gigamon intelligent flow mapping - ndm technologies · ensuring application availability and...
TRANSCRIPT
The Smart Route To Visibility™
1
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
In today’s competitive world where more and more business
critical applications are moving from the physical confines
of the corporate organization to the internet, the availability of,
and access to these applications is expected from anywhere
and at any time. From home, work and all points between,
we are leading “always connected” digital lifestyles.
The responsiveness and availability of critical business
applications and essential IT services is therefore of paramount
concern to IT organizations everywhere. As the market moves
to an always connected existence, the insatiable demands
from customers for ever-higher data, user throughput,
capacity and lower latency require the communications
industry to transform itself.
In order to optimize the design and management of their
network, operators need to fully understand the drivers of
this traffic. Thus obtaining high-quality, fine-grained relevant
data is more important than ever to gain real-time insights into
end-to-end application interdependencies. To this end, service
providers and IT organizations are increasingly turning to the
best-in-class, end-to-end visibility and performance analysis
tools to effectively manage and monitor the security and
performance of the infrastructure.
Introduction
As the rise of multimedia, social media and the Internet of
Things is fueling an exponential growth in data (aka Big Data),
service providers and IT organizations are investing in monitoring
solutions that interpret consumer behavior, detect fraud, monitor
performance and even predict the future with trending analysis!
However all of these systems are only as effective as the
information and traffic that they can see. Limit visibility to the
traffic, and the value of these systems is equally limited. With the
increasing volume and detail of information being moved across
the infrastructure, these tools find themselves drowning under
the volume of traffic. Traffic that might not even be relevant to
the tool!
It not just the volume that defines Big Data—it is the velocity,
the variety and the complexity of that data. Between now and
2020, the sheer volume of digital information is predicted to
increase to 35 trillion gigabytes1—much of it coming from new
sources including blogs, social media, internet search,
and sensor networks—as well as from existing video traffic
and new types of mobile video services. It is all about finding
a needle of value in a haystack of unstructured information.
With millions of traffic flows and tens of hundreds of changes
occurring within the infrastructure on a daily basis, visibility
needs to be pervasive, dynamic and scalable. A key factor in
ensuring application availability and network performance is
having a traffic visibility solution that can efficiently handle huge
volumes of data in real time and thus deliver relevant traffic to
the relevant tool.
Visibility solutions can differ greatly, employing a variety of
filtering mechanisms with varying degrees of efficiency and
performance to deliver the desired set of packets to one or more
monitoring tools. However with the magnitude and complexity
1 IBM (2012), Understanding Big Data Report. McGraw-Hill. Retrieved from http://public.dhe.ibm.com/common/ssi/ecm/en/iml14296usen/IML14296USEN.PDF
The Smart Route To Visibility™
2
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
of current network infrastructures, the challenge is to develop
visibility solutions that can scale to allow 1000’s of diverse
traffic streams originating from a large number of network
traffic sources to be granularly filtered and forwarded to a
variety of monitoring tools and analyzers with zero packet loss.
In this age of Big Data, efficient and scalable traffic distribution
within a visibility solution is key for the monitoring tools and
analyzers to focus on relevant traffic that the tools were
originally designed for.
Connection-based Traffic Filtering
Traditional approaches to visibility typically employ traffic
forwarding based on statically defined “connections.”
These connections are simple one-to-one flows between
network and tool ports where traffic can be filtered with “allow
or deny” operations at both the ingress and egress sides of the
connection thus achieving fairly simple packet distribution.
On the surface it may appear that this method provides
sufficient flexibility to achieve the desired packet distribution.
Closer examination reveals significant limitations that cripple
the device’s capability to work with large volumes of data
and large number of distinct traffic streams. In some cases,
connection-based filtering can be inadequate even with a single
moderately loaded ingress network feed when sending traffic
from high speed network segments to low bandwidth tools.
Ingress Filters
Ingress filters, which are also known as pre-filters, are used
to allow or deny traffic on network or ingress ports. Any traffic
allowed by the filter is sent to all the tool ports at the other end
of the connection. This is fine when all the tools connected to
the egress ports have requirements to view the exact same
packet streams and the total traffic passed by the filters does
not exceed the tool port capacity. However with ingress filters
operating on incoming traffic streams, it is virtually impossible to
granularly filter and forward distinct and unique traffic streams
to different tools/egress ports. E.g. referring to Figure 1, if we
want to send Web traffic to the tool on port A and VoIP traffic
to the tool on port B, we have no choice but to send both
types of traffic to both tool ports. Not only are we wasting the
tools’ precious processing resources to weed out unwanted
information, but if the combined traffic exceeds the tool port
capacity, the device will indiscriminately discard all excess traffic.
