Multi Stage Filtering

Similar documents
Choosing Tap or SPAN for Data Center Monitoring

Improving Quality of Service

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

Application Performance Management - Deployment Best Practices Using Ixia- Anue Net Tool Optimizer

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

NetFlow/IPFIX Various Thoughts

Flow Analysis Versus Packet Analysis. What Should You Choose?

Voice Over IP Performance Assurance

Affording the Upgrade to Higher Speed & Density

Per-Flow Queuing Allot's Approach to Bandwidth Management

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

Exhibit n.2: The layers of a hierarchical network

Intelligent Data Access Networking TM

A Guide to Simple IP Camera Deployment Using ZyXEL Bandwidth Solutions

WHITE PAPER. Static Load Balancers Implemented with Filters

Solving Monitoring Challenges in the Data Center

Observer Analysis Advantages

White Paper Abstract Disclaimer

Lab VI Capturing and monitoring the network traffic

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

Configuring QoS. Understanding QoS CHAPTER

Enhancing Cisco Networks with Gigamon // White Paper

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Programmable Networking with Open vswitch

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

WHITEPAPER. VPLS for Any-to-Any Ethernet Connectivity: When Simplicity & Control Matter

CMA5000 SPECIFICATIONS Gigabit Ethernet Module

Carrier Ethernet: New Game Plan for Media Converters

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Secure Access Complete Visibility

Cisco NetFlow Generation Appliance (NGA) 3140

Customer White paper. SmartTester. Delivering SLA Activation and Performance Testing. November 2012 Author Luc-Yves Pagal-Vinette

Any-to-any switching with aggregation and filtering reduces monitoring costs

An Introduction to VoIP Protocols

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 RSPAN CONFIGURATION CHAPTER 3 SFLOW CONFIGURATION...

Encapsulating Voice in IP Packets

FWSM introduction Intro 5/1

Introduction VOIP in an Network VOIP 3

How To Switch In Sonicos Enhanced (Sonicwall) On A 2400Mmi 2400Mm2 (Solarwall Nametra) (Soulwall 2400Mm1) (Network) (

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Chapter 5 Configuring QoS

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Are Duplicate Packets Interfering with Network Monitoring? White Paper

Quality of Service in the Internet. QoS Parameters. Keeping the QoS. Traffic Shaping: Leaky Bucket Algorithm

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

Secure Networks for Process Control

Wireshark in a Multi-Core Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University

Configuring an efficient QoS Map

Monitoring Network Traffic Using SPAN

Multi Protocol Label Switching (MPLS) is a core networking technology that

Technical Bulletin. Arista LANZ Overview. Overview

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

Quality of Service (QoS) on Netgear switches

Cisco IOS Flexible NetFlow Technology

What s New in VMware vsphere 5.5 Networking

AlliedWare Plus OS How To. Configure QoS to prioritize SSH, Multicast, and VoIP Traffic. Introduction

Network Configuration Example

Traffic monitoring with sflow and ProCurve Manager Plus

Configuring NetFlow-lite

TamoSoft Throughput Test

Security Technology White Paper

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

Brocade Solution for EMC VSPEX Server Virtualization

The ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager

EAGLE EYE IP TAP. 1. Introduction

QoS Parameters. Quality of Service in the Internet. Traffic Shaping: Congestion Control. Keeping the QoS

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 SFLOW CONFIGURATION CHAPTER 3 RSPAN CONFIGURATION...

