Identifying the needle in the 10/40/100G haystackSharon Besser, VP Technologies Net Optics <br />Intelligent Access and Mo...
Goal <br />Present a methodology and solution of leveraging access switching to overcome current and future Lawful Interce...
Net Optics In a Nutshell <br />Customers<br />Financial, Telco, Healthcare & Government<br />85% of the Fortune 100<br />5...
Cause and Effect <br />Industry / Networking <br />Data Center <br />Lawful Interception <br />
Industry Trends<br />Expanding continuous layering of new applications<br /><ul><li>VoIP/Tele Presence, public and private...
Passive monitoring of Inter-VM traffic is MIA </li></ul>ToR and 10G copper switch implementation <br /><ul><li>Less cablin...
ToR and EoR deployments increase monitoring oversubscription </li></ul>Convergence of data and storage <br /><ul><li> Link...
Unique Operational Challenges with 10G<br />Net Optics observe exponential growth of 10G network deployments. Some common ...
Tools ability to operate at line rate with low latency </li></ul>Quality<br /><ul><li>Content classification as an example...
Leveraging existing investments of 1G tools
Cost of knowledge, migration, operations  TCO</li></ul>Source: Net Optics Customer Advisory Board 7/2010<br />
Other Technical Challenges<br />Jitter, Oversubscription and Blocking are more severe with 10G networks: <br />Switching o...
Resource contention might happen when two packets arrive from separate input ports to the same output port (e.g. uplink) a...
Oversubscription<br />Source: Cisco <br />
What Customers Want<br />Meet Lawful interception challenges in high capacity networks<br />But how?<br />
The LI Foundation: Reliable Copy <br />End user 1<br />End user 2<br />Application <br />Application <br />Interception No...
Current Approach Is Not Scalable <br />Invest in new systems capable to handle 10G/40G/100G<br /> Packet duplication add b...
The Solution: Leveraging Access Switching <br />Leveraging Access Switching <br /><ul><li> Packet duplication does not bur...
Upcoming SlideShare
Loading in...5
×

Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event

1,191

Published on

Meaningful Lawful Intercept (LI) demands the capture and analysis of 100 percent of the traffic crossing a network—whether in 10G or 1G interfaces, or a combination. Sharon likens the challenge to “finding the needle in the haystack,”

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,191
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Capture – CC (Content of Communication) and IRI (Intercept Related Information) related to the subject are extracted from the network.Filtering – information related to the subject that falls within the topic of the inquiry is separated from accidentally gathered information, and formatted to a pre-defined delivery formatDelivery – requested information is delivered to the LEMF The Administration Function (ADMF) receives interception ordersfrom the LEA and hands them over to• Internal Intercept Functions (IIF), which are located tactically within network nodes and generate the two desired types of information, CC and IRI.• Mediation Functions (MF) take charge of delineation between thetwo networks. They implement Internal Network Interfaces (INI),which may be proprietary, to communicate within the PTN, andstandardized interfaces, to deliver requested information to one ormoreLEMFs.
  • From Cisco:The switch fabric performs the duplication of the original filtered packet. One packet is forwarded to the egress line card. The other packet is forwarded to the Route Processor or to the SIP-400 for LI hardware acceleration.
  • Sharon’ Besser, Net Optics VP of Technology, Net Optics, discusses Lawful Intercept at ISS Event

