1 / 23

Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008

Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick P. Leong CTO | Gigamon Systems LLC SHARK FEST '08 Foothill College March 31 - April 2, 2008. Agenda. Recent changes in the network monitoring Issues with traditional network tapping

kelsey-long
Download Presentation

Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick P. Leong CTO | Gigamon Systems LLC SHARKFEST '08 Foothill College March 31 - April 2, 2008

  2. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Agenda • Recent changes in the network monitoring • Issues with traditional network tapping • Data Access Network (DAN) • Functions of a Data-Access Switch • Example applications • Summary • Q & A

  3. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Recent Changes in Network Monitoring • 9/11 spawned new security and lawful intercept requirements • Enron spawned new auditing and monitoring laws • New tools optimize E-commerce and internet applications • VoIP and media convergence make the network more strategic • Network is more valuable; Downtime is unacceptable

  4. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Result: Proliferation of Tools • New SOX compliance transaction monitors --- • Keep your boss out of jail! • IDS Sensors detect external hacker attacks • NAC Appliance protects networks from inside --- • From your own people! • Forensic recorders capture events • and how the network being used! • Configuration monitoring tools watch over network resources • Application and Network troubleshooting

  5. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Proliferation Causes Contention for Span Ports Security and IT Engineers seen here “Negotiating” Over a SPAN Port

  6. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Other Issues Packets belonging to the same flow may go through multiple parallel links e.g. Etherchannel Difficulty in monitoring asynchronously routed mesh topologies The tool cannot keep up with the incoming bandwidth --- many tools are software based e.g. Wireshark

  7. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Solution? Data-Access Network (DAN)

  8. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s a DAN? It’s a out-of-band monitoring network! Includes Passive Tools like: Sensors, Probes, Monitors, Recorders, Analyzers, and Access Switching

  9. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example of a DAN

  10. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s new? • A new “Best Practice” • Part of the network infrastructure • Facilitates instrumentation of a network • Enterprise or Telco • What’s new is how data is fed to the tools • By a Data-Access Switch • Unobtrusive to the primary network

  11. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 ? ? ? ? What problems do DANs solve? Too Many Power Tools? Not Enough Sockets?

  12. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Power Tools, use a Power Strip

  13. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 ? ? ? ? Too Many Monitoring Tools? Not Enough Span Ports?

  14. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Sensors/Monitors/Analyzers,Use a Data Access Switch One Span port serves Many tools

  15. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Monitoring a Mesh Network?

  16. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 If we deploy one tool per span port --- Lots of Hardware and Expensive !!!

  17. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Better to Distribute Connections with a DAN Aggregate and filter flows to consolidated tools

  18. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Consolidated Tool Farm Security IDS Switch Storage Area Network Protocol Analyzer Performance Monitor Switch Server Farm Forensic Recorder Transaction Auditor Config Monitor “Data Socket” DAN is out-of-band “Data Socket”Part of the Reliable Network Infrastructure • Plug-in multiple out-of-band tools – any tool to any data • Unobtrusive tool changes – never touch the network • Do moves, adds, changes at any convenient time • Eliminates RSPAN

  19. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Bit-Mask Filtering Any to Many Any to Any Many to Any DAN Solves Access Problems By • Aggregatingmany links to any tool • Multicastingany link to many tools • Filteringdata to map packets to tools • Saving $$ Cap Ex and Op Ex budget$

  20. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Core

  21. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Edge

  22. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example Application: 10G Monitoring

  23. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Summary • A Data-Access Switch forms a Data-Access Network that: • Provides non-intrusive, out-of-band network monitoring • Resolves the insufficient span ports issue • Reduces the number of tools deployed • Can intelligently spread the network traffic to various tools • Reduces the load of a particular tool via intelligent hardware-based filtering • Provides a “Big Pipe” view of the mesh network

More Related