Enhancing Cisco Networks With Gigamon - NDM
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility Many Fortune 1000 companies and beyond implement a Cisco switching architecture. When implementing a large scale Cisco network, the infrastructure to effectively monitor these networks is often overlooked. To monitor the networks customers will use Cisco technologies such as SPAN, RSPAN, ERSPAN, VACL. Many times these technologies are not scalable to support the diverse needs of network and security groups as they strive for maximum uptime within the network infrastructure. This white paper will discuss the various monitoring functions Cisco provides and how you can enhance these technologies using the Gigamon Traffic Visibility Fabric and TAP solutions. and Non-VLAN traffic to be sent to the same port. In summary, SPAN sessions are good for spot analysis but are limited in terms of scaling to support company monitoring initiatives. SPAN ports are typically best for small to medium environments where monitoring needs are not great. Source Data Port Cisco SPAN SPAN stands for Switch Port Analyzer. The SPAN functionality is SPAN Port offered in all Cisco switching solutions. A SPAN port copies data from one or more source ports to a destination port. Figure 1 shows an example of how the SPAN function operates. With most Cisco switching products, users are limited to two SPAN sessions per switch. For most large enterprises this is not suitable enough for monitoring purposes. In most large organizations between the network and security groups there are commonly four or more monitoring or analysis tools that all need to contend for the same data. Examples of some of the Figure 1 Cisco SPAN example Inside a Cisco Switch data is copied from a network port (in this example the port the router is connected to) to a SPAN port which has a monitoring tool connected tools that are utilized are Application Performance Monitors, Intrusion Detection Tools, Data Recorders, Web Monitoring Tools, and many more. There are also limitations that prevent users from sending data from one source port to both of the available SPAN sessions as well as limitations that allow VLAN 1
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility Figure 3 Cisco ERSPAN example Source Data SPAN Data In GRE Tunnel SPAN Data In GRE Tunnel Source Data SPAN Data In GRE Tunnel Monitoring Tool Routed Network Cisco RSPAN Cisco ERSPAN Cisco RSPAN stands for Remote Switch Port Analyzer. RSPAN ERSPAN stands for Encapsulated Remote SPAN. With ERSPAN works very much like SPAN with the exception that data can data from remote switches can be forwarded to a source be sent between remote monitoring ports in the switching monitoring tool over a routed network or Internet using a architecture using VTP and reflector ports. GRE Tunnel that is configured on the Cisco Switches. ERSPAN is a feature that is only supported on Cisco Switches Users are only allowed to send data to two RSPAN destinations. that support the Supervisor Engine 720 manufactured with Just like SPAN, data from the same source port or VLAN cannot PFC3A. This means this feature is limited to a few Cisco switch be shared across the two sessions. RSPAN has additional families like the Catalyst 6500 family. This functionality has configuration complexity as users have to configure the correct not translated to the newer Cisco Nexus product line as an VTP domains on each switch that RSPAN data traverses. There option. Packets of an ERSPAN session are tagged with a 50- is a potential for duplicate packets in RSPAN configurations. byte header and replace the CRC. Items you need to be aware RSPAN ports will not pass Layer 2 data as well. of are fragmented frames and jumbo frames. ERSPAN does not support fragmented frames