Director™ Data Monitoring Switch
Managing Data Capture and Monitoring Pain Point: Monitoring solutions are over-subscribed as networks deliver more services and carry large amounts of multi-protocol traffic Need an effective approach to meet the demands of government regulations and compliance requirements The Solution: A flexible yet effective “Intelligent Filtering” appliance that directs traffic of interest to specific monitoring tools 1 and 10 GigaBit monitoring capabilities L2-L7 traffic filtering Static and dynamic load balancing Cost-effective resource utilization Analyzer RMON IDS ? Forensics IPS Tool Contention
The Director™ Data Monitoring Switch Example deployment scenario A versatile monitoring access platform (MAP) for improved network visibility and security threat management across the whole network Comprehensive edge, core, and workgroup visibility Span, Out-of-band, and In-line connectivity Inter-department traffic analysis Centrally located tool resources and management
Director Family Overview 10G DIR 2400XP DX Pro DIR 2400X DX 1G/10G DIR 6400P DIR Pro DIR 3400P DIR 7400 DIR DIR 5400 DIR 3400 Daisy chain Filter Static load balancing Aggregation Regeneration DPI Dynamic load balancing Product Speed Features © 2011 by Net Optics, Inc.
DirectorTM Data Monitoring Switch – Family Overview Basic Advanced 1G Director 3400 Director Pro 3400P 1/10G Director 5400 Director 7400 Director xStream Director Pro 6400P Director xStream Pro 10G Feature Basic Advanced Aggregation Yes Regeneration Switching Filtering L2- L4 (up to 128 bytes) L2-L7 Load balancing Static Static and Dynamic Deep packet inspection No Multi unit operation Yes ( Except DIR-3400) Yes ( Except DIR-3400P)
Director – 10 Key features Industry leading port density in 1U form factor Benefit : Access to more tools, reduced footprint, lowered investment Supports up to 38 ports: 24 ports with 2 upgradable DNMs,10 fixed SFP and up to 4 10G XFP ports Monitor up to 26 SPAN ports or 12 inline links and up to 12 monitoring tools With simplex fiber cables, double up the available ports Aggregation and regeneration Benefit : Increases efficiency of tool usage by aggregating links with low utilization, allows multiple tools to monitor same traffic simultaneously Aggregation, regeneration, switching, and filtering traffic completely at line speed One-to-one, many-to-one, one-to-many, and many-to-many mappings of input to monitor ports. Filtering Benefit : Send only the traffic of interest to tools, prevent tool oversubscription Hardware based L2-L4 filtering Up to 2000 filters per unit Filtering by IPV4 and V6 Source and Destination Addresses, Ether type, VLAN tags, MPLS labels, Protocol, Port numbers, MAC Source and Destination Addresses, User Defined Filter (UDF); ranges and masks supported
Director – 10 Key features 4. Load balancing Benefit: Distributes workload across multiple tools to achieve optimal tool utilization, maximize throughput, and avoid overload Load can be balanced by IP address, port, protocol, VLAN, and MAC address, or any other packet header field. 5. Multi unit operation Benefit: Connect even more tools, centralized management, leverages monitoring tools across groups and links Daisy chain up to 10 units for 380 ports with industry leading total throughput of 740Gbps 6. Secure and flexible System Management Benefit : Provides versatile and secure platform to manage Director and other Net Optics devices Supports RMON statistics , HTTPS, SNMP v3 (including v1 and v2), SSH for CLI, TACACS+ and RADIUS authentication Three options: CLI, SNMP and Web Manager (GUI)
