07-12-11

Net Tool Optimizer Demo Guide

www.anuesystems.com

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 2 www.anuesystems.com All rights reserved

Overview

This document describes the Anue Systems 5200 Net Tool Optimizer (NTO) Demo application.

The 5200 Demo Simulation allows you to simulate the steps required to aggregate, filter and

replicate network traffic from taps and SPAN ports and deliver that traffic to your critical network

monitoring, security, and application monitoring tools.

The simulation configuration provides several examples that can be used for reference.

System Requirements

1. Windows XP/Vista/7.

2. 1 gigabyte (GB) RAM.

3. 1 gigahertz (GHZ) or faster processor.

4. At least 60 Megabytes (MB) of available space on the hard disk.

Getting Started

Thank you for downloading the Net Tool Optimizer Demo. After installing the application, launch

the program by double clicking on the Net Tool Optimizer Demo 3.x.x icon that was installed on

your desktop or access the following menu option: Start -> All Programs -> Anue Systems -> Net

Tool Optimizer 3.x.x -> Net Tool Optimizer 3.x.x.

The Net Tool Optimizer Control Panel will then display.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 3 www.anuesystems.com All rights reserved

Demo Configuration Overview

The Net Tool Optimizer has an intuitive and easy to use GUI interface (Control Panel).

The default configuration of the demo displays several monitoring scenarios in the diagram area

which are described in detail below.

Note: All of the features available in the demo application, except for traffic simulation, are

available when using an actual 5200 Net Tool Optimizer.

Figure 1 - 5200 Net Tool Optimizer Control Panel

Logically, traffic flows through the Net Tool Optimizer from left to right.

At the left side of the control panel, ingress traffic is connected to Network Ports. Network Ports are

then connected to Dynamic Filters (displayed in the center of the control panel). Dynamic Filters are

then connected to Tool Ports where egress traffic is delivered to your tools.

Note: Network Ports and Tool Ports also contain filters that can be used in conjunction with

Dynamic Filters.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 4 www.anuesystems.com All rights reserved

In the demo, the Network Ports, Dynamic Filters and Tool Ports have been given detailed

descriptions that display on their icons. The descriptions make it easy to understand the port and

filter purpose and function. Customized icons have also been applied to ports.

Tip: Pressing the F7 key on the keyboard enables tool tip help for most of the objects and

features in the control panel GUI. Pressing the F7 key again disables tool tip help.

Aggregation and Security

This monitoring scenario delivers traffic from two separate Taps to the same IDS tool.

Figure 2 - Aggregation and Security Example

The Dynamic Filter, displayed in the center of the figure above, has been configured to Pass All

traffic. Note that two 1G ports have been connected to a 1G tool. In this scenario, the user must be

sure that the combined traffic will not exceed 1G or packets will be dropped at the Tool Port.

Filtering, described in the next example, can be used to remove unwanted traffic and ensure that

tools only received the required traffic.

Simulated traffic is running in the demonstration software to mimic a real network environment.

Right click on the Tool Port and select Statistics to view the Tool Port Statistics. Statistics can also

be displayed for Network Ports and Dynamic Filters.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 5 www.anuesystems.com All rights reserved

Figure 3 - Tool Port Statistics

According to the label, the Tool Port is connected to the Sourcefire IDS tool.

The lock symbol on the Tool Port indicates that the tool has been secured using the Access Control

features. Only designated personnel and System Administrators can modify the Tool Port settings.

To view these settings, double click on the Tool Port and select the Access Control tab.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 6 www.anuesystems.com All rights reserved

Figure 4 - Tool Port Access Control

Notice that the ability to Modify the port settings requires that a user be a member of the Security

Mgmt group. The ability to Connect/Disconnect Inputs can also be secured with Access Control.

Groups can be viewed and maintained under the Groups View of the Control Panel.

Figure 5 - Groups View

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 7 www.anuesystems.com All rights reserved

The Groups view indicates that the users “bbrother” and “securityguy” are members of the Security

Mgmt group. Only these users, and any System Administrator, can modify the Sourcefire IDS Tool

Port settings.

Multi-Stream Traffic to Several Tools and Filter Traffic

The 2nd monitoring scenario multi-casts traffic from two Network Ports to several Tool Ports.

Figure 6 - Multi-Stream and Filtering Example

This example delivers traffic from 2 separate SPANs to a Niksun NetVCR tool and OPNET App

Monitor tool.

Tip: Note that traffic can also be multi-cast from a single Network Port to many Tool Ports.

The Dynamic Filter also displays information that indicates traffic will be filtered.

