Successfully reported this slideshow.

Gigamon Systems GigaVUE-420 Hardware Tour


Published on

GigaVUE-420 Hardware Tour

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Gigamon Systems GigaVUE-420 Hardware Tour

  1. 1. GigaVUE-420 The Next Generation Gigamon Systems A Network Infrastructure Company Data Access Switch
  2. 2. <ul><li>Plug-in multiple out-of-band tools – any tool to any data </li></ul><ul><li>Unobtrusive tool connetions – never touch the network </li></ul><ul><li>Aggregate, Multicast, Filter and load balance data streams </li></ul>Configuration Mgr GigaVUE is a “Data Socket” Part of the Reliable Network Infrastructure Performance Monitor Security IDS Compliance Auditor Forensic Recorder Protocol Analyzer Edge Router Switch Storage Area Network Switch Server Farm Consolidated Tool Farm Application Analyzer “ Data Socket”
  3. 3. Typical Data Access Problems <ul><li>Too Many Tools, not enough SPAN Ports </li></ul><ul><ul><li>Security and IT competing for SPAN ports? </li></ul></ul><ul><ul><li>Mandatory new compliance monitors and data base transaction recorders need access? </li></ul></ul><ul><ul><li>Troubleshooting tools bump others off SPAN ports? </li></ul></ul><ul><ul><li>Application monitoring is bottom of the totem pole </li></ul></ul>Proprietary & Confidential
  4. 4. Typical Data Access Problems <ul><li>Too much Traffic for one Tool? </li></ul><ul><ul><li>Traffic load would over-run a single tool? </li></ul></ul><ul><ul><li>Need to keep flows together at each tool? </li></ul></ul><ul><ul><li>Filtering still doesn’t reduce the volume enough? </li></ul></ul><ul><ul><li>Need to divide load across multiple tools? </li></ul></ul>Proprietary & Confidential
  5. 5. Typical Data Access Problems <ul><li>Need to monitor 10 Gig Links? </li></ul><ul><ul><li>Can’t afford expensive 10 Gig tools at each span port or tap? </li></ul></ul><ul><ul><li>Want to tap multiple 10 Gig links and aggregate flows? </li></ul></ul><ul><ul><li>Want to aggregate multiple 10 Gig span ports? </li></ul></ul><ul><ul><li>Want to divide traffic from 10 Gig spans across multiple 1G tools? </li></ul></ul><ul><ul><li>Want to split traffic to different tools by IP, application, or VLAN? </li></ul></ul>Proprietary & Confidential
  6. 6. Don’t Use RSPAN! Off-load the Switches and Aggregate VLANs out-of-band 3 1 Network Ports Tool Ports 4 5 Probe 1 (VLAN 100) Probe 2 (VLAN 200) Probe 3 (VLAN 300) 6 SPAN Port A SPAN Port C SPAN Port B 2 VLAN 100 VLAN 200 VLAN 300
  7. 7. GigaVUE-420 Hardware Tour <ul><li>20 ports of 10/100/1000 Ethernet </li></ul><ul><li>1U modular chassis </li></ul><ul><li>Stackable up to 10 chassis for 240 ports </li></ul>Remote Ethernet (telnet or SSH) and local serial Management Ports with TACAC+ or Radius Base Unit provides four 10/100/1000 RJ45 ports or Optical SFP ports (all ports can be network ports or tool) Optional GigaPORT module provides another four 10/100/1000 RJ45 ports or Gigabit optical LC ports (using pluggable SFP transceivers) Optional GigaTAP-Sx dual fault tolerant taps Optional GigaTAP-Tx dual fault tolerant fiber taps Front panel view
  8. 8. Choice of GigaVUE-420 Base Units <ul><ul><li>GVS-421 4 x RJ45, AC power </li></ul></ul><ul><ul><li>GVS-422 4 x Optical, AC power </li></ul></ul><ul><ul><li>GVS-423 4 x RJ45, DC power </li></ul></ul><ul><ul><li>GVS-424 4 x Optical, DC power </li></ul></ul>GVS-422 or GVS-424 4 x SFP cages for optical Ethernet 4 front panel option slots for 1 Gig ports 4 rear panel option slots for 10 Gig ports GVS-421 or GVS-423 4 x RJ45 for 10/100/1000 Ethernet 4 front panel option slots for 1 Gig ports 4 rear panel option slots for 10 Gig ports
  9. 9. GigaPORT 4-port Expansion Optional SFP Transceivers 10/100/1000 RJ-45 copper ports
  10. 10. GigaVUE-420 Rear Hardware Tour <ul><li>4 x modular GigaLINK 10 Gig ports </li></ul><ul><li>Dual redundant AC or DC Power Supplies </li></ul><ul><li>Dual redundant fans </li></ul><ul><li>All modules hot swappable </li></ul>GigaLINK 10 Gig 4 option port modules Redundant power supplies Redundant power cords Dual redundant fans Rear panel view
  11. 11. GigaLINK 10 Gig Port modules GigaLINK-SR / LR / ER 10 GigE LC optical port module with XFP For stacking, network or tool GigaLINK-Cu 10 Gig E CX4 copper port module For stacking, network or tool
