Adaptive Packet Filtering

Adaptive Packet Filtering

 

Challenges with Traffic Complexity in Enterprise and Service Providers

Traditionally, network management and monitoring was based on classification by Layer 3 IP address (to determine users) and by Layer 4 port (to determine applications). This was a fairly reliable method when users typically had static IP addresses and the applications used well-defined ports. However in today’s environment, static IP address assignment is not the norm (thanks to DHCP addressing) and certain applications use non-standard ports, including port-hopping, making it nearly impossible to monitor solely on IP address and Layer 4 port information. In addition, as organizations continue to adopt collaborative applications hosted off-premise, a large amount of traffic is encapsulated or tunneled.

The overall impact of encapsulated traffic on the tool’s bandwidth and compute cycle is significant and has steadily increased, especially within data centers and across geographical networks. Protocol awareness and the ability to look beyond Layer 4 packet information (content awareness) is a core requirement to accurately classify the monitored traffic and distribute it across the monitoring and analytic tools.

Gigamon Solution—Adaptive Packet Filtering

Adaptive Packet Filtering is an optional extension of GigaSMART® technology and provides a powerful filtering engine that identifies content (based on signature or patterns) across any part of the packet, including the packet payload. Adaptive Packet Filtering also enables the capability to filter on specific encapsulation protocol parameters including GTP tunnel ID, VXLAN ID, and VN-Tag src/dst vif Id to name just a few. In addition, operators also have the capability of looking beyond the encapsulation protocols into the original (encapsulated) packet, to filter on source / destination IP or Layer 4 port numbers.

Key Benefits

  • Enhanced Visibility into Tunneled Application Flows
    • Enhanced security across overlay networks
    • Granular control over traffic flows to monitoring tool infrastructure
  • Optimize Monitoring Tool Rails
    • Enable selective reduction in traffic to monitoring tools
    • Enhanced tool performance with reduced traffic loads
  • Offload Basic Application Identification to the Visibility Fabric
    • Identify applications based on one or more combinations of packet contents, ports and/or URLs
    • Visibility into flows tunneled over HTTP

Content-based Filtering

With the traffic complexity introduced by today’s network applications, adaptive packet filtering—an optional extension of GigaSMART technology—provides a powerful filtering engine that identifies content (based on signature or patterns) across any part of the packet, including the packet payload. These patterns can be as simple as a static string at a user configured offset, or an extremely complex Perl Compatible Regular Expression (PCRE) at a variable offset.

Feature Details – Content-based Filtering

  • Filtering Based on Packet Contents beyond Layer 2/Layer 3/ Layer 4 Headers Including: URLs, Patterns in BitTorrent Packets, etc., as well as Enable Basic Application Identification such as Applications Running on Non-standard Ports (HTTP, FTP, SSH)
  • Flexible Engine: Option to custom Define Signatures and Reuse across Multiple Forwarding Rules
  • Flexible Actions: Filter and Forward to Specific Tools

Encapsulation Awareness

In order to complement the mobility brought about by the virtualized server infrastructure, network virtualization overlays like VXLAN, VN-Tag, and NVGRE are being designed and implemented in data centers and enterprise environments. Across service provider environments, huge volumes of traffic are being tunneled over GTP. The Gigamon Visibility Fabric™ offers the option to strip out or remove these headers, thus providing visibility to monitoring tools that do not understand these overlays and encapsulation protocol.

With Adaptive Packet Filtering, this capability is further enhanced where operators have the option of making forwarding decisions based on the encapsulation and inner packet contents. Adaptive Packet Filtering enables the capability to filter on specific encapsulation protocol parameters including GTP tunnel ID, VXLAN ID, and VN-Tag src/dst vif ID to name just a few. In addition, operators also have the capability of looking beyond the encapsulation protocols into the original (encapsulated) packet, to filter on source/destination IP or Layer 4 port numbers. With fragmentation awareness, Gigamon’s Adaptive Packet Filtering function can ensure that all IP fragments associated with the filtered packet is always forwarded to the same tool to enable a complete view of the traffic stream for accurate analytics.

Feature Details – Encapsulation Awareness

  • Intelligent Filtering across Advanced Encapsulation Headers including: VXLAN ID, ERSPAN ID, GRE Key, VN-Tag src/dst vif ID, list ID, VLAN ID in QinQ, MPLS Labels and GTP Tunnel ID
  • Inner Packet Filtering of Encapsulated Flows
    • Layer 2 Headers including Ethertype, src/dst MAC addresses, and VLAN IDs (across QinQ)
    • Layer 3 Headers including src/dst IPv4/IPv6 addresses, IP Version, IP Fragmentation, TOS, DSCP, TTL, and IPv6 Flow Labels
    • Layer 4 Headers including src/dst Ports and TCP Flags
  • Match across One or a Combination of Filtering Parameters
    • Supported across five layers of encapsulation
    • Support for GigaSMART operations in combination with adaptive packet filtering

 

SHARE