Investigation and Comparison of MPLS QoS Solution and Differentiated Services QoS Solutions

A Dell Technical White Paper Dell PowerConnect Team

HX System Quality of Service

Service Definition. Internet Service. Introduction. Product Overview. Service Specification

VLANs. Application Note

Optimize Your Network Monitoring Strategy

Net Optics xbalancer and McAfee Network Security Platform Integration

AlliedWare Plus OS How To Use sflow in a Network

Network Instruments white paper

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

PRODUCTS & TECHNOLOGY

How To Send Video At 8Mbps On A Network (Mpv) At A Faster Speed (Mpb) At Lower Cost (Mpg) At Higher Speed (Mpl) At Faster Speed On A Computer (Mpf) At The

QoS Switching. Two Related Areas to Cover (1) Switched IP Forwarding (2) 802.1Q (Virtual LANs) and 802.1p (GARP/Priorities)

Firewalls Overview and Best Practices. White Paper

Voice over IP: RTP/RTCP The transport layer

Combining Voice over IP with Policy-Based Quality of Service

This topic lists the key mechanisms use to implement QoS in an IP network.

MS Series: VolP Deployment Guide

Enhancing Cisco Networks with Gigamon // White Paper

A New Approach to Network Visibility at UBC. Presented by the Network Management Centre and Wireless Infrastructure Teams

UNIFIED PERFORMANCE MANAGEMENT

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

Applications that Benefit from IPv6

TRILL Large Layer 2 Network Solution

UK Interconnect White Paper

Transcription:

Multi Stage Filtering Technical Brief With the increasing traffic volume in modern data centers, largely driven by e-business and mobile devices, network and application performance monitoring has become more and more challenging. All indications point to a continually increasing data load for the foreseeable future, making Big Data a key challenge for every network. In addition, security monitoring with tools such as IDS, IPS and Malware Detection is now a critical function within every company, whether that company does business online or not. Security concerns add to the complexity of providing a scalable network monitoring architecture because it s no longer enough to monitor for performance now you re monitoring Big Data for critical content. As data volumes increase beyond the ability of tools to examine every packet, effective packet filtering at the network monitoring switch becomes a bottleneck you can t look at everything, and you can t afford to drop crucial packets. In this environment, traditional ingress and egress packet filtering may fall short in certain aspects. A more intelligent filtering system is needed to address Big Data and the increasing number and variety of monitoring tools. Challenges from Traditional Filtering A short review of traditional packet filtering allows a better understanding of the rationale for Multi Stage Filtering. Each mode of filtering provides certain features and bears certain shortcomings that are solved through APCON s Multi Stage Filtering environment. Ingress Filters Ingress filters either allow (pass) or deny (drop) traffic on ingress ports. If a pass filter is applied to an ingress port, all traffic specified in the filter is sent to the egress on all configured connections. This type of filter is adequate when all the tools need to receive the same type of traffic. However, if tools are expecting different types of traffic, an ingress filter will not be flexible enough to support those different needs. In general, only one filter can be tied to an ingress port. If the data flowing into an ingress port is multicast to several ports for use by different tools, the same ingress filter is applied to all these different connections. Ingress Filter for passing Web Traffic Web Monitoring VoIP Monitoring Ingress Filter for passing Web Traffic applied to Input Port 1 Both Output Port 1 and 2 will receive Web traffic, even though Output Port 2 is looking for VoIP traffic Another filter for passing VoIP traffic cannot be applied to Input Port 1 TECHNICAL BRIEF