Director – 10 Key features 7. Hot dual swappable power supplies Benefit : Provides reliable connection If one power supply loses power, Director operates on the remaining supply If a power supply module needs replacement, no need to take Director offline Universal AC and - 48VDC models available 8. Reliability Benefit: A truly unstoppable appliance, maximizes network uptime even when offline Maintains configuration and filters even when power is absent Traffic flows are not impeded between the device’s in-line network ports when powered off 9. Modularity Benefit : Supports virtually any monitoring tool Monitor ports use SFP or XFP modular transceivers DNMs are available for copper and fiber in both in-line and Span versions Compatible with all Net Optics Taps and Bypass Switches 10. Port and Filter tagging Benefit : Identify input streams within the aggregated traffic Packets tagged with user defined tags (VLAN tag)
Director Pro – Top 5 Key features All of the Director features and benefits plus capabilities unique in the market Dynamic Load Balancing Benefit: Ability to optimize tool’s utilization when traffic is unpredictable Load balance by flow or packet to 2 to 32 outputs Traffic is redistributed to remaining tools, or switched to a spare hot-standby tool when a tool fails Deep Packet Inspection (DPI) with Payload Pattern Matching Benefit: Locate packets of interest by exploring deep into the packet Pattern-matching in the L5‑L7 headers and the packet payload E.g. Search for nested MPLS labels, phone or credit card numbers, key words Centralized Traffic Statistics Collection and Visualization Benefit: View real-time per-filter, load balancer traffic statistics and observe microbursts Byte and packet counts are available for every DPI filter, load balancing output, and for common protocols Pushes statistics to the Net Optics Indigo Pro management platform as quickly as once per second Enhanced filtering Benefit: Increases tool efficiency, eliminates over subscription Filter on MPLS label, exact ranges for IP addresses, ports, MAC addresses, and VLANs
DirectorTM Data Monitoring Switch – Typical System Components 1. Director Chassis 2. Director Network Module (DNM) - Available in Span/Inline, copper/Fiber versions 3. Director Monitor port interfaces a. SFP Kits – Available in copper and Fiber versions b. XFP Kits – Available in SR ,LR and ER versions
1. Director/Director Pro Chassis Overview Front Panel Ten SFP-based 1Gbps monitor ports Two XFP-based 10Gbps configurable monitor/network ports Two network slots Each slot supports twelve 1Gbps network ports Easy-to-read status LEDs Rear Panel Two triple function 10Gbps ports Daisy-chain, In-line, and Span RS232-based CLI port USB SW upload port (Not available in Director Pro) 10/100/1000Mbps management port Hot-swappable dual power 12Gbps Network Slot 1Gbps Monitor Ports 10Gbps Configurable Ports 10Gbps Daisy-chain Ports RS232 Port Hot-swappable Dual Power USB Port 10/100/1000 Management Port DIR-3400 /DIR-3400P No 10G Ports DIR-6400P Three 10G Ports (Two in Front , one in Rear) DIR-5400 Two 10G Ports (Rear) DIR-7400 Four 10G Ports (Two each in Front and Rear panels) © 2010 by Net Optics, Inc.
2. Director Network Modules - DNMs Common Features Passive In-line or Span access Fiber and copper modules Slot independent Status LEDs for each port RMON-type statistics Copper Features Twelve 1Gbps ports Six In-line or twelve Span 10/100/1000 connectivity Link fault detect (LFD) on In-line ports Fiber Features Twelve 1Gbps ports Six In-line or twelve Span LC connectors SX (50/62.5um) or LX (8.5um) 50/50, 60/40, 70/30 split ratios
3. Monitor Port Interfaces 1Gbps Copper SFP 1Gbps Fiber SFP Fourteen Available Monitor Ports (including 2 10G on rear panel) 10Gbps SR XFP 10Gbps LR XFP Ten 1Gbps monitoring tool ports SFPs support copper and fiber connections Four 10Gbps configurable monitor/network ports XFP-based interfaces - SR ,LR and ER supported © 2010 by Net Optics, Inc.
