SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation.

Slides:



Advertisements
Similar presentations
Ethernet Switch Features Important to EtherNet/IP
Advertisements

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
Network Systems Sales LLC
M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
1 GE Consumer & Industrial Multilin MultiLink Hardened Ethernet Communication Switches Ethernet Communication Solutions for the Industrial Automation,
Business Data Communications, by Allen Dooley, (c) 2005 Pearson Prentice HallChapter Six 1 Business Data Communications Chapter Six Backbone and Metropolitan.
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.
Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.
VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Chapter 19: Network Management Business Data Communications, 4e.
RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.
Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.
Business Data Communications Chapter Six Backbone and Metropolitan Area Network Fundamentals.
It’s What You Can’t See That Will Sink You
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Connecting LANs, Backbone Networks, and Virtual LANs
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
Net Optics Confidential and Proprietary 1 High-Availability Security Monitoring using Bypass Switches August, 2011 Intelligent Access and Monitoring Architecture.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 LAN Design LAN Switching and Wireless – Chapter 1.
Net Optics Confidential and Proprietary 1 iLink Agg.
LION GES - Overview  Fast Ethernet Switch For easy installation of medium to large sized networks For installation of high availability networks using.
Chapter Five Network Architecture. Chapter Objectives  Describe the basic and hybrid LAN technologies  Describe a variety of enterprise-wide and WAN.
Network Design Essentials
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
EVOLVING TRENDS IN HIGH PERFORMANCE INFRASTRUCTURE Andrew F. Bach Chief Architect FSI – Juniper Networks.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
Chapter 4 Local Area Networks. Layer 2: The Datalink Layer The datalink layer provides point-to- point connectivity between devices over the physical.
Optimizing Your Communications Foundation Eliminate Risk, Reduce Cost, Move to IP Telephony and Unified Communications with Confidence.
STEALTH Content Store for SharePoint using Caringo CAStor  Boosting your SharePoint to the MAX! "Optimizing your Business behind the scenes"
May-2010 Indigo Pro Management Platform May 2010.
Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.
InfiniSwitch Company Confidential. 2 InfiniSwitch Agenda InfiniBand Overview Company Overview Product Strategy Q&A.
Net Optics Confidential and Proprietary iLink Agg xStream Intelligent Access and Monitoring Architecture Solutions.
One Marketplace Access Exchange.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
LAN Switching and Wireless – Chapter 1
Challenges Facing IT Professionals Flat Budgets: “More with Less” Lack of Skilled Resources Expansion, Mergers & Acquisitions SLA’s and Uptime Requirements.
LAN Switching and Wireless – Chapter 1 Vilina Hutter, Instructor
Intro to Network Design
Chapter 5: Implementing Intrusion Prevention
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 4 Switching Concepts.
1 Making Networks Smarter. Trends Everything is moving to the network –Telephony –Video –Web services (and further.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
Business Transformation Overview Brian Morgan LTEC
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
Chapter2 Networking Fundamentals
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
March 2010 Gig Zero Delay Tap. TP-CU3-ZD The Gig Zero Delay Tap is TP-CU3 enhanced with the industry’s first TRUE Zero Delay technology for 10/100/1000.
Advanced Computer Networks Lecturer: E EE Eng. Ahmed Hemaid Office: I 114.
Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Simple, End-to-End Performance Management Application Performance.
FireEye NX In line Solution
1 Copyright © 2013 Tap DANZing with Arista Networks Redefining the Cost of the Access Layer.
CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.
IXIA + FIREEYE SECURITY BATTLECARD
Instructor Materials Chapter 1: LAN Design
OptiView™ XG Network Analysis Tablet
Campus Communications Fabric
How Smart Networks are Changing Corporate Networks
IS3120 Network Communications Infrastructure
Your Business Opportunity
Module 5 - Switches CCNA 3 version 3.0.
Traffic Analysis Points (TAP) For Real-time Network Monitoring TAP stands for Traffic Analysis Point, which is designed to provide real-time monitoring.
Presentation transcript:

SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation SHARKFEST '09 Stanford University June 15-18, 2009

SHARKFEST '09 | Stanford University | June 15–18, 2009 Agenda Goal: Present an overview of Tap technology and how network and security monitoring become more how network and security monitoring become more efficient and productive. efficient and productive. Technology Drivers Technology Drivers Network considerations for a Tap deployment Network considerations for a Tap deployment Innovations in Tap technology Innovations in Tap technology Taps in your network Taps in your network Thank you and contact info Thank you and contact info

SHARKFEST '09 | Stanford University | June 15–18, 2009 Technology Drivers The increasing complexity of networks, proliferation of applications and the development of new technologies such as 10 Gigabit Ethernet are driving the demand for increased monitoring. Source: Frost & Sullivan Forensics Compliance Lawful Intercept Security Growing Threats Need for Stealth Monitoring Analysis Convergence of Voice/Video/Data Demand for 10G

SHARKFEST '09 | Stanford University | June 15–18, 2009 Traditional Access Methods MethodRisks Span Ports Can drop packets when switch is busy Does not pass critical Layer 1 and 2 errors Costs time and resources for switch reconfiguration In-line Potential point of failure Expensive one-tool-to-one-link deployment Relocating the tool means link downtime Hubs Not passive (power failure  link down) Half-duplex only No Gigabit or 10 Gigabit hubs Switch Hub

SHARKFEST '09 | Stanford University | June 15–18, 2009 Passive Tap Technology Access 100% of your network traffic Access 100% of your network traffic Passive fail-safe operation Passive fail-safe operation Intelligent failure-over Intelligent failure-over Deployed as infrastructure Deployed as infrastructure Recommended by all Recommended by all leading tool vendors leading tool vendors Net Optics TapSpan PortIn-line DeviceHub Handles High Traffic Loads? YesNoMaybeNo Invisible to Attacks?YesNo Remote Configuration? Yes No 100% Traffic Visibility?YesNoYesNo Full-Duplex Traffic?YesLimitedYesNo Point of Failure?No Yes

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Passive Monitoring Solution

SHARKFEST '09 | Stanford University | June 15–18, 2009 Passive Access Devices One monitoring tool has passive access to one network link. Multiple groups and tools can share access to a network link. Tools can be assigned to any link or automatically scan all links. Tools can view traffic from multiple full-duplex links at one time. Prevent link downtime by connecting in-line appliances through fail-open Bypass Switches. View link utilization, traffic statistics, and alarms via front panel displays and remote interfaces even when a monitoring tool is not connected. Match traffic of interest to appropriate monitoring resources. Network Taps Regeneration Taps Matrix Switches Port & Link Aggregator Taps Bypass Switches Intelligent Tap Technology Filtering Appliances

SHARKFEST '09 | Stanford University | June 15–18, 2009 Features: Fiber Taps available in multiple split ratios No power needed Fiber available for ATM / OC3, OC12, GigaBit and 10 GigaBit Support full-duplex monitoring Copper available in 10/100, 1G and 10/100/1G Zero Delay on 10/100BaseT Tap Rack-mountable (with the purchase of rack panels) Secure, passive network access for monitoring devices on any network topology. 10 GigaBit SR Tap 10/100/1000BaseT Tap Copper & Fiber Taps Benefits: Network traffic flows regardless of power availability to the Tap Monitoring devices can be used across multiple network links, preserving existing network connections Hardware becomes hidden from potential attackers providing premium network security Access to all packet types on a link and errors from all layers Access to all packets on a full-duplex link, in real-time

SHARKFEST '09 | Stanford University | June 15–18, 2009 What is a Split Ratio? A split ratio is the amount of light a Tap re-directs from the network to the monitor ports. For correct split ratio, a Loss (power) Budget should be calculated Fiber Tap Split Ratios What is a Loss (power) Budget and how do I calculate this? A Loss (power) Budget is the amount of attenuation that can be tolerated on the network and monitor links before the end-to-end data is corrupted. To calculate, you must determine the following: Link Distance, Fiber Type, Launch Power, Receiver Sensitivity, number of interconnects and splices. Optical Power = X Fiber Tap 50/50 Split Ratio Optical Power = X/2 X/2 > Receiver Threshold Sensitivity Router Switch Monitoring Device

