Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product

SHARKFEST '09 | Stanford University | June 15–18, 2009

Fundamentals of Passive Monitoring AccessJune 16, 2009

Dennis CarpioDirector of Product Innovation

SHARKFEST '09Stanford UniversityJune 15-18, 2009


Agenda

Goal:Goal: Present an overview of Tap technology and Present an overview of Tap technology and how network and security monitoring become morehow network and security monitoring become more efficient and productive.efficient and productive.

• Technology DriversTechnology Drivers• Network considerations for a Tap deploymentNetwork considerations for a Tap deployment• Innovations in Tap technologyInnovations in Tap technology• Taps in your networkTaps in your network• Thank you and contact infoThank you and contact info


Technology Drivers

The increasing complexity of networks, proliferation of applications and the development of new technologies such as 10 Gigabit Ethernet are driving the demand for increased monitoring. Source: Frost & Sullivan

Forensics• Compliance• Lawful Intercept

Security• Growing Threats• Need for Stealth Monitoring

Analysis• Convergence of Voice/Video/Data• Demand for 10G


Traditional Access Methods

Method Risks

Span Ports • Can drop packets when switch is busy• Does not pass critical Layer 1 and 2 errors• Costs time and resources for switch reconfiguration

In-line • Potential point of failure• Expensive one-tool-to-one-link deployment• Relocating the tool means link downtime

Hubs • Not passive (power failure link down)• Half-duplex only• No Gigabit or 10 Gigabit hubs

Switch

SwitchSwitch

Switch Switch

Hub


Passive Tap Technology

•Access 100% of your Access 100% of your

network trafficnetwork traffic

•Passive fail-safe operationPassive fail-safe operation

• Intelligent failure-overIntelligent failure-over

•Deployed as infrastructureDeployed as infrastructure

•Recommended by allRecommended by all

leading tool vendorsleading tool vendors

Net Optics Tap Span Port In-line Device Hub

Handles High Traffic Loads?

Yes No Maybe No

Invisible to Attacks? Yes No No No

Remote Configuration? Yes Yes Yes No

100% Traffic Visibility? Yes No Yes No

Full-Duplex Traffic? Yes Limited Yes No

Point of Failure? No No Yes Yes


The Passive Monitoring Solution


Passive Access Devices• One monitoring tool has passive access to one network link.

• Multiple groups and tools can share access to a network link.

• Tools can be assigned to any link or automatically scan all links.

• Tools can view traffic from multiple full-duplex links at one time.

• Prevent link downtime by connecting in-line appliances through fail-open Bypass Switches.

• View link utilization, traffic statistics, and alarms via front panel displays and remote interfaces even when a monitoring tool is not connected.

• Match traffic of interest to appropriate monitoring resources.

Network Taps

Regeneration Taps

Matrix Switches

Port & Link Aggregator Taps

Bypass Switches

Intelligent Tap Technology

Filtering Appliances


Features:•Fiber Taps available in multiple split ratios No power needed• Fiber available for ATM / OC3, OC12, GigaBit and 10 GigaBit• Support full-duplex monitoring• Copper available in 10/100, 1G and 10/100/1G • Zero Delay on 10/100BaseT Tap• Rack-mountable (with the purchase of rack panels)

Secure, passive network access for monitoring devices on any network topology.

10 GigaBit SR Tap

10/100/1000BaseT Tap

Copper & Fiber Taps

Benefits:• Network traffic flows regardless of power

availability to the Tap• Monitoring devices can be used across multiple

network links, preserving existing network connections• Hardware becomes hidden from potential attackers

providing premium network security • Access to all packet types on a link and errors

from all layers• Access to all packets on a full-duplex link, in real-time


What is a Split Ratio? A split ratio is the amount of light a Tap re-directs from the network to the monitor ports.

