Title: Data Access solution to common outofband tool access problems
1Data Access solution to common out-of-band tool
access problems
- GigaVUE-MPTM from
- Gigamon Systems
- A Network Infrastructure Company
2Typical Data Access Problems
- Too many tools, not enough span ports
- Security and IT compete for span ports
- Mandatory deployment of New SOX or Hippa
compliance monitors - Expensive tools left on the shelf
3Typical Data Access Problems
- Consolidate distributed tools
- Distributed Analyzers, Probes, and IDS
- High Operational cost of tool management
- Annual maintenance bills for deployed systems
- High performance 100 Meg sensors deployed at
every low speed 1.5 meg remote link - Insecure deployment of critical tools in remote
wiring closets
4Typical Data Access Problems
- No total VLAN or Network-wide View
- RSPAN is too complex and over loads network
- VoIP monitoring problems in meshed networks
- Cant see big pipe view of Etherchannel or
aggregated / trunked links
5You need a reliable Data Socket Part of the
Network Infrastructure
- Plug-in multiple out-of-band tools any tool to
any data - Unobtrusive tool changes never touch the
network - Do moves, adds, changes at any convenient time
Consolidated Tool Farm
Security IDS
Switch
Storage Area Network
Protocol Analyzer
Edge Router
Performance Monitor
Switch
Server Farm
Forensic Recorder
Transaction Auditor
Application Analyzer
Load Generator/Tester
Data Socket
6Ultimate Connectivity Solution
7Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
8Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
9Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
10Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
11GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
12GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
- Redundant Power Supplies
- Redundant Power Cord
- Redundant cooling fans
13GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
Remote Ethernet and local Serial Management
Ports With TACACs Radius
14GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
Base Unit provides eight 10/100/1000 copper ports
(all ports can be either network ports or tool
port)
15GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
Optional GigaPORT module provides another four
10/100/1000 copper ports or Gigabit optical ports
(using pluggable SFP transceivers)
16GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
GigaTAP-Sx and GigaTAP-Tx dual fault tolerant taps
17GigaVUE-MP Tour
- 20 ports of 10/100/1000 Ethernet
- 1U modular chassis
- Stack up to 32 chassis for 640 ports
Standard 10G copper stacking port
10 GigE optical and copper port for stacking,
multi data center fabric creation and 10 Gig tools
18Enterprise-Wide Scalability
- 8 to 640 port Out-of-Band Access Fabric
- Add GigaVUETM modules as you grow
- 10 Gig box-to-box copper stacking links
19Enterprise-Wide Scalability
- 8 to 640 port Out-of-Band Access Fabric
- Add GigaVUETM modules as you grow
- 10 Gig box-to-box copper stacking links
- Covers multiple sites via 10 Gig optical link
- Up to 32 Chassis makes 640 port fabric
? 10 Gig optical link- 40KM between data centers ?
20GigaVUE-MP Customer Case Studies
- Case 1 AOL VoIP Monitoring
- Too many tools, not enough budget
- Span port limitations
- Case 2 Major Computer Manufacturer
- Aggregate and multiplex traffic
- Map packets to specific monitors by IP
- Case 3 National Research Lab
- Consolidate Tools
- Unify the data access solution across distant
centers
21Case 1 AOL by Marshall Manhoff
22AOLs VoIP Network
Internet
PROBE
SBC
Represents five 100 Meg connections
L
2
Switch
L
2
Switch
L
2
Switch
PSX
ASX
EMS
GSX
MS
ECE
SGX
23Probes only have 2 ports on each
PROBE
PROBE
PROBE
PROBE
PROBE
SBC
Represents five 100 Meg connections
L
2
Switch
L
2
Switch
L
2
Switch
PSX
PROBE
ASX
EMS
GSX
PROBE
MS
ECE
PROBE
SGX
- 3 probes typical to tap 5 trunked links
- 6 hosts x 5 connections x 2 60 connections
- 60 connections / 2 connections per probe 30
probes
2436 Probes would be needed
Represents five 100 Meg connections
3 probes typical to tap 5 trunked links 6 hosts
x 5 connections x 2 60 connections 60
connections / 2 connections per probe 30 probes
25Tapping vs. Port mirror issues
Represents five 100 Meg connections
26Port mirror issues
Represents five 100 Meg connections
Traffic is from host to host, which mirror will
not pickup
27Using GigaVUE
28AOL saved Cap Cost of 2.7 Million
- Original Plan, use lots of probes everywhere
- 36 probes at 80,000 2,880,000
- Span port aggregation, but misses traffic flows
- 4 Probes at 80,000 400,000
- This was not an option due to missing traffic
flow - GigaVUE Tap solution only 171,000
- 1 Probe at 80,000
- 48 network taps 20,000
- 3 GigaVUE units at 71,000
- Never miss a packet with full traffic flow
monitoring
29Case 2 Computer Manufacturer
30Mapping Pre-Filters
Tool Ports
Network Ports
F1
SPAN Port A
F2
xTUNES (IP Subnet)
3
F3
xDISK (IP Subnet)
F4
1
4
F5
xSTORE (IP Subnet)
5
F1
xTALK (IP Subnet)
F2
6
2
F3
xGAME IP Subnet)
F4
7
SPAN Port B
F5
Application Servers
31Case 3 National Research Lab
32- Remote access via redundant 10G Optical Ring
- Redundant path in case of fiber break or local
power outage
Data sources in multiple Bldgs
Tool Farm in Data Center Bldg
GigaVUE-MP
GigaVUE-MP
GigaVUE-MP
3 Single Mode Fiber Links
GigaVUE-MP
GigaVUE-MP
Built-in copper GigaLINK
GigaVUE-MP
Built-in Copper GigaLINK
4th Single Mode Fiber Link (optional)
Network Building
Data Center
GigaVUE-MP
10 km maximum
33GigaVUE-MP Ultimate Data Access Solution
- Aggregate many links to single tools
- Multiplex single links to many tools
- Filter data to customize tool view
- Save Cap Ex and Op Ex budgets