Figure 1 Ingress Filters
The Smart Route To Visibility™
3
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
Egress Filters
Egress filters which are also known as post-filters, enable
configuration of egress ports to “allow” focused traffic to
be sent out to the monitoring tools for analysis. These filters
provide relatively superior granular control over the traffic
flows sent out to the monitoring tools, compared to ingress
filters. However the limitation of egress or post-filters occurs
when multiple network ports have connections to the egress
ports. Since all the incoming traffic is getting multicast
across the backplane of the visibility device, you run the risk of
backplane oversubscription and dropped packets. Additionally
packet loss can occur at the egress port if the cumulative traffic
exceeds the bandwidth of the egress port.
These types of solutions also have severe limitations on the
number of egress filters that can be configured on the system,
which further offsets the granular-control benefits that egress
filters have to offer.
An alternative to the above limitations would be to use a
combination of ingress and egress filters to granularly sieve
the information flowing through the solution. However limitations
related to the scalability of forwarding rules, distinct traffic
flows and lack of system-wide capabilities make these
solutions rigid, overly structured and under-engineered in
meeting the visibility demands of today’s complex and
diverse networking infrastructures.
Figure 2 Egress Filters
The Smart Route To Visibility™
4
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
Next-Generation Filtering and Forwarding with Flow Mapping Technology
Packet distribution based on Flow Mapping™ technology takes
high-speed incoming traffic at 1Gb, 10Gb, 40Gb or 100Gb
from a network tap or a SPAN/mirror port and prepares it for
tools and applications that analyze the data to help you secure,
monitor and optimize your network. Flow Mapping eliminates
the necessity to create static connections between the network
and tool ports. Instead, individual packets are forwarded
according to a set of user-defined forwarding rules/map
rules that are optimized to provide the user with far superior
granularity and scalability compared to alternative solutions
available in the market today.
In the example illustrated in Figure1, we would simply have a
map bound to the incoming traffic from the four network ports
with rules that direct all Web traffic to port A and all VoIP traffic
to port B. Since all of the forwarding decisions are made at the
ingress side, no extraneous traffic is ever forwarded to any tool
port and egress filters are not needed.
Thus every network port can receive 100% line-rate traffic
while each tool port can output relevant traffic up to 100% of
the port’s capacity allowing this solution to scale to virtually
any number of ingress network ports. The end result is that
more network ports can send desired traffic to each tool port
and every tool can see more traffic than otherwise would be
possible. This sort of filtering offers a core solution to overcome
the problems associated with Big Data.
Figure 3 The Gigamon Flow Mapping and GigaSMART technologies
The Smart Route To Visibility™
5
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
Industry-Leading Scalability and Performance enabled by Flow Mapping and Stacking
Flow Mapping technology is based around creation of
individual filter map rules. Users can combine thousands
of filter map rules (each with multiple filter criteria) in a logical
order to achieve exactly the packet distribution desired.
Mapping also has the advantage of not counting against
the limited availability of tool port filters common to
competing devices. Hardware driven map rules are optimized,
which allows them to be bound to any number of network ports.
Using the stacking capabilities inherent in the Gigamon® Traffic
Visibility Fabric™, multiple discrete Visibility Fabric Nodes can be
combined into a single “manage as one” fabric via an intuitive
browser-based management UI. Thus users are no longer
limited to the port density of a single chassis. This capability,
when combined with the Visibility Fabric Node’s ability to
implement more than 8000 map rules becomes the most
intelligent and scalable traffic visibility networking solution
available in the market today. No other visibility solution
architecture can reduce the amount of Big Data traffic and
reduce it to manageable levels for tool processing in such a
reliable and manageable manner.
Granular Control over Distinct Traffic Streams
Each rule provides the ability to configure up to 13 unique
criteria based on over 30 predefined Layer 2, Layer 3 and
Layer 4 parameters to tailor delivery of traffic to one or more
monitoring tools. Thus Flow Mapping allows end users to
granularly filter and forward traffic to specific analysis tools
based on source/destination MAC or IPv4/IPv6 addresses,
application port numbers, ethertypes, VLAN IDs protocols,
TOS values, DSCP assured forwarding values and more.
Additionally, forwarding decisions can be made based
on user-defined, custom pattern match filters that can be
applied to search for a specific sequence of bits in the traffic
streams. Network administrators can control how traffic
should be handled once it arrives and where it should be sent.
Applying maps to your data thus ensures that each tool sees
only the traffic that best suits its individual strengths and
nothing else. Tools are made more efficient since they are
presented with only the traffic they need to see—therefore
maximizing their effective throughput and being better able to
process more of the Big Data load per connected tool.
Packet Manipulation and Tool Optimization enabled by GigaSMART and Flow Mapping.
In addition to providing access to critical information,
the packet distribution capabilities of the Visibility Fabric
can be combined with GigaSMART® to process and optimize
the filtered traffic streams before they are sent out to the
monitoring tools. Features such as stripping extraneous
headers, removal of duplicate information in the incoming
streams and extraction of relevant information using packet
slicing can be used to optimize tool performance and improve
monitoring accuracy, as well as allow for greater integration
between the tool layer and the data access layer. Incoming
traffic streams can also be time stamped closest to the source
of the packets allowing performance monitoring tools to
leverage this information to calculate end-to-end latency
and jitter, while preserving link-layer visibility.
