Why can t I just do that with a switch? Joseph Magee Chief Security Officer Top Layer Networks
|
|
- Sara Gallagher
- 5 years ago
- Views:
Transcription
1 Why can t I just do that with a switch? Joseph Magee Chief Security Officer Top Layer Networks - 1 -
2 Introduction In the field you may come across the following question: Why can t I do what your IDS Balancer does with a regular switch? Depending on the depth of the conversation, this question may at first be tough to answer. This short paper describes the clear cut advantages of using a Top Layer IDS Balancer over a Conventional Switch or a Web Switch (such as a Server Load Balancer). Using a Conventional Switch to Aggregate Traffic The truth is, if you re just interested in aggregating multiple traffic streams for sake of analysis by a single device, then you can use a conventional switch (capable of VLANs and SPANS Port) to aggregate traffic. This has been tested with both a Cisco 3500 Series and an Extreme Summit24. Figure 1.1 shows a typical deployment for using a conventional switch to perform traffic aggregation. As you can see, the links coming from the different networks are connected to the switch where they are then mirrored out through the Gigabit port to the Sniffer/IDS. TX Link RX Link Gigabit Etherenet Conventional Switch Gig Capable Sniffer/IDS Network A Network A Network B Network B Network C Network C Figure
3 For this to work, one would define all of the mirror links (coming off of the Net Optics taps or from other SPANS ports) as one VLAN and then mirror that VLAN to a gigabit port. In Figure 1.2 we see that all of the mirror links are defined as vlan01, then vlan01 is mirrored to port 14. In this case, port 14 is the gigabit port on the switch. Conventional Switch vlan01 mirrored to port 14 vlan01 Gig Capable Sniffer/IDS Figure 1.2 Although this methodology takes away some of the value add with using our product to do link aggregation, there are a series of major downfalls: 1. You cannot load balance the aggregated traffic load to multiple IDS Sensors/Sniffers. 2. You re not guaranteed that you will see all traffic due to the potential packet loss of using a SPANS or mirror port. Generally sending data out of a SPANS (or mirror) port is at the bottom of the switch s queuing priority. 3. Asymmetrical network packet streams cannot be reassembled to form a conversation that the IDS can appropriately translate. 4. You can not address the need for requiring multiple copies of the incoming traffic for analysis, forensics, debugging, collection, etc
4 Trying to use a Web Switch to perform IDS Load Balancing When using a web switch or server load balancer to perform IDS balancing, you will run into some pitfalls. First, web switches typically use a VIP or Virtual IP address to be the front end for a farm of servers. When traffic is destined to the VIP address, the web switch load balances that traffic across multiple servers. VIP= Server 1 Internet Web Switch Server 2 Server 3 Figure 2.1 Now if we were to try to apply this same method of load balancing to IDS traffic, the network would look like this: VIP= Sniffer/IDS Sensor 1 Web Switch Sniffer/IDS Sensor 2 Sniffer/IDS Sensor 3 Internet Internet Figure 2.2 As you can see, the problem we have here is that the web switch balances traffic that is destined to its VIP address, it will not balance traffic that is doesn t have the VIP as the destination IP address; therefore, making this methodology ineffective for IDS Balancing
5 While these are fundamental examples of why standard web switches will not work, certain Web Switches, such as Alteon, have the capability of distributing all incoming traffic (not just traffic destined for the VIP) using a basic round robin algorithm. The problem is these web switches use a load balancing algorithm that locks in the source IP address to a specific server (or in this case IDS sensor) to maintain persistence to and from that IP address. While this may be an acceptable methodology for the short term (Figure 2.3), over time you will have an inconsistent balance of network traffic going to a given server or IDS sensor. Figure 2.4 illustrates the effects of this algorithm over time. Note the packet processing utilization inconsistencies Figure 2.3 Figure
6 Using a Top Layer IDS Balancer to Aggregate and Load Balance Traffic Using the Top Layer solution, you can aggregate and balance the incoming traffic load to multiple gigabit capable IDS Sensors/Sniffers or multiple Fast Ethernet IDS Sensors/Sniffers. Another advantage is that you can fully insure that any traffic coming in through the input links will be properly balanced to the IDS Sensors/Sniffers. As Figure 3.1 shows, you can balance the incoming traffic streams to multiple Gigabit capable IDS/Sniffers. Although not shown, you can also balance the incoming streams to the remaining Fast Ethernet ports. Gig Capable IDS/Sniffer Gig Capable IDS/Sniffer TX Link RX Link Gigabit Etherenet Top Layer IDS Balancer Network A Network A Network B Network B Network C Network C Figure 3.1 As you can see this methodology is far more superior to the conventional method. You have the ability to balance the aggregated traffic load to multiple IDS Sensors/Sniffers, provide active failover for your network IDS, and ensure that every packet that is connected to the IDS Balancer will make it to your IDS Sensors
7 What makes the IDS Balancer different from its Web Switch or Server Load Balancing competitors is its unique patented flow based load balancing algorithm. The IDS Balancer maintains state on all inbound traffic and balances the traffic according to flow. A flow is defined as a complete TCP conversation. Additionally the IDS Balancer keeps state on UDP and ICMP which are stateless in nature. This unique load balancing algorithm achieves the most efficient method of traffic distribution for IDS Sensors. Figure 3.2 As Figure 3.2 shows, 1. Multiple inputs are aggregated into the IDS Balancer and are internally condensed into one input stream. 2. The input stream enters the IDS Balancer s State Table. 3. The traffic is balanced flow by flow to each of the IDS Sensors/Sniffers. 4. This balancing algorithm evenly distributes traffic resulting in even packet processing utilization across the IDS Sensors/Sniffers - 7 -
