Enhancing Cisco Networks with Gigamon // White Paper



Similar documents
Enhancing Cisco Networks with Gigamon // White Paper

End-to-End Visibility

Solutions Guide End-to-End Visibility for Your Cisco Infrastructure

Secure Access Complete Visibility

Traffic Visibility Fabric for Revenue and Differentiation in the Cloud Provider Market // White Paper

Visibility into the Cloud and Virtualized Data Center // White Paper

Intelligent Data Access Networking TM

Visibility in the Modern Data Center // Solution Overview

Enabling Visibility for Wireshark across Physical, Virtual and SDN. Patrick Leong, CTO Gigamon

Whitepaper Unified Visibility Fabric A New Approach to Visibility

In-Band Security Solution // Solutions Overview

Out-of-Band Security Solution // Solutions Overview

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

What s New in VMware vsphere 5.5 Networking

Active Visibility for Multi-Tiered Security. Juergen Kirchmann Director Enterprise Sales EMEA

Cisco Network Analysis Module Software 4.0

Cisco Dynamic Workload Scaling Solution

Cisco Integrators Cisco Partners installing and implementing the Cisco Catalyst 6500 Series Switches

Top-Down Network Design

Visibility into the Cloud and Virtualized Data Center // White Paper

Network Agent Quick Start

Technical Bulletin. Enabling Arista Advanced Monitoring. Overview

SPAN Port or TAP? TAP is the only viable data access technology for today s business critical networks

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Packet Optimization & Visibility with Wireshark and PCAPs. Gordon Beith Director of Product Management VSS Monitoring

VXLAN: Scaling Data Center Capacity. White Paper

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

I1: Best Practices for Packet Collection, Aggregation & Distribution in the Enterprise

Any-to-any switching with aggregation and filtering reduces monitoring costs

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Juniper / Cisco Interoperability Tests. August 2014

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

Efficient Network Monitoring Access

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

The ECHO - Cisco Connection ECHO, and how it interacts with Cisco's CallManager

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts

Stretched Active- Active Application Centric Infrastructure (ACI) Fabric

VLANs. Application Note

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 RSPAN CONFIGURATION CHAPTER 3 SFLOW CONFIGURATION...

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

GigaVUE-420. The Next Generation. Data Access Switch. Gigamon Systems. Intelligent Data Access Networking

Extending Networking to Fit the Cloud

LAN Switching and VLANs

Network Virtualization Network Admission Control Deployment Guide

How To Extend Security Policies To Public Clouds

Routing Security Server failure detection and recovery Protocol support Redundancy

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 SFLOW CONFIGURATION CHAPTER 3 RSPAN CONFIGURATION...

Multi Stage Filtering

Monitoring Load-Balancing Services

Deploying Probes and Analyzers in an Enterprise Environment

Chapter 1 The Principles of Auditing 1

Cisco NetFlow Generation Appliance (NGA) 3140

Whitepaper Active Visibility into SSL Traffic for Multi-tiered Security

Expert Reference Series of White Papers. VMware vsphere Distributed Switches

Analysis of Network Segmentation Techniques in Cloud Data Centers

Enterprise Data Center Topology

Virtual Networking Features of the VMware vnetwork Distributed Switch and Cisco Nexus 1000V Series Switches

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

Net Optics Learning Center Presents The Fundamentals of Passive Monitoring Access

RECORDING VoIP TRAFFIC via PORT MIRRORING

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center

Choosing Tap or SPAN for Data Center Monitoring

Virtualizing the SAN with Software Defined Storage Networks

Net Optics and Cisco NAM

Understanding Flow and Packet Deduplication

Fiber Channel Over Ethernet (FCoE)

Overview of Routing between Virtual LANs

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Cisco 7600 Series Routers Cisco 7600 Series: Ethernet Services 20G Line Cards for Carrier Ethernet

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Qfiniti Enterprise and VoIP for Avaya. Qfiniti Enterprise and VoIP. An etalk Technical White Paper

Cisco Nexus Data Broker: Deployment Use Cases with Cisco Nexus 3000 Series Switches

Fibre Channel over Ethernet in the Data Center: An Introduction

WHITE PAPER. Network Virtualization: A Data Plane Perspective

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Lab Developing ACLs to Implement Firewall Rule Sets

VMware vshield App Design Guide TECHNICAL WHITE PAPER

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

vsphere Networking ESXi 5.0 vcenter Server 5.0 EN

Avoiding Network Polarization and Increasing Visibility in Cloud Networks Using Broadcom Smart- Hash Technology

Analyzing Full-Duplex Networks

Networking Devices. Lesson 6

- Hubs vs. Switches vs. Routers -

Technical Note. ForeScout CounterACT: Virtual Firewall

What is VLAN Routing?

