Today’s networks are waging a ceaseless battle against an army of ingenious and fast-evolving advanced threats. Companies must be well-provisioned to deploy a quick, decisive and network-wide response to attacks. Protecting the network demands robust monitoring that is actually built into the network architecture. Learn how to build scalable network protection and improve overall security and performance of network.
Blind spots are commonly caused by these common issues: lack of SPAN ports, dropped and duplicated packets, oversubscribed security and performance tools, unseen inter-VM traffic and more.
Ixia developed a highly scalable Visibility Architecture that helps eliminate those blind spots while providing resilience and control without complexity. Ixia's new Visibility Architecture, is founded on a comprehensive product portfolio which includes:
- Network TAPs (aggregation, regeneration, 1/10/40/100G)
- Bypass Switches (for inline security deployments, 1/10/40G)
- Network Packet Brokers (intelligent filtering, load-balancing, de-duplication, matrix switching)
- Virtual TAPs (for full Virtual Network visibility)
Join NPC and Ixia to learn how Visibility Architecture helps speed application delivery and enables effective troubleshooting and monitoring for network security, application performance, and service level agreement (SLA) fulfilment — and allows IT to meet compliance mandates.
2. www.np-channel.com
2
Webinar information
• Q&A session:
• Please ask all questions in your chat
window, we will try to answer them all
• Survey:
• Please fill in the survey after webinar
for a chance to win an Ixia branded
Ogio backpack
3. www.np-channel.com
3
Mihajlo Prerad is a visionary IT and Telecommunications
professional with several years of experience and
expertise in the field of Network and Application
Security, Monitoring and Performance.
Today‘s presenter
Regional Sales Manager,
Network Performance Channel
Regional Sales Manager,
IXIA
Donatus Schmid is an experienced IT Sales professional
with more than 30 years of experience in IT and
Telecommunications industry, previously working in
companies like Oracle and Sun Microsystems.
4. www.np-channel.com
4
• Brief Introduction
• Key trends and challenges
• Where the blind spots are created?
• Building a Visibility Architecture
• Key components
• Key features
• Ixia Visibility Portfolio
Agenda
5. www.np-channel.com
5
About NPC
We are global value-added distributor specialized in providing
intelligent network monitoring and security access solutions
We are subsidiary of BRAINFORCE Holding AG (founded 1983.)
which has more than 800 employees and 75M€ yearly revenue
Based near Frankfurt, Germany and Salzburg, Austria
10+ years of experience in Channel Sales and Marketing
We are an international and multinational company with a
growing team of 10+ professionals
7. www.np-channel.com
The MOST TRUSTED names
in networking
Service Providers trust IXIA to:
Improve and speed service delivery
Speed roll out of next gen services
Improve network and application visibility
and performance
Equipment Manufacturers trust IXIA to:
Develop next generation devices
Speed time to market
Improve performance and reliability
Enterprises trust IXIA to:
Assess vendor equipment and applications
Improve network security posture
Improve network and application visibility
and performance
Chip Fabricators trust IXIA to:
Validate protocol conformance
Speed time to market
trust
Test
Security
Visibility
Slide 7
9. www.np-channel.com
9
Network growing faster than tools!
0% 10% 20% 30% 40% 50%
100M
1G
10G
40G
100G
Current Planned in 12 months
Maximum networking link speeds within data center / core networks
* by EMA research
10. www.np-channel.com
10
How big is that growth?
Walmart collects over 1 million transactions every hour.
This data is streamed into massive data stores currently
containing over 2.5 petabytes of data.
13. www.np-channel.com
13
Growing number of tools
0% 10% 20% 30% 40% 50% 60%
Network Performance Monitor
Data Loss Prevention
Intrusion Detection / Prevention
Troubleshooting / Packet Analyzers (e.g. packet
“sniffers”)
Compliance Monitor
Data / Packet Recorder
Application Performance Monitor
VoIP / UC / Video Analyzer
Current Planned in 12 months
Types of tools attached to NVCs/NPBs
* by EMA research
20. www.np-channel.com
20
Traditional access methods don‘t work!
