• Save
Best Practices for Total Network Visibility
Upcoming SlideShare
Loading in...5
×
 

Best Practices for Total Network Visibility

on

  • 152 views

Today’s networks are waging a ceaseless battle against an army of ingenious and fast-evolving advanced threats. Companies must be well-provisioned to deploy a quick, decisive and network-wide ...

Today’s networks are waging a ceaseless battle against an army of ingenious and fast-evolving advanced threats. Companies must be well-provisioned to deploy a quick, decisive and network-wide response to attacks. Protecting the network demands robust monitoring that is actually built into the network architecture. Learn how to build scalable network protection and improve overall security and performance of network.

Blind spots are commonly caused by these common issues: lack of SPAN ports, dropped and duplicated packets, oversubscribed security and performance tools, unseen inter-VM traffic and more.

Ixia developed a highly scalable Visibility Architecture that helps eliminate those blind spots while providing resilience and control without complexity. Ixia's new Visibility Architecture, is founded on a comprehensive product portfolio which includes:

- Network TAPs (aggregation, regeneration, 1/10/40/100G)
- Bypass Switches (for inline security deployments, 1/10/40G)
- Network Packet Brokers (intelligent filtering, load-balancing, de-duplication, matrix switching)
- Virtual TAPs (for full Virtual Network visibility)

Join NPC and Ixia to learn how Visibility Architecture helps speed application delivery and enables effective troubleshooting and monitoring for network security, application performance, and service level agreement (SLA) fulfilment — and allows IT to meet compliance mandates.

Statistics

Views

Total Views
152
Slideshare-icon Views on SlideShare
149
Embed Views
3

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 3

http://www.slideee.com 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Best Practices for Total Network Visibility Best Practices for Total Network Visibility Presentation Transcript

