Data Access solution to common outofband tool access problems

1
Data Access solution to common out-of-band tool
access problems

• GigaVUE-MPTM from
• Gigamon Systems
• A Network Infrastructure Company

2
Typical Data Access Problems

• Too many tools, not enough span ports
• Security and IT compete for span ports
• Mandatory deployment of New SOX or Hippa
  compliance monitors
• Expensive tools left on the shelf

3
Typical Data Access Problems

• Consolidate distributed tools
• Distributed Analyzers, Probes, and IDS
• High Operational cost of tool management
• Annual maintenance bills for deployed systems
• High performance 100 Meg sensors deployed at
  every low speed 1.5 meg remote link
• Insecure deployment of critical tools in remote
  wiring closets

4
Typical Data Access Problems

• No total VLAN or Network-wide View
• RSPAN is too complex and over loads network
• VoIP monitoring problems in meshed networks
• Cant see big pipe view of Etherchannel or
  aggregated / trunked links

5
You need a reliable Data Socket Part of the
Network Infrastructure

• Plug-in multiple out-of-band tools any tool to
  any data
• Unobtrusive tool changes never touch the
  network
• Do moves, adds, changes at any convenient time

Consolidated Tool Farm
Security IDS
Switch
Storage Area Network
Protocol Analyzer
Edge Router
Performance Monitor
Switch
Server Farm
Forensic Recorder
Transaction Auditor
Application Analyzer
Load Generator/Tester
Data Socket
6
Ultimate Connectivity Solution
7
Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
8
Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
9
Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
10
Ultimate Connectivity Solution
Network Ports
Tool Ports
Recorder (e.g.,VLAN 100
SPAN Ports or TAPS
Post Filter
Pre Filter
Span Input A
Post Filter
Pre Filter
Observer 1 (e.g., All traffic except Port 80)
Tap Input B
Post Filter
Pre Filter
Tap Input C
Observer 2 (e.g., Port 80)
Pre Filter
GigaVUETM
Span Input D
IDS (e.g., all traffic from edge router to
firewall)
11
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

12
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

• Redundant Power Supplies
• Redundant Power Cord
• Redundant cooling fans

13
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

Remote Ethernet and local Serial Management
Ports With TACACs Radius
14
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

Base Unit provides eight 10/100/1000 copper ports
(all ports can be either network ports or tool
port)
15
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

Optional GigaPORT module provides another four
10/100/1000 copper ports or Gigabit optical ports
(using pluggable SFP transceivers)
16
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

GigaTAP-Sx and GigaTAP-Tx dual fault tolerant taps
17
GigaVUE-MP Tour

• 20 ports of 10/100/1000 Ethernet
• 1U modular chassis
• Stack up to 32 chassis for 640 ports

Standard 10G copper stacking port
10 GigE optical and copper port for stacking,
multi data center fabric creation and 10 Gig tools
18
Enterprise-Wide Scalability

• 8 to 640 port Out-of-Band Access Fabric
• Add GigaVUETM modules as you grow
• 10 Gig box-to-box copper stacking links

19
Enterprise-Wide Scalability

• 8 to 640 port Out-of-Band Access Fabric
• Add GigaVUETM modules as you grow
• 10 Gig box-to-box copper stacking links
• Covers multiple sites via 10 Gig optical link
• Up to 32 Chassis makes 640 port fabric

? 10 Gig optical link- 40KM between data centers ?
20
GigaVUE-MP Customer Case Studies

• Case 1 AOL VoIP Monitoring
• Too many tools, not enough budget
• Span port limitations
• Case 2 Major Computer Manufacturer
• Aggregate and multiplex traffic
• Map packets to specific monitors by IP
• Case 3 National Research Lab
• Consolidate Tools
• Unify the data access solution across distant
  centers

21
Case 1 AOL by Marshall Manhoff
22
AOLs VoIP Network
Internet
PROBE
SBC
Represents five 100 Meg connections
L
2
Switch
L
2
Switch
L
2
Switch
PSX
ASX
EMS
GSX
MS
ECE
SGX
23
Probes only have 2 ports on each
PROBE
PROBE
PROBE
PROBE
PROBE
SBC
Represents five 100 Meg connections
L
2
Switch
L
2
Switch
L
2
Switch
PSX
PROBE
ASX
EMS
GSX
PROBE
MS
ECE
PROBE
SGX

• 3 probes typical to tap 5 trunked links
• 6 hosts x 5 connections x 2 60 connections
• 60 connections / 2 connections per probe 30
  probes

24
36 Probes would be needed
Represents five 100 Meg connections
3 probes typical to tap 5 trunked links 6 hosts
x 5 connections x 2 60 connections 60
connections / 2 connections per probe 30 probes
25
Tapping vs. Port mirror issues
Represents five 100 Meg connections
26
Port mirror issues
Represents five 100 Meg connections
Traffic is from host to host, which mirror will
not pickup
27
Using GigaVUE
28
AOL saved Cap Cost of 2.7 Million

• Original Plan, use lots of probes everywhere
• 36 probes at 80,000 2,880,000
• Span port aggregation, but misses traffic flows
• 4 Probes at 80,000 400,000
• This was not an option due to missing traffic
  flow
• GigaVUE Tap solution only 171,000
• 1 Probe at 80,000
• 48 network taps 20,000
• 3 GigaVUE units at 71,000
• Never miss a packet with full traffic flow
  monitoring

29
Case 2 Computer Manufacturer
30
Mapping Pre-Filters
Tool Ports
Network Ports
F1
SPAN Port A
F2
xTUNES (IP Subnet)
3
F3
xDISK (IP Subnet)
F4
1
4
F5
xSTORE (IP Subnet)
5
F1
xTALK (IP Subnet)
F2
6
2
F3
xGAME IP Subnet)
F4
7
SPAN Port B
F5
Application Servers
31
Case 3 National Research Lab
32

• Remote access via redundant 10G Optical Ring
• Redundant path in case of fiber break or local
  power outage

Data sources in multiple Bldgs
Tool Farm in Data Center Bldg
GigaVUE-MP
GigaVUE-MP
GigaVUE-MP
3 Single Mode Fiber Links
GigaVUE-MP
GigaVUE-MP
Built-in copper GigaLINK
GigaVUE-MP
Built-in Copper GigaLINK
4th Single Mode Fiber Link (optional)
Network Building
Data Center
GigaVUE-MP
10 km maximum
33
GigaVUE-MP Ultimate Data Access Solution

• Aggregate many links to single tools
• Multiplex single links to many tools
• Filter data to customize tool view
• Save Cap Ex and Op Ex budgets