Podczas planowania sieci wprowadza się zmiany do architektury Linki są podłączone każde narzędzie do monitorowania jest przyłączone niezależnie – inna metoda dostępu do kopii ruchu- Przy rozbudowie sieci- niewłaściwa metoda monitorwania pewnych elementówNetwork owners rarely have the opportunity to do more than “just enough” planning for network expansion or for inclusion of a variety of network monitoring and analysis tools. Frequently this results in just-in-time changes to the network architecture which may not conform to a preferred plan or design.In this example diagram observe that core links have daisy-chained tap connections, and that many switches have multiple demands for span or mirror traffic.Situations as this diagram depicts often result from each functional group specifying parallel but independent traffic access needs. Each separate monitoring and analysis solution quickly drifts off to become an independent and isolated silo of users which may or may not be aware of organic growth occurring in other parts of the network. This organic growth and change due to upgrades may result in parts of the network which are not being properly monitored.
Fizycznie i logicznie warstwa dostępu do danych w sieci jest oddzielona od infrastruktury sieciowej- nowe linki mogą być włączone do switcha- If a visibility fabric were installed in place of independently managed monitoring and analysis solutions then all traffic would be available to all tools. As links are upgraded, or as new links appear in the core network, they can be included into the visibility fabric at the time of upgrade/installation so that no special maintenance window is needed and so that all links provide traffic to the visibility fabric.Once the visibility fabric is receiving traffic, that traffic becomes immediately available to all monitoring and analysis solutions via simple out-of-band reconfigurations. Since the primary traffic path is undisturbed following the original connection into the visibility fabric, later changes in where that traffic is directed do not require approval from Change Management.New monitoring solutions may be added at any time, and urgent reconfiguration for security or problem resolution situations may be instituted immediately – whether during critical business hours or not.
Na tych danych robione są różne sztuczki:Filtrowanie na bazie warstwy 2- 4, albo nawet 7. Operacje na pakietach: deduplikacja (wymaga skomplikowanych i wydajnych procesorów). NP. dane zduplikowane z ostatniej minuty, moc potrzebna i na bazie różnych par. pod. DecyzjeOdcinanie pakietów (są systemu, które analizują tylko nagłówki IP)Nadawanie znaczników czasowych pakietom (każdy pakiet który wchodzi do systemu może być oznaczony znacznikiem czasowym PTP (Precision Time Protocol, dokładność rzędu nano sekund).Typowo pobieramy dane ze środowisk fizycznych (linki z sieci, span porty, rspan porty).Gigamon wprowadził do oferty pobierania danych z systemów wirtualnych. Mamy maszynę wirtualną, którą możemy podpiąć pod supervisor, przekierować dane z supervizora i wykonywać operację na pakietach.Thank you Ted.At the heart of our Visibility Fabric is the intelligent and proprietary software that resides on our purpose built hardware appliances.As our customers deploy, expand and upgrade their networks they are challenged to manage an increasing volume of traffic from an increasing breadth of network to a limited <click> number of management, monitoring and security tools. They turn to the Gigamon Visibility Fabric that delivers unique technology to <click> intelligently select and control the the traffic to ensure the appropriate traffic – and only the appropriate traffic – is <click> forwarded to the relevant tool or tools. We call this technology Flow Mapping.Functionality:Redundant Power SupplyHowever, with the expanding variety of traffic, the need to be able to tune and enhance networks and user experiences and the need to protect the confidentially of the information while the management of the network itself is not constrained, we expanded the Visibility Fabric with <click> Smart Intelligence. This provides a platform to allow customers to modify, manipulate and transform network traffic as it traverses the Visibility Fabric. Whether our customers are looking to <click> remove any duplicates of traffic to minimize the volume of data delivered to a tool, or <click> the removal of irrelevant parts of the traffic to extend the life of lower-performance tools or <cick> the ability to add timing information to network traffic enabling accurate and ongoing performance tuning, our GigaSMART technology delivers the platform to meet their requirements. And <click> with the move to the virtual world and cloud, we provided <click> a virtual-machine version of our technology to allow our customers to seamlessly extract information from the virtual world.
Czy jest klasyczna architektura CISCO?Nexus 5000 są, Fabrick Extendery?Portfolio od małych do dużych. HD4, HD8 – urządzenia modularne.
Najmniejsze przełączniki. Odpowiedź na pytanie – co chcemy monitorować? Z ilu punktów/ jak zbieramy kopię ruchu. Wpięci w serwery / punkty zbiorcze pomiędzy przełącznikami – tapy – ruchu z kilku segmentów sieć 1G/ 10 G? PROJEKTOWANIE SIECI DAN PRZEŁĄCZANIKI LINE-RATOWE, szybkie karty i modułu – lineratowo – nie ma opóźnień (dokładne dane od producenta, niezależną „ w miarę” organizacje)deduplikacja ma ograniczeniaDo 2404 oraz wyższych możemy wrzucić GIGA – SMART: ZAAWANSOWANE OPERACJE
Gigamon – nie sprzedaje tapów, dorzucone do oferty. Podstawowa działalność – sprzedaż przełącznikówBardzo dobre tapy- /Netopticsa/ VSS – tylko tapy!Sieć dostępu do danych – Gigamon bezkonkurencyjny!TAPY AKTYWNE – miedziane, dwa niezależne wejście na zasilacz + ethernet (port managmenet) + bateria.Montaż na krytycznych linkach – zasilaczenie to jest coś co pada najczęściejPoniżej porty SFP/SFP+ (moduły optyczne i miedziane 1G, 10G)Tap się zwiera5 letnią gwarancję .Moduły optyczne miedziane – 1G/10G.Aktywność – regeneracja sygnału.The G-TAP A Series is a line of network TAPs designed with the Gigamon “Always On” architecture. This one-of-a-kind architecture eliminates network link downtime on network connections through the use of up to four power sources, including PoE, AC, DC, and on-board battery backup. For security situations, the G-TAP A Series’ provides SNMP trap alerts when existing links are removed, or when new links are added. The ability to monitor links means that highly secure environments are no longer subject to unauthorized and undetected TAP use where someone might disconnect a link and instead gather network traffic with a protocol analyzer for a short time.
