IXIA Visibility Fabric - amasol.de• Centralized Management Virtual Datacenter Visibility Traffic Analysis Physical End Point Tools IPS/IDS DLP vTAP Service vGSC Netflow / Full Packets

IXIA Visibility Fabric

Sichere Datenanalyse im Data Center und in der Cloud

Christian Reuling | IXIA

3© 2018 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |

ISG Keysight (IXIA)


IXIA’S STRENGTH AND GLOBAL REACH

HISTORYFounded: 1997Publically Traded: XXIAKey Acquisitions:- 2009 Catapult Comm.- 2011 Veriwave- 2012 Anue Systems- 2012 BreakingPoint- 2013 Net Optics- 2017 Ixia part of

Keysight Technologies (Ixia Solutions group)

20+countries

$ 517 Million

1,900+employees100+

countries

11,500employees $ 3.4

Billion


IXIA SOLUTION PORTFOLIO

Across the Infrastructure

Across ALL Platforms

Flex Taps, iBypass,

Virtual Taps

802.11ac, MU-MIMO

PerfectStormBPS vEPCIxLoad/VE

IxNetwork/VEMultis SDN

ThreatARMOR,

ATI

Mobile Endpoint Network Data Center Cloud

NTO, Vision ONE, Hawkeye,

xStream40, Control Tower

TEST SECURITY VISIBIL ITY


Visibility Fabric


EXAMPLE NETWORK INFRASTRUCTURE

Switch

Switch

Servers

Router


WHAT DO YOU WANT TO KNOW

Switch

Switch

Servers

Router

How do they make sure that the millions of Dollars that has been spent are paying off in terms of:

➢ Availability: - meet SLAs

➢ Security:- Potential threats, data loss prevention, vulnerabilities

➢ Compliance:- Sarbanes-Oxley, HIPPA, PCI-DDS

➢ Performance:- End user experience, troubleshooting, root cause analysis

➢ Trends:- Capacity planning and scalability


SOLVE PROBLEMS WHEN USING TOOLS

Tools Farm

How to connect the tools to the network:

➢ Different tools are competing for the data

➢ Poor data quality with SPAN ports

➢ Different link speeds/standards in the network

➢ Possible too much data for the tool

➢ Tunneling protocols maybe in place (VxLan / VnTag)

Switch

Switch

Servers

Router

S S

S S S S


STEP 1: DEPLOY TAPS

Switch

Switch

Servers

Router

Deploy Ixia TAPs within

your network

architecture providing

you full visibility


TAP VERSUS SPAN

TAP SPAN

➢ Full Duplex Taps

(no packet loss due to aggregation)

➢ Simplest optical TAPs are safe as houses

and grow with the Network from GE to 100GE

➢ Copper TAPs are fail safe even when the power is lost

➢ Available for all media types:

Copper: 10M, 100M & 1G

Optical: Single Mode 1G till 100G

Multi Mode 1G till 100G

Cisco Bidi

➢ Limited number of SPANs leads to compromise

(Multiple tools cannot be used at the same

time)

➢ Have to be configured and maintained

(Danger working on Production Network)

➢ Load depended behavior

(tend to lose packets already at lower

processor load)


STEP 2: DEPLOY CLOUDLENS

Switch

Switch

Servers

Router

S S

S S S S

Deploy Ixia CloudLens private

solution as virtual Tap

Use SPAN ports as needed


Hypervisor

Virtual Switch

VM 1

WEB

VM 2

APP

VM 3

DB

East-West-Traffic

NOT Seen by

Network Monitoring

Tools

VIRTUAL NETWORKS


Monitoring

vSwitch

ESXi

KVM

Monit

Probe

**

(Radcom)

GRE-VLAN-ERSPAN – Custom Tunnel

• Netflow

• Geo-location

• Time Stamping

• Deduplication

• Header Stripping

CloudLens

Mgr.

