SlideShare une entreprise Scribd logo

Deploying Distributed Traffic Capture Systems

Chris Fenton
Chris Fenton

Distributed Taps are intelligent, hardware-based network traffic capture devices designed to passively tap inline networks or connect to SPAN ports for capturing and forwarding traffic to monitoring or security tools.

TechnologieBusiness
1  sur  4
Télécharger pour lire hors ligne
Deploying Distributed Traffic Capture Systems™ Best Practices for Total Network Visibility White Paper The power of unrestricted visibility. See network traffic in any part or all of the largest distributed networks. The flexibility of integrated visibility. See what you want, wherever you need to see it. In real time, at the packet level. Network visibility is the critical factor in heading off the increasing number of application performance issues, outages, data breaches and attacks against large-scale distributed networks. It is vital to accommodating growth in numbers of users and the implementation of Ethernet speeds to 100 Gigabits per second (Gbps) and beyond. It is essential to meet the demands of government regulation. It is crucial to maximum efficiency and optimization. This white paper explores best practices in designing and deploying a VSS Monitoring Distributed Traffic Capture System. Distributed traffic capture provides total network visibility to your monitoring infrastructure. Total visibility is the only way to achieve complete, proactive network control. Why You Can’t See What’s On Your Network Up to now complete visibility of large Ethernet networks has been infeasible due to the prohibitive cost of deploying analytical devices at every point where network traffic needs to be captured. As a result, at present network traffic is typically monitored locally, using switch SPAN ports and/or inline with network taps. SPAN ports are ubiquitous but in many IT infrastructures there are not enough available for more than minimal monitoring coverage. In addition, SPAN ports tend to drop packets at random when the switch is busy. They can potentially degrade switch performance, especially in full duplex, and, depending on switch configuration and network traffic, drop CRC errors as well as under- and oversized packets. They may attempt to correct bad packets or add packets from other than the links being monitored. If spanning is done with multiple switches as in a large network, it demands complex configuration and can consume additional network ports. In addition, depending on the switch, remote spanning does not support monitoring of several packet types, including bridge protocol data unit packets as well as the Layer 2 packets used in Cisco’s Discovery, VLAN Trunking and Dynamic Trunking protocols. Inline network taps are a direct way to capture traffic without the limitations of SPAN ports but they can present problems of their own. Taps have not had the range of port densities and intelligence–such as selective aggregation, traffic filtering, load balancing and distributed management features–to make them more than a standalone solution. If multiple taps are connected, administrators may need to manage each tap separately, and if one tap fails, the entire traffic capture system may fail. High-speed 10 Gbps taps may not have the port density (low or high) required for a given deployment. And in Gigabit copper networks, where a tap cannot be completely passive since both sides of a link transmit simultaneously, a tap can cause network link failure on tap power loss and restore. With no way to get a centralized view over a LAN down to Layer 2, SLAs for real-time applications such as video, VoIP, financial transactions and other critical applications cannot be assured and enterprises cannot comply with regulations requiring a true-and-complete copy of transactions and lawful intercepts. This situation is exacerbated by the need to use existing Gigabit monitoring infrastructure for cost reasons even as 10 Gbps switches continue to be rolled out at the core and access layers. With distributed traffic capture, more than one view of the network can exist simultaneously. Administrators can define a centralized monitoring view of all network traffic as well as additional segmented views of network physical topology and/or traffic types. Multiple instances of these views may be established for different monitoring groups, such as security and performance operations, call center managers, and specific central or branch office administrators. 1
Virtual Traffic Capture A Distributed Traffic Capture System comprises intelligent traffic capture devices deployed anywhere they need to be, architected between network infrastructure and the analytical equipment as one virtual system. In this way traffic capture closely meshes with the network’s topology. The Distributed Traffic Capture System collects a copy of traffic at any point and sends it in real time to centralized monitoring tools. Monitoring Systems VSS Distributed Access Platform Communications Infrastructure Because it functions as one system, distributed traffic capture offers network monitoring, for the first time, fault tolerance, ultra low latency, infinite flexibility and full optimization. A Distributed Traffic Capture System not only adapts as rapidly as conditions require but also delivers multiple views of the network simultaneously, so that each monitoring group can see the view appropriate to its function. 2
How to Deploy Distributed The additional capabilities of vStack+’s redundant mesh topology introduces a few choices that the traffic capture Traffic Capture architect will need to make. First is to specify the desired level The best deployment of a Distributed Traffic Capture System of redundancy. Triple redundancy is adequate in all but the is one designed to exploit its core capabilities: flexibility, most critical installations. Second is to design contingency redundancy, monitoring optimization. plans should the traffic capture system default to slower speeds and increased number of hops in the event that multiple high- Flexibility speed links between traffic capture devices fail. One of the A Distributed Traffic Capture System collapses the hierarchical most important elements in this is to set alerts to be generated schema of traditional network monitoring architecture by by a change in link status, and to have these alerts sent to virtualizing traffic capture. As a result more than one view of IT personnel, as well as, if desired, to third-party monitoring the network can exist simultaneously. This allows administrators companies via multiple methods: pager, text message, and to define a centralized monitoring view of all network traffic email. as well as additional segmented views of network physical topology and/or traffic types. Multiple instances of these Monitoring Optimization views may be established