Skip navigation

Intelligent Flow Mapping

Flow MappingWhile many companies claim to offer real-time traffic visibility to network monitoring and security tools, Intelligent Flow Mapping® is the only traffic visibility networking architecture on the market that gives you complete control of your traffic at full line rate speeds. This patented technology was invented by Gigamon, and is found in every GigaVUE® device. Because of Intelligent Flow Mapping Technology, GigaVUE appliances offer superior traffic access than any other hardware based form of ingress or egress filtering offered.  

Flow Mapping packet distribution starts with network ports and ends with tool ports, and is used to include or exclude traffic on connections. Users decide how traffic arriving on network ports should be sent to tool ports. Network administrators decide which traffic should be forwarded, where it should be sent, and how it should be handled once it arrives.  For example, GigaVUE users can include or exclude traffic based on DSCP assured forwarding values, MAC addresses, IPv4/IPv6 addresses, application port numbers, ethertypes, VLAN IDs, protocols, TOS values, and more. GigaVUE maps are hardware-based, performing pattern matching at predefined offsets.

Flow Mapping Technology is based around creation of individual map-rules.  Each rule creation provides the ability to configure up to 13 unique criteria to tailor delivery of your traffic to a specific location.  Applying maps to your data ensures that each tool sees only the traffic that best suits its individual strengths and nothing else.

Below are just some of the abilities/benefits of Flow Mapping:

  • Send only the packets on even source ports to local tool ports
  • Send  only packets matching a user-defined pattern match for a particular MPLS label to local tool port
  • Discard all traffic from a particular IP address
  • Send only non-specific traffic to a local tool port using the collector rule
  • Redirect all traffic to IDS monitors regardless of any filters applied to network ports
  • Ability to create filter maps in advance for instant troubleshooting of specific scenarios.
  • Temporary troubleshooting situations where you want to see all traffic on a port without disturbing any other filter, cross-box filter, Flow Map, or cross-box maps already in place for the port

Each map-rule consist of selection of up to thirteen different parameters, with each directing traffic to one or more tool ports based on different packet criteria. Users can combine thousands of different rules in a logical order to achieve exactly the packet distribution they want. Mapping also has the advantage of not counting against the limited availability of tool port filters common to competing devices. When combined with the GigaVUE device’s ability to implement up to four thousand (4,000) map-rules, this becomes the most intelligent traffic visibility networking solution available.

Traffic arriving at a single network port can be sent to multiple destination tool ports. Maps are useful for overcoming tool port oversubscription when aggregating traffic from multiple network ports.  If two 1Gb connections are sending traffic to a single 1Gb tool port, there are likely to be situations where the tool port would be oversubscribed and drop packets. This can be addressed with maps by removing the parts of the overall data stream that do not interest the particular function of specialized tools. For example, there is no reason for a VoIP analyzer to receive any data not associated with the VoIP protocol or for a Web Performance Monitor to receive SMTP, SNMP, or UDA traffic. This ability greatly improves the processing resources inherent to a particular type of monitoring tool.

When trying to set up a multi-pronged packet distribution strategy, Flow Mapping is the best solution on the market today. Maps offer some important features that simple filtering does not:

  • Virtual Drop Port – The virtual drop port is sort of like the Great Packet Graveyard in the Sky. It’s where you send packets that don’t interest you. You can set up map-rules that look for packets matching specific criteria and immediately discard them before forwarding to the tool ports.

For example, you could set up a map-rule that sends all traffic from a particular source IP address to the virtual drop port.

  • Collector – The collector, on the other hand, is the “Everything Else” Bucket. It’s where you send packets that don’t match the criteria specified by any of the other map-rules in a Flow Map.

For example, suppose you set up a map called VLAN1 that sends traffic from a specific VLAN to a particular tool port, and another VLAN2 to another tool port. Traffic that doesn’t match either of those particular VLANs, still needs a place to be monitored. You can set up a final map-rule that sends all packets not matching the other rules to a designated collector port.

GigaVUE also includes a special pass-all packet distribution command. The pass-all command can be used to send all packets on a network or tool port to another tool port (or multiple tool ports) on the same box, irrespective of the Flow Mapping already in place for the ports. This is particularly useful when you want to send all the traffic from mapped network ports to a security tool that needs to see all unfiltered traffic.