CLOUDLENS PRIVATE

Virtual Traffic Visibility

• Inter-VM Traffic Monitoring

• Multiple Hypervisor Support (ESXi, KVM,

Hyper-V)

• GRE – VLAN – ERSPAN Protocols

• Centralized Management

Virtual Datacenter Visibility

Traffic Analysis

Physical End Point Tools

IPS/IDS DLP

vTAP

Service

vGSC

Netflow / Full Packets

FireEye

SPLUNK

**

Scrutinizer

**

NTOP

HYPER-V

Monitoring Host

vSwitch

vCenter

Server


STEP 3: SOLVE ANOTHER PROBLEM

Switch

Switch

Servers

Router

S S

S S S S

Granularity can become very costly due to:

> Every TAP requires two tool ports

(A>B & B>A)

> Link speed dictates tool speed and

performance (very costly for 40G/100G)

> Different tools are competing against the

same TAP or SPAN port

> If not as much tool ports as TAP or SPAN

are available engineers need to change

ports. (Problems with access control/rights

& distance)

> Tools are flooded with unnecessary data

Tools Farm


STEP 4: ADD A PACKET BROKER

Tools Farm

Switch

Switch

Servers

Router

S S

S S S S

1G

10G

100G


SecureStack

• Passive SSL

Decryption (ATIP)

• Active SSL (Q2 2018)

NetStack

(Standard)

• 3 Stages of Filtering

• Dynamic Filter

Compiler

• Double your Ports

• VLAN Tagging

• Aggregation &

Replication

• Load Balancing

PacketStack

(AFM)

• Deduplication

• Header Stripping &

Protocol Trimming

• Timestamping

• Data Masking

• GRE Tunneling

• Burst Protection

AppStack

(ATIP)

• Application & RegEx

filtering

• Geolocation & Tagging

• Real-time Dashboard

• NetFlow & IxFlow

• Data Masking

• PCAP

MobileStack –

(GSC)

• GTP Session

Correlation

• GTP Load Balancing

• Subscriber sampling

• Subscriber filtering

• EPC filtering

VISIBILITY INTELLIGENCE STACKS


WHO IS WHO OF IXIA PACKET BROKER


GRAPHICAL USER INTERFACE

The Hard Way (Other)The Easy Way (Ixia NTO)

Java

HTML 5


USE CASE 1: ENTRY LEVEL PACKET BROKER

Switch

Switch

Router

S S

Customer requirements

➢ Network core with 8 x 10G connections➢ Internet breakout with 2 x 1G➢ 1 x 10G MM Dynatrace tool for APM➢ SPAN ports for trouble shooting 2 x 10G

➢ Basic Filtering➢ Dedupliction


Switch

Switch

Router

S S

USE CASE 1: ENTRY LEVEL PACKET BROKER

Ixia VisionEdge 10S

• 48 x Ports 1G/10G

• NetStack

• PacketStack (Dedup)

• Attractive per port pricing


USE CASE 2: 40G NETWORK CORE - AGGREGATION


➢ Network core with 30 x 40G connections➢ Firewall connections 8 x 10G➢ 4 x 10G MM Extrahop for DPI

➢ Advanced Filtering➢ Load Balancing➢ Header Stripping➢ Dedupliction➢ Ixia Fabric controller (IFC)

Switch

Switch

Router


USE CASE 2: 40G NETWORK CORE - AGGREGATION

Switch

Switch

Router

Ixia VisionEdge Series

• Ports from 1G till 100G

• NetStack

• Attractive per port pricing

VisionOne

• Standard and Advanced Filtering

• PacketStack (Dedup/Stripping)

• IFC



➢ Customer wants to feed a Splunk system withwire data

➢ Splunk license for direct feed is expensive➢ Extrahop solution can process the wire data

and present only important metrics to Splunk➢ Ixia can provide the access points in the

network and a packet broker to connect all thedevices

USE CASE 3:IXIA – EXTRAHOP - SPLUNK

Switch

Switch

Router


Packet Capture

Appliance

USE CASE 3:IXIA – EXTRAHOP - SPLUNK


EXAMPLE NETWORK INFRASTRUCTURE

Switch

Switch

Servers

Router


WHAT HAPPENS IN THE CLOUD


INTRODUCING CLOUDLENSVisibility across all your cloud environments - public, private, and hybrid clouds