for one or more monitoring groups, By providing real time granular control of the traffic capture such as security and performance operations, call center process a Distributed Traffic Capture System can significantly managers, specific central or branch office administrators, enhance the ROI of monitoring infrastructure and the people etc. As conditions require, these parameters may be rapidly who administer it. reconfigured. The traffic capture architect should use the system’s data Before implementing a traffic capture system, a network grooming capabilities–especially selective aggregation, traffic capture architect should think about which views are filtering, and load balancing–to maximize the traffic reaching the most important given the speeds, nature of traffic and its each analytical device, ensuring that each device is fully location in the network’s core, distribution, access and/or subscribed to only its traffic of interest. Examples of these gateway layers, the analytical equipment on hand and to be decisions include splitting voice and data signaling traffic to implemented, the level of traffic-capture redundancy required, respective analyzers, sending the same traffic to analyzers in and how the traffic capture and monitoring systems will be different regions, and using multiple 1-Gigabit analyzers to managed–e.g., permission levels for management views of monitor a 10 Gbps stream. device configurations and port assignments–and the personnel available for monitoring. Designing a Distributed Redundancy A Distributed Traffic Capture System’s mesh topology is fault- Traffic Capture System tolerant. VSS Monitoring’s vStack+™ technology auto discovers The design of a Distributed Traffic Capture System is oriented link failures and re-routes the copied traffic automatically, to the requirements of the monitoring devices. Four types of using the highest speed links and lowest number of hops. commonly used passive monitoring equipment are intrusion This capability eliminates the pitfalls associated with similar detection systems, performance monitors, service assurance topologies in network IP routing, such as convergence time tools and data recording devices. Each of these devices may and route flap as well as the need to manage routing tables. need to see only certain slices of traffic, such as HTTP, voice, video, signaling, or VLAN tagged packets, and from only The redundant mesh topology also offers a number of selected network segments or the entire network. advantages over traditional connectivity approaches for traffic capture devices such as daisy chaining or stacking. Each of Design also varies by need. Key design criteria for traffic these introduces a single point of failure (if one traffic capture capture are similar to those of an IP network. They include: device fails the entire traffic capture system fails). In addition, availability, efficiency, lower latency, optimization, security, their serial connectivity increases latency, requires that each stability and throughput. Each organization should decide its traffic capture device be configured separately, as if it were own prioritization of these criteria depending on the services standalone, and limits their management to a single campus. delivered and to whom they are delivered. 3
In general, design criteria that traffic capture architects should take into account include: ƒ The number of networks being monitored. ƒ Whether their media are copper, fiber or mixed. ƒ The location and number of capture points, whether SPAN ports or inline. ƒ The speed for each link associated with a capture point. ƒ The type and volume of traffic to be monitored. ƒ The performance capability/bandwidth of the analytical equipment and its location. ƒ Available rack space. ƒ The topologies of traffic capture depending on desired visibility and redundancy: full mesh, star and/or star-mesh hybrid. The most efficient design process for a Distributed Traffic Capture System usually follows these steps: 1) Determine the traffic your monitoring tools must see. 2) Identify the traffic capture points. 3) Map the capture points to the best combinations of port densities, speeds and grooming capabilities of the traffic capture device connected to that capture point. Do this for each monitoring view desired. 4) For each view, at the traffic capture distribution layer configure the monitor output ports to send traffic customized for each monitoring device. An additional factor to take into account is how the traffic capture device handles Gigabit failover on copper media should the device lose power. A traffic capture architect should ensure that the device will failover quickly enough, typically less than 100 milliseconds, so as not to cause link loss. Gigabit traffic capture devices may cause a momentary link failure when power is lost or restored. This can disrupt time-sensitive traffic and cause unnecessary spanning tree and routing changes, with additional delays due to network reconfiguration. VSS Monitoring’s vAssure™ reduces normal Gigabit fail-over time to ≤ 100ms (typically 30-60ms), helping ensure that packet-sensitive applications running on copper media, such as VoIP and Video on Demand, continue to function uninterrupted and at specified quality-of-service levels. VSS traffic capture devices are the fastest in link switch-over and the only ones that do not cause link loss. The key to effective monitoring is being able to scale a growing number of analytics systems across a growing number of capture points. A Distributed Traffic Capture System offers the flexibility, redundancy and monitoring optimization necessary to cost-effectively achieve unrestricted visibility. USA Japan China (Corporate HQ) + 81 422 26-8831 phone + 86 10 6563- 7771 phone + 1 650 697 8770 phone + 81 422 26-8832 fax + 86 10 6563- 7775 fax + 1 650 697 8779 fax T’s Loft 3F, 1-1-9, C519, 5 Floor, 1850 Gateway Drive, Suite 500 Nishikubo, Musashino, CBD International Tower San Mateo, CA 94404 Tokyo, 180-0013 16 Yong’An Dong Li, USA Japan Beijing, China 100022 www.vssmonitoring.com www.vssmonitoring.co.jp www.vssmonitoring.com.cn VSS Monitoring, Inc. is the world’s leading innovator of Distributed Traffic Capture Systems and network taps, focused on meeting the rapidly evolving requirements of security and performance conscious network professionals. Distributed Traffic Capture Systems herald a new architecture of network monitoring, one which fundamentally improves its capability and price-performance. VSS, Distributed Traffic Capture System, vAssure, vStack+, and LinkSafe are trademarks or registered trademarks of VSS Monitoring, Inc. in the United States and other countries. Any other trademarks contained herein are the property of their respective owners. © Copyright 2003 – 2011. VSS Monitoring Inc. All rights reserved. 1200 -20110127.1703r-003

