visibility before and after use of network services such as firewalls (Figure 8). In use cases for troubleshooting application performance, a common step is to validate whether the firewall is dropping specific flows and affecting service availability. Similarly, the network policies enforced on the firewall can be verified by observing the traffic behavior using Cisco NGA for visibility. 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 10

Figure 8. Cisco NGA Deployment to Validate Firewall Policy Reporting and Management The Cisco Prime solution for enterprises is an innovative strategy and portfolio of management products that empower IT departments to more effectively manage their networks and the services they deliver. The Cisco Prime solution is built on a network services management foundation and a set of common attributes. It delivers an intuitive workflow-oriented user experience across Cisco architectures, technologies, and networks. The Cisco Prime solution simplifies network management, improves operation efficiency, reduces errors, and makes the delivery of network services more predictable. Cisco NGA supports standard NetFlow (NetFlow Versions 5 and 9 and IPFIX) exports. Any NetFlow collector supporting these formats can be used to view NetFlow data exported by Cisco NGA. Integrated Management Solution with Cisco Prime Assurance Manager Cisco Prime Assurance Manager is part of the Cisco Prime family of products and provides a centralized service assurance management interface. Cisco Prime Assurance Manager uses the Cisco Prime Network Analysis Module (NAM) and embedded instrumentation available in a Cisco network, such as, NetFlow and NBAR, medianet, Simple Network Management Protocol (SNMP), and performance agents, to provide end-to-end operation visibility from the data center to the branch office (Figure 8). It offers customizable prepackaged dashboards for NetFlow analysis. Cisco NGA can be deployed as a source of flow information for a Cisco Prime Assurance Manager deployment (Figure 9). 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 10

Figure 9. Integrated Management with Cisco Prime Assurance Manager Figure 10. Cisco Prime Assurance Manager Site Monitoring Dashboard 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 10

Conclusion Cisco NGA redefines network visibility and establishes a new standard for a high-performance, cost-effective solution for flow visibility. The product introduces a cross-device approach to flow visibility, facilitating hop-by-hop analysis of flows across multiple network segments. Cisco NGA delivers 100 percent accuracy with no impact on network device forwarding performance. As a result, it enables a broad set of use cases: for security, forensics, billing, troubleshooting, capacity planning, and more. Cisco NGA empowers network and security administrators with actionable insight for resource optimization, traffic accounting, troubleshooting, and security reinforcement. Cisco NGA supports standard NetFlow formats for export flow information, helping ensure interoperability with existing NetFlow reporting solutions. Used in combination with Cisco Prime Assurance Manager, it offers an integrated traffic monitoring solution for the data center. For More Information Please visit http://www.cisco.com/go/nga. Appendix Steps to Configure Aggregation and Access Layer Visibility Step 1. Configure ERSPAN on Cisco Nexus 5000 Series Switch and destination pointed to Cisco Nexus 7000 Series Switch. Command reference Step 2. Configure ERSPAN termination on Cisco Nexus 7000 Series Switch. Command reference Step 3. Configure SPAN on Cisco Nexus 7000 Series Switch and point it to Cisco NGA. Command reference Step 4. (Cisco Nexus 7000 Series only): Configure RSPAN from the source switch to the destination. Command reference Printed in USA C11-708294-00 06/12 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information