SHARKFEST '09 | Stanford University | June 15–18, 2009 Emerging 10 GigaBit technology may require upgrades to existing networks. 1 GigaBit10 GigaBit 1GB-SX 62.5µ or 50µ multimode fiber 850nm wavelength 220m distance with 62.5µ fiber, up to 550m with 50µ fiber 10GB-SR 62.5µ or 50µ multimode fiber 850nm wavelength 33m distance with 62.5µ fiber, up to 300m with 50µ laser-optimized fiber 1GB-LX G.652 fiber 1310 nm wavelength Up to 15 kilometers 10GB-LR G.652 fiber 1310 nm wavelength Up to 10 kilometers 1GB-ZX G.652 fiber 1550 nm wavelength Up to 70 kilometers 10GB-ER G.652 fiber 1550 nm wavelength Up to 40 kilometers Fiber Specifications

SHARKFEST '09 | Stanford University | June 15–18, 2009 Technology that eliminates the 10 ms delay added to traffic in other Taps when power is lost. This short delay can cascade into longer delays if routers and switches need to renegotiate the link. Zero Delay ensures: No dropped packets No latency is introduced Power loss to the Tap undetectable to network Net Optics Products with Zero Delay 10/100BaseT Taps 10/100BaseT Regeneration Taps 10/100BaseT Link Aggregator Taps 10/100 Zero Delay Technology

SHARKFEST '09 | Stanford University | June 15–18, 2009 Typically, full-duplex monitoring with a network tap requires two NICs (or a dual channel NIC) – one interface for each side of the tapped full-duplex connection. A port aggregator Tap combines these streams, sending all aggregated data out a single passive monitoring port. Features: Available for 10/100BaseT, GigaBit copper and GigaBit fiber monitoring devices Supplies full-duplex traffic to a single NIC on the monitoring device DIP switch sets auto-negotiation or fixed speed duplexing 256MB buffer memory controls traffic bursts Available with 2 monitor port option Port Aggregator Taps Benefits: Zero network data stream interference Network Traffic flows regardless of power availability to the tap Hardware becomes hidden from potential attacks providing premium network security Access to all packet types on a link and errors from all layers Enable 24/7 passive monitoring

SHARKFEST '09 | Stanford University | June 15–18, 2009 Benefits: Network traffic flows regardless of power availability to the Tap Hardware is hidden from potential attackers, providing premium network security Access to all packet types on a link and errors from all layers Maximize resources and save on access points when multiple devices can monitor link traffic simultaneously through a Regeneration Tap. Secure, passive access for multiple devices means a better return on monitoring investments. In-Line Regeneration Taps Features: 10/100Mbps auto-sensing, GigaBit or 10GigaBit speeds available DIP switch controlled duplex and speed settings (copper) Redundant power supplies Available in 2, 4, and 8 monitor port models, copper and fiber

SHARKFEST '09 | Stanford University | June 15–18, 2009 Link Aggregator Taps extend the reach of GigaBit monitoring devices to traffic from multiple Span ports. Aggregating the traffic from multiple switch Span ports greatly increases the coverage of monitoring devices. Features: Use 1G tools on 10G Links Aggregate 1G Links to 10G Tools Monitor up to 10 Network Links Replicate Traffic to 4 Tools Link Aggregator Benefits: Increase Tool ROI Use 10G Tools Efficiently Monitor More Links Simultaneously Share Traffic Access

SHARKFEST '09 | Stanford University | June 15–18, 2009 iTap Technology Benefits: Centralized and remote management Enhanced capability Better resource utilization Increased network visibility Information Control Access Features: SNMP integration Passive monitoring / invisible to attacks Utilization statistics