Recommandé

Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
VSS Monitoring
 
Localization & management of sensor networks
Localization & management of sensor networksLocalization & management of sensor networks
Localization & management of sensor networks
Rushin Shah
 
Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/Ixia
Network Performance Channel GmbH
 
Ly3421472152
Ly3421472152Ly3421472152
Ly3421472152
IJERA Editor
 
Wireless sensors networks protocols
Wireless sensors networks protocolsWireless sensors networks protocols
Wireless sensors networks protocols
Rushin Shah
 
Control aspects in Wireless sensor networks
Control aspects in Wireless sensor networks Control aspects in Wireless sensor networks
Control aspects in Wireless sensor networks
Rushin Shah
 
Software Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic EngineeringSoftware Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic Engineering
QuEST Global (erstwhile NeST Software)
 
Transport control protocols for Wireless sensor networks
Transport control protocols for Wireless sensor networksTransport control protocols for Wireless sensor networks
Transport control protocols for Wireless sensor networks
Rushin Shah
 

Recommandé

Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monito...
VSS Monitoring
 
Localization & management of sensor networks
Localization & management of sensor networksLocalization & management of sensor networks
Localization & management of sensor networks
Rushin Shah
 
Command Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/IxiaCommand Your Data Center - Net Optics/Ixia
Command Your Data Center - Net Optics/Ixia
Network Performance Channel GmbH
 
Ly3421472152
Ly3421472152Ly3421472152
Ly3421472152
IJERA Editor
 
Wireless sensors networks protocols
Wireless sensors networks protocolsWireless sensors networks protocols
Wireless sensors networks protocols
Rushin Shah
 
Control aspects in Wireless sensor networks
Control aspects in Wireless sensor networks Control aspects in Wireless sensor networks
Control aspects in Wireless sensor networks
Rushin Shah
 
Software Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic EngineeringSoftware Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic Engineering
QuEST Global (erstwhile NeST Software)
 
Transport control protocols for Wireless sensor networks
Transport control protocols for Wireless sensor networksTransport control protocols for Wireless sensor networks
Transport control protocols for Wireless sensor networks
Rushin Shah
 
