Eliminating Blind Spots and Enhancing Monitoring in presence of MPLS

MPLS operates at a layer that is generally considered to lie between traditional definitions of layer 2 (data link layer) and layer 3 (network layer), and thus is often referred to as a “layer 2.5” protocol. But the benefits of MPLS comes with a price tag of reduced visibility of monitoring and security tools that were not designed to handle “layer 2.5” protocols

Many network monitoring, analysis, and security tools are either unable to handle or have limitations when handling MPLS traffic. Those tools were designed without thinking about the increasing adoption of MPLS in large organizations’ networks. Thus, the presence of MPLS protocols in the packet streams can restrict and even limit the ability of monitoring and security tools to perform requested (and required) filtering and load balancing tasks.
Learn more how Net Optics Eliminates MPLS-Generated Blind Spots using Phantom HD here>>
 
-- Sharon 
xBalancer Software Version 3.2.0 preview

xBalancer 3.2.0 was released from engineering last week and is now being tested by our early adopters. I expect that it will be released to the public no later than tomorrow. 

  • Load Balancing Multicast: Using xBalancer  load balancing multicast, one can deliver network traffic to multiple tool groups  while load balancing the traffic independently with each group. It allows to load balance incoming traffic to several Load Balancing Groups. Incoming traffic is multi-casted to these groups without the need to use external regeneration taps, port replicators or loopback cables. 
  • Incremental Filters: With xBalancer 3.2.0 one can change filter policies without worrying about hitting the traffic when filter order is changed. Using this feature, xBalancer will always handle filters in hitless fashion 
  • Packet Slicing:  Packet slicing slices packets when the tool that don’t require complete packets. Using this feature, systems will processes fewer bits while still keeping needed portions of each packet. In some cases this feature will improve the efficiency of protocol analysis, sniffer, and network optimization tools and will increases the capacity of forensic recording tools
  • SFP+ statistics: Providing detailed information collected from the fiber optic/copper modules including date code, cable length, and real time diagnostics  
  • Automatic configuration of optical modules: The network port speed and the Phy driver/receiver parameters are configured automatically based on the SFP/SFP+ type (one can change this setting manually).  
 
Here's a sample configuration showing how to use some of the new advanced features in a very simple fashion from CLI. The WebUI fully supports those functions as well:
 
In this use case, a customer would like to take networking traffic and use two sets of tools (inline deployments) for IPS and another Web Application Firewall that will only measure HTTP traffic headers, so packet slicing is needed.

 

! Example config using Load Balancer multicasting
! and packet slicing.
! 
! One LBG will get HTTP traffic the other LBG
! will get all traffic.
!
! Traffic going to the HTTP LBG will be mirrored
! to port 24 with its packets truncated to 128 bytes
!
! Enable all ports
port 1-24 admin enable
!
! Internally tag packets entering ports 1 and 2
! These tags will be stripped when egressing ports 1 and 2
port 1 vlan 4001
port 2 vlan 4002
port 1-2 ingress_tag stack
!
! Configure the monitor ports to keep (on egress)
! the vlan tag added on ports 1 and 2.
port 17-23 egress_tag keep_added
!
! Set up port 24 as mirror destination port with
! packet truncation size 128 bytes
mirror group 1 dst_port 24 truncate size 128
!
! Two load balancing groups
!  LBG 1 gets HTTP traffic
!  LBG 2 gets all traffic
lbg 1 ports 17,18,19
lbg 2 ports 20,21,22
!
! Mirror packets from ports 17,18,19 (lbg 1 ports) to mirror group 1 (port 24)
port 17-19 mirror group 1
!
! Redirect packets with multicast dstMac to inline network port
filter rule 1 in_ports 1 action redir redir_ports 2 mac_dst 01:00:00:00:00:00 mac_dst_mask 01:00:00:00:00:00
filter rule 2 in_ports 2 action redir redir_ports 1 mac_dst 01:00:00:00:00:00 mac_dst_mask 01:00:00:00:00:00
!
! Return from monitor ports to network ports based on vlan tag
filter rule 11 in_ports 17-23 vlan 4001 action redir redir_ports 2
filter rule 12 in_ports 17-23 vlan 4002 action redir redir_ports 1
!
! Load balance HTTP traffic coming into ports 1 and 2 to both LBGs
filter rule 20 in_ports 1-2  l4_dst_port 80  action lb  groups 1,2
!
! Load balance all traffic to coming into ports 1 and 2 to LBG 2
filter rule 21 in_ports 1-2  action lb  group 2
 
Virtualization’s Impact on Network Management and Monitoring

Phantom Virtulization Taps - Virtual Taps for Total VisibilityIn recent years, we’ve watched virtualization adoption and deployment gather momentum across the board. The emergence of virtualization in all areas of the enterprise data center has resulted in a concurrent, exponential growth of server density. At the same time, transition to Remote Desktops and VDI technologies has driven user computing consolidation in various areas. Both trends (server virtualization and desktop transition) have deep implications for traditional computing, networking and the surrounding ecosystem.

