Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation.

Published bySteven Gibbs Modified over 9 years ago

Similar presentations

Presentation on theme: "SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation."— Presentation transcript:

1 SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation SHARKFEST '09 Stanford University June 15-18, 2009

2 SHARKFEST '09 | Stanford University | June 15–18, 2009 Agenda Goal: Present an overview of Tap technology and how network and security monitoring become more how network and security monitoring become more efficient and productive. efficient and productive. Technology Drivers Technology Drivers Network considerations for a Tap deployment Network considerations for a Tap deployment Innovations in Tap technology Innovations in Tap technology Taps in your network Taps in your network Thank you and contact info Thank you and contact info

3 SHARKFEST '09 | Stanford University | June 15–18, 2009 Technology Drivers The increasing complexity of networks, proliferation of applications and the development of new technologies such as 10 Gigabit Ethernet are driving the demand for increased monitoring. Source: Frost & Sullivan Forensics Compliance Lawful Intercept Security Growing Threats Need for Stealth Monitoring Analysis Convergence of Voice/Video/Data Demand for 10G

4 SHARKFEST '09 | Stanford University | June 15–18, 2009 Traditional Access Methods MethodRisks Span Ports Can drop packets when switch is busy Does not pass critical Layer 1 and 2 errors Costs time and resources for switch reconfiguration In-line Potential point of failure Expensive one-tool-to-one-link deployment Relocating the tool means link downtime Hubs Not passive (power failure  link down) Half-duplex only No Gigabit or 10 Gigabit hubs Switch Hub

5 SHARKFEST '09 | Stanford University | June 15–18, 2009 Passive Tap Technology Access 100% of your network traffic Access 100% of your network traffic Passive fail-safe operation Passive fail-safe operation Intelligent failure-over Intelligent failure-over Deployed as infrastructure Deployed as infrastructure Recommended by all Recommended by all leading tool vendors leading tool vendors Net Optics TapSpan PortIn-line DeviceHub Handles High Traffic Loads? YesNoMaybeNo Invisible to Attacks?YesNo Remote Configuration? Yes No 100% Traffic Visibility?YesNoYesNo Full-Duplex Traffic?YesLimitedYesNo Point of Failure?No Yes

6 SHARKFEST '09 | Stanford University | June 15–18, 2009 The Passive Monitoring Solution

7 SHARKFEST '09 | Stanford University | June 15–18, 2009 Passive Access Devices One monitoring tool has passive access to one network link. Multiple groups and tools can share access to a network link. Tools can be assigned to any link or automatically scan all links. Tools can view traffic from multiple full-duplex links at one time. Prevent link downtime by connecting in-line appliances through fail-open Bypass Switches. View link utilization, traffic statistics, and alarms via front panel displays and remote interfaces even when a monitoring tool is not connected. Match traffic of interest to appropriate monitoring resources. Network Taps Regeneration Taps Matrix Switches Port & Link Aggregator Taps Bypass Switches Intelligent Tap Technology Filtering Appliances

8 SHARKFEST '09 | Stanford University | June 15–18, 2009 Features: Fiber Taps available in multiple split ratios No power needed Fiber available for ATM / OC3, OC12, GigaBit and 10 GigaBit Support full-duplex monitoring Copper available in 10/100, 1G and 10/100/1G Zero Delay on 10/100BaseT Tap Rack-mountable (with the purchase of rack panels) Secure, passive network access for monitoring devices on any network topology. 10 GigaBit SR Tap 10/100/1000BaseT Tap Copper & Fiber Taps Benefits: Network traffic flows regardless of power availability to the Tap Monitoring devices can be used across multiple network links, preserving existing network connections Hardware becomes hidden from potential attackers providing premium network security Access to all packet types on a link and errors from all layers Access to all packets on a full-duplex link, in real-time

9 SHARKFEST '09 | Stanford University | June 15–18, 2009 What is a Split Ratio? A split ratio is the amount of light a Tap re-directs from the network to the monitor ports. For correct split ratio, a Loss (power) Budget should be calculated Fiber Tap Split Ratios What is a Loss (power) Budget and how do I calculate this? A Loss (power) Budget is the amount of attenuation that can be tolerated on the network and monitor links before the end-to-end data is corrupted. To calculate, you must determine the following: Link Distance, Fiber Type, Launch Power, Receiver Sensitivity, number of interconnects and splices. Optical Power = X Fiber Tap 50/50 Split Ratio Optical Power = X/2 X/2 > Receiver Threshold Sensitivity Router Switch Monitoring Device