Configuring Network Address Translation (NAT)

Transcription:

The Smart Route To Visibility Enhancing Cisco s with Many Fortune 000 companies and beyond implement a Cisco switching architecture. When implementing a large scale Cisco network, the infrastructure to effectively monitor these networks is often overlooked. To monitor the networks customers will use Cisco technologies such as SPAN, RSPAN, ERSPAN, VACL. Many times these technologies are not scalable to support the diverse needs of network and security groups as they strive for maximum uptime within the network infrastructure. This white paper will discuss the various monitoring functions Cisco provides and how you can enhance these technologies using the Traffic Visibility Fabric and TAP solutions. and Non-VLAN traffic to be sent to the same port. In summary, SPAN sessions are good for spot analysis but are limited in terms of scaling to support company monitoring initiatives. SPAN ports are typically best for small to medium environments where monitoring needs are not great. Source Data Port Cisco SPAN SPAN stands for Switch Port Analyzer. The SPAN functionality is offered in all Cisco switching solutions. A SPAN port copies data SPAN Port from one or more source ports to a destination port. Figure shows an example of how the SPAN function operates. With most Cisco switching products, users are limited to two SPAN sessions per switch. For most large enterprises this is not suitable enough for monitoring purposes. In most large organizations between the network and security groups there are commonly four or more monitoring or analysis tools that all need to contend for the same data. Examples of some of the Figure Cisco SPAN example Inside a Cisco Switch data is copied from a network port (in this example the port the router is connected to) to a SPAN port which has a monitoring tool connected tools that are utilized are Application Performance Monitors, Intrusion Detection Tools, Data Recorders, Web Monitoring Tools, and many more. There are also limitations that prevent users from sending data from one source port to both of the available SPAN sessions as well as limitations that allow VLAN

The Smart Route To Visibility Enhancing Cisco s with Figure Cisco ERSPAN example Source Data In GRE Tunnel In GRE Tunnel Monitoring Tool Source Data In GRE Tunnel Routed Cisco RSPAN Cisco RSPAN stands for Remote Switch Port Analyzer. RSPAN works very much like SPAN with the exception that data can be sent between remote monitoring ports in the switching architecture using VTP and reflector ports. Users are only allowed to send data to two RSPAN destinations. Just like SPAN, data from the same source port or VLAN cannot be shared across the two sessions. RSPAN has additional configuration complexity as users have to configure the correct VTP domains on each switch that RSPAN data traverses. There is a potential for duplicate packets in RSPAN configurations. RSPAN ports will not pass Layer data as well. Originating switch with reflector port RSPAN VLAN RSPAN VLAN SPAN Data Monitoring Tool Figure CISCO RSPAN example Data on the originating switch is sent over a RSPAN VLAN created using VTP and Reflector Ports. Cisco ERSPAN ERSPAN stands for Encapsulated Remote SPAN. With ERSPAN data from remote switches can be forwarded to a source monitoring tool over a routed network or Internet using a GRE Tunnel that is configured on the Cisco Switches. ERSPAN is a feature that is only supported on Cisco Switches that support the Supervisor Engine 0 manufactured with PFCA. This means this feature is limited to a few Cisco switch families like the Catalyst 00 family. This functionality has not translated to the newer Cisco Nexus product line as an option. Packets of an ERSPAN session are tagged with a 0- byte header and replace the CRC. Items you need to be aware of are fragmented frames and jumbo frames. ERSPAN does not support fragmented frames and all switches have to be configured to support jumbo frames or else frames that increase past the 00 byte limit with the 0 byte tagged data will be dropped. Just like all other SPAN technologies you can only create two ERSPAN destinations per switch. ERSPAN requires additional configuration complexity to ensure that the tunneling and frame sizes are correct for proper routing of data. Cisco VACL VACL stands for VLAN Access List. VACLs overcome most SPAN limitations in addition to providing the ability to filter for certain types of traffic such as a TCP port or IP Address. VACLs are ACLs that only apply to data within a VLAN that are separate from ACLs that would be used in router configurations. The maximum number of VACLs a switch can support is determined

