SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.

Slides:

Advertisements

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Advertisements

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –

CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Switching Concepts Introduction to Ethernet/802.3 LANs Introduction.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.

1 Data Link Protocols Relates to Lab 2. This module covers data link layer issues, such as local area networks (LANs) and point-to-point links, Ethernet,

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.

Lab Practical 2 Study about different types of Networking Device

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.

TDC 461 Basic Communications Systems Local Area Networks 29 May, 2001.

NETWORK DESIGN Customer requirements Network topologies Cable choice Hardware TSB 75 TSB72.

Ethernet By far, the dominant standard for guided media for the internet is Ethernet. How does it work?

1 K. Salah Module 4.3: Repeaters, Bridges, & Switches Repeater Hub NIC Bridges Switches VLANs GbE.

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

Switches in Networking B. Konkoth. Network Traffic  Scalability  Ability to handle growing amount of work  Capability of a system to increase performance.

GigE Knowledge. BODE, Company Profile Page: 2 Table of contents  GigE Benefits  Network Card and Jumbo Frames  Camera - IP address obtainment  Multi.

Troubleshooting Software Tools vs. Professional Test Equipment.

Connecting LANs, Backbone Networks, and Virtual LANs

Network Topologies.

In The Name Of Allah Whose Blessings Are Uncountable.

Net Optics Confidential and Proprietary 1 iLink Agg.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Solving Network Challenges with Switched LAN Technology.

Networking Components Mike Yardley LTEC 4550 Assignment 3

© 1999, Cisco Systems, Inc. 3-1 Chapter 10 Controlling Campus Device Access Chapter 3 Connecting the Switch Block © 1999, Cisco Systems, Inc. 3-1.

Chapter 6 High-Speed LANs Chapter 6 High-Speed LANs.

LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.

NETWORKING COMPONENTS By Cleve Rosser. Hubs allow large numbers of computers to be connected on a single or multiple LAN. Each computer plugs into the.

1 CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 1/ MODULE 8 Ethernet Switching.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

Network Technologies Chapter 2. Approaches to Network Communication Connection-Oriented –Circuit-switched –A dedicated connection (circuit) is formed.

Gigabit Ethernet.

Cisco – Chapter 3 LAN. LAN Teaching Topology physical topology is the actual layout of the wire (media) logical topology defines how the media is accessed.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

Net Optics Confidential and Proprietary iLink Agg xStream Intelligent Access and Monitoring Architecture Solutions.

1 Ethernet & IEEE Cisco Section 7.3 Stephanie Hutter October 2000.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

Chapter 6 – Connectivity Devices

LAN Switching and Wireless – Chapter 1

Challenges Facing IT Professionals Flat Budgets: “More with Less” Lack of Skilled Resources Expansion, Mergers & Acquisitions SLA’s and Uptime Requirements.

Computer Networks 15-1 Connecting Devices. Connecting Device We divide connecting devices into five different categories based on the layer in which they.

Version 4.0 Ethernet Network Fundamentals – Chapter 9 Sandra Coleman, CCNA, CCAI.

First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process.

Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.

Packet Capture and Analysis: An Introduction to Wireshark 1.

Sybex CCNA Chapter 2: Ethernet Networking and Data Encapsulation Instructor & Todd Lammle.

NET 324 D Networks and Communication Department Lec1 : Network Devices.

1 Data Link Layer Lecture 23 Imran Ahmed University of Management & Technology.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.

1. 2 It is a Physical layer device (Layer 1) It is Dummy Device It works with 0’s and 1’s (Bits) It works with broadcasting It works with shared bandwidth.

March 2010 Gig Zero Delay Tap. TP-CU3-ZD The Gig Zero Delay Tap is TP-CU3 enhanced with the industry’s first TRUE Zero Delay technology for 10/100/1000.

Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.

1 Layer 2 Technologies Honolulu Community College Cisco Academy Training Center Semester 1 Version

Rehab AlFallaj.  Network:  Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and do specific task.

Chapter 14 Local Area Networks

4.8 Repeaters, Hubs, Bridges, Switches and Routers 1.

Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.

Chapter Objectives After completing this chapter you will be able to: Describe in detail the following Local Area Network (LAN) technologies: Ethernet.

Data and Computer Communications Eighth Edition by William Stallings Chapter 15 – Local Area Network Overview.

© ExplorNet’s Centers for Quality Teaching and Learning 1 Select appropriate hardware for building networks. Objective Course Weight 2%

ETHERNET Yash Vaidya. Introduction Ethernet is a family of computer networking technologies for local area networks (LANs). Ethernet was commercially.

Solving Real-World Problems with Wireshark

Networking Devices.

Configuring EtherChannels and Switch Troubleshooting

Instructor: Mr. Malik Zaib

Data Link Issues Relates to Lab 2.

COMMON LAYER 2 DEVICES AND FUNCTIONALITIES.

