NextGig Systems, Inc. - Network Connectivity & Test Solutions

How-to Segregate and Load-Balance 10G Traffic among 1G Tools

Silicon Valley, CA - November 20, 2006 – The latest Internet phenomenon (Web 2.0) is transforming the World Wide Web from a collection of static portals to a dynamic interactive medium ideally suited for commerce, advertising, grass-root content creation, as well as on-demand multimedia consumption.

Besides the critical mass in broadband adoption and wireless accessibility, an important enabling factor for Web 2.0 is the commoditization of high speed networking technology. Whereas in the 2000, service providers struggled with deploying expensive 100-Meg Fast Ethernet switching technology, today they have all but transitioned to Gigabit Ethernet to stay competitive. As the trend continues, the year 2007 will emerge as the year of 10 Gigabit. Few customers are willing to be left behind and most are already moving feverishly to transition their core network to 10-Gig in order to enjoy additional cost savings and substantial performance gains.

Technical Challenges

One technical challenge of deploying 10-Gig core network has not changed from that of Gigabit, which is to provide a cost-effective and comprehensive solution to monitor mission-critical traffic at full line-rate in order to ensure network integrity including performance, security and compliance.

Unfortunately, in the near future, 10-Gig monitoring tools would not be readily available, and even if they were, would be either too expensive or simply incapable of working at true line-rate except in short bursts. 

One can throttle the 10-Gig traffic down to a level digestible by 1-Gig tools by using packet filtering, but obviously that would compromise the objective of providing comprehensive monitoring since theoretically 90% of the traffic could be lost. 

Recently a new class of Data Access Switch designed specifically for out-of-band network monitoring has been introduced which can accommodate multiple bit-mask filtering rules at each ingress port (both 1-Gig and 10-Gig). 

Using these multi-rule sequential pre-filters, 10-Gig traffic can be “mapped” to multiple load-sharing 1-Gig analyzers, with each tool analyzing a specific VLAN range, port number or IP subnet according to the specific filter rule, thereby performing comprehensive monitoring at 10 Gigabit rate without oversubscribing any single Gigabit tool. Since mapping filters are hardware based, latency is negligible and full line-rate performance is guaranteed. 

Whether it is Gigabit or 10 Gigabit, mission critical core network are almost always tiered, meshed and fully redundant. High availability network architecture dictates that multiple 10-Gig links are deployed between parallel switches to improve reliability. Therefore, packets do not travel on a unique path and in order to provide comprehensive monitoring, multiple 10-Gig data streams would have to be mapped simultaneously and aggregated so that each tool gets a logical slice of the total traffic. 

Example of 10G-to-1G Network Monitoring

Shown here is a typical web-centric customer data center running a 10-Gig core. In order to support the tremendous amount of web traffic (on the order of tens of millions of page views per week), it is not uncommon to have up to ten 1-Gig links to the Internet (to ISP’s and peering sites). Furthermore, total traffic is also increasing at 30% per quarter. Therefore a scalable monitoring solution is desperately needed to match customer’s growth.

In the core of the network, servers are organized in clusters, each serving a specific business function ranging from online shopping, credit verification, merchandize delivery and product support, upload and download of music, picture, podcast and video, various online activities including search, chat, email, blog, etc. Each server switch is connected to the core switches using two 10-Gig redundant links, which are themselves connected to the Internet through multiple 1-Gig redundant links.

A large number of best-of-breed monitoring tools from multiple vendors are deployed including web analytical tools to track real-time user experience and to enable internal charge-back to various business functions, database security tools to prevent leakage of confidential information, forensic data storage to proactively and retroactively examine attacks and abuses, etc., all of which compete for out-of-band data access.

With the Data Access Switch, the 10-Gig traffic streams mirrored from the core switches are captured and aggregated. Mapping filters based on IP address range corresponding to the server switches are used to segregate the total traffic into different logical groupings such that each appliance is responsible for monitoring of traffic belonging to one or several specific business functions. 

In summary, using a Data Access Switch with multi-rule mapping feature to share the load among multiple parallel processing Gigabit tools, 10-Gig network can be monitored comprehensively and cost-effectively.

Moreover, the Data Access Switch acts as the virtualization layer between the network and monitoring tools. It is the building block for a flexible Data Access Network (DAN) that enables IT engineers to deploy monitoring tools at will. Adds, changes and moves can be performed without requiring any physical changes or exerting load to the production network. Speed change (1G to 10G or 10G to 1G) and media conversion (copper to optical, multimode to single mode) can be easily accommodated. 

About Gigamon
Gigamon is the inventor and leading provider of Data-Access Switches. Its flagship product, GigaVUE®, can multicast packets from one span or tap to many tools to solve the span port sharing problem. It also can aggregate and intelligently filter packets from many spans or taps to one or multiple tools to solve the problem of monitoring flows across complex mesh topologies and virtual networks. GigaVUE® facilitates unobtrusive parallel tool deployment with network-wide coverage, significantly reducing customers’ capital budgets and yielding immediate ROI benefits.

For more information about Gigamon Data Access Switches please contact us here.


Questions? Call  1-805-277-2400