270 likes | 280 Views
Learn about the technology drivers, innovations, and benefits of passive monitoring access in network and security monitoring. Gain insights into tap deployment and the increasing demand for stealth monitoring and analysis.
E N D
Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation SHARKFEST'09 Stanford University June 15-18, 2009
Agenda • Goal: Present an overview of Tap technology and • how network and security monitoring become more • efficient and productive. • Technology Drivers • Network considerations for a Tap deployment • Innovations in Tap technology • Taps in your network • Thank you and contact info
Technology Drivers • Forensics • Compliance • Lawful Intercept • Security • Growing Threats • Need for Stealth Monitoring • Analysis • Convergence of Voice/Video/Data • Demand for 10G The increasing complexity of networks, proliferation of applications and the development of new technologies such as 10 Gigabit Ethernet are driving the demand for increased monitoring. Source: Frost & Sullivan
Traditional Access Methods Switch Switch Switch Hub Switch Switch
Passive Tap Technology • Access 100% of your network traffic • Passive fail-safe operation • Intelligent failure-over • Deployed as infrastructure • Recommended by all leading tool vendors
Passive Access Devices • One monitoring tool has passive access to one network link. Network Taps • Multiple groups and tools can share access to a network link. Regeneration Taps • Tools can view traffic from multiple full-duplex links at one time. Port & Link Aggregator Taps • Prevent link downtime by connecting in-line appliances through fail-open Bypass Switches. Bypass Switches • Tools can be assigned to any link or automatically scan all links. Matrix Switches • View link utilization, traffic statistics, and alarms via front panel displays and remote interfaces even when a monitoring tool is not connected. Intelligent Tap Technology • Match traffic of interest to appropriate monitoring resources. Filtering Appliances
Copper & Fiber Taps Secure, passive network access for monitoring devices on any network topology. 10/100/1000BaseT Tap 10 GigaBit SR Tap Features: • Fiber Taps available in multiple split ratios No power needed • Fiber available for ATM / OC3, OC12, GigaBit and 10 GigaBit • Support full-duplex monitoring • Copper available in 10/100, 1G and 10/100/1G • Zero Delay on 10/100BaseT Tap • Rack-mountable (with the purchase of rack panels) Benefits: • Network traffic flows regardless of power availability to the Tap • Monitoring devices can be used across multiple network links, preserving existing network connections • Hardware becomes hidden from potential attackers providing premium network security • Access to all packet types on a link and errors from all layers • Access to all packets on a full-duplex link, in real-time
Fiber Tap Split Ratios • What is a Split Ratio? A split ratio is the amount of light a Tap re-directs from the network to the monitor ports. • For correct split ratio, a Loss (power) Budget should be calculated Fiber Tap 50/50 Split Ratio Optical Power = X Optical Power = X/2 Router Switch Optical Power = X/2 X/2 > Receiver Threshold Sensitivity Monitoring Device What is a Loss (power) Budget and how do I calculate this? A Loss (power) Budget is the amount of attenuation that can be tolerated on the network and monitor links before the end-to-end data is corrupted. To calculate, you must determine the following: Link Distance, Fiber Type, Launch Power, Receiver Sensitivity, number of interconnects and splices.
Fiber Specifications Emerging 10 GigaBit technology may require upgrades to existing networks.
10/100 Zero Delay Technology Technology that eliminates the 10 ms delay added to traffic in other Taps when power is lost. This short delay can cascade into longer delays if routers and switches need to renegotiate the link. Zero Delay ensures: • No dropped packets • No latency is introduced • Power loss to the Tap undetectable to network Net Optics Products with Zero Delay • 10/100BaseT Taps • 10/100BaseT Regeneration Taps • 10/100BaseT Link Aggregator Taps
Port Aggregator Taps Typically, full-duplex monitoring with a network tap requires two NICs (or a dual channel NIC) – one interface for each side of the tapped full-duplex connection. A port aggregator Tap combines these streams, sending all aggregated data out a single passive monitoring port. Benefits: • Zero network data stream interference • Network Traffic flows regardless of power availability to the tap • Hardware becomes hidden from potential attacks providing premium network security • Access to all packet types on a link and errors from all layers • Enable 24/7 passive monitoring Features: • Available for 10/100BaseT, GigaBit copper and GigaBit fiber monitoring devices • Supplies full-duplex traffic to a single NIC on the monitoring device • DIP switch sets auto-negotiation or fixed speed duplexing • 256MB buffer memory controls traffic bursts • Available with 2 monitor port option
In-Line Regeneration Taps Maximize resources and save on access points when multiple devices can monitor link traffic simultaneously through a Regeneration Tap. Secure, passive access for multiple devices means a better return on monitoring investments. Benefits: • Network traffic flows regardless of power availability to the Tap • Hardware is hidden from potential attackers, providing premium network security • Access to all packet types on a link and errors from all layers Features: • 10/100Mbps auto-sensing, GigaBit or 10GigaBit speeds available • DIP switch controlled duplex and speed settings (copper) • Redundant power supplies • Available in 2, 4, and 8 monitor port models, copper and fiber
Link Aggregator Link Aggregator Taps extend the reach of GigaBit monitoring devices to traffic from multiple Span ports. Aggregating the traffic from multiple switch Span ports greatly increases the coverage of monitoring devices. • Benefits: • Increase Tool ROI • Use 10G Tools Efficiently • Monitor More Links Simultaneously • Share Traffic Access • Features: • Use 1G tools on 10G Links • Aggregate 1G Links to 10G Tools • Monitor up to 10 Network Links • Replicate Traffic to 4 Tools
iTap Technology Information Control • Benefits: • Centralized and remote management • Enhanced capability • Better resource utilization • Increased network visibility Features: • SNMP integration • Passive monitoring / invisible to attacks • Utilization statistics Access
Data Monitoring Switch Value - Any-to-Any / Many-to-Many connectivity, filtering to enhance tool performance and speed problem solving.