In the figure above, the “three green arrows in – 1 green arrow out” symbol indicates that filtering

has been enabled. Labels are automatically displayed at the left side of the Dynamic Filter which

provide a brief description of the defined filter criteria. This Dynamic Filter has Layer 3/Layer 4 - v4

and VLAN with IP criteria configured.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 8 www.anuesystems.com All rights reserved

Filter Notes

Filter criteria can also be defined at the ingress within Network Ports. Traffic removed at the

Network Port will NOT be available to any tools.

Filter criteria can also be defined at egress within Tool Ports. This option is useful when more than

one tool is connected to a Dynamic Filter and only some of the tools need to receive specific traffic

types.

To configure filtering, double click on a port or Dynamic Filter and select the Filter Criteria tab.

Figure 7 - Filter Criteria Tab

The intuitive GUI makes complex filter criteria easy to define. For example, based on Figure 7

above, only traffic that matches the following criteria will pass through the Dynamic Filter:

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 9 www.anuesystems.com All rights reserved

IPv4 packets on VLAN 56, 57, 58, 59 or 60 AND an IP source or destination address of

192.168.40.1 or 192.168.40.5.

Making Modifications and Saving Configurations

The demo configuration can be modified and saved as described below.

Enable Additional Ports

To enable additional ports, double click on a disabled port (disable ports are grayed out) in the

diagram area. The port properties will display. Begin to configure port settings such as the port

description, media type, port mode, port icon, etc. The Filter Criteria tab allows the filter criteria to

be configured. The Connections tab provides one method for connecting ports and Dynamic

Filters. The Access Control tab allows ports and Dynamic Filters to be secured.

Figure 8 - Configure Port Properties

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 10 www.anuesystems.com All rights reserved

Tip: The simulator will place ports that use the default port icon out of service (a red X will

appear on the port). Select a custom icon to place a port in an “in-service” or link up state.

Modify the Configuration

To modify the existing connections displayed in the Diagram area, simply drag a line between a port

and a Dynamic Filter.

To delete a connection, select the connection with the mouse and press the Delete key on the

keyboard.

To make new connections, draw a connection between ports. A Dynamic Filter that denies all traffic

will automatically be created between the ports. You will be prompted to configure the Dynamic

Filter (see the figure below). Dynamic Filters can be configured at any time.

Figure 9 - Configure Dynamic Filter Prompt

Importing and Exporting a Configuration

Unlike an actual 5200 Net Tool Optimizer, the 5200 Demo Simulation configuration will revert to the

initial configuration upon restart of the application. To preserve any configuration changes that you

have made, a configuration must exported (saved) and then imported (restored).

To save a configuration, select File -> Export Configuration from the menu above the diagram

area. Three export options are available: Full Backup, Traffic Configuration and Custom. All of the

export options can be customized to export only the desired configuration settings.

To restore a configuration, select File -> Import Configuration from the menu above the Diagram

area.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 11 www.anuesystems.com All rights reserved

Additional Features

This section describes additional features that are available in the NTO and that can also be

evaluated in the NTO demo application.

Port Groups

Port groups provide the ability to aggregate ports into higher bandwidth trunks for load balancing tool traffic or interconnecting Net Tool Optimizers. The Demo Simulation configuration contains one Interconnect port group and one Load Balance port Group. The diagram area icons for the port groups are displayed below.

Libraries

The Library View displays collections of filter templates and a custom icons library that can be shared by all users. Users create the collections of commonly used filters and icons. Collections can also be shared between 5200 systems by copying one or more collection from one 5200 and pasting it into the library of another system or by exporting them from one system and importing them into another.

The Library View provides a Filter Templates tab and Custom Icons tab.

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 12 www.anuesystems.com All rights reserved

Figure 10 - Library View

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 13 www.anuesystems.com All rights reserved

Advanced Feature Module (AFM)

The AFM is an optional expansion module that can be installed into the NTO chassis. This section

describes the advanced filtering and packet modification features that are available in the NTO

Control Panel when an AFM is installed. These options are available on ports PB1 and PB2 in the

demo application.

To access the AFM features, click on the network port that has the “AFM” logo. Then select the

Advanced tab. A brief description of the AFM features is provided below.

Figure 11 - AFM Features

NET TOOL OPTIMIZER DEMO GUIDE

© 2010 - 2011 Anue Systems, Inc. Page 14 www.anuesystems.com All rights reserved

MPLS Stripping: Use this feature to remove MPLS labels from packets.

De-duplication: Streams of traffic directed to a NTO tool port may contain duplicate packets. Use

this feature to remove duplicate packets before the NTO forwards traffic to a tool.

Packet Trimming: Some network analysis tools only require a portion of a packet. Use this feature

to trim packets to the desired length and indicate the packet header information that should be

retained.

Extended Burst Protection (only available on 1G tool ports): Short bursts of network traffic can

exceed the queuing resources of an NTO 1G port and lead to dropped packets. Use this feature to

buffer up to 200 MB of traffic. Buffering occurs when traffic bursts above the 1G line rate.