• For correct split ratio, a Loss (power) Budget should be calculated

Fiber Tap Split Ratios

What is a Loss (power) Budget and how do I calculate this? A Loss (power) Budget is the amount of attenuation that can be tolerated on the network and monitor links before the end-to-end data is corrupted.

To calculate, you must determine the following: Link Distance, Fiber Type, Launch Power, Receiver Sensitivity, number of interconnects and splices.

Optical Power = X

Fiber Tap50/50 Split Ratio

Optical Power = X/2

Optical Power = X/2

X/2 > Receiver Threshold Sensitivity

RouterSwitch

Monitoring Device


Emerging 10 GigaBit technology may require upgrades to existing networks.

1 GigaBit 10 GigaBit

1GB-SX• 62.5µ or 50µ multimode fiber• 850nm wavelength• 220m distance with 62.5µ fiber, up to 550m with 50µ fiber

10GB-SR• 62.5µ or 50µ multimode fiber• 850nm wavelength• 33m distance with 62.5µ fiber, up to 300m with 50µ laser-optimized fiber

1GB-LX• G.652 fiber• 1310 nm wavelength• Up to 15 kilometers

10GB-LR• G.652 fiber• 1310 nm wavelength• Up to 10 kilometers

1GB-ZX• G.652 fiber• 1550 nm wavelength• Up to 70 kilometers

10GB-ER• G.652 fiber• 1550 nm wavelength• Up to 40 kilometers

Fiber Specifications


Technology that eliminates the 10 ms delay added to traffic in other Taps when power is lost.

This short delay can cascade into longer delays if routers and switches need to renegotiate the link.

Zero Delay ensures:•No dropped packets•No latency is introduced•Power loss to the Tap undetectable to network

Net Optics Products with Zero Delay•10/100BaseT Taps•10/100BaseT Regeneration Taps•10/100BaseT Link Aggregator Taps

10/100 Zero Delay Technology


Typically, full-duplex monitoring with a network tap requires two NICs (or a dual channel NIC) – one interface for each side of the tapped full-duplex connection. A port aggregator Tap combines these streams, sending all aggregated data out a single passive monitoring port.

Features:• Available for 10/100BaseT, GigaBit copper

and GigaBit fiber monitoring devices • Supplies full-duplex traffic to a single NIC

on the monitoring device • DIP switch sets auto-negotiation or fixed

speed duplexing• 256MB buffer memory controls traffic bursts• Available with 2 monitor port option

Port Aggregator Taps

Benefits:• Zero network data stream interference • Network Traffic flows regardless of power

availability to the tap • Hardware becomes hidden from potential attacks

providing premium network security• Access to all packet types on a link and errors

from all layers• Enable 24/7 passive monitoring


Benefits:• Network traffic flows regardless of power

availability to the Tap• Hardware is hidden from potential attackers,

providing premium network security• Access to all packet types on a link

and errors from all layers

Maximize resources and save on access points when multiple devices can monitor link traffic simultaneously through a Regeneration Tap. Secure, passive access for multiple devices means a better return on monitoring investments.

In-Line Regeneration Taps

Features:• 10/100Mbps auto-sensing, GigaBit or 10GigaBit

speeds available• DIP switch controlled duplex and speed settings

(copper)• Redundant power supplies• Available in 2, 4, and 8 monitor port models, copper

and fiber


Link Aggregator Taps extend the reach of GigaBit monitoring devices to traffic from multiple Span ports. Aggregating the traffic from multiple switch Span ports greatly increases the coverage of monitoring devices.

Features:• Use 1G tools on 10G Links• Aggregate 1G Links to 10G Tools• Monitor up to 10 Network Links• Replicate Traffic to 4 Tools

Link Aggregator

Benefits: • Increase Tool ROI• Use 10G Tools Efficiently• Monitor More Links Simultaneously• Share Traffic Access


iTap Technology

Benefits:

• Centralized and remote management

• Enhanced capability

• Better resource utilization

• Increased network visibility

Information

Control

Access

Features:

•SNMP integration

•Passive monitoring / invisible to attacks

•Utilization statistics


Data Monitoring SwitchValue - Any-to-Any / Many-to-Many connectivity, filtering to enhance tool performance and speed problem solving.