  12. 12. Hardware based Data Access Switch <ul><li>Purpose built, non-blocking cross-connect hardware switching </li></ul><ul><ul><li>Based on Circuit Switching, not destination address switching </li></ul></ul><ul><ul><li>Packet aware, aggregating and filtering </li></ul></ul><ul><ul><li>NOT a physical layer matrix switch </li></ul></ul><ul><ul><li>NOT software based, no OS, no CPU, no Store & Forward </li></ul></ul><ul><ul><li>Full 100% line rate performance at all ports – even if filtering is on </li></ul></ul><ul><ul><li>Ultra-low 6 micro seconds latency from port to port </li></ul></ul><ul><ul><li>Speed and media changing from ingress to egress </li></ul></ul><ul><li>Hardware based pattern match filtering doesn’t slow performance </li></ul><ul><li>Unlimited number of sessions supported, no session tables. </li></ul><ul><ul><li>Each Session may be mapped to specific tool </li></ul></ul><ul><ul><li>All the packets of a session stay together </li></ul></ul><ul><li>Remote Management by Command Line Interface </li></ul><ul><ul><li>Dedicated remote management port and local console port </li></ul></ul><ul><ul><li>Telnet or encrypted SSH2 remote protocol supported </li></ul></ul><ul><ul><li>SNMP traps sent to NMS </li></ul></ul><ul><ul><li>AAA by TACACS+ or Radius server </li></ul></ul><ul><ul><li>Commands may be scripted and saved as text file off-line </li></ul></ul>
  13. 13. 10 GigE to Many 1 & 10 GigE Tools 10 GigE tool Network Ports Tool Ports GigaVUE-420 TM 10 Gig Source <ul><li>10 Gig traffic divided across multiple tools </li></ul>1 GigE tool 1 GigE tool 1 GigE tool . . .
  14. 14. 10G Span ports to Many 1 GigE Tools 1 GigE tool 10 Gig Network Ports 1 Gig Tool Ports GigaVUE-420 TM <ul><li>10 Gig traffic divided across multiple tools </li></ul>1 GigE tool 1 GigE tool 1 GigE tool . . . Supports up to 20 Tools per chassis
  15. 15. Pattern Match Filtering <ul><li>A “filter rule” is based on a set of patterns in 128 Byte header </li></ul><ul><ul><li>Allow or Block on pattern match </li></ul></ul><ul><ul><li>Boolean “and” or “or” patterns together </li></ul></ul><ul><li>Hardware Filtering to virtually eliminate latency </li></ul><ul><li>Up to 4096 filter rules per system </li></ul><ul><li>Filter rules may be based on predefined templates including; </li></ul><ul><ul><li>MAC source or destination addresses </li></ul></ul><ul><ul><li>IP source or destination addresses (including IPv6) </li></ul></ul><ul><ul><li>IP subnets </li></ul></ul><ul><ul><li>Sessions, using source and destination IP address pairs </li></ul></ul><ul><ul><li>Ethertypes </li></ul></ul><ul><ul><li>VLAN id’s </li></ul></ul><ul><ul><li>Application ports </li></ul></ul><ul><ul><li>TOS priority bits </li></ul></ul><ul><ul><li>Ranges of MAC addr’s, IP addr’s, VLAN id’s, or application ports </li></ul></ul><ul><ul><li>Range masks featuring odd/even discrimination (RTP/RTCP filtering) </li></ul></ul><ul><ul><li>User defined bit pattern and offset </li></ul></ul>
  16. 16. Mapping: Load-Sharing 5 Mapping Filter Network Ports Tool Ports GigaVUE TM VLAN A VLAN B VLAN C All traffic Span Input A <ul><li>Multiple tools per rule </li></ul><ul><li>Up to 120 rules per map </li></ul><ul><li>Up to 10 tool ports per rule </li></ul>If VLAN=A then 5,8 If VLAN=B then 6,8 If VLAN=C then 7,8 If no match, then 8 6 7 8 Map Filter Rule Table
  17. 17. Load Sharing by VLAN from Multiple Sources Mapping Filter Network Ports Tool Ports GigaVUE TM VLAN A VLAN B VLAN C All traffic Mapping Filter Span Input A Span Input B <ul><li>Aggregate multiple data sources with Mapping </li></ul>
  18. 18. Security Considerations <ul><li>Authorized Users Only </li></ul><ul><ul><li>Password authenticated local users </li></ul></ul><ul><ul><li>TACACS+ or RADIUS authentication for remote users </li></ul></ul><ul><ul><li>SSH2 128 bit encrypted remote management interface </li></ul></ul><ul><ul><li>Cannot see data through management interface </li></ul></ul><ul><ul><li>Users locked to individual ports, so they can only manage their assigned ports. </li></ul></ul><ul><ul><li>Event logging and Syslog </li></ul></ul><ul><ul><li>SNMP traps on security risk events </li></ul></ul>Proprietary & Confidential
  19. 19. Gigamon Solutions <ul><li>Aggregate many links to any tool </li></ul><ul><ul><li>Multicast any link to many tools </li></ul></ul><ul><ul><ul><li>Filter data to map packets to tools </li></ul></ul></ul><ul><ul><ul><ul><li>Save $$ Cap Ex and Op Ex budgets </li></ul></ul></ul></ul>Proprietary & Confidential Any to Any Any to Many Many to Any Bit-Mask Filtering