Gts case study_gaz_systems
Gts case study_gaz_systemsGts case study_gaz_systems
Gts case study_gaz_systems
GTS_Central_Europe
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
deawoo Kim
 
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
Chinnasamy C
 
Traqs full-package
Traqs full-packageTraqs full-package
Traqs full-package
GlobeServices
 
Unit 33-routing protocols for wsn
Unit 33-routing protocols for wsnUnit 33-routing protocols for wsn
Unit 33-routing protocols for wsn
Deepika,Assistant Professor,PES College of Engineering ,Mandya
 
SDN
SDNSDN
SDN
ABHAY PRATAP SINGH JAMWAL
 
Performance and traffic management for WSNs
Performance and traffic management for WSNsPerformance and traffic management for WSNs
Performance and traffic management for WSNs
University of Technology - Iraq
 
Performance management leaflet
Performance management leafletPerformance management leaflet
Performance management leaflet
nerdic
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
Yatindra shashi
 
Smart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POVSmart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POV
Gord Reynolds
 
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
IJNSA Journal
 
IJSRED-V1I1P4
IJSRED-V1I1P4IJSRED-V1I1P4
IJSRED-V1I1P4
IJSRED
 
1 s2.0-s1877050915029002-main
1 s2.0-s1877050915029002-main1 s2.0-s1877050915029002-main
1 s2.0-s1877050915029002-main
Rahul Singh
 
Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...
Editor Jacotech
 
Mac protocols for ad hoc wireless networks
Mac protocols for ad hoc wireless networks Mac protocols for ad hoc wireless networks
Mac protocols for ad hoc wireless networks
Divya Tiwari
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor network
A. Shamel
 
NexTech - WAN Options
NexTech - WAN OptionsNexTech - WAN Options
NexTech - WAN Options
Kapil Sabharwal
 
High Speed Networks - Applications in Finance
High Speed Networks - Applications in FinanceHigh Speed Networks - Applications in Finance
High Speed Networks - Applications in Finance
Omar Bashir
 
Song of the bee
Song of the beeSong of the bee
Song of the bee
Rashida Rehman
 
Next Plane - federation solutions for Unified Communications
Next Plane - federation solutions for Unified CommunicationsNext Plane - federation solutions for Unified Communications
Next Plane - federation solutions for Unified Communications
ClaireMS1
 
Transport zrównoważony
Transport zrównoważonyTransport zrównoważony
Transport zrównoważony
guestc5669d
 
transport_zrównoważony
transport_zrównoważonytransport_zrównoważony
transport_zrównoważony
guestc5669d
 

Contenu connexe

Tendances

2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
Chinnasamy C
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
Yatindra shashi
 
Smart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POVSmart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POV
Gord Reynolds
 
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
IJNSA Journal
 
Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...
Editor Jacotech
 

Tendances (18)

Gts case study_gaz_systems
Gts case study_gaz_systemsGts case study_gaz_systems
Gts case study_gaz_systems
 
Wireless sensor network
Wireless sensor networkWireless sensor network
Wireless sensor network
 
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
2014 IEEE Network Simulations(NS-2&NS-3) based Network Communication Projects
 
Traqs full-package
Traqs full-packageTraqs full-package
Traqs full-package
 
Unit 33-routing protocols for wsn
Unit 33-routing protocols for wsnUnit 33-routing protocols for wsn
Unit 33-routing protocols for wsn
 
SDN
SDNSDN
SDN
 
Performance and traffic management for WSNs
Performance and traffic management for WSNsPerformance and traffic management for WSNs
Performance and traffic management for WSNs
 
Performance management leaflet
Performance management leafletPerformance management leaflet
Performance management leaflet
 
SDN Control Plane scalability research proposal
SDN Control Plane scalability research proposalSDN Control Plane scalability research proposal
SDN Control Plane scalability research proposal
 
Smart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POVSmart Grid Operational Services Where To Start Five Foundational Elements POV
Smart Grid Operational Services Where To Start Five Foundational Elements POV
 
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
Performance of Vehicle-to-Vehicle Communication using IEEE 802.11p in Vehicul...
 
IJSRED-V1I1P4
IJSRED-V1I1P4IJSRED-V1I1P4
IJSRED-V1I1P4
 
1 s2.0-s1877050915029002-main
1 s2.0-s1877050915029002-main1 s2.0-s1877050915029002-main
1 s2.0-s1877050915029002-main
 
Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...Survey on energy efficiency in wireless sensor network using mac protocol wit...
Survey on energy efficiency in wireless sensor network using mac protocol wit...
 