How are all of these TAPs best used?If rack space is at a premium then installing TAP modules directly into the G Series traffic visibility nodes provides both TAP functionality and a direct connection into the visibility fabric for replication, aggregation, and filtering of traffic.If rack space is plentiful then the individual TAP modules may be used instead. In either case, the Gigamon TAPs are all standard taps so that you know you are obtaining the most reliable traffic stream from the network.
Wszystkie przełączniki mogą filtrować pakiety – najbardziej rozwinięta filtracja2 – 7 (2-4: porty, protokoły, MAC, pól pakietu, priorytety), warstwa 7 – uproszczona – integligencjeprzekierowanie pakietu na bazie inteligentego pola w pakietuFiltracja na portach wejściowychGigaVUEprovides two different ways to set up packet distribution betweennetwork ports and tool ports – connections and maps. Connections are simple one-to-one flows between a network port and a tool port. Youcan set up filters on either end of a connection (pre-filter or post-filter), set up multipleconnections on a single network port, or simply send all the data arriving on a networkport to a designated tool port. It’s generally best to use a connection when you’re trying to achieve fairly simple packetdistribution. Pre-filters are useful for overcoming tool port oversubscription when aggregating trafficfrom multiple network ports, removing the parts of the overall data stream that do not interest you.Constrains: All tools receive the pre-filtered traffic. There is no further differentiation. Allowing VoIP traffic, results VoIP traffic not only to be sent to Tool1 (VoIP) but also Tool2 (IDS) receives VoIP traffic, as all the other Tools do.Also, all traffic discharged by the ingress (pre-) filter is lost.Maps do not discharge traffic at the input port. Using the collector capability the traffic, not matched by any map-rule, is still available and can be used for further analysis.
Owersubsrypcja na portach wejściowychPost-filtersare useful when you are multicasting the same traffic to multiple differenttool ports. You can use post-filters to focus each tool port on a different portion of theoveralldatastream.Egress ports filter at line speeds. If each ingress port operates at 75% utilization, this over-subscribes every egress port by 225%, or 22.5G of traffic being sent to a 10G toolConstrains: Every tool port receives all traffic. Every tool port must screen every packet for the filter criteria defined in the egress- (post-) filter and decide whether to allow or discharge. Especially when traffic is received from multiple network ports, tool ports are at high risk to be oversubscribed fast. Maps reduce the load on each tool port by forwarding only the tool specific traffic to the related port.
Filtracja na portach wejściowych ze świadomością portów wyjściowychNie gubimy pakietówLine-ratowa2000 – 4000 wpisów – każdy wpis, jeden wpis do access listyBywa róznie – inni producenci – jeden wpis, zucyie – 3 pólWhilemanycompaniesclaimtooffer real-time trafficvisibilitytonetworkmonitoringandsecuritytools, Intelligent Flow Mapping®istheonlytrafficvisibilitynetworkingarchitecture on themarketthatgivesyoucompletecontrolofyourtrafficatfullline rate speeds. This patentedtechnology was inventedby Gigamon, andisfound in everyGigaVUE®device. Becauseof Intelligent Flow Mapping Technology, GigaVUE appliancesoffersuperiortrafficaccessthananyotherhardwarebased form ofingressoregressfilteringoffered. GigaVUE maps are hardware-based and consist of one or more map-rules, each directing traffic to one or more tool ports based on different packet/filter criteria. You can combine many different rules in a logical order to achieve exactly the packet distribution you would like.Maps are great for distributing traffic to different ports based on different criteria. This is particularly useful in the following situations: -Reduce Tool Port Packet Losswithout Eliminating Traffic. Sorting traffic at an input network port and forwarding it to different tool ports can help reduce packetloss for your analysis tools. You can reduce the load on each destination tool port and still ensure that all traffic is seen (as opposed to pre-filters, which can perform the same task by discarding matching traffic at the input port). -Effective Analysis of Asynchronously Routed Environments. Many networks use asynchronous routing of packets, where requests and responses followdifferent routes between a client and server. This sort of scenario is a challenge for traditional packet analysis tools. With only a single point of connection to the network, they can potentially see only one half of a given conversation. With the GigaVUE system, you can make physical connections between multiple network ports on the traffic visibility node and SPAN ports for the possible routes in your network. Then, you can set up a map with rules that forward matching traffic to a tool port. For example, you can set up rules that forward all traffic to and from a particular server on a particular port, all traffic with a particular range of application ports, and so on. This way, you can see the packets you want to see, regardless of the path they took. -More Flexibility than Connections. With maps, you can set up map-rules that use a combination of the virtual drop port, the collector, and effective map-rules to meet a variety of traffic distribution scenarios.The full flexibility becomes visible when adding new tools or network ports. By adding one new map-rule to an existing map, this rule immediately applies to all mapped network ports.Adding a new network port also results in that all map-rules within the assigned map applies to the traffic received on this port immediately.