With many visibility solutions, these advanced packet
manipulations features are typically applied to all the incoming
traffic and are often limited to a subset of ports on the chassis.
Using the unique and patented Flow Mapping technology,
incoming traffic on any ingress port can be directed to a
GigaSMART operation. These operations can thus be applied
to traffic of interest ingressing on any port of the Traffic Visibility
Fabric Node. Since the GigaSMART operations are tied to the
map rules, the end user has the flexibility to granularly control
the traffic flows over which the GigaSMART operations are
applied. This improves the throughput of tools by allowing the
tool to see only the traffic of interest to it, and by eliminating
the manual steps needed to format the data so tool processor
parsing cycles can be reduced. Thus each tool is better able to
address more of the Big Data load it is presented with.
The Smart Route To Visibility™
6
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved.
Maps also offer some additional features that simple filtering
lack such as:
Virtual Drop Port: The virtual drop port is sort of like the
“Great Packet Graveyard” where you can set up map rules
that look for packets matching specific criteria and
immediately discard them before forwarding to the tool ports.
Collector: The collector, on the other hand, is the
“Everything Else” bucket. It’s where you send packets that
do not match the criteria specified by any of the other map
rules in a flow map.
Conclusion
While new web-based applications and mobile devices
continue to help businesses improve productivity and
empower employees, the challenges related to data mobility,
complexity and volume continue to plague organizations.
The responsiveness and availability of these business
applications become even more critical in the face of ever-
evolving IT infrastructures and usage models. With the
explosive growth in applications and end users leveraging
these applications, generated data traffic will continue to grow
more than ever. Therefore usage methods have to be created to
process Big Data as efficiently as possible.
An efficient, flexible and scalable traffic visibility architecture is
key to overcoming these challenges of real-time processing and
access of Big Data especially in dynamic data environments
from social media to financial institutions and exchanges .
At the same time, to keep pace with the tough demands of
an always-on connected lifestyle where communications,
entertainment and leisure converge and are accessible across
any device, the communications industry continues to evolve.
The rapid emergence of access networks and the evolution of
services (location based, context aware, customizable)
are forcing a paradigm shift in the communications industry.
With interface speeds and bandwidth volumes increasing at
never-before-seen rates, a highly scalable, zero loss,
line-rate filtering and forwarding solution is necessary
for gaining granular subscriber-level intelligence into the
performance of the network; understanding usage and
consumption trends is key to improving the overall Quality
of Experience (QoE) of the end-user such that operators
can remain operationally competitive.
With Gigamon’s unique patented Flow Mapping at the heart of
the Visibility Fabric, traffic streams ranging from 1Gb, 10Gb,
40Gb, and 100Gb, flowing across virtual and physical networks,
can be granularly filtered and aggregated before being replicated
into management tools including Performance Monitors,
Service/Security Monitors or Network Monitors.
Flow Mapping filters intelligently segregate data into different
logical groupings, so that traffic matching either very specific
or very broad parameters is forwarded on to the appropriate
management and monitoring systems. Operators can now
create data distribution maps that direct data from any number
of data access points to any number of monitoring tools at
line rate without data loss—taking on the issues of Big Data
head on. With the Visibility Fabric in place, the monitoring and
security tools that were limited by the number of connection
points and volume of traffic can now deliver their full value.
With end-to-end, access-to-core visibility and detailed analysis
of performance impacting events, operators are empowered
to proactively maintain a subscriber’s QoE while securing the
integrity of the network and satisfying the issues brought on by
continuing and increasing amounts of subscriber data.
The Smart Route To Visibility™
7
Gigamon Intelligent Flow Mapping// White Paper
Copyright © 2013 Gigamon. All rights reserved. Gigamon and the Gigamon logo are trademarks of Gigamon in the United States and/or other countries. Gigamon trademarks can be found at
www.gigamon.com/legal-trademarks. All other trademarks are the trademarks of their respective owners. Gigamon reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Gigamon® | 598 Gibraltar Drive Milpitas, CA 95035 | PH 408.263.2022 | www.gigamon.com
About Gigamon
Gigamon provides an intelligent Traffic Visibility Fabric for
enterprises, data centers and service providers around the
globe. Our technology empowers infrastructure architects,
managers and operators with pervasive visibility and control of
traffic across both physical and virtual environments without
affecting the performance or stability of the production network.
Through patented technologies and centralized management,
the Gigamon GigaVUE portfolio of high availability and high
density products intelligently delivers the appropriate network
traffic to security, monitoring or management systems. With over
eight years’ experience designing and building traffic visibility
products in the US, Gigamon solutions are deployed globally
across vertical markets including over half of the Fortune 100
and many government and federal agencies.
For more information about our Gigamon products visit:
www.gigamon.com