Mac protocols for ad hoc wireless networks
Mac protocols for ad hoc wireless networks Mac protocols for ad hoc wireless networks
Mac protocols for ad hoc wireless networks
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor network
 
NexTech - WAN Options
NexTech - WAN OptionsNexTech - WAN Options
NexTech - WAN Options
 
High Speed Networks - Applications in Finance
High Speed Networks - Applications in FinanceHigh Speed Networks - Applications in Finance
High Speed Networks - Applications in Finance
 

En vedette

Transport zrównoważony
Transport zrównoważonyTransport zrównoważony
Transport zrównoważony
guestc5669d
 
transport_zrównoważony
transport_zrównoważonytransport_zrównoważony
transport_zrównoważony
guestc5669d
 
25a tp3 taller_de_pintura
25a tp3 taller_de_pintura25a tp3 taller_de_pintura
25a tp3 taller_de_pintura
guest55ae66
 
PresentacióN Power Point Freinet
PresentacióN Power Point FreinetPresentacióN Power Point Freinet
PresentacióN Power Point Freinet
guesta466655
 

En vedette (8)

Song of the bee
Song of the beeSong of the bee
Song of the bee
 
Next Plane - federation solutions for Unified Communications
Next Plane - federation solutions for Unified CommunicationsNext Plane - federation solutions for Unified Communications
Next Plane - federation solutions for Unified Communications
 
Transport zrównoważony
Transport zrównoważonyTransport zrównoważony
Transport zrównoważony
 
transport_zrównoważony
transport_zrównoważonytransport_zrównoważony
transport_zrównoważony
 
thao-luan
thao-luanthao-luan
thao-luan
 
Chup anh cuoi Tuan Chau - Ngoc Trung - Minh Minh
Chup anh cuoi Tuan Chau - Ngoc Trung - Minh MinhChup anh cuoi Tuan Chau - Ngoc Trung - Minh Minh
Chup anh cuoi Tuan Chau - Ngoc Trung - Minh Minh
 
25a tp3 taller_de_pintura
25a tp3 taller_de_pintura25a tp3 taller_de_pintura
25a tp3 taller_de_pintura
 
PresentacióN Power Point Freinet
PresentacióN Power Point FreinetPresentacióN Power Point Freinet
PresentacióN Power Point Freinet
 

Similaire à Deploying Distributed Traffic Capture Systems

A Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCPA Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCP
IJMREMJournal
 
A Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCPA Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCP
IJMREMJournal
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
Javier Guillermo, MBA, MSc, PMP
 
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
Anand Raj
 
Network Monitoring and Traffic Reduction using Multi-Agent Technology
Network Monitoring and Traffic Reduction using Multi-Agent TechnologyNetwork Monitoring and Traffic Reduction using Multi-Agent Technology
Network Monitoring and Traffic Reduction using Multi-Agent Technology
Eswar Publications
 
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKSA SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
ijdpsjournal
 
Analysis Of Wireless Sensor Network Routing Protocols
Analysis Of Wireless Sensor Network Routing ProtocolsAnalysis Of Wireless Sensor Network Routing Protocols
Analysis Of Wireless Sensor Network Routing Protocols
Amanda Brady
 
A Proposal for End-to-End QoS Provisioning in Software-Defined Networks
A Proposal for End-to-End QoS Provisioning in Software-Defined NetworksA Proposal for End-to-End QoS Provisioning in Software-Defined Networks
A Proposal for End-to-End QoS Provisioning in Software-Defined Networks
IJECEIAES
 
Enabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
Enabling Active Flow Manipulation in Silicon-based Network Forwarding EngineEnabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
Enabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
Tal Lavian Ph.D.
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
Angela Hays
 

Similaire à Deploying Distributed Traffic Capture Systems (20)

Software defined optical communication
Software defined optical communicationSoftware defined optical communication
Software defined optical communication
 
IRJET-A Survey on congestion control with TCP network
IRJET-A Survey on congestion control with TCP networkIRJET-A Survey on congestion control with TCP network
IRJET-A Survey on congestion control with TCP network
 
A Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCPA Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCP
 
A Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCPA Machine Learning based Network Sharing System Design with MPTCP
A Machine Learning based Network Sharing System Design with MPTCP
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
 
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
Ema best practices_for_utilizing_network_monitoring_switches_in_cisco_environ...
 
Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...
 
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
 
Network Monitoring and Traffic Reduction using Multi-Agent Technology
Network Monitoring and Traffic Reduction using Multi-Agent TechnologyNetwork Monitoring and Traffic Reduction using Multi-Agent Technology
Network Monitoring and Traffic Reduction using Multi-Agent Technology
 
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKSA SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
A SCALABLE MONITORING SYSTEM FOR SOFTWARE DEFINED NETWORKS
 
Analysis Of Wireless Sensor Network Routing Protocols
Analysis Of Wireless Sensor Network Routing ProtocolsAnalysis Of Wireless Sensor Network Routing Protocols
Analysis Of Wireless Sensor Network Routing Protocols
 
A Proposal for End-to-End QoS Provisioning in Software-Defined Networks
A Proposal for End-to-End QoS Provisioning in Software-Defined NetworksA Proposal for End-to-End QoS Provisioning in Software-Defined Networks
A Proposal for End-to-End QoS Provisioning in Software-Defined Networks
 
Using fuzzy logic control to provide intelligent traffic management service f...
Using fuzzy logic control to provide intelligent traffic management service f...Using fuzzy logic control to provide intelligent traffic management service f...
Using fuzzy logic control to provide intelligent traffic management service f...
 
NUVX Technologies general solutions
NUVX Technologies general solutionsNUVX Technologies general solutions
NUVX Technologies general solutions
 
Unit 4 for PG PAWSN
Unit 4 for PG PAWSNUnit 4 for PG PAWSN
Unit 4 for PG PAWSN
 
Load balancing in_5_g_networks
Load balancing in_5_g_networksLoad balancing in_5_g_networks
Load balancing in_5_g_networks
 
Architecture evolution for automation and network programmability
Architecture evolution for automation and network programmabilityArchitecture evolution for automation and network programmability
Architecture evolution for automation and network programmability
 
Enabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
Enabling Active Flow Manipulation in Silicon-based Network Forwarding EngineEnabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
Enabling Active Flow Manipulation in Silicon-based Network Forwarding Engine
 
50120130405013
5012013040501350120130405013
50120130405013
 
Critical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems WorldwideCritical Information Infrastructure Systems Worldwide
Critical Information Infrastructure Systems Worldwide
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Deploying Distributed Traffic Capture Systems

