Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

Published byDamion Mather Modified over 9 years ago

Similar presentations

Presentation on theme: "SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick."— Presentation transcript:

1 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick P. Leong CTO | Gigamon Systems LLC SHARKFEST '08 Foothill College March 31 - April 2, 2008

2 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Agenda Recent changes in the network monitoring Issues with traditional network tapping Data Access Network (DAN) Functions of a Data-Access Switch Example applications Summary Q & A

3 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Recent Changes in Network Monitoring 9/11 spawned new security and lawful intercept requirements Enron spawned new auditing and monitoring laws New tools optimize E-commerce and internet applications VoIP and media convergence make the network more strategic Network is more valuable; Downtime is unacceptable

4 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Result: Proliferation of Tools New SOX compliance transaction monitors --- Keep your boss out of jail! IDS Sensors detect external hacker attacks NAC Appliance protects networks from inside --- From your own people! Forensic recorders capture events and how the network being used! Configuration monitoring tools watch over network resources Application and Network troubleshooting

5 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Proliferation Causes Contention for Span Ports Security and IT Engineers seen here “Negotiating” Over a SPAN Port

6 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Other Issues Packets belonging to the same flow may go through multiple parallel links e.g. Etherchannel Difficulty in monitoring asynchronously routed mesh topologies The tool cannot keep up with the incoming bandwidth --- many tools are software based e.g. Wireshark

7 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Solution? Data-Access Network (DAN)

8 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s a DAN? It’s a out-of-band monitoring network! Includes Passive Tools like: Sensors, Probes, Monitors, Recorders, Analyzers, and Access Switching

9 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example of a DAN

10 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What’s new? A new “Best Practice” Part of the network infrastructure Facilitates instrumentation of a network Enterprise or Telco What’s new is how data is fed to the tools By a Data-Access Switch Unobtrusive to the primary network

11 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 What problems do DANs solve? Too Many Power Tools? Not Enough Sockets? ? ? ? ?

12 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Power Tools, use a Power Strip

13 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Too Many Monitoring Tools? Not Enough Span Ports? ? ? ? ?

14 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 For Sensors/Monitors/Analyzers, Use a Data Access Switch One Span port serves Many tools

15 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Monitoring a Mesh Network?

16 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 If we deploy one tool per span port --- Lots of Hardware and Expensive !!!

17 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Better to Distribute Connections with a DAN Aggregate and filter flows to consolidated tools

18 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 DAN is out-of-band “Data Socket” Part of the Reliable Network Infrastructure Plug-in multiple out-of-band tools – any tool to any data Unobtrusive tool changes – never touch the network Do moves, adds, changes at any convenient time Eliminates RSPAN Performance Monitor Security IDS Transaction Auditor Forensic Recorder Protocol Analyzer Switch Storage Area Network Switch Server Farm Consolidated Tool Farm Config Monitor “Data Socket”

19 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 DAN Solves Access Problems By Aggregating many links to any tool Multicasting any link to many tools Filtering data to map packets to tools Saving $$ Cap Ex and Op Ex budget$ Any to Any Any to Many Many to Any Bit-Mask Filtering

20 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Core

21 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example application: Telco Edge

22 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Example Application: 10G Monitoring

23 SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Summary A Data-Access Switch forms a Data-Access Network that: Provides non-intrusive, out-of-band network monitoring Resolves the insufficient span ports issue Reduces the number of tools deployed Can intelligently spread the network traffic to various tools Reduces the load of a particular tool via intelligent hardware-based filtering Provides a “Big Pipe” view of the mesh network

Download ppt "SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick."

Similar presentations

Visibility Fabrics for Measurement, Management and Security.

Visibility Fabrics for Measurement, Management and Security.
Network Systems Sales LLC

Network Systems Sales LLC
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Shared Data Access Network (SDAN)

Shared Data Access Network (SDAN)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
When Technology Falters: The CareGroup Network Outage John D. Halamka MD CIO, CareGroup CIO, Harvard Medical School.

When Technology Falters: The CareGroup Network Outage John D. Halamka MD CIO, CareGroup CIO, Harvard Medical School.
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Shark Distributed Monitoring System: Distributing Wireshark Deep Packet Analysis to LAN/WAN.
Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.

Towards Virtual Routers as a Service 6th GI/ITG KuVS Workshop on “Future Internet” November 22, 2010 Hannover Zdravko Bozakov.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
Networks and Distributed Systems: Project Ideas

Networks and Distributed Systems: Project Ideas
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Similar presentations

Ads by Google