Director™ Benefits: • Relieve Oversubscribed Tools • Centralize Data Monitoring • Leverage Tool Investments • Increased Network Visibility Features: • TapFlow™ Multi-Layer Filtering • Industry's Highest Port Density • Passes all errors including CRC • High-speed 10 & 1 Gigabit Ports
Software Management System Manager CLI Web Manager System Manager, Web Manager & CLI • Management Software Options • Web - single device mgmt • GUI - MAP wide visibility • Command Line Interface • Track Link Information • Identify bandwidth utilization peaks • Baseline traffic statistics • Control Access to the Data • Enable/disable monitor ports • Reset alarm triggers • Security (Q2 09’) • SNMPv3 • RADIUS/TACACS+
Financial Case Study Multi-station Taps • Industry: Finance • Objective: Provide non-intrusive, zero-latency visibility into network traffic enabling trading transactions to be captured and network issues to be resolved quickly and accurately • Approach: Tap into the network with Net Optics multi-station fiber and copper Taps • Technology Improvements: • 100 percent direct in-line traffic visibility in real time without latency or impact on real-time applications • Ability to record transactions for event reconstruction to resolve differences between the Exchange and its members • Ability to analyze traffic from multiple vantage points throughout the network simultaneously • Business Outcomes: • Improved network reliability from “four nines”(99.99% up time) to five nines (99.999% up time) in first year • Achieved virtually 100% up time by the end of the third year • Improved end user satisfaction by consistently providing more reliable low-latency access into equities, equity options, and futures markets
Government Case Study Multi-station Taps • Industry:Government • Objective:Provide non-intrusive visibility into network traffic to support remote diagnostics • Approach: Tap into the network with Net Optics multi-station fiber and copper Taps • Technology Improvements: • 100 percent direct in-line traffic visibility in real time without latency or traffic impact • Deployment of automated tools and control mechanisms • Ability to troubleshoot and develop solutions remotely • Project Outcomes: • Frequent resolution of issues before users are impacted • Reduction in number of field services calls dispatched • Significantly lowered MTTR • Improved end user satisfaction
InteropNet Case Study Director™ • Industry: Information Technology • Objective: Provide pervasive monitoring access for InteropNet, the high‑performance network serving the Interop Las Vegas and New York conferences • Approach: Tap into the InteropNet with an expanded multi-unit system of Net Optics Director Data Monitoring Switches • Technology Improvements: • Ability to connect any feed to any monitoring tool • Reduced access solution footprint • Aggregation of feeds down to a single pair • Remote visibility and control • Business Outcomes: • Confident of delivering “101” uptime at Interop • Number of help desk tickets reduced • Tickets closed faster (MTTR lowered) • No open tickets or unsolved cases
InteropNet Solution InteropNet production network (orange and dotted lines) and SpyNet (purple lines) with five Net Optics Director Data Monitoring Switches
A Monitoring Access Platform Workgroup Edge Data Center Core Build an infrastructure with a strong platform
45% Net Optics Overview Fortune 100 Fortune 500 82% Customers • 82% of the Fortune 100 • 45% of the Fortune 500 • 5700 Global Customers • 5 New Customers Every Week Highlights • Founded in 1996 by Eldad Matityahu • 50 Quarters of Growth & Profitability • 40K Sq. Ft. Santa Clara, CA Corporate HQand Manufacturing Facility • Private Company No VC funding and 90 Employees
Thank You www.netoptics.com (408)737-7777