On the other hand, if a drop filter is applied to an ingress port, the various tools sharing this ingress port will not receive dropped traffic even if some of these tools need to see that traffic. For these reasons, ingress filters are suitable only for monitoring scenarios of limited variation and well-defined scope. In reality, ingress filtering is rarely used, especially with the increasing number of tools that monitor different types of network traffic flowing from the same data source. Egress Filters Egress filters allow only specific traffic to be sent to the tool connected to the egress port. Egress filtering is more granular and flexible than ingress filtering. However, oversubscription and dropped packets can occur in some of the following scenarios: Traffic aggregated from multiple ingress ports causing oversubscription and wholesale packet drops before packets can be filtered Traffic from high bandwidth 10G or 40G ingress ports being sent to low bandwidth 1G ports, exhausting the buffer and dropping packets Ingress traffic being replicated and multicast to all egress ports before filtering, which can overload the switching capacity, resulting in potential packet drops To be used effectively, monitoring tools require pinpoint accuracy, and each tool needs to receive a complete set of accurate traffic; nothing more and definitely nothing less. To achieve this granular division of traffic, a new and more sophisticated way of filtering is needed. The goal is to ensure that all monitoring tools receive the data they are expecting in an environment of ever-increasing data volume and monitoring complexity. Multi Stage Filtering APCON Multi Stage Filtering (MSF) provides a more adaptable and precise method of specifying exactly which packets from an ingress stream should be transmitted to each egress port. This allows exact processing of aggregated or high capacity 10G and 40G streams for use with 1G monitoring tools. APCON s Multi Stage Filtering solution supports up to 3 stages of filtering through a Filter Stack. The Filter Stack makes use of your existing filter library and links selected filters together to provide more configurable filter programming. The building block filters that engineers have previously created and stored in their filter library are based on a Boolean logic combination of different rules. Each rule provides the ability to filter on over 35 predefined Layer 2, Layer 3 and Layer 4 parameters including IPv4/IPv6 addresses, application TCP or UDP port numbers, VLAN IDs, MAC addresses, and more. In addition, users can filter on the actual physical ingress port of the APCON switch as well as by custom offset in the packet header and payload for DPI. The Filter Stack allows you to prioritize filtering on the ingress port. Filters in the Filter Stack are processed from top to bottom in the order defined. The first filter in the stack examines all the traffic. The next filter in the stack sees only what is passed by the first filter, and so on. Filter Stack results may be mapped directly to destination egress ports, or to egress filters and then to the destination egress ports, or to a different Filter Stack at the next stage of the Multi Stage Filter. There is a new built-in filter called the Default Channel, and this catches all the remaining packets at the bottom of a Filter Stack. If the Default Channel is not defined, all remaining packets in the stack will be discarded.

Example of using Filter Stack Stage on 1Stage 1 onlystage 2 Stage 3 Stage 1 Stage 2 Stage 3 Filter 1 Filter 12 2 Filter 2 Filter 4 Filter 45 Filter 5 Example of using multiple Filter Stacks on all 3 Stages Stage 1 Stage 2 Stage 3 Stage 1 Filter Stage Stack 2 1 Stage 3 Filter 1 Filter Stack 1 Filter Stack 3 Filter 12 7 2 Filter Stack 3 Filter Stack 2 Filter 2 Filter 7 Filter 8 Filter Stack 2 Filter 89 Filter 4 Filter 9 Filter Stack 4 Filter Stack 4 Filter 45 Filter 5

Benefits of Multi Stage Filtering APCON s Multi Stage Filtering solution provides diverse benefits, depending on how the filter stacks are used. Many of the benefits fall into the following categories: Intelligent Traffic Distribution APCON Multi Stage Filtering can filter incoming packets on aggregated connections, customizing the output sent to each egress port. This can optimize the tool performance as each tool now sees only the traffic that it is expecting and nothing else. Multi Stage Filtering greatly enhances tool performance and also maximizes effective throughput. Performance Enhancement Multi Stage Filtering is efficient because it saves packet replication overhead compared to simple egress filtering. This reduces data throughput requirements across the switch backplane and at the egress ports. If multiple tools need to see the same data, Multi Stage Filtering can replicate any needed traffic to any number of tools. The result is that switch backplane resources will be much more efficiently utilized and dropped packets minimized or eliminated. Ease of Use APCON s Multi Stage Filters are configured and viewed using APCON s fourth-generation graphical interface, making filter construction and implementation easy and accurate. Existing APCON filter libraries may be repurposed for Multi Stage use from the switch management software. Feature Integration In addition to the intelligent traffic distribution capabilities, Multi Stage Filtering can be used with the native Port Tagging and Load Balancing features that are included with every INTELLAFLEX blade. This can further enhance the analysis function and the traffic load management capabilities of APCON INTELLAFLEX technology. Additionally, Multi Stage Filtering may be combined with APCON s advanced services blades such as Time Stamping, Packet Slicing, Packet Deduplication and INTELLASTORE. Bandwidth Control Because Multi Stage Filtering forwards only required traffic to each egress port, oversubscription resulting in dropped packets at egress ports can be managed. With effective filtering, even a connection from a high bandwidth 10G or 40G ingress port to a low bandwidth 1G egress port can be managed effectively. Similarly, an aggregated connection from multiple ingress ports, or a combination of aggregation and high bandwidth ingress ports can be managed. As long as the actual required traffic is less than the egress port rate, full data flow can be guaranteed.

