Getting Traffic to your Cluster. Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal.

Slides:

Advertisements

Similar presentations

LAN Devices 5.3 IT Essentials.

Advertisements

Network Devices Repeaters, hubs, bridges, switches, routers, NICs.

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.

Tactics to Discover “Passive” Monitoring Devices

Shared Data Access Network (SDAN)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.

Understanding Networks II. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

A Scalable, Commodity Data Center Network Architecture.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

Network Devices By Scott Burden & Linnea Wong Hubs Intelligent hubs have console ports, to allow monitoring of the hubs status and port activity. Passive.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

CECS 474 Computer Network Interoperability Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science Cal ifornia State University, Long Beach.

Connecting LANs, Backbone Networks, and Virtual LANs

National Center for Supercomputing Applications University of Illinois at Urbana–Champaign The Evolution and Future of Network Security Monitoring at NCSA.

1 Chapter Overview Network devices. Hubs Broadcast For star topology Same as a repeater Operate at the physical layer 2.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Common Devices Used In Computer Networks

PREPARED BY :-  HIMANSHU MINZ  VIKAS UPADHYAY VOCATIONAL TRAINING AT BSNL,DURG BATCH 4 SESSION 2014.

Semester 1 CHAPTER 3 Le Chi Trung

ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.

Network Devices.

Topologies The structure of the network –Physical topology Actual layout of the media –Logical topology How the hosts access the media.

 Network Segments  NICs  Repeaters  Hubs  Bridges  Switches  Routers and Brouters  Gateways 2.

Local Area Networks Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.

Cisco – Chapter 3 LAN. LAN Teaching Topology physical topology is the actual layout of the wire (media) logical topology defines how the media is accessed.

25-Oct-15Network Layer Connecting Devices Networks do not normally operate in isolation.They are connected to one another using connecting devices. The.

 The devices which each intercorrect several computer or different to each other, each nones network devices.  There are various types of Network devices.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

Windows Server 2012 Hyper-V Networking

Cisco 3 - Switching Perrine. J Page 16/4/2016 Chapter 4 Switches The performance of shared-medium Ethernet is affected by several factors: data frame broadcast.

By: M.Nadeem Akhtar1 Data Communication Ch 10. By: M.Nadeem Akhtar2 Networks?  LAN  MAN  WAN.

NETWORK HARDWARE CABLES NETWORK INTERFACE CARD (NIC)

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

NET 324 D Networks and Communication Department Lec1 : Network Devices.

LAN Switching Concepts. Overview Ethernet networks used to be built using repeaters. When the performance of these networks began to suffer because too.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.

CCNA Guide to Cisco Networking Chapter 2: Network Devices.

Computer Networks Syed Md. Ashraful Karim Lecturer, CSE BU.

Protocol Layering Chapter 11.

Local-Area Networks. Topology Defines the Structure of the Network – Physical topology – actual layout of the wire (media) – Logical topology – defines.

Computer Network Architecture Lecture 3: Network Connectivity Devices.

Computer Communication and Networking Lecture # 4 by Zainab Malik 1.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design Chapter One.

PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.

Chapter-5 STP. Introduction Examine a redundant design In a hierarchical design, redundancy is achieved at the distribution and core layers through additional.

CHAPTER -II NETWORKING COMPONENTS CPIS 371 Computer Network 1 (Updated on 3/11/2013)

Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

WAN Technologies. 2 Large Spans and Wide Area Networks MAN networks: Have not been commercially successful.

Cisco Study Guide

Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s

Network Devices Repeaters, hubs, bridges, switches, routers, NIC’s.

Target Network ISP Internal Network

Chapter Objectives In this chapter, you will learn:

Research challenges - agile optical networks Tal Lavian

Local Area Networks Honolulu Community College

Networking Devices.

Network Load Balancing Functionality

Semester 1 Cisco Discovery JEOPADY Chapter 3.

Chapter 4 Data Link Layer Switching

Network Packet Brokers

I. Basic Network Concepts

NTHU CS5421 Cloud Computing

Network Devices Hub Definition:

Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s

VLANS The Who, What Why, And Where's to using them

Traffic Analysis Points (TAP) For Real-time Network Monitoring TAP stands for Traffic Analysis Point, which is designed to provide real-time monitoring.

Presentation transcript:

Getting Traffic to your Cluster

Where to Tap WAN or Internal – WAN Detect intrusion attempts and out-bound misbehavior – Internal Detect internal-internal malicious traffic Is there a possibility of more than one tap in the path of your flow – You will get duplicate packets sent to the cluster – Bro does not like getting duplicates Separate Clusters Deal with them using an external device Bro Center of Expertise

Where to Tap Bro Center of Expertise

Tap or Mirror(SPAN) Port Tap – Cost - taps are extra hardware – Interrupt connection to put in place – Light levels Passive taps split the light and reduce power going to all end points – routers and the monitoring equipment Find out what the minimum rx level is for router and monitoring equipment optics. Pick the appropriate tap split ratio – Gigamon Support says 50/50 for 10Gbs If needed there are regeneration/active taps Attenuators – may need removed if in place on short runs – Stand-alone or built-in taps Built-in may lead to inflexibility of testing Tied to vendor with built-in Bro Center of Expertise

Tap or Mirror(SPAN) Port (contd.) Port Mirror (span) – Trust the device doing the mirroring Misconfiguration Hardware defect – Oh, here is an extra port! When ports run tight and no one wants to buy a card When the Network Engineers need your mirror port – On the fly mirroring of ports to cluster members Bro Center of Expertise

Aggregation and Load Balancing Asymmetric Traffic Multiple links may allow traffic to take different in and out paths between hosts Equal-cost multi-path routing – A cluster member must receive all the packets for a particular flow – If you dont have the possibility of asymmetric traffic you can plug taps straight into the cluster members – beware of traffic load issues Load balancing (LB) – Many to one, one to many, many to many – How many tuples is the LB algorithm using? Bro Center of Expertise

Hardware Aggregation and LB Gigamon – Limited support when using Non-Gigamon transceivers – GigaSmart boards can provide de-duplication – Port only load balancing Limit of 8 ports per load balance group (gigastream) – may be increased in the H-Series Our solution: uses multiple gigavue boxes in a tiered arrangement to feed part of one stream into another Bro Center of Expertise

HW Aggregation and LB (contd.) Cpacket – Have certified major transceiver vendors, will consider certifying others at customer request – Port and MAC address load balancing MAC – use commodity ether switch for further LB Up to 48 mac addresses in a load balance group – Some products may offer automatic de- duplication Support suggests using defined filters instead Bro Center of Expertise

Cluster Member Load Balancing Take advantage of multiple cores Use features of NIC to load balance flows to processes running on each core – Myricom – Sniffer driver – pay per NIC – Intel – PF_Ring and NICs Flow Director, also NTOP drivers MAC based load balancing extended – Each Bro instance listens to a different destination MAC address Bro Center of Expertise

Etc. Can my external box slice packets to reduce payload from large streams – i.e. GridFTP – Gigamon GigaSmart cards can – Cpacket Smart ports can If you have load balancing occurring at multiple places in the packet distribution path are there possible issues with hash sorting values being calculated the same at different levels Bro Center of Expertise