and all switches have to be configured to support jumbo frames or else frames that increase Originating switch with reflector port RSPAN VLAN past the 1500 byte limit with the 50 byte tagged data will be RSPAN VLAN SPAN Data dropped. Just like all other SPAN technologies you can only create two ERSPAN destinations per switch. ERSPAN requires additional configuration complexity to ensure that the tunneling Monitoring Tool and frame sizes are correct for proper routing of data. Figure 2 CISCO RSPAN example Cisco VACL Data on the originating switch is sent over a RSPAN VLAN VACL stands for VLAN Access List. VACLs overcome most created using VTP and Reflector Ports. SPAN limitations in addition to providing the ability to filter for certain types of traffic such as a TCP port or IP Address. VACLs are ACLs that only apply to data within a VLAN that are separate from ACLs that would be used in router configurations. The maximum number of VACLs a switch can support is determined 2
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility by the amount of VLANs in a switch. For example if a switch Load-Balancing data from multiple 10G and 1G network only has 5 configured VLANs then you can create 5 VACL links to multiple 10G and 1G network tool interfaces capture ports. Advanced features such as time-stamping, port Users will mainly use VACLs to free up SPAN resources as a tagging, and packetslicing bandaid to a complete monitoring infrastructure. Configuring ACL Rule VACLs is usually reserved for more senior networking staff as ACL Rule VACLs require the most configuration attention of all the Cisco ACL Rule Source Data port that belongs to VLAN 200 Network Visibility Technologies. Many users can mistakenly ACL Rule VLAN 200, IP 1.1.1.1 block data from the VACL capture port if care is not taken when configuring the VACL. Like SPAN’s, VACLs source data cannot VACL Port be sent to multiple VACLs limiting the benefit of having extra VACL ports as many times monitoring tools will have to see many VLANs at once leaving the user with one or two VACL capture ports that can be used. Gigamon GigaVUE Traffic Visibility Nodes Gigamon GigaVUE Traffic Visibility Nodes are purpose built appliances create an out-of-band network that provides enhanced visibility to all monitoring, data capture, and security Monitoring Tool Figure 4 Cisco VACL example Data from IP address 1.1.1.1 in VLAN 200 is forwarded to a VLAN capture port tools. With Traffic Visibility Nodes users can connect inputs and aggregate, replicate, and filter data all at line-rate speeds to any number of tools. Users can connect SPAN’s, RSPAN’s, VACL’s, ERSPAN, and TAP input ports to control the traffic flow from all network inputs to all monitoring inputs. You can think of the Traffic Visibility Node as the central hub of your monitoring infrastructure that is becoming a key component in new 10G and 1G data centers. TX RX TX RX TX TX There are many benefits that users can gain by implementing a Traffic Visibility Node such as GigaVUE: Network Switch Network Switch Monitoring Tool Eliminating SPAN, RSPAN, ERSPAN, VACL contention issues Providing secure access to monitoring data Figure 5 Logical TAP Traffic Flow Diagram Accessing 10G network links with 1G monitoring tools Enabling visibility into data across asymmetric links Filtering of any field Layer 1-4 within a packet as well as “user defined” filters that delve deeper into packet structures G-TAP A-TX G-TAP A-TX Main Pwr G-TAP A-TX Batt Pwr Batt Pwr A Mgmnt (PoE) PoE Console Pwr Gigamon OUT B A Network X IN OUT Y IN X OUT YOUT B Main Pwr Monitor/Tool OUT X IN OUT Y IN X OUT Batt Pwr YOUT OUT X IN OUT Y IN A Mgmnt (PoE) PoE Console Pwr X OUT YOUT OUT B Network X IN OUT Y IN X OUT YOUT A B Main Pwr Monitor/Tool OUT X IN OUT Y IN X OUT YOUT OUT X IN OUT Y IN A Mgmnt (PoE) PoE Console Pwr X OUT YOUT B A Network OUT X IN OUT Y IN B Monitor/Tool X OUT YOUT OUT X IN OUT Y IN X OUT YOUT G-Tap Consolidating monitoring resources to one centrally managed location Figure 6 Gigamon G-TAP and G-TAP A-Series TAP’s 3