1. Dropping packets
2. High switch CPU and memory load
3. Doesn‘t forward L1/L2 errors
4. Needs to be configured
5. Mixing source/destination information
6. Limited number of SPAN ports
7. Compliance issues
8. Distorts packet arrival times
SwitchSwitch
1. Potential single point of failure
2. Expensive 1-tool-1-link deployment
3. Relocating means link downtime
23. www.np-channel.com
23
Answer is: Visibility Architecture
ESX Stack
Hypervisor
Phantom
Monitor™
V Switch
vm 1 Vm 2 Vm 3
Director
Aggregation
Ixia’s Visibility Architecture
Advanced Packet Distribution
Aggregation and regeneration
Intelligent Filtering
Bypass switching
Packet Slicing & DeDuplication
Total Network Visibility
26. www.np-channel.com
26
Use Network TAP instead of SPAN
Switch
Benefits
• 100% visibility, no dropped packets
• Doesn’t affect switch CPU and memory
• Plug-and-play — no configuration required
• Permanent access: no need to break the link
each time you need to remove tool
• Forwards important L1 and L2 errors
• Dual power supplies: keeps the network link
up and running in case of power failure
• Doesn’t change packet arrival times
Firewall
Analyzer
Switch
27. www.np-channel.com
27
Protect in-line deployments with Bypass Switch
Benefits
• Protects the network from IPS link,
application, and power outages
• SNMP (v2c, v3) traps indicate status
changes for system, link, power, and
threshold
• Intelligent Heartbeat packets:
continuous check of IPS health!
• Removes link downtime: ensures
traffic flow when appliance is offline
• RMON statistics and LCD display
• Redundant power supplies
SwitchFirewall
IPS
Switch
31. www.np-channel.com
31
Any tool – Any time!
SFP and SFP+ support
Automatically converts data rates
for any mix of 10 Gigabit and 1
Gigabit network and tool ports
Mix copper and fiber, 1G and 10g
in the same platform!
Modular Interface Flexibility
32. www.np-channel.com
32
Aggregation
Problem: too many network links/segments, expensive to deploy
Solution: aggregate multiple inputs into few outputs
10 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps 1 Gbps
1 Gbps1 Gbps
35. www.np-channel.com
35
Load Balancing
LB Group 2LB Group 1
• Sharing 10G link to many 1G tools
• Link can be tapped with a bypass
switch for additional protection
Switch
IPS 1
Firewall Router
IPS 2 IPS 3 IPS 4 IPS 5 IPS 6
1G 1G 1G 1G 1G 1G
36. www.np-channel.com
36
Time stamping
Problem: In applications like high frequency trading, legal obligations or routing
the monitoring data over a long distance to the tool it is important to know when
the packet has arrived at the monitoring switch.
37. www.np-channel.com
37
Packet Slicing
Problem:
In many cases only the header is needed for analyzing. Forwarding a 1500byte packet to a
probe does consume more memory at the disk than a 64byte packet.
Solution:
Remove unnecessary payload and decrease the load of the probe
MAC IP Data FCS
MAC IP FCS
46. www.np-channel.com
46
Network Access Products
Products Key Benefits
FLEX TAP (fiber)
1G, 10G, 40G
100G
FlexTap
• High Density Design saves rack space,
All-optical design, All split ratios
available, 24 Taps in 1U
Copper TAP
(Zero Delay)
Gig Zero Delay Tap
• Passive copy of traffic
• Zero Delay ensures no traffic loss
Bypass Switches
iBypass HD
• Failsafe/failover for up to eight tools
• High availability network
Regeneration TAP
10 GigaBit Regeneration Tap
• Replicates traffic for up to eight
monitoring tools
Aggregation TAP
iTap Dual Port Aggregator
• Aggregation and tool sharing
47. www.np-channel.com
47
• Fiber models, fully passive, no power supplies
• Supported speeds: 1G, 10G, 40G, 100G
• 24 TAP‘s in 1U chassis
• Industry first 100G TAP
Flagship product: FlexTAPTM
48. www.np-channel.com
48
Network Packet Broker products