Director™

Benefits:• Relieve Oversubscribed Tools • Centralize Data Monitoring• Leverage Tool Investments • Increased Network Visibility

Features:• TapFlow™ Multi-Layer Filtering • Industry's Highest Port Density• Passes all errors including CRC • High-speed 10 & 1 Gigabit Ports


CLI

System Manager

Web Manager

Management Software Options• Web - single device mgmt• GUI - MAP wide visibility• Command Line Interface

Track Link Information • Identify bandwidth utilization peaks• Baseline traffic statistics

Control Access to the Data• Enable/disable monitor ports• Reset alarm triggers

Security (Q2 09’)• SNMPv3• RADIUS/TACACS+

System Manager, Web Manager & CLI

Software Management


Financial Case StudyMulti-station Taps

Industry: Finance

Objective: Provide non-intrusive, zero-latency visibility into network traffic enabling trading transactions to be captured and network issues to be resolved quickly and accurately

Approach: Tap into the network with Net Optics multi-station fiber and copper Taps

Technology Improvements:• 100 percent direct in-line traffic visibility in real time without latency or impact on real-time applications• Ability to record transactions for event reconstruction to resolve differences between the Exchange and its members

• Ability to analyze traffic from multiple vantage points throughout the network simultaneously

Business Outcomes:• Improved network reliability from “four nines” (99.99% up time) to five nines (99.999% up time) in first year• Achieved virtually 100% up time by the end of the third year• Improved end user satisfaction by consistently providing more reliable low-latency access into equities, equity options, and futures markets


Financial Solution


Multi-station Taps

Industry: Government

Objective: Provide non-intrusive visibility into network traffic to support remote diagnostics

Approach: Tap into the network with Net Optics multi-station fiber and copper Taps

Technology Improvements: • 100 percent direct in-line traffic visibility in real time without latency or traffic impact• Deployment of automated tools and control mechanisms• Ability to troubleshoot and develop solutions remotely

Project Outcomes: • Frequent resolution of issues before users are impacted• Reduction in number of field services calls dispatched• Significantly lowered MTTR• Improved end user satisfaction

Government Case Study


Government Solution


InteropNet Case StudyDirector™

Industry: Information Technology

Objective: Provide pervasive monitoring access for InteropNet, the high‑performance network serving the Interop Las Vegas and New York conferences

Approach: Tap into the InteropNet with an expanded multi-unit system of Net Optics Director Data Monitoring Switches

Technology Improvements:• Ability to connect any feed to any monitoring tool• Reduced access solution footprint• Aggregation of feeds down to a single pair• Remote visibility and control

Business Outcomes:• Confident of delivering “101” uptime at Interop• Number of help desk tickets reduced• Tickets closed faster (MTTR lowered)• No open tickets or unsolved cases


InteropNet production network (orange and dotted lines) and SpyNet (purple lines) with five Net Optics Director Data Monitoring Switches

InteropNet Solution


A Monitoring Access Platform

Core

Workgroup

EdgeData Center

Build an infrastructure with a strong platform


Net Optics OverviewCustomers• 82% of the Fortune 100

• 45% of the Fortune 500• 5700 Global Customers• 5 New Customers Every Week

Fortune 100

82%45%

Fortune 500

Highlights• Founded in 1996 by Eldad Matityahu• 50 Quarters of Growth & Profitability

• 40K Sq. Ft. Santa Clara, CA Corporate HQ and Manufacturing Facility• Private Company No VC funding and 90 Employees


Thank You

www.netoptics.com(408)737-7777

Date post:	11-Jan-2016
Category:	Documents
Upload:	noreen
View:	26 times
Download:	0 times

Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product

Documents