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility Figure 7 Sample configuration in a Flat Network SPAN Traffic SPAN Traffic SPAN Traffic Gigamon 10GigaPORT-8X SPAN Traffic 1G/10G PORTS (SFP ) SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S G1 Rdy G2 G3 G4 G1 G2 G3 G4 1 2 1 3 2 4 3 5 4 6 5 7 6 SLOT 1 8 7 16 8 GigaVUE - 212 Console 1G/10G PORTS (SFP ) Mgmt PORTS G1-G4 PORTS 1-8 Pwr Mgmt 10GigaPORT-8X SLOT 3 PORTS 17 1 3 2 4 5 7 1 3 6 8 2 4 5 7 X1 6 8 X2 1G/10G PORTS Pwr Rdy M/S Console 10/100/1000 PORTS 1G PORTS 24 Pwr UP WHEN INSTALLED IN REAR SLOT GigaVUE-2404 1G Monitoring Tools Figure 8 Example of Gigamon Flow Mapping technology 10G SPAN Data Filtered Data Stream Map-Rule 1 10G RSPAN Data 10G VACL Data Map-Rule 2 Map-Rule 3 Filtered Data Stream Filtered Data Stream Map-Rule 4 10G ERSPAN Data Map-Rule 5 Map-Rule 6 G-TAP A-Tx Batt Pwr Main Pwr Mgmnt (PoE) PoE Console Pwr A B Network A B 1G Full-Duplex Tap Data Filtered Data Stream Filtered Data Stream The Map-Rules represent different flows that are strategically directed to the monitoring ports Filtered Data Stream Monitor/Tool Gigamon G-TAP A-Tx Ingress and Egress Port Filters can applied in addition to Map-Rules Gigamon GigaVUE Data Access Switch 4
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility Flow Mapping data flows that would be impossible using port filters as The key technology that enables these benefits in GigaVUE is network engineers would have to change the filtering on each the Gigamon patented Flow Mapping technology. Flow Mapping port individually. Using other technology such as collectors creates traffic distribution maps that can direct traffic from any and pass-alls that are unique to Gigamon, users can have ingress traffic ports to any number of monitoring ports at line- access to unfiltered traffic while traffic is being filtered using the rate with no dropped traffic. Flow Mapping is different from port Map. This is functionality unique to Gigamon and Gigamon only. filtering that is found on other Traffic Visibility Nodes. Network Gigamon users can augment the power of the Flow Mapping engineers create Map rules that direct data to the desired technology by further reducing traffic loads on egress tool monitoring port. Once a Map is created, input ports ports as well. All these features create a powerful Traffic can be bound to the Map. This allows for dynamic changes to Visibility Fabric. WAN Edge GigaVUE-420 Split Ratio :70/30 OUT OUT IN IN OUT OUT OUT IN IN IN IN OUT Giga TAP-Sx OUT Split Ratio :70/30 IN OUT Giga TAP-Sx OUT 4 IN 3 IN OUT 2 OUT 1 IN Rdy Pwr IN IN M/S Console OUT Gigamon S ystems Mgmnt Giga TAP-Sx Giga PORT Split Ratio :70/30 GigaVUE-2404 Gigamon 10GigaPORT-8X 1G/10G PORTS (SFP ) SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S Rdy G1 G2 G3 G4 G1 G2 G3 G4 1 2 1 3 2 4 3 5 4 6 5 7 6 16 SLOT 1 8 7 8 PORTS G1-G4 PORTS 1-8 Pwr Mgmt 10GigaPORT-8X Console SLOT 3 1G/10G PORTS (SFP ) PORTS 17 24 Pwr UP WHEN INSTALLED IN REAR SLOT Network Core 10G and 1G Tool Farm Distribution Layer Data Center Gigamon 10GigaPORT-8X 1G/10G PORTS (SFP ) Fibre Channel SAN SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S G1 G2 G3 G4 G1 G2 G3 G4 Rdy 1 2 3 1 4 2 3 5 4 6 7 5 16 SLOT 1 8 6 7 8 PORTS G1-G4 PORTS 1-8 Pwr Mgmt Console 10GigaPORT-8X SLOT 3 1G/10G PORTS (SFP ) PORTS 17 24 Pwr UP WHEN INSTALLED IN REAR SLOT GigaVUE-2404 Access Layer GigaVUE-2404 Gigamon 10GigaPORT-8X 1G/10G PORTS (SFP ) SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S G1 G2 G3 