SHARKFEST '09 | Stanford University | June 15–18, 2009 Data Monitoring Switch Value - Any-to-Any / Many-to-Many connectivity, filtering to enhance tool performance and speed problem solving.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Director™ Benefits: Relieve Oversubscribed Tools Centralize Data Monitoring Leverage Tool Investments Increased Network Visibility Features: TapFlow ™ Multi-Layer Filtering Industry's Highest Port Density Passes all errors including CRC High-speed 10 & 1 Gigabit Ports

SHARKFEST '09 | Stanford University | June 15–18, 2009 CLI System Manager Web Manager Management Software Options Web - single device mgmt GUI - MAP wide visibility Command Line Interface Track Link Information Identify bandwidth utilization peaks Baseline traffic statistics Control Access to the Data Enable/disable monitor ports Reset alarm triggers Security (Q2 09’) SNMPv3 RADIUS/TACACS+ System Manager, Web Manager & CLI Software Management

SHARKFEST '09 | Stanford University | June 15–18, 2009 Financial Case Study Multi-station Taps Industry: Finance Objective: Provide non-intrusive, zero-latency visibility into network traffic enabling trading transactions to be captured and network issues to be resolved quickly and accurately Approach: Tap into the network with Net Optics multi-station fiber and copper Taps Technology Improvements: 100 percent direct in-line traffic visibility in real time without latency or impact on real-time applications Ability to record transactions for event reconstruction to resolve differences between the Exchange and its members Ability to analyze traffic from multiple vantage points throughout the network simultaneously Business Outcomes: Improved network reliability from “four nines” (99.99% up time) to five nines (99.999% up time) in first year Achieved virtually 100% up time by the end of the third year Improved end user satisfaction by consistently providing more reliable low-latency access into equities, equity options, and futures markets

SHARKFEST '09 | Stanford University | June 15–18, 2009 Financial Solution

SHARKFEST '09 | Stanford University | June 15–18, 2009 Multi-station Taps Industry: Government Objective: Provide non-intrusive visibility into network traffic to support remote diagnostics Approach: Tap into the network with Net Optics multi-station fiber and copper Taps Technology Improvements: 100 percent direct in-line traffic visibility in real time without latency or traffic impact Deployment of automated tools and control mechanisms Ability to troubleshoot and develop solutions remotely Project Outcomes: Frequent resolution of issues before users are impacted Reduction in number of field services calls dispatched Significantly lowered MTTR Improved end user satisfaction Government Case Study

SHARKFEST '09 | Stanford University | June 15–18, 2009 Government Solution

SHARKFEST '09 | Stanford University | June 15–18, 2009 InteropNet Case Study Director™ Industry: Information Technology Objective: Provide pervasive monitoring access for InteropNet, the high ‑ performance network serving the Interop Las Vegas and New York conferences Approach: Tap into the InteropNet with an expanded multi-unit system of Net Optics Director Data Monitoring Switches Technology Improvements: Ability to connect any feed to any monitoring tool Reduced access solution footprint Aggregation of feeds down to a single pair Remote visibility and control Business Outcomes: Confident of delivering “101” uptime at Interop Number of help desk tickets reduced Tickets closed faster (MTTR lowered) No open tickets or unsolved cases

SHARKFEST '09 | Stanford University | June 15–18, 2009 InteropNet production network (orange and dotted lines) and SpyNet (purple lines) with five Net Optics Director Data Monitoring Switches InteropNet Solution

SHARKFEST '09 | Stanford University | June 15–18, 2009 A Monitoring Access Platform Core Workgroup Edge Data Center Build an infrastructure with a strong platform

SHARKFEST '09 | Stanford University | June 15–18, 2009 Net Optics Overview Customers 82% of the Fortune % of the Fortune Global Customers 5 New Customers Every Week Fortune % 45% Fortune 500 Highlights Founded in 1996 by Eldad Matityahu 50 Quarters of Growth & Profitability 40K Sq. Ft. Santa Clara, CA Corporate HQ and Manufacturing Facility Private Company No VC funding and 90 Employees

SHARKFEST '09 | Stanford University | June 15–18, 2009 Thank You (408)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.