Director – Deep dive Director/ Director Pro Multi layered Filtering Load balancing Multi unit operation Configurable ports Indigo Software suite Director Pro Dynamic load balancing Deep packet inspection ProPushTM statistics
Filtering Filter by IP address Filter by Protocol Complex filter Network Port 1 Monitor Port 5 Source IP = 192.168.10.1 through 192.168.10.40 Protocol= UDP Monitor Port 6 Network Port 3 Monitor Port 8 Complex filter Source IP = 192.168.10.15 Protocol = TCP Layer 4 Port = 80 Network Port 6 Monitor Port 2 Multilayer filtering Analyzer TCP Filter HTTP Filter 192.0.0.5 Filter SNMP Filter
TapFlow - Protocol Filtering HTTP SMTP VoIP IMAP DHCP FTP TCP SNMP HTTP IPv4 TCP Analyzer RMON IPv6 IDS Forward selected traffic to dedicated monitor ports Filter traffic by Protocol (DHCP, FTP, IMAP, SMTP, SNMP, SCTP…) Source and destination IP and MAC addresses and Ports Network port or port group VLAN
Static Load Balancing Distributes traffic based on a fixed set of rules relating to characteristics of the input traffic Load balanced by IP address, port, protocol, VLAN, and MAC address, or any other packet header field Apply multiple 1G tools to 10G traffic Keeps flows intact Combine with filtering (for example, load balance only TCP traffic) • Distribute load to 2 to 10 tools x71, x49, xA5 x42, x46, xDE xF0, x34, x1C xE3, x5F, x17 Example: Load Balance by IP Address 17
Daisy Chaining Two XFP-based 10Gbps ports SR, LR, and ER support Building 1 Building 2 Two XFP-based 10Gbps ports SR, LR, and ER support Connect up to 10 chassis - 380 network ports available All monitor ports (up to 120) active for flexible scalability Manage the entire daisy chain group as a single system Local and remote management supported
10 GigaBit Configurable Ports Case 1: Traffic is copied from selected 1Gbps network ports Analyzer IDS Monitor Ports Selected Network Ports Case 2: 10Gbps traffic is copied to selected monitor ports Network Span Ports Selected Monitor Ports Case 3: Can be mixed monitor ports and network ports
Indigo™ Management Features Web Manager & CLI Management Software Options Command Line Interface (SSH or Serial) Web Manager (GUI) Simple and intuitive way Hosted on the device Accessible from a browser over https Single device management SNMPv3( includes SNMP v1 and v2) Indigo Pro management system Remote access and management Role based access control Security RADIUS/TACACS+ Remote Authentication Web Manager CLI 20
Dynamic Load Balancing Traffic allocated to tools based on the actual changing load tools experience In a multi-unit system, the input and outputs of the flow balancer can cross chassis boundaries freely Supports multiple load balancing modes Flow based – Supports unlimited number of flows Conversation Source IP address Destination IP address Non flow based Packet round robin Link state aware Traffic redistributed among active tools when a link goes down N+1 redundancy A spare port can be allocated to provide N+1 redundancy Overflow mode Allocates additional tools when existing tools reach capacity
Deep Packet Inspection Search anywhere in the entire packet payload Filtering on HTTP header information Filtering on custom application fields Pattern-matching in the L5‑L7 headers and the packet payload Explore deep into the packet with 16 sets of patterns Each pattern is one or two strings up to 64 characters long Strings can be hex or ASCII, with configurable case sensitivity and wild cards Strings are searched sequentially, they can be anchored or unanchored E.g. Find the string "Confidential" anywhere in a TCP packet payload Network Port 1 Monitor Port 1 Protocol= TCP String 1 = Confidential
ProPush™ Statistics DPI and load balancing statistics Send statistics to up to 5 management systems User configurable frequency ( 1-30 sec interval) Statistics pushed to the Net Optics Indigo Pro management platform as quickly as once per second Reports per Pro filter Byte counts and packet counts for total in, total out Load balance outputs Protocol distribution (IPv4, IPv6, TCP, UDP, ARP, ICMP) © 2010 by Net Optics, Inc.
