Whitepapers - How to Segregate & Load Balance 10G Traffic to 1G Tools

The latest Internet phenomenon Web 2.0 is transforming the World Wide Web from a

collection of static portals to a dynamic interactive medium ideally suited for commerce,

advertising, grass-root content creation, as well as on-demand multimedia consumption.

Besides the critical mass in broadband adoption and wireless accessibility, an important

enabling factor for Web 2.0 is the commoditization of high speed networking technology.

Whereas in the 2000, service providers struggled with deploying expensive 100-Meg Fast

Ethernet switching technology, today they have all but transitioned to Gigabit Ethernet to

stay competitive. As the trend continues, the year 2010 will emerge as the year of 10

Gigabit. Few customers are willing to be left behind and most are already moving

feverishly to transition their core network to 10-Gig in order to enjoy additional cost

savings and substantial performance gains.

Technical Challenges

One technical challenge of deploying 10-Gig core network has not changed from that of

Gigabit, which is to provide a cost-effective and comprehensive solution to monitor

mission-critical traffic at full line-rate in order to ensure network integrity including

performance, security and compliance.

Unfortunately, in the near future, 10-Gig monitoring tools would not be readily available,

and even if they were, would be either too expensive or simply incapable of working at

true line-rate except in short bursts. 

One can throttle the 10-Gig traffic down to a level digestible by 1-Gig tools by using

packet filtering, but obviously that would compromise the objective of providing

comprehensive monitoring since theoretically 90% of the traffic could be lost. 

Recently a new class of Data Access Switch designed specifically for out-of-band

network monitoring has been introduced which can accommodate multiple bit-mask

filtering rules at each ingress port (both 1-Gig and 10-Gig). 

Using these multi-rule sequential pre-filters, 10-Gig traffic can be “mapped” to multiple

load-sharing 1-Gig analyzers, with each tool analyzing a specific VLAN range, port

number or IP subnet according to the specific filter rule, thereby performing

comprehensive monitoring at 10 Gigabit rate without oversubscribing any single Gigabit

tool. Since mapping filters are hardware based, latency is negligible and full line-rate

performance is guaranteed.  

Whether it is Gigabit or 10 Gigabit, mission critical core network are almost always

tiered, meshed and fully redundant. High availability network architecture dictates that

multiple 10-Gig links are deployed between parallel switches to improve reliability.

Therefore, packets do not travel on a unique path and in order to provide comprehensive

monitoring, multiple 10-Gig data streams would have to be mapped simultaneously and

aggregated so that each tool gets a logical slice of the total traffic. 

Example of 10G-to-1G Network Monitoring

Shown here is a typical web-centric customer data center running a 10-Gig core. In order

to support the tremendous amount of web traffic (on the order of tens of millions of page

views per week), it is not uncommon to have up to ten 1-Gig links to the Internet (to

ISP’s and peering sites). Furthermore, total traffic is also increasing at 30% per quarter.

Therefore a scalable monitoring solution is desperately needed to match customer’s

growth.

In the core of the network, servers are organized in clusters, each serving a specific

business function ranging from online shopping, credit verification, merchandize delivery

and product support, upload and download of music, picture, podcast and video, various

online activities including search, chat, email, blog, etc. Each server switch is connected

to the core switches using two 10-Gig redundant links, which are connected to the

Internet through multiple 1-Gig redundant links.

A large number of best-of-breed monitoring tools from multiple vendors are deployed

including web analytical tools to track real-time user experience and to enable internal

charge-back to various business functions, database security tools to prevent leakage of

confidential information, forensic data storage to proactively and retroactively examine

attacks and abuses, etc., all of which compete for out-of-band data access.

With the Data Access Switch, the 10-Gig traffic streams mirrored from the core switches

are captured and aggregated. Mapping filters based on IP address range corresponding to

the server switches are used to segregate the total traffic into different logical groupings

such that each appliance is responsible for monitoring of traffic belonging to one or

several specific business functions. 

In summary, using a Data Access Switch with multi-rule mapping features to share the

load among multiple parallel processing Gigabit tools is the most effective way to cost-

effectively monitor your 10-Gig network.

Moreover, the Data Access Switch acts as the virtualization layer between the network

and monitoring tools. It is the building block for a flexible Data Access Network (DAN)

that enables IT engineers to deploy monitoring tools at will. Adds, changes and moves

can be performed without requiring any physical changes or exerting load to the

production network. Speed change (1G to 10G or 10G to 1G) and media conversion

(copper to optical, multimode to single mode) can be easily accommodated.

About Gigamon

Gigamon delivers intelligent data access solutions to enhance monitoring of service

provider and enterprise data centers. The company’s world-renowned GigaVUE “orange

boxes” aggregate, filter and replicate customized data streams to all monitoring tools.

Gigamon pioneered technology for multi-tool environments to address new demands for

reporting and analyzing organizational data. Now in its third generation with global

deployments in over 40 countries and 90 percent market share for intelligent data access,

Gigamon’s GigaVUE platform is the only proven, fully-integrated, total solution for all

data access needs. Gigamon’s patented technology enables companies to realize day one

ROI by increasing tool value and operational efficiencies. GigaVUE ensures seamless

and controlled delivery of the right data, at the right time to the right tools. Organizations

deploying Gigamon solutions enjoy greater uptime, reduced threat vulnerability and

improved regulatory compliance.

Gigamon Products

GigaVUE-HD8

GigaVUE-2404

GigaVUE-420

GigaVUE-212

G-Secure-0216

GigaSMART

GigaBPS

2404-Modules

420-Modules

GigaPORT

GigaPORT-SFP

10-GigaPORT-8X

10-GigaPORT-5X3C

10-GigaPORT-8C

Gigamon TAPs

G-TAP

G-TAP-ATX

1-GigaTAP-4SX

10-GigaTAP-4SR

10-GigaTAP

GigaTAP-BPC

GigaTAP-Sx

GigaTAP-Tx

GigaLINK

Citrus GUI

2404 NEBS Certified

Data Center Monitoring

GigaVUE ROI

Whitepapers

Case Studies

Awards

Testimonials

Gigamon Reseller

Gigamon Pricing

Web Demo


Related Products

All Network Taps

Network Monitoring

Network Recording

NextGen Firewalls

SSL Inspection

Ethernet Testing

Network Emulation

Storage Emulation

Network Cables