Products Key Benefits
1G/10G
Load
Balancing xStream 40
• Distribute traffic to multiple tools for
parallel processing
1G/10G
Monitoring
Switch Director xStream / Director / Director PRO
• Combined feature set: Tap,
Aggregation, Regeneration, Static
Load Balancer
40G
Monitoring
Switch xStream 40
• Aggregation, Regeneration
• Deep Packet Inspection
• L2-7 Filtering
1G/10G
Aggregation iLink Agg xStream
• Aggregates multiple traffic streams for
monitoring by a single tool
40G
Load
Balancing iLink Agg xStream 40
• Distributes the traffic from 40G link to
multiple tools for parallel processing
50. www.np-channel.com
50
NTO Portfolio
211x5204
Carrier-Class/NEBS
High Performance
10/40/100G
Advanced
1/10G
Entry
Flexible, scalable, high density
100G, 40G & 10G
4x 100G, 16 x 40G, or 64 x 10G
High-density, Carrier-Grade
100G, 40G & 10G (NEBS)
4x 100G, 16 x 40G, or 64 x 10G
EnterpriseCapability
5236 5273
5288 5293
10G networks (NEBS)
24 x 10G
High-performance 10G
24 x 10G
Small Enterprise
4 x 10G + 20 x 1G
Flexible &
Scalable
10/40/100G
ControlTower Architecture
16 x 40G, or 64 x 10G
5268
Medium Enterprise
10/1G + Advanced
ControlTower Architecture
16 x 40G, or 64 x 10G
5260/3
55. www.np-channel.com
55
Challenges in Virtual Monitoring
Virtualization Creates
Security, Monitoring and
Compliance Risks
• No visibility into inter-VM
traffic, vulnerabilities or
threats
• Lacks auditing of data
passing between virtual
servers
• Inability to pinpoint
resource utilization issues
Server
VM
Server
VM
Server
VM
vSwitch
pNIC pNIC
Physical
Network
56. www.np-channel.com
56
Phantom Virtual TAP
vm1 vm2 vm3
Physical Network
Security &
Monitoring
Physical Host
Server
ESX Virtual Stack with
Phantom Installed
Phantom
Controller
(VM)
Enables Security, Performance
Monitoring and Compliance
• 100% visibility of inter-VM traffic
• Kernel implementation—no need
for SPAN Ports / Promiscuous
Mode on Cisco v1000
• Bridges virtual traffic to physical
monitoring tools
Phantom Virtual Tap
Virtual Switch
( ie, Cisco 1000V
)
57. www.np-channel.com
57
Phantom Benefits
• Multilayer L2-L4 filtering: IP (src&dst), MAC, protocol, port, VLAN...
• Enables regeneration and aggregation of traffic without impacting the
performance (low CPU and memory usage)
• Provides inter-VM traffic visibility
• Supported by all major hypervisors:
o VMWare 4.x and 5.x
o Citrix Xen 5.x, Microsoft Hyper-V, Oracle VM 3.0, ....
• vMotion migration support
• Generates important L2 & L3 statistics: network activity summary (packet
count, utilization, etc.), top protocols, top talkers, sources, destinations and
connections
58. www.np-channel.com
58
Virtual and Physical Convergence
ES
X
App
OS
VM1
Hypervisor
App
OS
VM2
App
OS
VM2
V Switch
Phantom™
Manager
KV
M
App
OS
VM1
Hypervisor
App
OS
VM2
App
OS
VM2
V Switch
Phantom™
Manager
XE
N
App
OS
VM1
Hypervisor
App
OS
VM2
App
OS
VM2
V Switch
Phantom™
Manager
Tunnel
IDS
NGFW Protocol
Analyzer
DLP
Net Optics Director™
Net Optics Phantom™ HD
Physical Server
Physical Server
LAN/WAN
Manager
59. www.np-channel.com
Carrier Networks
Wired and Mobile
Data Center
Private Cloud
Virtualization
Core
Remote Office
Branch Office
Campus
Network
Operations
Performance
Management
Security
Admin
Server Admin
Audit &
Privacy
Forensics
Visibility Architecture
App
Aware
Out of
Band
NPB
Network
Taps
Element
Mgmt
Virtual
& Cloud
Access
Policy
Mgmt
Inline
NPBInline
Bypass
Session
Aware Data
Center
Automation
Network
Access
Packet
Brokers
Applications Management
http://www.ixiacom.com/solutions/network-visibility/
60. www.np-channel.com
Net Optics Confidential and ProprietaryNet Optics Confidential and Proprietary
Thank you! Questions?
Mihajlo Prerad
Regional Sales Manager
e: mihajlo.prerad@np-channel.com
t: +43 664 831 6674