Traditionally, network management and monitoring was based on classification by Layer 3 IP address (to determine users) and by Layer 4 port (to determine applications). This was a fairly reliable method when users typically had static IP addresses and the applications used well-defined ports. However in today’s environment, static IP address assignment is not the norm (thanks to DHCP addressing) and certain applications use non-standard ports, including port-hopping, making it nearly impossible to monitor solely on IP address and Layer 4 port information. In addition, as organizations continue to adopt collaborative applications hosted off-premise, a large amount of traffic is encapsulated or tunneled.
The overall impact of encapsulated traffic on the tool’s bandwidth and compute cycle is significant and has steadily increased, especially within data centers and across geographical networks. Protocol awareness and the ability to look beyond Layer 4 packet information (content awareness) is a core requirement to accurately classify the monitored traffic and distribute it across the monitoring and analytic tools.
Adaptive Packet Filtering is an optional extension of GigaSMART® technology and provides a powerful filtering engine that identifies content (based on signature or patterns) across any part of the packet, including the packet payload. Adaptive Packet Filtering also enables the capability to filter on specific encapsulation protocol parameters including GTP tunnel ID, VXLAN ID, and VN-Tag src/dst vif Id to name just a few. In addition, operators also have the capability of looking beyond the encapsulation protocols into the original (encapsulated) packet, to filter on source / destination IP or Layer 4 port numbers.
With the traffic complexity introduced by today’s network applications, adaptive packet filtering—an optional extension of GigaSMART technology—provides a powerful filtering engine that identifies content (based on signature or patterns) across any part of the packet, including the packet payload. These patterns can be as simple as a static string at a user configured offset, or an extremely complex Perl Compatible Regular Expression (PCRE) at a variable offset.
In order to complement the mobility brought about by the virtualized server infrastructure, network virtualization overlays like VXLAN, VN-Tag, and NVGRE are being designed and implemented in data centers and enterprise environments. Across service provider environments, huge volumes of traffic are being tunneled over GTP. The Gigamon Visibility Fabric™ offers the option to strip out or remove these headers, thus providing visibility to monitoring tools that do not understand these overlays and encapsulation protocol.
With Adaptive Packet Filtering, this capability is further enhanced where operators have the option of making forwarding decisions based on the encapsulation and inner packet contents. Adaptive Packet Filtering enables the capability to filter on specific encapsulation protocol parameters including GTP tunnel ID, VXLAN ID, and VN-Tag src/dst vif ID to name just a few. In addition, operators also have the capability of looking beyond the encapsulation protocols into the original (encapsulated) packet, to filter on source/destination IP or Layer 4 port numbers. With fragmentation awareness, Gigamon’s Adaptive Packet Filtering function can ensure that all IP fragments associated with the filtered packet is always forwarded to the same tool to enable a complete view of the traffic stream for accurate analytics.