    1. 1. Identifying the needle in the 10/40/100G haystackSharon Besser, VP Technologies Net Optics <br />Intelligent Access and Monitoring Architecture<br />
    2. 2. Goal <br />Present a methodology and solution of leveraging access switching to overcome current and future Lawful Interception challenges <br />
    3. 3. Net Optics In a Nutshell <br />Customers<br />Financial, Telco, Healthcare & Government<br />85% of the Fortune 100<br />50% of the Fortune 500<br />7000 Global Deployments<br />Highlights<br />Founded in 1996, Private, Self-Funded<br />55 Quarters of Growth & Profitability<br />Strong Management Team<br />Sales Offices in New York, Atlanta, Germany<br />300 plus new direct customers annually <br />Go to Market Strategy<br />30% Direct Sales<br />25% OEM/Partner Relationship<br />45% Global Channel<br />Technology<br />20+ Patents and Patent Pending Requests <br />
    4. 4. Cause and Effect <br />Industry / Networking <br />Data Center <br />Lawful Interception <br />
    5. 5. Industry Trends<br />Expanding continuous layering of new applications<br /><ul><li>VoIP/Tele Presence, public and private clouds </li></ul>Expanding compliance requirements <br /><ul><li>PCI DSS Basel II, CALEA to name a few</li></ul>Increasing internal and external intrusions<br /><ul><li> Organized crime and governments; each with different agenda </li></ul>Convergence of voice, data and video traffic<br /><ul><li>Telecom phone-TV-Internet “Triple-play” </li></ul>Networks becoming faster and more complex<br /><ul><li>10 GbE now, 40GbE & 100GbE coming </li></li></ul><li>Data Center Trends<br />10G is a reality. 40G/100G around the corner<br /><ul><li>Most tier I carriers start to plan and deploy 100G networks. Enterprises follow </li></ul>Virtualization <br /><ul><li>Great CAPEX improvements, not so great visibility
    6. 6. Passive monitoring of Inter-VM traffic is MIA </li></ul>ToR and 10G copper switch implementation <br /><ul><li>Less cabling less span opportunities
    7. 7. ToR and EoR deployments increase monitoring oversubscription </li></ul>Convergence of data and storage <br /><ul><li> Links are more saturated </li></li></ul><li>Trends Affecting Lawful Interception <br />Triple Play Networks, Increased bandwidth, advanced services driving new LI design requirements <br />Source: ETSI ES 201 158<br />
    8. 8. Unique Operational Challenges with 10G<br />Net Optics observe exponential growth of 10G network deployments. Some common LI deployment challenges:<br />Lack of tools<br /><ul><li>Availability of 10G monitoring tools and 10G security tools
    9. 9. Tools ability to operate at line rate with low latency </li></ul>Quality<br /><ul><li>Content classification as an example: it’s hard enough on 1G… </li></ul>Ridiculous cost <br /><ul><li>New 10G tools (not the 10G network interface cards)
    10. 10. Leveraging existing investments of 1G tools
    11. 11. Cost of knowledge, migration, operations  TCO</li></ul>Source: Net Optics Customer Advisory Board 7/2010<br />
    12. 12. Other Technical Challenges<br />Jitter, Oversubscription and Blocking are more severe with 10G networks: <br />Switching oversubscription takes place when two input ports forward all the packets to the same output port<br /><ul><li>If the queue exceeds the size of the physical hardware buffer, packets are dropped</li></ul>Substantial latency variability and jitter can be introduced under moderate or low traffic condition as well due to head of line blocking<br /><ul><li>At any time, only one packet can be transmitted from each physical output port of a switch
    13. 13. Resource contention might happen when two packets arrive from separate input ports to the same output port (e.g. uplink) at about the same time</li></li></ul><li>Microburst<br />Even at low traffic, when average traffic is low, head of line blocking phenomenon (“oversubscription” ) causes queuing short periods where the instantaneous bandwidth can reach maximum utilization<br />
    14. 14. Oversubscription<br />Source: Cisco <br />
    15. 15. What Customers Want<br />Meet Lawful interception challenges in high capacity networks<br />But how?<br />
    16. 16. The LI Foundation: Reliable Copy <br />End user 1<br />End user 2<br />Application <br />Application <br />Interception Node<br />Transport<br />Transport<br />Network<br />Network<br />Network<br />Link + Physical <br />Link + Physical <br />Link + Physical <br />Copy<br />LEA Site<br />LEMF Application <br />Application <br />Transport<br />Transport<br />Network<br />Network<br />Link + Physical <br />Link + Physical <br />Source: ETSI TR 101 943 Concepts of Interception in a Generic Network Architecture <br />
    17. 17. Current Approach Is Not Scalable <br />Invest in new systems capable to handle 10G/40G/100G<br /> Packet duplication add burden on the network<br />Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN<br />
    18. 18. The Solution: Leveraging Access Switching <br />Leveraging Access Switching <br /><ul><li> Packet duplication does not burden on the network</li></ul>Source: Cisco systems 2010: Lawful Interception for 3GPP: Cisco Service Independent Intercept in the GGSN<br />
    19. 19. Access Switching: Do More With Less<br />10/40/100Load Balancing<br />Share the load between multiple tools<br />Centralized intelligence for more endpoint <br />Leverage existing / cheap / 1G tools <br />Plan for growth <br />Pre-filter w/ DPI to detect desired traffic on any port<br />Pre-filtering is a mature technology <br />DPI allows to identify data of interest and forward to the monitoring/recording tool <br />GRE tunneling<br />Distribute the collection infrastructure<br />Cloud Monitoring <br />Inter-VM and cloud based monitoring<br />Any type of media<br />Fiber, copper or both <br />
    20. 20. Summary <br />Modern and advanced Access switching technology provides the scalable solution to meet Lawful Interception challenges in high capacity networks by focusing on improving collection infrastructure <br />
    21. 21. Thank You!<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×