8 posts categorized "Packet Brokers" Feed

I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)

 I need a TAP, what do I need to know?

Deciding which TAP to purchase

Network TAPs (Test Access Points) are the absolute best way to gain access to network traffic, whether that be for network visibility solutions, network monitoring infrastructure, or network security auditing.  It is common at a certain point in an organization’s growth for it to be recognized that mirror ports and SPAN (Switch Port ANalyzer) ports, due to their many limitations, are no longer sufficient to provide traffic to monitoring and or security tools. When it comes time to begin building a TAP infrastructure there are several details to consider. Some are simple and obvious, and others may be subtler and more nuanced. This article is intended to be a primer on the main points to consider when searching for Network TAPs for your environment. The information contained herein applies primarily to Cubro Network Visibility TAPs as these are the products I have the most first-hand knowledge of.

Media Type and Connector Type

The first consideration for which TAP is best suited to environment is a fairly obvious one: Which media type do you intend to tap? Really, this is the difference between an electrical connection or a fiberoptic connection. On the electrical side we generally are talking about UTP (or perhaps STP cabling; it makes no difference for our purposes), although the use of DAC (Direct Attach Cabling) is relatively common as well. Fiberoptic cabling can be broken down into Single-Mode and Multi-Mode fiber and Multi-Mode fiber presents two possible core diameters to choose from.

Each of these media types will in turn necessitate a connector type on the TAP as well; fiber, again, having the most options. First let’s address electrical connections and specifically UTP as it is the most common electrical media that a TAP will be used with. The category of UTP cabling doesn’t really impact the decision of which TAP we will choose but would, of course, impact supported speeds and cable length. The speed of the link is a differentiating factor though.  Although it is not terribly common to encounter 10/100 links anymore it is important to point out that it is possible to have a completely passive electrical TAP (that requires power only for the monitor ports) at this speed. If you have 10/100 links in your environment the questions are whether it is more important to have a passive TAP that will not support 1G speeds or whether the option of upgrading the links without needing to replace the TAPs takes precedence.

10/100/1000 links are quite straightforward; you only have one choice. It is not possible to build a completely passive TAP for gigabit Ethernet over UTP; until now the industry approach has been to use relays to provide a fail-safe solution. This approach has not been problem-free though and instances where a link does not come back up or renegotiating a link after a failure takes an excessively long time are not rare. When I said you only had one choice earlier that is only partially true; in response to the number of issues with relay-based TAPs Cubro has designed a new type of 10/100/1000 TAP to drastically reduce these issues; adding a new, more reliable option to the mix.  


Continue reading "I need a TAP for Total Visibility, what do I need to know? (by Derek Burke)" »

Understanding Advanced Features in a Network Packet Broker (by Greg Zemlin)

Understanding Advanced Features in a Network Packet Broker

Network Packet Brokers (NPBs) have come a long way from their modest roots as data monitoring switches, though their intended application remains nearly the same.  The NPB is still primarily used as a device to maximize the performance of monitoring and security tools. The NPB’s most important features remain unchanged, these includes, 1:1, 1:N, N:1, and N:N port mappings, full L2-L4 filtering options, and configurable load balancing options.  In the pursuit of gaining a competitive advantage, vendors continue to add advanced features. This adds complexity in selecting the right product for your network.

Header image

The key to selecting the right Packet Broker is the understanding of each advanced feature and its alternatives.

Lets look at Deduplication, SSL/TLS decryption, and MetaData generation -  Important areas to understand!

Continue reading "Understanding Advanced Features in a Network Packet Broker (by Greg Zemlin)" »

LMTV LIVE | Introducing Cubro the Network Visibility Company


Cubro_170x200Who is Cubro and WHY should every Network Technologist want to know?

Todays complex network technologists find it challenging and overwhelming to manage their networks in the effort to minimize issues, Legal and Technical, so one must have Total Visibility to be able to recognize performance issues, aberrant behavior, data leaks plus being able to prove that they are protecting their network and data!. Today’s data requirements for  carriers, data centers, defense organizations and enterprises is that they MUST be able to see all their data and applications in real time in order to secure and manage their growing networks and traffic demands while improving productivity and keeping watch for attacks and leaks.

The key to this success is Total Network Visibility with Line Rate, Real Time network segment with focus view capabilities.

Continue reading "LMTV LIVE | Introducing Cubro the Network Visibility Company" »

Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective (by Yoram Ehrlich)

Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective

Today’s enterprise networks and service providers are in a conundrum: as network technologies advance, managing network security has become harder and costlier. Sure, they could continuously introduce new monitoring tools - but this adds configuration hours and management complexities to an already intricate scenario. They could also replace slow-running tools with higher-speed devices - but they’ll incur additional costs. Or, for better results, they can adopt a holistic network monitoring infrastructure that enables migration to a higher network speed while increasing the effectiveness of existing security and monitoring tools.

Today’s security landscape demands strong, holistic-visibility architecture

Security breaches are moving up to ever higher (and frightening) levels and remain a thorn in organizations’ sides. Verizon’s 2018 Data Breach Investigations Report (DBIR) indicated that in 2017, more than 53,000 security incidents were reported and 2,216 breaches confirmed. The number of actual attacks remains unknown but undoubtedly is considerably higher.

Unfortunately, the issue of network security cannot be solved with a one-time purchase, and no security product is “perfect.” Today’s organizations’ best bet is a Network Visibility architecture-based security solution that reveals hidden network dangers and inefficiencies, identifies network hiccups and outages, increases network security, and addresses potential compliance issues — all before they impact the business.

Look for these four critical components when choosing a holistic approach: high efficiency and flexible access to the network, monitoring middleware functionalities (filtering, packet grooming, etc.), advanced monitoring functions (application intelligence, NetFlow support), and monitoring tools connectivity.

...and a more efficient and cost-effective security infrastructure

Continue reading "Use Network Packet Brokers to make data center security infrastructure more efficient and cost effective (by Yoram Ehrlich)" »

Scalability in Network Architecture (by Christian Ferenz)

Scalability in Network Architecture

There has been a huge surge in network traffic and no industry is immune from being overwhelmed by data. Network visibility is a requirement for all industries ranging from financial corporations, telecom companies, data centres to retailers, government and healthcare. All are vulnerable to becoming constrained due to scalability issues.

With non-scalable tools, companies are limited by the number of switches and the architecture does not allow them to address all their network visibility concerns. As a result, they end up investing huge sums in changing their entire network architecture.

If a company’s existing network monitoring setup consists of a limited number of network TAPs feeding a monitoring switch, the system provides limited visibility and is not scalable. Such a system is also not capable of addressing regular microbursts in network traffic. Furthermore, the architecture generates substantial duplicate packets that the switch is not equipped to eliminate, creating challenges for monitoring. In such cases, when a company needs to install new TAPs and new port SPANs to accommodate network expansion, the old switch is not able to handle the load.

A scalable solution which offers multi-stage filtering, de-duplication and other features helps a network operate more efficiently.

Customers can ease these problems by building scalable network monitoring visibility solutions.

  • Tools that can intelligently aggregate data and precisely channel it to the appropriate monitoring tools without missing or dropping data, and which provide 100-percent visibility. Instead of using several TAPs, SPANs and tools, a scalable tool can provide 100 percent visibility of all data passing through it.


Continue reading "Scalability in Network Architecture (by Christian Ferenz)" »