Virtualization accelerates the growth rate and mobility of the data center, compounding the challenges faced by administrators even as it dramatically enhances and expands capacity. 

Let’s visit a simple example at the rack level: several years ago a rack of 10 physical servers simply meant that administration was responsible for 10 servers. Nowadays, the same rack (in many cases with the exact same hardware equipment) can house 10 physical hypervisors with 20-30 servers residing on each, resulting in expansion of administrative responsibilities by 2500%. We hear from administrators, operations executives and security teams that the lack of “visible” growth is creating understaffing situations in all areas of IT. 

As a result of this sweeping expansion, IT organizations must look to a variety of tools to help administer and simplify the management of this growing computing and networking infrastructure. Clearly, the breadth and depth of virtual environments is much greater than those of comparable physical environments. To address these changes, Net Optics is focused on the state of network access, management and monitoring in both physical and virtual networks.

Many of our customers are avid users and consumers of monitoring and access solutions in the physical network. Since we launched the Phantom Virtualization Tap about 18 months ago, we have learned that virtual network monitoring is a topic that falls between the cracks of current corporate IT departments. In many well-managed enterprises we find (and often help the organization realize) that no one is accountable for the virtual networks and the operations aspect of their performance. Network teams that are designated as responsible for the network tend to focus only on the physical network. The VMware team is responsible for the hypervisor infrastructure. The piece that consists of the inner network of the virtual environment is somewhere in between (the cracks). Cisco has introduced the Nexus 1000V virtual switch, an integral part of the Nexus product line, to help expose the cracks. However, adoption is minimal and growing slowly. What we conclude from the trends we now see is that virtual networks are still somewhat of a conundrum that is yet to unfold and be addressed. 

As the virtualization eco-system grows, many instrumentation layer tools are being developed for hypervisors and virtual machines. What we are witnessing, however, is a lack of the higher level view accommodating the de-facto reality of convergence. Today, no organization is either fully physical or fully virtual. No large organization is a single vendor shop. Multiple hypervisors, multiple virtual network device vendors, and a variety of tools exist, and many organizations deploy more than one solution to address the same need. There is currently no standard that everyone adheres to, and even networking protocols are varied and incompatible with one another or with the surrounding tools.

When we came to design our monitoring and access solution for virtual environments, we had more than the mere technical challenge of designing a solution. We needed, in addition, to evaluate the eco-system, trends and directions of virtualization. Within 24 months, three of the major players released advanced networking solutions to allow the bridging of virtual machines to and from the physical network and passing via hypervisor networking. VN-tag, VX-Lan and FabricPath are three of several new mechanisms developed to optimize speed, routing and switching of packets traversing the virtual and physical segments. Although technologically advanced, those tools impede the existing tools and require additional tools or stripping.

Net Optics’ solutions are developed with two goals: provide total access capabilities and enable unrestricted monitoring at any tool of choice, whether virtual or physical.

Learn more about Net Optics Phantom Virtualization Tap

 

Top 5 Ways to Enhance Your Cisco Environment @ CiscoLive 2012

Top Five Ways to Enhance Your Cisco Environment with Sharon Besser

Get The Secrets You'll Want to Know

When it comes to Cisco technology, most of us have wondered if we could do more to get the most out of our investments. Are we aware of

all the "hidden gems"—advantages tucked away within the architecture that could put us ahead of the game with relatively little effort?

Five Ways to Say Eureka!

Recently, Sharon Besser delivered a talk at Cisco Live in which he presented the Top Five efficiency gems that can be a real bonanza for your Cisco investment. In this video he shares those configuration and design tips here for using Cisco technology to the utmost in monitoring and security. In addition, he discusses ways to use access switching and built-in Cisco features more effectively. Finally, the video covers key points to consider in relation to data center operation, interconnect and security.

Day 2: Microsoft Tech-Ed 2012 - Orlando

Microsoft Tech Ed

After the welcoming ceremonies, and letting the dust settle from Day 1, we picked up right where we left off - continuing technical conversations and providing in-depth demos to the many Tech-Ed attendees looking to maximize their datacenter’s potential.  One common theme noticed: they all realized that they were nowhere near fully utilizing their environments capacity and came to Orlando hoping to go home with a better understanding on how to increase productivity. Just ask Ward Bell if you don’t believe me…..

Like the many before him (and after), it was a immense challenge pinpointing utilization issues without getting a full visible assessment of their infrastructure.  Back when times were simpler, you could toss a dart blind folded and hit your target 9 out of 10 times.  Funny how quickly times have changed- there are now so many more moving parts and it definitely didn’t stop with technology and this ‘new’ thing they call virtualization and THE cloud!  It used to just be the server, the NIC, and the physical network.  But now we have virtual servers, virtual NIC’s, and virtual switches (oh my! surprise), before we finally land on the physical uplinks.  Microsoft’s Hyper-V was a savior for companies looking to reduce operating costs and scale out more applications with greater efficiency. But the limited views of the virtual networks made it difficult for their instrumentation layer tools to see the different types of traffic being passed.  Our Phantom Virtualization Tap supported VMware, XenServer, KVM, Oracle and now Microsoft’s Hyper-V to allow Systems/Network admins regain that visibility they once had.