Batt Mgmnt () A B A B Batt Mgmnt () OUT OUT OUT OUT OUT OUT A B A B Mgmnt () Batt OUT OUT OUT OUT A B A B OUT OUT The Smart Route To Visibility Enhancing Cisco s with by the amount of VLANs in a switch. For example if a switch only has configured VLANs then you can create VACL capture ports. Users will mainly use VACLs to free up SPAN resources as a bandaid to a complete monitoring infrastructure. Configuring VACLs is usually reserved for more senior networking staff as VACLs require the most configuration attention of all the Cisco Visibility Technologies. Many users can mistakenly block data from the VACL capture port if care is not taken when configuring the VACL. Like SPAN s, VACLs source data cannot be sent to multiple VACLs limiting the benefit of having extra VACL ports as many times monitoring tools will have to see many VLANs at once leaving the user with one or two VACL capture ports that can be used. GigaVUE Traffic Visibility Nodes GigaVUE Traffic Visibility Nodes are purpose built appliances create an out-of-band network that provides enhanced visibility to all monitoring, data capture, and security tools. With Traffic Visibility Nodes users can connect inputs and aggregate, replicate, and filter data all at line-rate speeds to any number of tools. Users can connect SPAN s, RSPAN s, VACL s, ERSPAN, and TAP input ports to control the traffic flow from all network inputs to all monitoring inputs. ou can think of the Traffic Visibility Node as the central hub of your monitoring infrastructure that is becoming a key component in new 0G and G data centers. Load-Balancing data from multiple 0G and G network links to multiple 0G and G network tool interfaces Advanced features such as time-stamping, port tagging, and packetslicing Source Data port that belongs to VLAN 00 VLAN 00, IP... VACL Port Monitoring Tool Figure Cisco VACL example Data from IP address... in VLAN 00 is forwarded to a VLAN capture port T R T R T T There are many benefits that users can gain by implementing a Traffic Visibility Node such as GigaVUE: Eliminating SPAN, RSPAN, ERSPAN, VACL contention issues Providing secure access to monitoring data Accessing 0G network links with G monitoring tools Enabling visibility into data across asymmetric links Filtering of any field Layer - within a packet as well as userdefined filters that delve deeper into packet structures Consolidating monitoring resources to one centrally managed location G-Tap Switch Switch Monitoring Tool Figure Logical TAP Traffic Flow Diagram G-TAP A-T G-TAP A-T G-TAP A-T Figure G-TAP and G-TAP A-Series TAP s

Batt Mgmnt () A B A B G-TAP A-Tx 0GigaPORT- GigaVUE-0MB Mgmt 0GigaPORT- 0/00/000 (SFP) G G G G G G G G SLOT 9 SLOT G-G - SLOT Mgmt 0/00/000 G G/0G The Smart Route To Visibility Enhancing Cisco s with Figure Sample configuration in a Flat GigaVUE- GigaVUE-0 G Monitoring Tools Figure Example of Flow Mapping technology 0G Map-Rule 0G R Map-Rule 0G VACL Data Map-Rule Map-Rule 0G ER Map-Rule Map-Rule G Full-Duplex Tap Data The Map-Rules represent different flows that are strategically directed to the monitoring ports G-TAP A-Tx Ingress and Egress Port Filters can applied in addition to Map-Rules GigaVUE Data Access Switch