G4 G1 G2 G3 G4 Rdy 1 2 1 3 2 4 3 5 6 4 5 7 6 16 SLOT 1 8 7 8 PORTS G1-G4 PORTS 1-8 Pwr Mgmt Console 10GigaPORT-8X SLOT 3 1G/10G PORTS (SFP ) PORTS 17 UP WHEN INSTALLED IN REAR SLOT GigaVUE-2404 Gigamon 10GigaPORT-8X 1G/10G PORTS (SFP ) 24 Pwr SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S G1 G2 G3 G4 G1 G2 G3 G4 Rdy 1 2 3 1 4 2 3 5 4 6 7 5 SLOT 1 8 6 16 7 8 PORTS G1-G4 PORTS 1-8 Pwr Mgmt Console 10GigaPORT-8X SLOT 3 1G/10G PORTS (SFP ) PORTS 17 24 Pwr UP WHEN INSTALLED IN REAR SLOT Gigamon 10GigaPORT-8X 1G/10G PORTS (SFP ) SLOT 2 IntelligentDAN TM PORTS 9 Pwr GigaVUE-2404MB 1G/10G PORTS (SFP ) 10/100/1000 PORTS (SFP) M/S Rdy G1 G2 G3 G4 G1 G2 G3 G4 1 2 1 3 2 4 3 5 4 6 5 7 6 16 SLOT 1 8 7 8 PORTS G1-G4 PORTS 1-8 Pwr Mgmt 10GigaPORT-8X Console SLOT 3 1G/10G PORTS (SFP ) PORTS 17 24 Pwr UP WHEN INSTALLED IN REAR SLOT GigaVUE-2404 SPAN Data 10G Tool Farm Mgmt GigaVUE - 212 1 3 2 4 VM Cluster 5 7 1 3 6 8 2 4 5 7 X1 6 8 X2 1G/10G PORTS VM Cluster Pwr Rdy M/S Console 10/100/1000 PORTS 1G PORTS GigaVUE-212 GigaSTREAM Diagram Legend Wireless Devices End User Workstations Multi-Layer Switch GigaSTREAM Bundle Access Switch TAP Connection Point Router Firewall 1G Network Link 10G Network Link 1G TAP Traffic 10G TAP Traffic SPAN Traffic Cascaded Traffic Figure 8 Example of Gigamon Flow Mapping technology 5
Enhancing Cisco Networks with Gigamon // White Paper The Smart Route To Visibility About Gigamon Figure 9 shows an example of a large Cisco network with a Gigamon Traffic Visibility Fabric overlay. In this diagram all major Gigamon provides intelligent Traffic Visibility Networking switch to switch connections are tapped using Gigamon G-TAP solutions for enterprises, data centers and service providers network TAP’s or using integrated taps into the GigaVUE around the globe. Our technology empowers infrastructure appliances. By tapping at strategic locations, network engineers architects, managers and operators with unmatched visibility have increased visibility into traffic. For example, by tapping the into the traffic traversing both physical and virtual networks interface between the Internet and the firewall or the firewall and without affecting the performance or stability of the production router, engineers can view all traffic coming into and out of the environment. Through patented technologies, the Gigamon network from the internet. Because TAP’s are used, all traffic at GigaVUE portfolio of high availability and high density products full line rate can be viewed without missing traffic or degrading intelligently delivers the appropriate network traffic to security, the switch fabric. SPAN port traffic from the visibility nodes monitoring or management systems. With over seven years are routed to the GigaVUE appliance where all traffic can be experience designing and building intelligent traffic visibility aggregated, replicated, and filtered to multiple monitoring tools. products in the US, Gigamon serves the vertical market In most new 10G infrastructures SPAN traffic is usually limited leaders of the Fortune 1000 and has an install base spanning to the access layer as an easy way to view end-user traffic. All 40 countries. GigaVUE appliances are stacked together or cascaded to be controlled from one central interface that can dynamically route specific traffic to specific tool ports. This aids in decreasing For more information about our Gigamon products visit: resolution times and increased performance of monitoring and www.gigamon.com capture tools as they are only receiving the traffic that they desire. Conclusion By leveraging the power of GigaVUE devices network engineers utilizing Cisco networks and monitoring technology such as SPAN, RSPAN, and VACL can improve flexibility, performance, and security of monitored