Multi Stage Filtering Usage Examples Here are several specific use cases in which Multi Stage Filtering helps with intelligent traffic distribution and eliminating dropped packets. 200 Mbps SIP Traffic 5 Gbps non-sip Traffic 200 Mbps SIP Traffic 5 Gbps non-sip Traffic SIP Traffic Monitoring 600 Mbps 100 Mbps SIP Traffic 2.7 Gbps non-sip Traffic 100 Mbps SIP Traffic 2.7 Gbps non-sip Traffic Input 4 (10G port) Data Traffic Monitoring 8 Gbps traffic of interest Aggregate total inputs of 16G traffic. 600M are SIP traffic and 15.4G are non-sip traffic. Multi Stage Filter of SIP traffic forwards the 600M of SIP to the 1G voice monitoring tool on Output Port1 with no drops. Multi Stage Filter for selects 8 Gbps of non-sip traffic of interest to be analyzed by the 10G data monitoring tools. SIP Traffic Monitoring (expecting 400 Mbps) 3 Gbps Total Input Traffic: SIP 400 Mbps Multicast 800 Mbps Host IP1 500 Mbps Host IP2 400 Mbps Others Remaining Multicast Traffic Monitoring (expecting 800 Mbps) Host Monitoring for IP1 and IP2 (expecting 900 Mbps) Remaining Traffic Monitoring (expecting 900 Mbps) Total input of 3 Gbps traffic. Applying egress filters on individual output ports might experience packet drops as oversubscription might occur before the egress filters. Multi Stage Filtering will pass all appropriate traffic to the output ports accordingly without any drops.

Conclusion With the increasing big data traffic volume stressing networks of all sizes, network and application performance monitoring have become more and more challenging. In addition, security monitoring such as IDS, IPS and Malware Detection has become a critical path item for every company. ABOUT APCON APCON develops innovative, scalable technology solutions to enhance network monitoring, support IT traffic analysis, and streamline IT network management and security. APCON is the industry leader for state-ofthe-art IT data aggregation, filtering, and network switching products, as well as leading-edge managementsoftware support. Organizations in over 50 countries depend on APCON network infrastructure solutions. Customers include Global Fortune 500 companies, banks and financial services institutions, telecommunication service providers, government and military, and computer equipment manufacturers. Traditional ingress and egress filtering falls short of modern efficiency requirements. However, APCON s industry-first Multi Stage Filtering provides 100% network visibility by delivering the right data to the right monitoring tools without packet loss. With all three stages of the Multi Stage Filtering configured, this technology meets your most complex and rigorous monitoring requirements and delivers the next generation of intelligent network monitoring. Multi Stage Filtering is just one of APCON s answers to the growing challenge of providing scalable, highly available, and state-of-the-art network monitoring architecture at an affordable price. By eliminating waste in switch, port, and tool bandwidth, your existing investment in monitoring tools can last longer and serve you more effectively. Contact Us Please email sales@apcon.com or call 503 682 4050 if you have any questions APCON, Inc. apcon.com +1 503 682 4050 800 624 6808 2015 APCON, Inc. All Rights Reserved. INTELLASTORE is a Registered Trademark of APCON, Inc. @APCON company/apcon APCON is an Equal Opportunity Employer MFDV 13067-R1-0915

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information