    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Best Practices for Total Network Visibility
    • www.np-channel.com 2 Webinar information • Q&A session: • Please ask all questions in your chat window, we will try to answer them all • Survey: • Please fill in the survey after webinar for a chance to win an Ixia branded Ogio backpack
    • www.np-channel.com 3 Mihajlo Prerad is a visionary IT and Telecommunications professional with several years of experience and expertise in the field of Network and Application Security, Monitoring and Performance. Today‘s presenter Regional Sales Manager, Network Performance Channel Regional Sales Manager, IXIA Donatus Schmid is an experienced IT Sales professional with more than 30 years of experience in IT and Telecommunications industry, previously working in companies like Oracle and Sun Microsystems.
    • www.np-channel.com 4 • Brief Introduction • Key trends and challenges • Where the blind spots are created? • Building a Visibility Architecture • Key components • Key features • Ixia Visibility Portfolio Agenda
    • www.np-channel.com 5 About NPC  We are global value-added distributor specialized in providing intelligent network monitoring and security access solutions  We are subsidiary of BRAINFORCE Holding AG (founded 1983.) which has more than 800 employees and 75M€ yearly revenue  Based near Frankfurt, Germany and Salzburg, Austria  10+ years of experience in Channel Sales and Marketing  We are an international and multinational company with a growing team of 10+ professionals
    • www.np-channel.com 6 Value Added Services Training Back End Support Operational Support Demo Equipment Consulting Technical Support
    • www.np-channel.com The MOST TRUSTED names in networking Service Providers trust IXIA to:  Improve and speed service delivery  Speed roll out of next gen services  Improve network and application visibility and performance Equipment Manufacturers trust IXIA to:  Develop next generation devices  Speed time to market  Improve performance and reliability Enterprises trust IXIA to:  Assess vendor equipment and applications  Improve network security posture  Improve network and application visibility and performance Chip Fabricators trust IXIA to:  Validate protocol conformance  Speed time to market trust Test Security Visibility Slide 7
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Today’s Challenges
    • www.np-channel.com 9 Network growing faster than tools! 0% 10% 20% 30% 40% 50% 100M 1G 10G 40G 100G Current Planned in 12 months Maximum networking link speeds within data center / core networks * by EMA research
    • www.np-channel.com 10 How big is that growth? Walmart collects over 1 million transactions every hour. This data is streamed into massive data stores currently containing over 2.5 petabytes of data.
    • www.np-channel.com 11 Threats are growing 1 NEW VIRUS EVERY HOUR 1994 1 NEW VIRUS EVERY MINUTE 2006 1 NEW VIRUS EVERY SECOND 2011 200,000 NEW SAMPLES EVERY DAY 2013 * by Kaspersky Lab
    • www.np-channel.com 12 Important factor: Network Performance!
    • www.np-channel.com 13 Growing number of tools 0% 10% 20% 30% 40% 50% 60% Network Performance Monitor Data Loss Prevention Intrusion Detection / Prevention Troubleshooting / Packet Analyzers (e.g. packet “sniffers”) Compliance Monitor Data / Packet Recorder Application Performance Monitor VoIP / UC / Video Analyzer Current Planned in 12 months Types of tools attached to NVCs/NPBs * by EMA research
    • www.np-channel.com 14 Where are the blind spots created? ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3
    • www.np-channel.com 15 Where are the blind spots created? ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3
    • www.np-channel.com 16 Where are the blind spots created? ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3
    • www.np-channel.com 17 Where are the blind spots created? ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3
    • www.np-channel.com 18 Inline monitoring Types of deployments IPS, FW, WAF... Out of band monitoring IDS, NPM, Recorder, Forensics...
    • www.np-channel.com 19 Looks like challenge? 47% 43% 25% 17% 12% Not enough mirror/SPAN ports Not enough money for tools Not enough qualified staff Not enough features on tools I already have enough visibility * Based on answers of Ixia/Net Optics customers
    • www.np-channel.com 20 Traditional access methods don‘t work! 1. Dropping packets 2. High switch CPU and memory load 3. Doesn‘t forward L1/L2 errors 4. Needs to be configured 5. Mixing source/destination information 6. Limited number of SPAN ports 7. Compliance issues 8. Distorts packet arrival times SwitchSwitch 1. Potential single point of failure 2. Expensive 1-tool-1-link deployment 3. Relocating means link downtime
    • www.np-channel.com 21 Tools are OVERSUBSCRIBED
    • www.np-channel.com 22 How to solve that problems? ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3