0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- GigaVUE- Mgmt 0/00/000 G G/0G SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT S ystems Mgmnt 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga TAP-Sx Split Ratio :0/0 Giga PORT SLOT 9 SLOT G-G - SLOT 0GigaPORT- GigaVUE-0MB 0GigaPORT- GigaVUE-0MB 0/00/000 (SFP) G G G G G G G G 0GigaPORT- 0/00/000 (SFP) G G G G G G G G 0GigaPORT- SLOT 9 SLOT G-G - SLOT SLOT 9 SLOT G-G - SLOT The Smart Route To Visibility Enhancing Cisco s with Flow Mapping The key technology that enables these benefits in GigaVUE is the patented Flow Mapping technology. Flow Mapping creates traffic distribution maps that can direct traffic from any ingress traffic ports to any number of monitoring ports at linerate with no dropped traffic. Flow Mapping is different from port filtering that is found on other Traffic Visibility Nodes. engineers create Map rules that direct data to the desired monitoring port. Once a Map is created, input ports can be bound to the Map. This allows for dynamic changes to data flows that would be impossible using port filters as network engineers would have to change the filtering on each port individually. Using other technology such as collectors and pass-alls that are unique to, users can have access to unfiltered traffic while traffic is being filtered using the Map. This is functionality unique to and only. users can augment the power of the Flow Mapping technology by further reducing traffic loads on egress tool ports as well. All these features create a powerful Traffic Visibility Fabric. WAN Edge GigaVUE-0 GigaVUE-0 Core 0G and G Tool Farm Distribution Layer Data Center Fibre Channel SAN GigaVUE-0 Access Layer GigaVUE-0 GigaVUE-0 GigaVUE-0 0G Tool Farm VM Cluster VM Cluster GigaVUE- GigaSTREAM Diagram Legend Multi-Layer Switch GigaSTREAM Bundle G Link 0G Link Wireless Devices End User Workstations Access Switch TAP Connection Point G TAP Traffic Router 0G TAP Traffic Firewall Cascaded Traffic Figure Example of Flow Mapping technology

The Smart Route To Visibility Enhancing Cisco s with Figure 9 shows an example of a large Cisco network with a Traffic Visibility Fabric overlay. In this diagram all major switch to switch connections are tapped using G-TAP network TAP s or using integrated taps into the GigaVUE appliances. By tapping at strategic locations, network engineers have increased visibility into traffic. For example, by tapping the interface between the Internet and the firewall or the firewall and router, engineers can view all traffic coming into and out of the network from the internet. Because TAP s are used, all traffic at full line rate can be viewed without missing traffic or degrading the switch fabric. SPAN port traffic from the visibility nodes are routed to the GigaVUE appliance where all traffic can be aggregated, replicated, and filtered to multiple monitoring tools. In most new 0G infrastructures SPAN traffic is usually limited to the access layer as an easy way to view end-user traffic. All GigaVUE appliances are stacked together or cascaded to be controlled from one central interface that can dynamically route specific traffic to specific tool ports. This aids in decreasing resolution times and increased performance of monitoring and capture tools as they are only receiving the traffic that they desire. About provides intelligent Traffic Visibility ing solutions for enterprises, data centers and service providers around the globe. Our technology empowers infrastructure architects, managers and operators with unmatched visibility into the traffic traversing both physical and virtual networks without affecting the performance or stability of the production environment. Through patented technologies, the GigaVUE portfolio of high availability and high density products intelligently delivers the appropriate network traffic to security, monitoring or management systems. With over seven years experience designing and building intelligent traffic visibility products in the US, serves the vertical market leaders of the Fortune 000 and has an install base spanning 0 countries. For more information about our products visit: www.gigamon.com Conclusion By leveraging the power of GigaVUE devices network engineers utilizing Cisco networks and monitoring technology such as SPAN, RSPAN, and VACL can improve flexibility, performance, and security of monitored data as the data is routed to various monitoring, capture, and security tools. A Traffic Visibility Fabric allows network engineers to future proof their monitoring infrastructure for speeds today and tomorrow. Copyright 0, LLC. All rights reserved., GigaVUE, GigaSMART, G-TAP, Flow Mapping are registered trademarks of, LLC and/or affiliates in the United States and certain other countries. Visibility Fabric, Traffic Visibility Fabric (TVF), Citrus, and The Smart Route To Visibility are trademarks of. All other trademarks are the property of their respective owners. 9 Gibraltar Drive Milpitas, CA 90 PH 0..0 www.gigamon.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information