NextGig Systems, Inc. - Network Connectivity & Test Solutions

Spynet Blueprint

Gigamon - Intelligent Data Access Networking

Interop is a significant event for network engineers. It is a twice-a-year gathering, once in Las Vegas and once in New York. It is the mega-show where vendors come to show off their latest networking products. Part of the uniqueness of Interop is the production network, the InteropNet, which is shown on the left of the top diagram and runs the show by providing connectivity to hundreds of vendor booths, conference rooms and classrooms.

Historically, exhibitors and participants have come to expect InteropNet to be a bulletproof triple redundant state-of-the-art network to demonstrate technology and to help shape purchase decisions. To ensure that such business activities can take place, there is a secondary overlay network that is also built along with InteropNet. This mission critical monitoring network is called the SpyNet which is shown below. Whereas InteropNet is the largest temporary network ever built, InteropSpyNet can be thought of as the largest temporary Data Access Network.

The SpyNet Mission

In a recent show (New York 2006), a number of security and performance monitoring tools were deployed as shown, ranging from protocol analyzers from Fluke Networks for troubleshooting, intrusion detection systems from Juniper Networks for security, application performance monitors from Network Physics and forensic data recorders from Network General.

All of these tools have different and competing data access requirements: some expect to see traffic before the firewall, some after, and some even both; some expect to see traffic inside the Gigabit ring and some outside. Some tools want to see the packets unfiltered and some want to see only VoIP traffic, or traffic that belongs to a particular VLAN or IP subnet. 

Technical Challenge

The key technical challenge of SpyNet was to provide replica traffic from the InteropNet (using SPAN ports, external and internal taps, either optical or copper, ranging from 100M, to 1G or even 10G) and to channel this data to a variety of monitoring tools. 

The flexibility of the data access switch used in this set-up enables tools to be plugged in at will. Adds, changes and moves can be performed without requiring any physical changes or exerting load to the production network. Speed change (1G to 10G or 10G to 1G) and media conversion (copper to optical, multimode to single mode) can be easily accommodated. In summary, similar to the InteropNet which is a virtualized network, InteropSpyNet is also a virtualized network.

Specifically, incoming traffic can be virtually "mapped" using multi-rule filters such that the total traffic aggregated from multiple switches or taps can be redistributed to a parallel array of collaborating monitoring tools so that each can concentrate on a specific VLAN range corresponding to a quadrant of the show floor traffic. With a vrtualized SpyNet, comprehensive monitoring can be performed without oversubscribing any one tool.

SpyNet is a revolutionary concept whose time has come. While SpyNet originated from Interop, it has become a Best Practice among high-end enterprise customers. SpyNet is essentially the virtualization layer between the network and the tools, providing customizable data access and matching the bandwidth requirement of the business enabling production network and the bandwidth available on the mission critical monitoring tools.

Applying SpyNet Principles in Other Applications

The SpyNet concept can be applied to mission critical data centers. In this example, a $6B biotech company was inundated with competing requirements for passive network monitoring, including data capturing and massive offline archival storage for all business sensitive traffic in order to satisfy Sarbanes Oxley compliance, application performance monitoring to ensure integrity of eBusiness software deployed throughout the entire enterprise and protocol analysis for occasional and on-demand troubleshooting.

The fundamental building block is the data access switch which acquires traffic from multiple SPAN ports, aggregates and filters the aggregated traffic according to specific VLAN range (in order to segregate the total traffic by business groups), and multicasts the customized traffic to different tools.

About Gigamon Systems

Founded in 2003 by six veterans of network monitoring and telecommunications equipment companies, Gigamon Systems is the inventor and leading provider of Data-Access Switches. Its flagship product, GigaVUE®, can multicast packets from one span or tap to many tools to solve the span port sharing problem. It also can aggregate and intelligently filter packets from many spans or taps to one or multiple tools to solve the problem of monitoring flows across complex mesh topologies and virtual networks. GigaVUE® facilitates unobtrusive parallel tool deployment with network-wide coverage, significantly reducing customers’ capital budgets and yielding immediate ROI benefits.

For more information about Gigamon Data Access Switches please contact us here.


Questions? Call  1-805-277-2400