Core Controller - by Arun George.ppt

Core Controller (CC)

Arun George CISM, CISSP, BS7799LA, ITIL

Technical Sales Manager – GCC (Excl KSA) & India

2

Agenda

• TippingPoint’s IPS solution for 10GbE network

• Opportunities $$$

• Competition

3

Compelling Story

• TippingPoint’s first solution for IPS protection in a 10GbE network– “Pay as you grow” model

• Most customers don’t actually need full-duplex 10Gbps. They are just installing infrastructure for future growth

• Very cost effective approach vs. having to buy a 20Gbps IPS up-front

– N+1 IPS redundancy– Shared IPS stack in fully redundant networks

• HUGE savings when you are talking about $500K worth of IPS

– Designed for core networks• Reliability and serviceability focus

– Cutting-edge performance• We looked long and hard for a 3rd party product so we wouldn’t have to

build it ourselves. There is nothing comparable out there.

4

Terminology

• Segment– Same as a segment on the IPS except that it’s 10GbE– Bump-in-the-wire where traffic passes through IPS inspection

• iLink– 1GbE connections (1GbE x 2) to an IPS segment

• iLink Group– All traffic from a segment is load balanced to the iLinks assigned to

the segment

5

Major Features

• Hardware– 2U, 2 post rack mountable– 3x 10GbE segments (XFPs)

• Optional ZPHA modules

– 24x 1GbE iLinks (copper)– 1GbE management port– RJ45 serial port– Dual hot-swappable power

supplies

– ZPHA modules (10GbE)• Optional• 2 models: multimode, single

mode

• Packet Processing– 20 Gbps load balancer

• Multiple algorithms

– IPS cluster per 10GbE segment

– Exception rules– Jumbo packet rule

• IPS Compatibility– 5000E/2400E (Rev D/E)

6

Pay As You Grow

• The only pay as your grow 10G IPS solution on the market!

• Fast - Safe - Grows with your need!

10G Ingress

10G Egress

10G Ingress

10G Egress

+

+

7

Without NIPS : Active-Active Frame

Core Switch

Server AggregationSwitch

Core Switch

Server AggregationSwitch

Active Active Active Active

8

With 10 GbE NIPS

Core

Server Aggregation

Core

Server Aggregation


TippingPoint inline protection with

10 Gbps interfaces

TippingPoint inline protection with

10 Gbps interfaces

9

4Gbps across the Frame/1Gbps per segment

TP2400E-C

Core

Server Aggregation

TP2400E-C

Core

Server Aggregation


TP Core Controller TP Core Controller

10

TP2400E-CTP2400E-CTP2400E-C


TP2400E-C

Core

Server Aggregation

Core

Server Aggregation



11


TP5000E-C

Core

Server Aggregation

TP5000E-C

Core

Server Aggregation



12

TP5000E-CTP5000E-CTP5000E-C

16 Gbps across the Frame/4 Gbps per segment

TP5000E-C

Core

Server Aggregation

Core

Server Aggregation



13

TP5000E-C

TP5000E-C

TP5000E-C

TP5000E-C

TP5000E-C

TP5000E-C

TP5000E-C

TP5000E-C

32 Gbps across the Frame/8 Gbps per segment

Core

Server Aggregation

Core

Server Aggregation



14

Major Features

• Management– Fully manageable via CLI– SMS– SOAP, SNMPv2, SNTP– System and Audit Logs

• Remote-syslog

• Reliability– ZPHA

• Nearly Hitless OS Update• RMA

– L2FB– Hardware watchdog timers

• On each ZPHA module• FPGA (triggers L2FB)

– Monitoring iLink ports and IPS• Heartbeat packets (Latency &

loss)– Redundant hot-swappable power

supplies– Resource monitoring

• Voltage, temperature, fans, etc.

15

Reliability & Serviceability

• ZPHA– Optional module for 10GbE interfaces

• Module must match XFP type (multimode or single-mode)

– ZPHA is active during boot process until CC and IPSes are ready to process traffic

– Can be activated manually per segment

– Watchdog timer on each ZPHA module• ZPHA will activate if TOS fails to service the watchdog in time

16

Swap ability

• When ZPHA module is used, you can replace the CC unit without bringing down the network– Power down the CC (ZPHA kicks in)

– Remove ZPHA module from unit. Traffic continues to pass because of the ZPHA mirrors

– Replace the CC and reconnect iLinks

– Plug in the ZPHA module(s) and power on the CC

– As the unit boots, it remains in ZPHA mode until OBE is completed and is ready to pass traffic

• Net downtime for entire swapping process: 2 link flaps

17

Perimeter

Internet

(1.5Mbps – 100Mbps)

NIPS Opportunities

10Mbps – 1Gbps 1Gbps – 10Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps

DMZ

AggregationAccess

VPN

Data Center

Shared StorageShared Tape

Windows & Linux Blades

CoreCore Protect WAN Perimeter

Protect WAN Perimeter

Protect E-Commerce

Protect E-Commerce

Protect Business Applications & Data


Protect Core Network


Protect Major Zones

Protect Major Zones

Protect Remote Offices


18

10 GbE NIPS Opportunities

7600/6500

CatalystSwitch

7600/6500

CatalystSwitch

Perimeter

Internet

(1.5Mbps – 100Mbps)

10Mbps – 1Gbps 1Gbps – 10Gbps 1Gbps – 10Gbps nx1Gbps – nx10Gbps

DMZ

AggregationAccess

VPN

Data Center

Shared StorageShared Tape

Windows & Linux Blades

CoreCore Protect WAN Perimeter

Protect WAN Perimeter

Protect E-Commerce

Protect E-Commerce





Protect Major Zones

Protect Major Zones



Enterprises – For Server Farm protection, between the Core switches and the Server Aggregation switches

Telecom – At the edge (Internet POPs), Core and Server Farm

19

Competition

Good News – No actual competition in the 10 GbE NIPS market

• ISS – No 10 Gbps. False claims on GX6116.pdf. Find Analysis.doc

• McAfee – No 10 Gbps, though an announcement was made on 22/05/2007 (http://www.itcinstitute.com/display.aspx?id=3647). Max is 2Gbps

• Cisco – No 10 Gbps, max is 4 Gbps (Actually its 2 Gbps)

• Juniper - No 10 Gbps, max is 1 Gbps

• Top Layer – No 10 Gbps, max is 2 Gbps

20

Summary

• TippingPoint’s 10 GbE NIPS is a very Cost-Effective, Reliable and Pay-as-you-Grow model

• There are immense opportunities at the Enterprise and Telecom verticals

• The smallest deal of protecting Server Farm behind a CrissCross design of Core Switches & Catalyst switches is $350K+ (2 x CCs + 2 x TP2400s + SMS)

• Good news, no competition !!!

21

Thank You

Date post:	28-Jan-2015
Category:	Documents
Upload:	billy82
View:	122 times
Download:	0 times

Core Controller - by Arun George.ppt

Documents