ixia visibility architecture - cisco.com · •gui © 2016 ixia and/or its affiliates. all rights...

1 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |

IXIA VISIBILITY ARCHITECTURE Eliminating Blind spots

Юлий Явич, IXIA


of the Fortune 100

of the top 50 carriers

of the top 15 NEMs

74

45

15

Customer Focused

Innovation

Enterprise

Carriers/

Service Providers

NEMs

2014 Industry-first ATI security solution

2014 Industry-first virtual tap

2014 Industry-first 400GbE test solution


IXIA SOLUTION PORTFOLIO

Across the Infrastructure

Across ALL Platforms

Flex Taps, iBypass,

Virtual Taps

802.11ac, MU-MIMO

PerfectStorm BPS vEPC IxLoad/VE

IxNetwork/VE Multis SDN

Threat ARMOR,

ATI

Mobile Endpoint Network Data Center Cloud

NTO, Vision ONE, Hawkeye,

xStream40, Control Tower

TEST SECURITY VISIBIL ITY

6 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 6 © 2016 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |

INTELLIGENT VISIBILITY


Clients

INTELLIGENT VISIBILITY - CHALLENGES

Server

Network

Tap Switch Switch

How to:

• Get data access for tools?

• Network taps instead of SPAN

ports?

Network

Tap Network

Tap

Tool 1 Tool 2 Tool N

How to:

• Deal with limited tool ports?

• Scale tool capacity?

• Filter traffic to tools?

• Manage access for each tool?


Network

Operations

Application

Operations

Security

Admin

Forensics

INTELLIGENT VISIBILITY End-to-End Data Access and Distribution

Switch

Switch

Servers

THE DATA CENTER

Taps

Taps

Taps

Network

Packet

Brokers

• Aggregation

• Filtering

• Load Balancing

• SSL Decryption

• NetFlow

1G

10G

40G


APPLICATIONS AND NETWORK PERFORMANCE TOOLS


SECURITY TOOLS


INTELLIGENT PACKET PROCESSING

All unique frames going to 10.0.0.0/8

Only the first 128 bytes of TCP Port 25 frames

Hardware AFM

NPB Adv. Packet Processing

Advanced Packet Processing (AFM) Features

• Deduplication

• Header stripping

• Trimming

• Tunnel Termination

• Data Masking

• Timestamping

• Burst Protection


ENTERPRISE – INTELLIGENT APPLICATION PROCESSING

• ATI Processor (ATIP) - Context-rich Application Visibility

• Application forwarding based on application, geography, and RegEx matching

• Real-time dashboard

• Rich NetFlow / IPFIX generation – Device OS

– Browser

– Carrier BGP AS#

– Geolocation

• Data Masking

• Stateful SSL decryption

All traffic from Georgia

All voice traffic from HTC Ones

Someone from remote office Skype for business monitor

NPB – App Brokering

Meta Data

App Filtering


ATIP ENABLES SSL INSIGHT

• Passive decryption – no impact on application performance

• Fully compatible with all other ATIP features: Rich Netflow/IPFIX

Data Masking

Geolocation

• Easy setup – just import server certificate & key

• All popular key exchange & ciphers: RSA & DH Key Exchange

SHA1/521/384/256/224

MD5

• Application Filtering

• Handset/workstation type

• Browser identification

• 3DES

• RC4

• AES

• ECC (Elliptic Curve)

• Encryption details reported over Netflow Hardware Encryption Offload


SPY GLASS ACTIVE SSL


NTO FAMILY NTO 7300

Vision ONE

• 48x1/10G & 4x40G

• Advanced Features

• ATI Processor

> Application layer filtering

> SSL Encryption

> Netflow Generation

• Inline Support

• Load Balancing

• GUI

• 1/10/40/100G Interfaces

• Advanced Features

• ATI Processor

> Application layer filtering

> SSL Encryption

> Netflow Generation

• Packet Capture

• Load Balancing

• GUI


General Features > Full Duplex Mode

> Passes all traffic (including errors) from all

layers for comprehensive Troubleshooting

> Regeneration TAP

> No IP address is needed

> Redundant power ensures monitoring uptime

TP-CU3; TP-CU3-ZD

Network A Network B

Mon A

Mon B

TX

TX RX

RX

TX

TX

FULL DUPLEX COPPER TAP


- 1G/10G/40G/100G (LR & ER)

> Single Mode with LC Connector

-

1G (SX)

> Multi Mode with LC Connector

-

10G (SR)

> Multi Mode with LC Connector

- 40G (SR4 / Cisco Bidi/ MR4)

- 100G (SR10)

> Multi Mode with MTP Connector

IXIA FLEXTAP


GETTING VIRTUAL TRAFFIC TO MONITORING TOOLS


CUSTOMER CASE STUDY International Bank

Customer

• Leading International Bank

Need

• Massive volumes or raw application traffic to monitor

• Control traffic inspection costs

• Improve overall Incident Response Team effectiveness

Results

• Deployed Ixia Intelligent Visibility solutions including NTO 7300

• Reduced monitored traffic using advanced filters of deduplication, packet slicing, IPs, VLANs

• VLAN marking and Time stamping to monitoring tools

• Reduced planned CapEx investments


CUSTOMER CASE STUDY Large Hi-tech Company

Customer

• Large L2/3 manufacturer

Need

• Control traffic inspection costs

• Layer 7 filtering to Nectar tool

Results

• Deployed Ixia Intelligent Visibility solution including Vision One

• Reduced monitored traffic using deduplication

• Provided Skype for business specific traffic to Nectar tool

• Reduced planned CapEx investments


TECHNOLOGY ECOSYSTEM

TrafficREWIND is a unique patent pending solution that uses NetFlow metadata to regenerate the

dynamics of production networks within BreakingPoint test beds

Solution Overview


RESILIENT SECURITY Serial Deployments of Inline Security Tools is Dangerous

Switch Server

Server Switch

Switch

Switch

Very complex operationally

Single points of failure

Administrative tension

Expensive to scale


Inline

Security

Tool Farm

RESILIENT SECURITY A More Detailed View of a Resilient Security Framework

Switch Server

Switch

Inline Security

Tool Farm

Server Switch Switch

Bypass Switch

Bypass Switch

Network Packet

Brokers (HA)

Out of Band

Sandboxing

Monitored Tool Links via Heartbeat Packets

Threat Intelligence

Gateway


INLINE & MONITORING TOGETHER

Inline Monitoring

Inline

• IPS (multiple vendors)

Out-of-band Monitoring

• Data logging


WORLD-CLASS GLOBAL SUPPORT

Expert team of >100 engineers

Proven track record of superior support

Always-on 24x7 coverage

Best-in-class support tools


WE MAKE

APPLICATIONS

STRONGER

ixia visibility architecture - cisco.com · •gui © 2016 ixia and/or its affiliates. all rights...

Documents