10 SHARKFEST '09 | Stanford University | June 15–18, 2009 Emerging 10 GigaBit technology may require upgrades to existing networks. 1 GigaBit10 GigaBit 1GB-SX 62.5µ or 50µ multimode fiber 850nm wavelength 220m distance with 62.5µ fiber, up to 550m with 50µ fiber 10GB-SR 62.5µ or 50µ multimode fiber 850nm wavelength 33m distance with 62.5µ fiber, up to 300m with 50µ laser-optimized fiber 1GB-LX G.652 fiber 1310 nm wavelength Up to 15 kilometers 10GB-LR G.652 fiber 1310 nm wavelength Up to 10 kilometers 1GB-ZX G.652 fiber 1550 nm wavelength Up to 70 kilometers 10GB-ER G.652 fiber 1550 nm wavelength Up to 40 kilometers Fiber Specifications

11 SHARKFEST '09 | Stanford University | June 15–18, 2009 Technology that eliminates the 10 ms delay added to traffic in other Taps when power is lost. This short delay can cascade into longer delays if routers and switches need to renegotiate the link. Zero Delay ensures: No dropped packets No latency is introduced Power loss to the Tap undetectable to network Net Optics Products with Zero Delay 10/100BaseT Taps 10/100BaseT Regeneration Taps 10/100BaseT Link Aggregator Taps 10/100 Zero Delay Technology

12 SHARKFEST '09 | Stanford University | June 15–18, 2009 Typically, full-duplex monitoring with a network tap requires two NICs (or a dual channel NIC) – one interface for each side of the tapped full-duplex connection. A port aggregator Tap combines these streams, sending all aggregated data out a single passive monitoring port. Features: Available for 10/100BaseT, GigaBit copper and GigaBit fiber monitoring devices Supplies full-duplex traffic to a single NIC on the monitoring device DIP switch sets auto-negotiation or fixed speed duplexing 256MB buffer memory controls traffic bursts Available with 2 monitor port option Port Aggregator Taps Benefits: Zero network data stream interference Network Traffic flows regardless of power availability to the tap Hardware becomes hidden from potential attacks providing premium network security Access to all packet types on a link and errors from all layers Enable 24/7 passive monitoring

13 SHARKFEST '09 | Stanford University | June 15–18, 2009 Benefits: Network traffic flows regardless of power availability to the Tap Hardware is hidden from potential attackers, providing premium network security Access to all packet types on a link and errors from all layers Maximize resources and save on access points when multiple devices can monitor link traffic simultaneously through a Regeneration Tap. Secure, passive access for multiple devices means a better return on monitoring investments. In-Line Regeneration Taps Features: 10/100Mbps auto-sensing, GigaBit or 10GigaBit speeds available DIP switch controlled duplex and speed settings (copper) Redundant power supplies Available in 2, 4, and 8 monitor port models, copper and fiber

14 SHARKFEST '09 | Stanford University | June 15–18, 2009 Link Aggregator Taps extend the reach of GigaBit monitoring devices to traffic from multiple Span ports. Aggregating the traffic from multiple switch Span ports greatly increases the coverage of monitoring devices. Features: Use 1G tools on 10G Links Aggregate 1G Links to 10G Tools Monitor up to 10 Network Links Replicate Traffic to 4 Tools Link Aggregator Benefits: Increase Tool ROI Use 10G Tools Efficiently Monitor More Links Simultaneously Share Traffic Access

15 SHARKFEST '09 | Stanford University | June 15–18, 2009 iTap Technology Benefits: Centralized and remote management Enhanced capability Better resource utilization Increased network visibility Information Control Access Features: SNMP integration Passive monitoring / invisible to attacks Utilization statistics

16 SHARKFEST '09 | Stanford University | June 15–18, 2009 Data Monitoring Switch Value - Any-to-Any / Many-to-Many connectivity, filtering to enhance tool performance and speed problem solving.

17 SHARKFEST '09 | Stanford University | June 15–18, 2009 Director™ Benefits: Relieve Oversubscribed Tools Centralize Data Monitoring Leverage Tool Investments Increased Network Visibility Features: TapFlow ™ Multi-Layer Filtering Industry's Highest Port Density Passes all errors including CRC High-speed 10 & 1 Gigabit Ports

18 SHARKFEST '09 | Stanford University | June 15–18, 2009 CLI System Manager Web Manager Management Software Options Web - single device mgmt GUI - MAP wide visibility Command Line Interface Track Link Information Identify bandwidth utilization peaks Baseline traffic statistics Control Access to the Data Enable/disable monitor ports Reset alarm triggers Security (Q2 09’) SNMPv3 RADIUS/TACACS+ System Manager, Web Manager & CLI Software Management

19 SHARKFEST '09 | Stanford University | June 15–18, 2009 Financial Case Study Multi-station Taps Industry: Finance Objective: Provide non-intrusive, zero-latency visibility into network traffic enabling trading transactions to be captured and network issues to be resolved quickly and accurately Approach: Tap into the network with Net Optics multi-station fiber and copper Taps Technology Improvements: 100 percent direct in-line traffic visibility in real time without latency or impact on real-time applications Ability to record transactions for event reconstruction to resolve differences between the Exchange and its members Ability to analyze traffic from multiple vantage points throughout the network simultaneously Business Outcomes: Improved network reliability from “four nines” (99.99% up time) to five nines (99.999% up time) in first year Achieved virtually 100% up time by the end of the third year Improved end user satisfaction by consistently providing more reliable low-latency access into equities, equity options, and futures markets

