www.gigamon.com

Features and Benefits
  • Share SPAN Ports
  • Aggregate Links
  • Packet Filtering
  • Improve Uptime
  • Immediate ROI
    •
gigamon network diagram data access switch
UC Berkeley on Gigamon

Gigamon - Intelligent Data Access Networking
“The Gigamon data access switch has become an indispensable part of our network infrastructure in EECS. Some of my colleagues refer to it as the ‘Swiss Army Knife’ of the data monitoring game. It is extremely flexible which is mandatory in our dynamic environment. Our internal network topology changes frequently and our monitoring tools must adapt quickly to these changes without burdening staff.”

-– Fred Archibald, Network Manager, Infrastructure Development and Support Group, Electrical Engineering and Computer Sciences, University of California at Berkeley

Fred_Archibald

“Our security officer was pleased and amazed that we could monitor both the old 1 Gig infrastructure and the new 10 Gig infrastructure at the same time with our GigaVUE®-MP.” -- Fred Archibald

Customer Profile - The Department of Electrical Engineering and Computer Sciences (EECS) is the largest department within the College of Engineering which itself is one of the top five professional schools and colleges belonging to the 30,000-student University of California at Berkeley. Whether measured by headcount, operational cash flow, or capital investment and expenditures, EECS is comparable in scale to a typical Fortune-5000 corporation and therefore, not surprisingly, has similar networking requirement and infrastructure.

Challenge #1 - Pervasive Network Awareness

Problem

Although similar in scale, EECS has a very different and unique set of networking challenges when compared to its commercial counterpart. First of all, as with any academic environment, there has to be free and unabridged access to information, which naturally results in openness with the underlying network infrastructure. In addition, EECS has had an exemplary record of being the developer of emerging network protocols and standards, as the incubator for many game-changing upstarts in the Silicon Valley, and perhaps most importantly, as a government and industry sponsored collaborative test site for large-scale deployments of bleeding edge networking technologies (ATM, Ethernet, wireless, etc.).

The end result is that the networking team led by Fred Archibald, Network Manager of the Infrastructure Development and Support Group, has to walk a fine line balancing between two competing sets of agendas. While providing uncompromising perimeter security to the network and preventing intended or unintended internal abuses by students, researchers and even faculty, they cannot permit their network to be so restrictive that it prevents innovation and impedes openness.

In other words, whereas in a corporation, the networking team can easily enforce well publicized rules and regulations based on a single incidence of egregious behavior (i.e., “We have reported you to the HR department because our monitoring equipment has detected that you have transmitted confidential information to our competitor using an unauthorized third party email account, forcing us to deny you further access to our network which should only be a minor inconvenience since you are no longer an employee”); in academia, there has to be more flexibility.

Instead, very often Fred and his team have to rely on persuasion and diplomacy which means that they must be equipped with overwhelming amount of undisputable historical data that not only documents bad behavior but a “pattern” of bad behavior (i.e., “Your late night P2P sessions during the last three nights have been grinding our Internet-2 research network to its knees and if you don’t stop immediately, we will report you to your Professor.”)

Comprehensive historical data requires “Pervasive Network Awareness”, which according to Richard Bejtlich, the author of Extrusion Detection, is the precondition to achieve “A truly defensible network [affording] security administrators … the ability to collect network-based information – from the viewpoint of any node on the network – in order to make necessary decisions.”

PNA is possible only with 24/7 comprehensive network monitoring.

At EECS, the networking team has acquired an extensive array of monitoring appliances, ranging from homegrown intrusion detection system (BRO), botnet detector (FireEye), content security device to protect against web and email viruses and malwares (Anchiva), identity management and unified network access controller (PacketMotion), and finally, protocol analyzer for on-the-spot network troubleshooting (Ethereal), all of which are best-of-breed “out-of-band” monitoring tools designed to secure mission critical networks.

However, ironically, until recent deployment of the Gigamon Data Access Switch, the networking team at EECS has been inundated with an inherent infrastructural limitation that is best described as “Too Many Tools but Not Enough SPAN Ports”. In other words, it is as if the networking team has been given a chest full of state-of-the-art power tools but only one electricity socket so that only one tool could be deployed at any given time.

Solution

The network diagram below shows a simple deployment of the Gigamon switch, which is to multiplex replica traffic from the single SPAN port (of the border router) to provide 24/7 simultaneous support for multiple tools.

Gigamon_network_diagram

Future Benefits

The Gigamon switch has proven to be a versatile tool. Beyond this simple scenario, additional expansion modules are currently being added to the Gigamon switch such that it can be used to tap and aggregate multiple Etherchannel gigabit trunk links (connecting multiple distribution switches to the core) in order to provide a “big pipe” view for the monitoring tools, and to enable customized filtering so that each tool can receive traffic specific to its mission.


Challenge #2 – 10-Gig Network Migration

Problem

As the prerequisite for securing funding for multiple major research projects, the department has committed to a gradual migration to a 10-Gig core network. Eventually, multiple 10-Gig links will be used to interconnect research facilities and classrooms between buildings (Cory Hall and Soda Hall).

The 10-Gig switches and firewalls are already in placed but there is no 10-Gig monitoring tool. Until the 10-Gig network is completely debugged and load-tested, due to the mission critical nature of the core network, it is impossible for Fred and his team to transition over. And yet a tight migration schedule must be met in order for the funded research project to commence.

Solution

Fortunately, the Gigamon switch has a 10-Gig field-upgradeable option. Initially, the Data Access Switch is used only as a “speed shifter” to downshift from 10-Gig to 1-Gig so that existing 1-Gig troubleshooting and security tools can be used in a 10-Gig environment.

gigamon_network_diagram2

Future Benefits

As the 10-Gig core network is brought into production mode and core traffic starts to exceed the limitation of the 1-Gig tool, the Gigamon switch has two powerful options to prevent oversubscription of the lower bandwidth tools.

One is to use built-in packet filters either at the 10-Gig ingress port (pre-filter) or at the 1-Gig egress port (post-filter) to cut down on the monitored traffic.

The second is to use multi-rule mapping filters to load-balance the incoming 10-Gig traffic to multiple 1-Gig tool based on relevant logical attributes (VLAN, Port #, etc.) so that a squadron of 1-Gig tools working in parallel can provide comprehensive coverage for a 10-Gig network (what customers like to refer to as a "reverse aggregator").

10G_core_to_1G_tools

 

About Gigamon Systems

Founded in 2003 by six veterans of network monitoring and telecommunications equipment companies, Gigamon Systems is the inventor and leading provider of Data-Access Switches. Its flagship product, GigaVUE®, can multicast packets from one span or tap to many tools to solve the span port sharing problem. It also can aggregate and intelligently filter packets from many spans or taps to one or multiple tools to solve the problem of monitoring flows across complex mesh topologies and virtual networks. GigaVUE® facilitates unobtrusive parallel tool deployment with network-wide coverage, significantly reducing customers’ capital budgets and yielding immediate ROI benefits.

For more information about Gigamon and their award winning solutions, visit http://www.gigamon.com or call 408-263-2022.

Lovemytool Link