Director advantage over competition Customer First! Commitment Industry leading port density in 1U (Unique in the market ) Flexible modular architecture (Unique in the market ) Dynamic load balancing (Unique in the market ) Deep packet inspection (Unique in the market ) Up to 2000 filters per unit Daisy chain 10 units for 380 ports Reliable and secure platform Indigo™ Software Suite – CLI, SNMP, Web Manager Free Technical & Field Support Free Network Diagramming Services 24
Part Numbers and Ordering information Director DIR-3400 Director, Main Chassis, 2 Network Bays, 10 SFP Ports DIR-3400-DC Director, Main Chassis, 2 Network Bays, 10 SFP Ports, DC DIR-5400 Director, Main Chassis, 2 Network Bays, 10 SFP Ports, 2 XFP Ports DIR-5400-DC Director, Main Chassis, 2 Network Bays, 10 SFP Ports, 2 XFP Ports, DC DIR-7400 Director, Main Chassis, 2 Network Bays, 10 SFP Ports, 4 XFP Ports DIR-7400-DC Director, Main Chassis, 2 Network Bays, 10 SFP Ports, 4 XFP Ports, DC Director Pro DIR-3400P Director Pro, Main Chassis, 2 DNM Slots, 10 SFP Ports DIR-3400P-DC Director Pro, Main Chassis, 2 DNM Slots, 10 SFP Ports, DC DIR-6400P Director Pro, Main Chassis, 10 SFP Ports, 3 XFP Ports DIR-6400P-DC Director Pro, Main Chassis, 10 SFP Ports, 3 XFP Ports, DC SFP Kits SFPKT-GCU Kit, Copper, 1G, SFP Transceiver w/cable SFPKT-CU3 Kit, Copper, 10/100/100, SFP Transceiver w/cable SFPKT-50SX Kit, Fiber, 1G, SX, SFP Transceiver(850nm) w/cable 50µm SFPKT-SX Kit, Fiber, 1G, SX, SFP Transceiver(850nm) w/cable 62.5µm SFPKT-LX Kit, Fiber, 1G, LX, SFP Transceiver(1310nm) w/cable 8.5µm XFP Kits XFPKT-ER Kit, Fiber, 10G, ER XFP Transceiver(1550nm) w/cable 8.5µm XFPKT-50SR Kit, Fiber, 10G, 50SR XFP Transceiver(850nm) w/cable 50µm XFPKT-SR Kit, Fiber, 10G, SR XFP Transceiver(850nm) w/cable 62.5µm XFPKT-LR Kit, Fiber, 10G, LR XFP Transceiver(1310nm) w/cable 8.5µm Director Network Modules (DNM) DNM-100 Network Module, IL, Copper, 10/100/1G DNM-101 Network Module, IL, Copper, 10/100/1G VZD DNM-110 Network Module, Span, Copper, 10/100/1G DNM-200 Network Module, IL, Fiber, 1G, SX 62.5µm, 50:50, LC, 850nm DNM-202 Network Module, IL, Fiber, 1G, SX 62.5µm, 70:30, LC, 850nm DNM-210 Network Module, Span, Fiber, 1G, SX 62.5µm, LC, 850nm DNM-220 Network Module, IL, Fiber, 1G, SX 50µm, 50:50, LC, 850nm DNM-222 Network Module, IL, Fiber, 1G, SX 50µm, 70:30, LC, 850nm DNM-230 Network Module, Span, Fiber, 1G, SX 50µm, LC, 850nm DNM-300 Network Module, IL, Fiber, 1G, LX 8.5µm, 50:50, LC, 1310nm DNM-302 Network Module, IL, Fiber, 1G, LX 8.5µm, 70:30, LC, 1310nm DNM-310 Network Module, Span, Fiber, 1G, LX 8.5µm, LC, 1310nm DNM-320 Network Module, IL, Fiber, 1G, ZX 8.5µm, 50:50, LC, 1550nm DNM-330 Network Module, Span, Fiber, 1G, ZX 8.5µm, LC, 1550nm For ordering, Call 408.737.7777 © 2011 by Net Optics, Inc.
Net Optics, Inc. www.netoptics.com 408.737.7777 Thank you! Net Optics, Inc. www.netoptics.com 408.737.7777 26