 

Again, for all those that haven’t visited us yet – make sure to stop by Net Optics at booth #342 and pick up some cool giveaways!  The ‘light saber’ to fight the dark side of network invisibility……mwahahaha devil (insert evil laugh here!)

 

David Pham

Sr. Solutions Engineer

 

 

First day at Microsoft Tech Ed 2012

Microsoft Tech EdFirst Day at Microsoft Tech Ed 2012

There are 12,000 people here at Tech-Ed 2012 in Orlando. It is sometimes easy to forget that Microsoft’s biggest annual even draws so many attendees and that the learning boot camp type event is very popular among those who are being referred to as “softies” (nothing to do with consistency laugh ).

The event this year is all about Windows 8. Windows Server 2012. The Cloud. In Orlando, many smart people are explaining how the three are going to change the future of computing as we know it. The best trade show shirt I saw today reads: “We were here when a cloud just meant rain”. Gotta love it.

Our booth - if you are reading this and happen to be in Orlando – come see us in booth #342 - was hectic. We had hundreds (!!) of people stop by today (see the picture below) to hear about our Phantom virtualization Tap, Server 2012 and hyper-V extensible switch. This was the first major trade show where many of those who visited us at the booth were looking for hypervisor agnostic monitoring and access solution. Many of them are looking to increase their Hyper-V 2012 deployment and look for seamless integration and total visibility.

David Pham spent most of his day providing demos and answering questions, Chelsea was busy conversing and scanning the visitors and I; I had to unwrap all kind of cool giveaways to help the masses remember our first strong appearance at Microsoft Tech-Ed.

Visit our product page for more details about the growing family of Phantom Virtualization Tap.

-ran

 

Net Optics Spyke: Interop Tokyo Finalist for Best of Show Awards in Two Categories.

Net Optics Spyke: Interop Tokyo Finalist for Best of Show Awards in Two Categories.

Interop Tokyo 2012のBest of Show Awardの2つのカテゴリにおいて、ネットオプティクス社のNPM製品Spykeが最終選考に選ばれました。

When Net Optics was asked to contribute 8 of our products to ShowNet 2012, the prestigious NOC behind Interop Tokyo 2012, we were delighted to meet their request. The International Net Optics team spanning from Sydney to California pulled together and worked within some tricky deadlines to get 7 x 40G taps and 1 Spyke unit out to our Japanese reseller and onto the ShowNet floor, ready for ”hot stage”.

Imagine our delight when we were informed that out of the hundreds of submissions that were made for show awards we had be named as finalists in not one, but the two following categories:


Monitoring Management & Testing -  マネジメントモニタリング&テスティング

ShowNet Demonstration - デモンストレーション



This is the second time that Spyke has been recognised by the Interop brand. Last month in May Spyke was an integral part in InteropNet, the NOC behind Interop Las Vegas, and was one of three finalists for a Best of Interop award.



Dave Britt, Director of APM Technology, explained the role that Spyke will play in the ShowNet NOC:



Spyke will provide ShowNet with more than just basic Network Performance Monitoring for traffic on the Interop Tokyo floor. In addition to the traditional network and application performance information, Spyke provides sophisticated deep packet inspection to provide a rich set of reports on actual application usage and performance. Spyke has the ability to identify specific user activity, monitoring a broad range of applications such as web mail, instant messaging and VoIP and display that data in an intuitive way on the streamlined dashboard. We bring to ShowNet the ability to look at traffic but also to analyze what users are doing and how applications are actually being used.



Interop Tokyo Best of Show winners will be announced on the 13th of June, during the week of Interop Tokyo.
 

Interop Tokyo and ShowNet are held at Makuhari Messe, Chiba Japan, 12th – 15th June 2012.

Don’t Miss It! Now’s Your Chance to Get the Expert Lowdown on Your Cisco Network

Sharon Besser - Cisco Live! 6/12/2012

These days, we’re all striving—sometimes struggling!—to build out a secure, well-monitored network. Maybe your issue is meeting Service Level Agreements, or you’re diving into the complexities of; Cisco MACSec, Nexus 1000v Visibility, OpenFlow vs. OpenSwitch, and NetFlow Analysis. Now you can hear the nuts-and-bolts from an expert at Cisco Live. Hear Net Optics VP of Technology, Sharon Besser, share some often-overlooked ways to get around hurdles, beat the obstacles and get the most from your Cisco investment. 

See Sharon deliver the "Top Five Ways to Enhance Your Cisco Environment – The Secrets You Need to Know”

Solutions Theater Presentation – Tuesday, 6/12 at 4:15pm to 4:25pm

Sharon discusses key points related to data center operation, interconnections and security. You might not even know about these “hidden gems” that years of experience and insight have revealed. Now you can get them all in one short talk—and speak directly with Sharon about the ins and outs of your own implementation too, if you like. Don’t miss this short-and-sweet way to an optimized network. It’s time well spent!