Instructor: Mr. Malik Zaib

Traffic Analysis Points (TAP) For Real-time Network Monitoring TAP stands for Traffic Analysis Point, which is designed to provide real-time monitoring.

Presentation transcript:

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST ‘10 Stanford University June 14-17, 2010

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Overview What are TAP’s? Why TAP? Modes Options Technology Portable Analysis Configuration

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Analyze Capture Access

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Traffic Access Point An inline network device that provides access to data as it traverses a network media.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Deployed Inline – TAP’s Process All Frames on the Media

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s? Gaining Popularity – TAP’s can be Active or Passive Devices

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 What are TAP’s?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP? VoIP Monitoring Protocol Analysis Server & Workstation Monitoring Compliance & Data Leakage Detection Intrusion Detection & Prevention The security group is hogging all the SPAN ports and they never let me sniff any data…

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Why TAP? There are lots of reasons… Multiple groups will need access to data More groups will require copies of data What happened to my HUB?! SPAN ports are slim pickings

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Modes

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Breakout (Directional Outputs)

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating (Combined Outputs)

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Regenerating (Duplication/Replication of Data)

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating Regenerating (TAP and SPAN) ew

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Aggregating/Filtering Backplane

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Modes Advanced Backplane Operations

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Options

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Link Failure\Integrity\State Propagation

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Fail-to-Safe, Fail-to-Wire, Fail Closed

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options Link Lock, Passive Copper (10/100 only)

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Options PoE Passive/Pass Through, Not Always PoE+

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Technology

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Passive TAP Benefits – TAP once and done – Live devices link directly with each other – Allows simple monitoring applications – Passes L2 errors – Link maintained on power state change Things to Consider – Some degradation of live signal – Proper deployment

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active TAP Benefits – Allows complex monitoring applications – Allows traffic to be injected into live links – No degradation of live signal Things to Consider – May discard link errors (Switch vs FPGA) – Link is lost on power state change – Live network devices link with TAP

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Passive Components Copper 10/100M Links – Manipulate traces and PHY connections – Live devices physically connected – Power state change is non-impactful Fiber 100M, 1G, 10G+ Links – Optical splitters/couplers – Isolates production and monitor data-paths – Can provide 100% passive monitoring

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Splitter/Coupler

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active Components Copper 10/100/1G Links – Fast acting copper relays Fiber 1G, 10G+ Links – Optical bypass switches

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Active Components Fast Acting Copper Relays / Optical Switches – Non-Latching Do NOT require power to fail closed Less complex – Latching DO require power and a trigger to activate More flexible

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Bypass Switch

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Optical Fiber Bypass Switch

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Switch Chip Based Designs – Familiar architecture and compatibility – Built in functionality – Designed for specific tasks – Counts malformed frames and errors – May not pass error frames

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Field-Programmable Gate Array (FPGA) – An integrated circuit designed to be configured after manufacturing – Extreme flexibility allows complex applications – Passes malformed frames and errors – Oversized and custom frame types – Byte offset matching and slicing

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components Fiber Transceiver – Two pieces of directional optics – Transmitter – Only capable of sending – Receiver – Only capable of capture – Form factors – SFF, SFP, SFP+

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology Core Components PHY (Physical Layer) – PCS, PMA, PMD – Connects RJ45/transceiver to Switch (or FPGA) – Handles link negotiation and line protocols – Broadcom, Marvell, Intel, VIA

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP Technology

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deployment

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deploying TAP’s

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Deploying TAP’s Things to Consider Not all patch cables are created equal – OM1 (Orange), OM2 (Grey), OM3 (Teal) Fiber cables may be crossover 10/100 network cabling (MDI, MDIX) Consider overall cable lengths

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis Laptop Challenges Where’s the Fiber port?! Performance of receive and capture is limited 1G capture appliances are not very portable 1 Gbps is still a LOT of data

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis Solutions TAP’s for Media Conversion Modify the Capture Buffer Size Filter on TAP Hardware

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Media Conversion Copper to Copper Fiber to Copper Copper to Fiber Fiber to Fiber

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Bump the Capture Buffer

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Portable Analysis: Filter on TAP

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Filtering

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Configuration

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

Configuration Breakout Mapping

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

Configuration Aggregation Mapping

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

Configuration Aggregated & Filtered Mapping

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

Backplane Connections Source and Destination Ports

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

Configuration

SHARKFEST ‘10 | Stanford University | June 14–17, 2010

FYI TAP's with Batteries – Require Maintenance – Special Shipping Handling – Existing UPS Infrastructure

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Be Cautious Fast Linking Gigabit – Modifies Normal Auto-negotiation – Not Standard Ethernet Procedure – Is NOT 100% Guaranteed

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Other Useful Bits Facts About Fiber Optics Ethernet Negotiation – Rich Hernandez Perils of the Network: Duplex Conflicts – Apparent Networks Catalyst SPAN Configuration – Cisco TAP vs SPAN – Tim O’Neill DIY 10/100 access?

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Thank You! See you next year!