9 posts categorized "Garland Technology" Feed

When A Simple SPAN Port Is Enough (by Timothy Schmidt)

When A Simple SPAN Port Is Enough

Header image - when a simple SPAN port is enough

The two most common ways to access and replicate data within your network are TAP and SPAN technology. A Test Access Point (TAP) is a hardware device that copies all of your network data. SPAN or Switch Port Analyzer are mirroring ports within a switch that copies specific data as a best effort with no guarantees.

Network TAPs are always the industry's best practice but in a few specific and limited situations when a SPAN port suffices. When monitoring products are looking for low bandwidth application layer events like “conversation or connection analysis,” “application flows,” and applications where real time, dropped packets and knowing real delta times are not important. SPAN could also be used in a remote location that doesn’t justify a permanent deployment, offering temporary access for limited troubleshooting.

In these specific situations when a SPAN port perfectly suffices, you likely need a way to aggregate a few SPAN lines together and send that combined network traffic out to one or more sets of tools or appliances. When these situations arise, think simplicity.

 

Continue reading "When A Simple SPAN Port Is Enough (by Timothy Schmidt)" »


How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker ( by Chris Bihary)

How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker

HOW TO CONNECT YOUR INLINE APPLICATION MONITORING TOOLS IN 5 STEPS

It goes without saying, but proper application monitoring is a critical component of sound network management. Let the following example show you:

Say you have two critical 10G links that you need to monitor with a few inline network tools. That sounds like a big problem because each inline appliance has the potential of introducing a point of failure. Then, there is also the problem of getting all the network traffic from each critical link to go to each individual inline appliance for processing.

Sounds like a scenario that could be difficult and expensive to implement. But it doesn’t have to be. By using a Garland Technology Advanced Aggregator, you can increase the efficiency and port utilization of your network.

Continue reading "How to Connect your Inline Application Monitoring Tools in 5 steps Understanding Advanced Features in a Network Packet Broker ( by Chris Bihary)" »


Understanding Advanced Features in a Network Packet Broker (by Greg Zemlin)

Understanding Advanced Features in a Network Packet Broker

Network Packet Brokers (NPBs) have come a long way from their modest roots as data monitoring switches, though their intended application remains nearly the same.  The NPB is still primarily used as a device to maximize the performance of monitoring and security tools. The NPB’s most important features remain unchanged, these includes, 1:1, 1:N, N:1, and N:N port mappings, full L2-L4 filtering options, and configurable load balancing options.  In the pursuit of gaining a competitive advantage, vendors continue to add advanced features. This adds complexity in selecting the right product for your network.

Header image

The key to selecting the right Packet Broker is the understanding of each advanced feature and its alternatives.

Lets look at Deduplication, SSL/TLS decryption, and MetaData generation -  Important areas to understand!

Continue reading "Understanding Advanced Features in a Network Packet Broker (by Greg Zemlin)" »


Network Visibility - The Rise of the Aggregation Layer (by Greg Zemlin)

Network Visibility - The Rise of the Aggregation Layer

Sole reliance on SPAN ports for network visibility and monitoring has been on the decline for years. IT teams realize the inherent limitations of SPAN ports and have shifted in favor of the traditional 3-tiered approach to network visibility.

Tier 1: Physical Layer TAPs Network Test Access Points (TAPs) are hardware tools that allow you to access and duplicate network traffic. TAPs supply full line rate traffic and are never oversubscribed or rate limited. The egress traffic from the TAPs is then sent to NPBs.

Tier 2: Network Packet Brokers Network Packet Brokers (NPBs) are responsible for efficiently funneling data from network TAPs and SPAN ports to each tool. NPB’s were originally designed to replicate traffic for multiple tools while reducing the volume of traffic to each tool, ensuring each tool operates as efficiently as possible. This is typically done through a combination of aggregation, replication and L2-L4 filtering. The groomed, tool specific traffic is sent out for processing.

Aggregating Traffic

Tier 3: Tools Tools are responsible for processing and characterizing traffic of interest. Common tools are built for application performance monitoring, security, and data forensics.

Continue reading "Network Visibility - The Rise of the Aggregation Layer (by Greg Zemlin)" »


[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)

Why SPAN Ports Should Not be Used in Security Solutions

Image-header

The convergence of IT and OT (Operational  Networks) in the context of Industry 4.0 has led to a crowded market of security solutions targeting the shop floor on different levels. While the security of the legacy IT systems was part of the initial planning of those systems, the industry now faces the challenge to integrate security solutions in legacy OT systems.

Continue reading "[Analysis] Full Duplex Capture in SCADA and Industrial Control Networks (by Thomas Tannhäuser and Alexander Pirogov)" »