    • www.np-channel.com 23 Answer is: Visibility Architecture ESX Stack Hypervisor Phantom Monitor™ V Switch vm 1 Vm 2 Vm 3 Director Aggregation Ixia’s Visibility Architecture Advanced Packet Distribution Aggregation and regeneration Intelligent Filtering Bypass switching Packet Slicing & DeDuplication Total Network Visibility
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Best practices: Visibility Architecture
    • www.np-channel.com 25 SPAN or TAP? 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 2009 2013
    • www.np-channel.com 26 Use Network TAP instead of SPAN Switch Benefits • 100% visibility, no dropped packets • Doesn’t affect switch CPU and memory • Plug-and-play — no configuration required • Permanent access: no need to break the link each time you need to remove tool • Forwards important L1 and L2 errors • Dual power supplies: keeps the network link up and running in case of power failure • Doesn’t change packet arrival times Firewall Analyzer Switch
    • www.np-channel.com 27 Protect in-line deployments with Bypass Switch Benefits • Protects the network from IPS link, application, and power outages • SNMP (v2c, v3) traps indicate status changes for system, link, power, and threshold • Intelligent Heartbeat packets: continuous check of IPS health! • Removes link downtime: ensures traffic flow when appliance is offline • RMON statistics and LCD display • Redundant power supplies SwitchFirewall IPS Switch
    • www.np-channel.com 28 Implement Network Packet Broker Key features: • Aggregation • Filtering • Load Balancing • Regeneration • Packet Slicing • De-Duplication • Time Stamping • Header stripping • Burst protection • Port tagging
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Network Packet Broker A new approach for Total Network Visibility
    • www.np-channel.com 30 Network Packet Broker NetworkNetworkVisibility Branch Campus Core Data Center Network Taps Network Packet Brokers Aggregation FilteringFlow Linking Regeneration Load Balancing Deduplication Time StampingBurst Protection Header Stripping File Security Database Monitoring Web Security Performance Monitoring Cloud
    • www.np-channel.com 31 Any tool – Any time! SFP and SFP+ support Automatically converts data rates for any mix of 10 Gigabit and 1 Gigabit network and tool ports Mix copper and fiber, 1G and 10g in the same platform! Modular Interface Flexibility
    • www.np-channel.com 32 Aggregation Problem: too many network links/segments, expensive to deploy Solution: aggregate multiple inputs into few outputs 10 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps1 Gbps
    • www.np-channel.com 33 Intelligent Filtering TCP Filter HTTP Filter 192.0.0.5 Filter SNMP Filter Complex filter Network Port 1 Monitor Port 5Source IP = 192.168.10.1 Network Port 3 Monitor Port 6 Protocol= UDP Monitor Port 8 Network Port 6 Source IP = 192.168.10.1 Protocol = TCP Layer 4 Port = 80 Monitor Port 2 Multilayer filtering Simple filter IDS DAM
    • www.np-channel.com 34 Filtering example Net Optics iBypass™ Switch Net Optics xBalancer™ WEB Security WEB Security Email Security 10G FILTER only email traffic FILTER only web traffic
    • www.np-channel.com 35 Load Balancing LB Group 2LB Group 1 • Sharing 10G link to many 1G tools • Link can be tapped with a bypass switch for additional protection Switch IPS 1 Firewall Router IPS 2 IPS 3 IPS 4 IPS 5 IPS 6 1G 1G 1G 1G 1G 1G
    • www.np-channel.com 36 Time stamping Problem: In applications like high frequency trading, legal obligations or routing the monitoring data over a long distance to the tool it is important to know when the packet has arrived at the monitoring switch.
    • www.np-channel.com 37 Packet Slicing Problem: In many cases only the header is needed for analyzing. Forwarding a 1500byte packet to a probe does consume more memory at the disk than a 64byte packet. Solution: Remove unnecessary payload and decrease the load of the probe MAC IP Data FCS MAC IP FCS
    • www.np-channel.com 38 De-duplication 2 3 4 5 6 7 8 9 input packets duplicated packets 1 21 3 4 5output packets = 9 * 1580 bytes = 14220 bytes = 5 * 1580 bytes = 7900 bytes 55% traffic reduction
    • www.np-channel.com 39 Without Ixia‘s NPB solution Throughput CPU Usage Storage Good packets Duplicated packets Un-filtered packets
    • www.np-channel.com 40 With Ixia NPB solution Throughput CPU Usage Storage Good packets Dupl. packets Ixia‘s NPB Filter. packets
    • www.np-channel.com 41 User Friendly Configuration
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Challenges Solved Real world use cases
    • www.np-channel.com 43 Service provider use case 5 x 1G 5 x 1G InternetUMTS aggregation + Filtering IP=10.223.15.11 5 x 10G
    • www.np-channel.com 44 High Availability scenarios
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Visibility Architecture: Portfolio