data as the data is routed to various monitoring, capture, and security tools. A Gigamon Traffic Visibility Fabric allows network engineers to future proof their monitoring infrastructure for speeds today and tomorrow. Copyright 2012 Gigamon, LLC. All rights reserved. Gigamon, GigaVUE , GigaSMART, G-TAP, Flow Mapping are registered trademarks of Gigamon, LLC and/or affiliates in the United States and certain other countries. Visibility Fabric, Traffic Visibility Fabric (TVF), Citrus, and The Smart Route To Visibility are trademarks of Gigamon. All other trademarks are the property of their respective owners. Gigamon 598 Gibraltar Drive Milpitas, CA 95035 PH 408.263.2022 www.gigamon.com 6
Gigamon G-TAP A-Tx Filtered Data Stream Filtered Data Stream Filtered Data Stream Filtered Data Stream Filtered Data Stream Filtered Data Stream Gig amon In tel ig ent DAN TM U P W H E N I N S T A L L E D I N R E A R S L O T 17 24 SLO T 3 PO RTS 9 16 SLO T 2 PO RTS SLO T 1 POR TS G1 -G 4 POR TS 1-8 G/ 0 PO RTS ( FP ) Pw r GigaVUE-2 404MB
Cisco ASA 5505 Cisco ASA 5505SP Cisco ASA 5510 Cisco ASA 5510SP Cisco ASA 5520 Cisco ASA 5520 VPN Cisco ASA 5540 Cisco ASA 5540 VPN Premium Cisco ASA 5540 VPN Cisco ASA 5550 Cisco ASA 5580-20 Cisco ASA 5580-40 Cisco ASA 5585-X Cisco ASA w/ AIP-SSM Cisco ASA w/ CSC-SSM Cisco C7600 Ser
GIGAMON AND SUMO LOGIC Figure 2. Gigamon Application Metadata Intelligence exposed through the Sumo Logic dashboard shows all applications running on a network, suspicious traffic, as well as the state of SSL ciphers and SSL certificate validity. Figure 3. Gigamon and Sumo Logic enables you to instantly see and get alerted on suspicious
Supported Devices - Cisco SiSi NetFlow supported Cisco devices Cisco Catalyst 3560 Cisco 800 Cisco 7200 Cisco Catalyst 3750 Cisco 1800 Cisco 7600 Cisco Catalyst 4500 Cisco 1900 Cisco 12000 Cisco Catalyst 6500 Cisco 2800 Cisco ASR se
Cisco Nexus 1000V Cisco Nexus 1010 Cisco Nexus 4000 Cisco MDS 9100 Series Cisco Nexus 5000 Cisco Nexus 2000 Cisco Nexus 6000 Cisco MDS 9250i Multiservice Switch Cisco MDS 9700 Series Cisco Nexus 7000/7700 Cisco Nexus 3500 and 3000 CISCO NX-OS: From Hypervisor to Core CISCO DCNM: Single
Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .
Sep 11, 2017 · Note: Refer to the Getting Started with Cisco Commerce User Guide for detailed information on how to use common utilities for a record in Cisco Commerce. See Cisco Commerce Estimates and Configurations User Guide for more information.File Size: 664KBPage Count: 5Explore furtherSolved: Cisco Serial Number Lookups - Cisco Communitycommunity.cisco.comHow to view and/or update your CCO profilewww.cisco.comSolved: How do I associate a contract to my Cisco.com .community.cisco.comHow do I find my Cisco Contract Number? - Ciscowww.cisco.comPower calculator tool - Cisco Communitycommunity.cisco.comRecommended to you b
Apr 05, 2017 · Cisco 4G LTE and Cisco 4G LTE-Advanced Network Interface Module Installation Guide Table 1 Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Cisco 4G LTE NIM and Cisco 4G LTE-Advanced NIM SKUs Description Mode Operating Region Band NIM-4G-LTE-LA Cisco 4G LTE NIM module (LTE 2.5) for LATAM/APAC carriers. This SKU is File Size: 2MBPage Count: 18Explore furtherCisco 4G LTE Software Configuration Guide - GfK Etilizecontent.etilize.comSolved: 4G LTE Configuration - Cisco Communitycommunity.cisco.comCisco 4G LTE Software Configuration Guide - Ciscowww.cisco.comCisco 4G LTE-Advanced Configurationwww.cisco.com4G LTE Configuration - Cisco Communitycommunity.cisco.comRecommended to you b
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unified Computing System (Cisco UCS), Cisco UCS B-Series Blade Servers, Cisco UCS C-Series Rack Servers, Cisco UCS S-Series Storage Servers, Cisco UCS Manager, Cisco UCS