  • 1. Deploying Distributed Traffic Capture Systems™ Best Practices for Total Network Visibility White Paper The power of unrestricted visibility. See network traffic in any part or all of the largest distributed networks. The flexibility of integrated visibility. See what you want, wherever you need to see it. In real time, at the packet level. Network visibility is the critical factor in heading off the increasing number of application performance issues, outages, data breaches and attacks against large-scale distributed networks. It is vital to accommodating growth in numbers of users and the implementation of Ethernet speeds to 100 Gigabits per second (Gbps) and beyond. It is essential to meet the demands of government regulation. It is crucial to maximum efficiency and optimization. This white paper explores best practices in designing and deploying a VSS Monitoring Distributed Traffic Capture System. Distributed traffic capture provides total network visibility to your monitoring infrastructure. Total visibility is the only way to achieve complete, proactive network control. Why You Can’t See What’s On Your Network Up to now complete visibility of large Ethernet networks has been infeasible due to the prohibitive cost of deploying analytical devices at every point where network traffic needs to be captured. As a result, at present network traffic is typically monitored locally, using switch SPAN ports and/or inline with network taps. SPAN ports are ubiquitous but in many IT infrastructures there are not enough available for more than minimal monitoring coverage. In addition, SPAN ports tend to drop packets at random when the switch is busy. They can potentially degrade switch performance, especially in full duplex, and, depending on switch configuration and network traffic, drop CRC errors as well as under- and oversized packets. They may attempt to correct bad packets or add packets from other than the links being monitored. If spanning is done with multiple switches as in a large network, it demands complex configuration and can consume additional network ports. In addition, depending on the switch, remote spanning does not support monitoring of several packet types, including bridge protocol data unit packets as well as the Layer 2 packets used in Cisco’s Discovery, VLAN Trunking and Dynamic Trunking protocols. Inline network taps are a direct way to capture traffic without the limitations of SPAN ports but they can present problems of their own. Taps have not had the range of port densities and intelligence–such as selective aggregation, traffic filtering, load balancing and distributed management features–to make them more than a standalone solution. If multiple taps are connected, administrators may need to manage each tap separately, and if one tap fails, the entire traffic capture system may fail. High-speed 10 Gbps taps may not have the port density (low or high) required for a given deployment. And in Gigabit copper networks, where a tap cannot be completely passive since both sides of a link transmit simultaneously, a tap can cause network link failure on tap power loss and restore. With no way to get a centralized view over a LAN down to Layer 2, SLAs for real-time applications such as video, VoIP, financial transactions and other critical applications cannot be assured and enterprises cannot comply with regulations requiring a true-and-complete copy of transactions and lawful intercepts. This situation is exacerbated by the need to use existing Gigabit monitoring infrastructure for cost reasons even as 10 Gbps switches continue to be rolled out at the core and access layers. With distributed traffic capture, more than one view of the network can exist simultaneously. Administrators can define a centralized monitoring view of all network traffic as well as additional segmented views of network physical topology and/or traffic types. Multiple instances of these views may be established for different monitoring groups, such as security and performance operations, call center managers, and specific central or branch office administrators. 1
  • 2. Virtual Traffic Capture A Distributed Traffic Capture System comprises intelligent traffic capture devices deployed anywhere they need to be, architected between network infrastructure and the analytical equipment as one virtual system. In this way traffic capture closely meshes with the network’s topology. The Distributed Traffic Capture System collects a copy of traffic at any point and sends it in real time to centralized monitoring tools. Monitoring Systems VSS Distributed Access Platform Communications Infrastructure Because it functions as one system, distributed traffic capture offers network monitoring, for the first time, fault tolerance, ultra low latency, infinite flexibility and full optimization. A Distributed Traffic Capture System not only adapts as rapidly as conditions require but also delivers multiple views of the network simultaneously, so that each monitoring group can see the view appropriate to its function. 2
  • 3. How to Deploy Distributed The additional capabilities of vStack+’s redundant mesh topology introduces a few choices that the traffic capture Traffic Capture architect will need to make. First is to specify the desired level The best deployment of a Distributed Traffic Capture System of redundancy. Triple redundancy is adequate in all but the is one designed to exploit its core capabilities: flexibility, most critical installations. Second is to design contingency redundancy, monitoring optimization. plans should the traffic capture system default to slower speeds and increased number of hops in the event that multiple high- Flexibility speed links between traffic capture devices fail. One of the A Distributed Traffic Capture System collapses the hierarchical most important elements in this is to set alerts to be generated schema of traditional network monitoring architecture by by a change in link status, and to have these alerts sent to virtualizing traffic capture. As a result more than one view of IT personnel, as well as, if desired, to third-party monitoring the network can exist simultaneously. This allows administrators companies via multiple methods: pager, text message, and to define a centralized monitoring view of all network traffic email. as well as additional segmented views of network physical topology and/or traffic types. Multiple instances of these Monitoring Optimization views may be established for one or more monitoring groups, By providing real time granular control of the traffic capture such as security and performance operations, call center process a Distributed Traffic