Your SlideShare is downloading. ×
0
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event

1,175

Published on

Meaningful Lawful Intercept (LI) demands the capture and analysis of 100 percent of the traffic crossing a network—whether in 10G or 1G interfaces, or a combination. Sharon likens the challenge to …

Meaningful Lawful Intercept (LI) demands the capture and analysis of 100 percent of the traffic crossing a network—whether in 10G or 1G interfaces, or a combination. Sharon likens the challenge to “finding the needle in the haystack,”

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,175
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Capture – CC (Content of Communication) and IRI (Intercept Related Information) related to the subject are extracted from the network.Filtering – information related to the subject that falls within the topic of the inquiry is separated from accidentally gathered information, and formatted to a pre-defined delivery formatDelivery – requested information is delivered to the LEMF The Administration Function (ADMF) receives interception ordersfrom the LEA and hands them over to• Internal Intercept Functions (IIF), which are located tactically within network nodes and generate the two desired types of information, CC and IRI.• Mediation Functions (MF) take charge of delineation between thetwo networks. They implement Internal Network Interfaces (INI),which may be proprietary, to communicate within the PTN, andstandardized interfaces, to deliver requested information to one ormoreLEMFs.
  • From Cisco:The switch fabric performs the duplication of the original filtered packet. One packet is forwarded to the egress line card. The other packet is forwarded to the Route Processor or to the SIP-400 for LI hardware acceleration.
  • Transcript

    • 1. Identifying the needle in the 10/40/100G haystackSharon Besser, VP Technologies Net Optics
      Intelligent Access and Monitoring Architecture
    • 2. Goal
      Present a methodology and solution of leveraging access switching to overcome current and future Lawful Interception challenges
    • 3. Net Optics In a Nutshell
      Customers
      Financial, Telco, Healthcare & Government
      85% of the Fortune 100
      50% of the Fortune 500
      7000 Global Deployments
      Highlights
      Founded in 1996, Private, Self-Funded
      55 Quarters of Growth & Profitability
      Strong Management Team
      Sales Offices in New York, Atlanta, Germany
      300 plus new direct customers annually
      Go to Market Strategy
      30% Direct Sales
      25% OEM/Partner Relationship
      45% Global Channel
      Technology
      20+ Patents and Patent Pending Requests
    • 4. Cause and Effect
      Industry / Networking
      Data Center
      Lawful Interception
    • 5. Industry Trends
      Expanding continuous layering of new applications
      • VoIP/Tele Presence, public and private clouds
      Expanding compliance requirements
      • PCI DSS Basel II, CALEA to name a few
      Increasing internal and external intrusions
      • Organized crime and governments; each with different agenda
      Convergence of voice, data and video traffic
      • Telecom phone-TV-Internet “Triple-play”
      Networks becoming faster and more complex
      • 10 GbE now, 40GbE & 100GbE coming
    • Data Center Trends
      10G is a reality. 40G/100G around the corner
      • Most tier I carriers start to plan and deploy 100G networks. Enterprises follow
      Virtualization
      • Great CAPEX improvements, not so great visibility
      • 6. Passive monitoring of Inter-VM traffic is MIA
      ToR and 10G copper switch implementation
      • Less cabling less span opportunities
      • 7. ToR and EoR deployments increase monitoring oversubscription
      Convergence of data and storage
      • Links are more saturated
    • Trends Affecting Lawful Interception
      Triple Play Networks, Increased bandwidth, advanced services driving new LI design requirements
      Source: ETSI ES 201 158
    • 8. Unique Operational Challenges with 10G
      Net Optics observe exponential growth of 10G network deployments. Some common LI deployment challenges:
      Lack of tools
      • Availability of 10G monitoring tools and 10G security tools
      • 9. Tools ability to operate at line rate with low latency
      Quality
      • Content classification as an example: it’s hard enough on 1G…
      Ridiculous cost
      • New 10G tools (not the 10G network interface cards)
      • 10. Leveraging existing investments of 1G tools
      • 11. Cost of knowledge, migration, operations  TCO
      Source: Net Optics Customer Advisory Board 7/2010
    • 12. Other Technical Challenges
      Jitter, Oversubscription and Blocking are more severe with 10G networks:
      Switching oversubscription takes place when two input ports forward all the packets to the same output port
      • If the queue exceeds the size of the physical hardware buffer, packets are dropped
      Substantial latency variability and jitter can be introduced under moderate or low traffic condition as well due to head of line blocking
      • At any time, only one packet can be transmitted from each physical output port of a switch
      • 13. Resource contention might happen when two packets arrive from separate input ports to the same output port (e.g. uplink) at about the same time
    • Microburst
      Even at low traffic, when average traffic is low, head of line blocking phenomenon (“oversubscription” ) causes queuing short periods where the instantaneous bandwidth can reach maximum utilization
    • 14. Oversubscription
      Source: Cisco
    • 15. What Customers Want
      Meet Lawful interception challenges in high capacity networks
      But how?
    • 16. The LI Foundation: Reliable Copy
      End user 1
      End user 2
      Application
      Application
      Interception Node
      Transport
      Transport
      Network
      Network
      Network
      Link + Physical
      Link + Physical
      Link + Physical
      Copy
      LEA Site
      LEMF Application
      Application
      Transport
      Transport
      Network
      Network
      Link + Physical
      Link + Physical
      Source: ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture
    • 17. Current Approach Is Not Scalable
      Invest in new systems capable to handle 10G/40G/100G
      Packet duplication add burden on the network
      Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN
    • 18. The Solution: Leveraging Access Switching
      Leveraging Access Switching
      • Packet duplication does not burden on the network
      Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN
    • 19. Access Switching: Do More With Less
      10/40/100Load Balancing
      Share the load between multiple tools
      Centralized intelligence for more endpoint
      Leverage existing / cheap / 1G tools
      Plan for growth
      Pre-filter w/ DPI to detect desired traffic on any port
      Pre-filtering is a mature technology
      DPI allows to identify data of interest and forward to the monitoring/recording tool
      GRE tunneling
      Distribute the collection infrastructure
      Cloud Monitoring
      Inter-VM and cloud based monitoring
      Any type of media
      Fiber, copper or both
    • 20. Summary
      Modern and advanced Access switching technology provides the scalable solution to meet Lawful Interception challenges in high capacity networks by focusing on improving collection infrastructure
    • 21. Thank You!

    ×