CloudLens Private

CloudLens

vTap

CloudLens

vPB

CloudLens

vATIP

CloudLens

Branch Office Virtual DC Private Cloud

CloudLens Public

Public Cloud


PURPOSE BUILT FOR CLOUD

CloudLens has two components

• A SaaS web-interface where cloud visibility

is managed – the management layer

o Allows access anywhere

o Easy to setup and manage

• Docker based component that sits within

source and tool instances in a customers

environment

o Sits behind customers security structure,

maintaining privacy and compliance

o Metadata access, which allows for

scalability

o More intelligent filtering

1

2

A Cloud-Native, Serverless Design


Secure Visibility Path

HOW CLOUDLENS WORKS

IXIA CloudLens Public Management Layer

Filtering at source Filtered Traffic securely sent from Instance to Tool

Monitoring

ToolsSecurity

ToolsPerformance

Tools


STEP 5: ADD CLOUDLENS PUBLIC

Tools Farm

Switch

Switch

Servers

Router

S S

S S S S

1G

10G

100G

P

u

bl

ic

C

lo

u

d

Public Cloud


INLINE

How to deploy inline

tools like an

IPS

Switch

Switch

Servers

Router

IPS Inline:

• In case IPS fails the link to the WAN will be disrupted:

> No communication from & to the internet

> Online Banking or any Online Shopping will be disrupted too

> Huge impact on business

• Link load dictates tool performance:

> Large spending on high performance hardware

> Possibility of data loss because link load is higher than tool

performance


Switch

Switch

Servers

Router

Use a Bypass Switch

INLINE


Switch Internal SwitchInternet

Security Tools

MOST ADVANCED NPB FOR SECURITY DEPLOYMENTS

Powerful encryption + flexible traffic handling + advanced services

Powerful SSL

✓ Up to 10Gb SSL

✓ Decrypt once, inspect many

✓ Offload decryption from

multiple tools

✓ No impact on other

services

Advanced inline support

✓ Heartbeat

✓ Service Chaining

✓ Load Balancing / HA

✓ Active/Active resiliency

Vision ONE core features

✓ Rich Netflow

✓ Data Masking

✓ App ID / filtering

✓ 1/10/40Gb interfaces

✓ Filter compiler / best UI


I X I A S E C U R I T Y F A B R I C

Highly Available

Security

Architecture for

Tools

High

Performance,

High Availability

Security

High Availability Inline

Standalone Bypass

High MTBF (A-S)

NPB (Active-Active)

Incredibly simple inline design and deployment

High Performance,

Complete PlatformsVision ONE

Full HA inline, AFM and ATIP

Vision Edge

Software Defined NPBVision 7300

7U High Capacity

100G to 10G

288 10G ports

Physical Data

Centers, BranchBypass for HA inline

Bypass VHD, HD

Full line of

Secure Taps

and Virtual

Sensors

Mirrored, Raw Data

High Density TapsPervasive

AccessBranch Site Data Center Private and Public

Complete

Access to

Virtual

Environments

Private Cloud

DC and Public

CloudLens Public

Container based sensor

Pre-filtered for optimized traffic

Cloud-native scale-out

CloudLens Private

Instant access to guest

Integrated orchestration

Software

Defined

Architecture

Best of Breed

Technologies

Patented Filtering

Drag-n-drop UI IFCTrue SDN Fabric Controller

Distributed & Resilient

Scalable

Purpose Built

High Performance

Terabits/sec

IXIA’S COMPLETE MONITORING SOLUTION

Vielen Dank für Ihre Aufmerksamkeit

IXIA Visibility Fabric - amasol.de• Centralized Management Virtual Datacenter Visibility Traffic Analysis Physical End Point Tools IPS/IDS DLP vTAP Service vGSC Netflow / Full Packets

Documents