Capture System can significantly managers, specific central or branch office administrators, enhance the ROI of monitoring infrastructure and the people etc. As conditions require, these parameters may be rapidly who administer it. reconfigured. The traffic capture architect should use the system’s data Before implementing a traffic capture system, a network grooming capabilities–especially selective aggregation, traffic capture architect should think about which views are filtering, and load balancing–to maximize the traffic reaching the most important given the speeds, nature of traffic and its each analytical device, ensuring that each device is fully location in the network’s core, distribution, access and/or subscribed to only its traffic of interest. Examples of these gateway layers, the analytical equipment on hand and to be decisions include splitting voice and data signaling traffic to implemented, the level of traffic-capture redundancy required, respective analyzers, sending the same traffic to analyzers in and how the traffic capture and monitoring systems will be different regions, and using multiple 1-Gigabit analyzers to managed–e.g., permission levels for management views of monitor a 10 Gbps stream. device configurations and port assignments–and the personnel available for monitoring. Designing a Distributed Redundancy A Distributed Traffic Capture System’s mesh topology is fault- Traffic Capture System tolerant. VSS Monitoring’s vStack+™ technology auto discovers The design of a Distributed Traffic Capture System is oriented link failures and re-routes the copied traffic automatically, to the requirements of the monitoring devices. Four types of using the highest speed links and lowest number of hops. commonly used passive monitoring equipment are intrusion This capability eliminates the pitfalls associated with similar detection systems, performance monitors, service assurance topologies in network IP routing, such as convergence time tools and data recording devices. Each of these devices may and route flap as well as the need to manage routing tables. need to see only certain slices of traffic, such as HTTP, voice, video, signaling, or VLAN tagged packets, and from only The redundant mesh topology also offers a number of selected network segments or the entire network. advantages over traditional connectivity approaches for traffic capture devices such as daisy chaining or stacking. Each of Design also varies by need. Key design criteria for traffic these introduces a single point of failure (if one traffic capture capture are similar to those of an IP network. They include: device fails the entire traffic capture system fails). In addition, availability, efficiency, lower latency, optimization, security, their serial connectivity increases latency, requires that each stability and throughput. Each organization should decide its traffic capture device be configured separately, as if it were own prioritization of these criteria depending on the services standalone, and limits their management to a single campus. delivered and to whom they are delivered. 3
  • 4. In general, design criteria that traffic capture architects should take into account include: ƒ The number of networks being monitored. ƒ Whether their media are copper, fiber or mixed. ƒ The location and number of capture points, whether SPAN ports or inline. ƒ The speed for each link associated with a capture point. ƒ The type and volume of traffic to be monitored. ƒ The performance capability/bandwidth of the analytical equipment and its location. ƒ Available rack space. ƒ The topologies of traffic capture depending on desired visibility and redundancy: full mesh, star and/or star-mesh hybrid. The most efficient design process for a Distributed Traffic Capture System usually follows these steps: 1) Determine the traffic your monitoring tools must see. 2) Identify the traffic capture points. 3) Map the capture points to the best combinations of port densities, speeds and grooming capabilities of the traffic capture device connected to that capture point. Do this for each monitoring view desired. 4) For each view, at the traffic capture distribution layer configure the monitor output ports to send traffic customized for each monitoring device. An additional factor to take into account is how the traffic capture device handles Gigabit failover on copper media should the device lose power. A traffic capture architect should ensure that the device will failover quickly enough, typically less than 100 milliseconds, so as not to cause link loss. Gigabit traffic capture devices may cause a momentary link failure when power is lost or restored. This can disrupt time-sensitive traffic and cause unnecessary spanning tree and routing changes, with additional delays due to network reconfiguration. VSS Monitoring’s vAssure™ reduces normal Gigabit fail-over time to ≤ 100ms (typically 30-60ms), helping ensure that packet-sensitive applications running on copper media, such as VoIP and Video on Demand, continue to function uninterrupted and at specified quality-of-service levels. VSS traffic capture devices are the fastest in link switch-over and the only ones that do not cause link loss. The key to effective monitoring is being able to scale a growing number of analytics systems across a growing number of capture points. A Distributed Traffic Capture System offers the flexibility, redundancy and monitoring optimization necessary to cost-effectively achieve unrestricted visibility. USA Japan China (Corporate HQ) + 81 422 26-8831 phone + 86 10 6563- 7771 phone + 1 650 697 8770 phone + 81 422 26-8832 fax + 86 10 6563- 7775 fax + 1 650 697 8779 fax T’s Loft 3F, 1-1-9, C519, 5 Floor, 1850 Gateway Drive, Suite 500 Nishikubo, Musashino, CBD International Tower San Mateo, CA 94404 Tokyo, 180-0013 16 Yong’An Dong Li, USA Japan Beijing, China 100022 www.vssmonitoring.com www.vssmonitoring.co.jp www.vssmonitoring.com.cn VSS Monitoring, Inc. is the world’s leading innovator of Distributed Traffic Capture Systems and network taps, focused on meeting the rapidly evolving requirements of security and performance conscious network professionals. Distributed Traffic Capture Systems herald a new architecture of network monitoring, one which fundamentally improves its capability and price-performance. VSS, Distributed Traffic Capture System, vAssure, vStack+, and LinkSafe are trademarks or registered trademarks of VSS Monitoring, Inc. in the United States and other countries. Any other trademarks contained herein are the property of their respective owners. © Copyright 2003 – 2011. VSS Monitoring Inc. All rights reserved. 1200 -20110127.1703r-003