    • www.np-channel.com 46 Network Access Products Products Key Benefits FLEX TAP (fiber) 1G, 10G, 40G 100G FlexTap • High Density Design saves rack space, All-optical design, All split ratios available, 24 Taps in 1U Copper TAP (Zero Delay) Gig Zero Delay Tap • Passive copy of traffic • Zero Delay ensures no traffic loss Bypass Switches iBypass HD • Failsafe/failover for up to eight tools • High availability network Regeneration TAP 10 GigaBit Regeneration Tap • Replicates traffic for up to eight monitoring tools Aggregation TAP iTap Dual Port Aggregator • Aggregation and tool sharing
    • www.np-channel.com 47 • Fiber models, fully passive, no power supplies • Supported speeds: 1G, 10G, 40G, 100G • 24 TAP‘s in 1U chassis • Industry first 100G TAP Flagship product: FlexTAPTM
    • www.np-channel.com 48 Network Packet Broker products Products Key Benefits 1G/10G Load Balancing xStream 40 • Distribute traffic to multiple tools for parallel processing 1G/10G Monitoring Switch Director xStream / Director / Director PRO • Combined feature set: Tap, Aggregation, Regeneration, Static Load Balancer 40G Monitoring Switch xStream 40 • Aggregation, Regeneration • Deep Packet Inspection • L2-7 Filtering 1G/10G Aggregation iLink Agg xStream • Aggregates multiple traffic streams for monitoring by a single tool 40G Load Balancing iLink Agg xStream 40 • Distributes the traffic from 40G link to multiple tools for parallel processing
    • www.np-channel.com 49 48 x 10G ports + 4 x 40G ports Flagship Product: xStream 40 Advanced feature set: • Aggregation • Filtering • Load Balancing • Packet Slicing • Time stamping
    • www.np-channel.com 50 NTO Portfolio 211x5204 Carrier-Class/NEBS High Performance 10/40/100G Advanced 1/10G Entry Flexible, scalable, high density 100G, 40G & 10G 4x 100G, 16 x 40G, or 64 x 10G High-density, Carrier-Grade 100G, 40G & 10G (NEBS) 4x 100G, 16 x 40G, or 64 x 10G EnterpriseCapability 5236 5273 5288 5293 10G networks (NEBS) 24 x 10G High-performance 10G 24 x 10G Small Enterprise 4 x 10G + 20 x 1G Flexible & Scalable 10/40/100G ControlTower Architecture 16 x 40G, or 64 x 10G 5268 Medium Enterprise 10/1G + Advanced ControlTower Architecture 16 x 40G, or 64 x 10G 5260/3
    • www.np-channel.com 51 New from Ixia: NTO 7300 ½the Rack Space 3xMORE Bandwidth in NTO 7300 A New Perspective on Network Visibility
    • www.np-channel.com 52 NTO 7300 saves space
    • www.np-channel.com 53 Application and Threat Intelligence Processor
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Virtual Monitoring
    • www.np-channel.com 55 Challenges in Virtual Monitoring Virtualization Creates Security, Monitoring and Compliance Risks • No visibility into inter-VM traffic, vulnerabilities or threats • Lacks auditing of data passing between virtual servers • Inability to pinpoint resource utilization issues Server VM Server VM Server VM vSwitch pNIC pNIC Physical Network
    • www.np-channel.com 56 Phantom Virtual TAP vm1 vm2 vm3 Physical Network Security & Monitoring Physical Host Server ESX Virtual Stack with Phantom Installed Phantom Controller (VM) Enables Security, Performance Monitoring and Compliance • 100% visibility of inter-VM traffic • Kernel implementation—no need for SPAN Ports / Promiscuous Mode on Cisco v1000 • Bridges virtual traffic to physical monitoring tools  Phantom Virtual Tap Virtual Switch ( ie, Cisco 1000V )
    • www.np-channel.com 57 Phantom Benefits • Multilayer L2-L4 filtering: IP (src&dst), MAC, protocol, port, VLAN... • Enables regeneration and aggregation of traffic without impacting the performance (low CPU and memory usage) • Provides inter-VM traffic visibility • Supported by all major hypervisors: o VMWare 4.x and 5.x o Citrix Xen 5.x, Microsoft Hyper-V, Oracle VM 3.0, .... • vMotion migration support • Generates important L2 & L3 statistics: network activity summary (packet count, utilization, etc.), top protocols, top talkers, sources, destinations and connections
    • www.np-channel.com 58 Virtual and Physical Convergence ES X App OS VM1 Hypervisor App OS VM2 App OS VM2 V Switch Phantom™ Manager KV M App OS VM1 Hypervisor App OS VM2 App OS VM2 V Switch Phantom™ Manager XE N App OS VM1 Hypervisor App OS VM2 App OS VM2 V Switch Phantom™ Manager Tunnel IDS NGFW Protocol Analyzer DLP Net Optics Director™ Net Optics Phantom™ HD Physical Server Physical Server LAN/WAN Manager
    • www.np-channel.com Carrier Networks Wired and Mobile Data Center Private Cloud Virtualization Core Remote Office Branch Office Campus Network Operations Performance Management Security Admin Server Admin Audit & Privacy Forensics Visibility Architecture App Aware Out of Band NPB Network Taps Element Mgmt Virtual & Cloud Access Policy Mgmt Inline NPBInline Bypass Session Aware Data Center Automation Network Access Packet Brokers Applications Management http://www.ixiacom.com/solutions/network-visibility/
    • www.np-channel.com Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary Thank you! Questions? Mihajlo Prerad Regional Sales Manager e: mihajlo.prerad@np-channel.com t: +43 664 831 6674