20 SHARKFEST '09 | Stanford University | June 15–18, 2009 Financial Solution

21 SHARKFEST '09 | Stanford University | June 15–18, 2009 Multi-station Taps Industry: Government Objective: Provide non-intrusive visibility into network traffic to support remote diagnostics Approach: Tap into the network with Net Optics multi-station fiber and copper Taps Technology Improvements: 100 percent direct in-line traffic visibility in real time without latency or traffic impact Deployment of automated tools and control mechanisms Ability to troubleshoot and develop solutions remotely Project Outcomes: Frequent resolution of issues before users are impacted Reduction in number of field services calls dispatched Significantly lowered MTTR Improved end user satisfaction Government Case Study

22 SHARKFEST '09 | Stanford University | June 15–18, 2009 Government Solution

23 SHARKFEST '09 | Stanford University | June 15–18, 2009 InteropNet Case Study Director™ Industry: Information Technology Objective: Provide pervasive monitoring access for InteropNet, the high ‑ performance network serving the Interop Las Vegas and New York conferences Approach: Tap into the InteropNet with an expanded multi-unit system of Net Optics Director Data Monitoring Switches Technology Improvements: Ability to connect any feed to any monitoring tool Reduced access solution footprint Aggregation of feeds down to a single pair Remote visibility and control Business Outcomes: Confident of delivering “101” uptime at Interop Number of help desk tickets reduced Tickets closed faster (MTTR lowered) No open tickets or unsolved cases

24 SHARKFEST '09 | Stanford University | June 15–18, 2009 InteropNet production network (orange and dotted lines) and SpyNet (purple lines) with five Net Optics Director Data Monitoring Switches InteropNet Solution

25 SHARKFEST '09 | Stanford University | June 15–18, 2009 A Monitoring Access Platform Core Workgroup Edge Data Center Build an infrastructure with a strong platform

26 SHARKFEST '09 | Stanford University | June 15–18, 2009 Net Optics Overview Customers 82% of the Fortune 100 45% of the Fortune 500 5700 Global Customers 5 New Customers Every Week Fortune 100 82% 45% Fortune 500 Highlights Founded in 1996 by Eldad Matityahu 50 Quarters of Growth & Profitability 40K Sq. Ft. Santa Clara, CA Corporate HQ and Manufacturing Facility Private Company No VC funding and 90 Employees

27 SHARKFEST '09 | Stanford University | June 15–18, 2009 Thank You www.netoptics.com (408)737-7777

Download ppt "SHARKFEST '09 | Stanford University | June 15–18, 2009 Fundamentals of Passive Monitoring Access June 16, 2009 Dennis Carpio Director of Product Innovation."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.

Leveraging an Integrated ERP and CRM System - Featuring Sage MAS 500 ERP and Sage SalesLogix CRM.
SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, 2009 1:30 pm –

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
Network Systems Sales LLC

Network Systems Sales LLC
M A Wajid Tanveer http://www.IctDirector.com Infrastructure M A Wajid Tanveer http://www.IctDirector.com.

M A Wajid Tanveer Infrastructure M A Wajid Tanveer
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)

IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Non-Intrusive Out-of-Band Network Monitoring Utilizing a Data-Access Switch April 1, 2008 Patrick.
Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.

Network Instruments Troubleshooting Techniques. What to look for in network monitoring solutions… Key Elements Real Time Statistics Visual Network Traffic.
1 GE Consumer & Industrial Multilin MultiLink Hardened Ethernet Communication Switches Ethernet Communication Solutions for the Industrial Automation,

1 GE Consumer & Industrial Multilin MultiLink Hardened Ethernet Communication Switches Ethernet Communication Solutions for the Industrial Automation,
Business Data Communications, by Allen Dooley, (c) 2005 Pearson Prentice HallChapter Six 1 Business Data Communications Chapter Six Backbone and Metropolitan.

Business Data Communications, by Allen Dooley, (c) 2005 Pearson Prentice HallChapter Six 1 Business Data Communications Chapter Six Backbone and Metropolitan.
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Increase Wireshark’s Effectiveness by Tapping your Network Data Wednesday, April 2, 2008 Chris.
Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data

Oracle Data Guard Ensuring Disaster Recovery for Enterprise Data
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 TAP’s Demystified June 16 th 2010 Samuel Battaglia Technical Manager | Network Critical SHARKFEST.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.

RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.
Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Director xStream Intelligent Access and Monitoring Architecture Solutions.
Business Data Communications Chapter Six Backbone and Metropolitan Area Network Fundamentals.

Business Data Communications Chapter Six Backbone and Metropolitan Area Network Fundamentals.
It’s What You Can’t See That Will Sink You

It’s What You Can’t See That Will Sink You

Similar presentations

Ads by Google