8 Why isn t just using conventional switching with a SPANs port good enough? When deploying a network IDS you have to ask yourself, Do I want to see 100% of my network traffic? If the answer is no and your willing to settle for less than 100% visibility of your network than you probably can get away with using a conventional switch with a SPANs port enabled. To those who think that they can get away with less than 100% I ask: If you re not going to monitor 100% of your network traffic then why perform Intrusion Detection to begin with? It can be very troubling to think that the $ IDS solution that you are about to deploy will only monitor 90% of your network traffic to begin with. (Try proposing that solution to management). It s challenging enough keeping signatures and policies updated on your IDS Sensors. It s important to realize that if you do not monitor 100% of your network traffic then you will miss attacks that occur on your network. Bottom line. Using a conventional layer 2 switch with SPANs or Switchport Analyzer port enabled has many drawbacks. A layer 2 switch is optimized for fast packet handling. When you enable a SPANS port the switch performance becomes an issue on many fronts. Figure 4.1 illustrates known problems with using a conventional layer 2 switch with a SPANs port. 1. Some Layer 2 switches do not allow you to mirror an entire vlan to a single port. 2. The SPANs port is the last thing to be serviced in the queuing of the switch and therefore will drop packets if the switch is doing prioritized duties such as switching vlans. 3. The two 100Mb links coming from the NetOptics tap will overrun the SPAN port with too much bandwidth. This is known as oversubscribing. 4. You can only enable one SPANs port. Attempting to enable more than one will result in erratic behavior.** 5. The IDS Sensor will not receive all of the packets presented to the switch due to conditions The IDS Sensor may not be able to handle the amount of traffic being transmitted to it. **Tested on an Extreme Summit 24 and Cisco 3500 switches
9 In a recent SANS article Intrusion Detection Systems: An Overview of RealSecure the following comments were mentioned about SPAN port problems: The advantage of using a SPAN port is that it can be easily configured and doesn t require additional hardware. There are some limitations to this type of deployment that could cause it to be more trouble than it s worth. A typical switch will only allow for one SPAN port to be used. This means that to monitor more than one port, a range of ports must be spanned to the single SPAN port. In a network with heavy traffic, monitoring more than one port would quickly overwhelm the SPAN port and cause it to start dropping packets. There is also the inability of a SPAN port to mirror errors such as Runts and Giants, which could indicate a network attack. You can read the entire article here: Because of the problems with using a SPANs it is recommended to use a or Schomitti Century Tap. These devices give you a fully mirrored copy of the traffic without introducing any latency into the network. These types of taps are fail open, meaning if they were to fail in your network, your network service would not be interrupted. What about hubs? The use of a hub in an enterprise network is not an option. There is a preconceived notion that using a hub would be an acceptable way to monitor network traffic since all information transmitted on a hub is shared with every port, essentially negating the need for a SPANS port. While hubs are convenient for test environments and in labs, they are not acceptable to use in an enterprise network. Putting a hub inline on your network may have an adverse effect on your network performance. When operating at full duplex hubs are susceptible to packet collisions which will cause your IDS to not see 100% of the packets. When operating at half duplex you will miss packets that are transmitted in access of 50Mbs unidirectional or 100Mbs bidirectional. Why is the Top Layer Solution a better one? The Top Layer IDS Balancer enables you to have 100% Intrusion Detection coverage. Perform 100% Intrusion Detection on high speed networks. Properly aggregate and balance traffic from multiple points on your network. The ability to mirror multiple copies of your network traffic to multiple IDS/Sniffers Allows for IDS in switched environments (with the use of a Tap) Reassemble asymmetrical network streams for intrusion and network analysis. Application based IDS Balancing Active IDS Sensor redundancy Increased scalability as your network speeds increase. Increase the overall effectiveness of your Intrusion Detection
SINGLEstream Link Aggregation Tap (SS-100)
SINGLEstream Link Aggregation Tap (SS-00) Optional 3-Unit Rack Mount Datacom Systems SINGLEstream 0/00 Link Aggregation Tap provides a superior solution for 4x7 monitoring of full-duplex Ethernet links.
More informationPort Mirroring Best Practice
APAC SWAT Port Mirroring Best Practice TDA Deployment Guide Barry Yuan/Todd Sun 08 Version History ID Author Content Comments Date 1 Barry Yuan/Todd Sun Port Mirroring for Cisco/H3C/HP 11/28/2008 2 Barry
More informationConfiguring SPAN. Understanding SPAN CHAPTER. This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2960 switch.
CHAPTER 23 This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2960 switch. Note For complete syntax and usage information for the commands used in this chapter, see
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationLoad Balancing with McAfee Network Security Platform
Load Balancing with McAfee Network Security Platform Optimizing intrusion prevention system performance 1 Load Balancing with McAfee Network Security Platform Load Balancing with McAfee Network Security
More informationDesigning Solution with Cisco Intrusion Prevention Systems
Designing Solution with Cisco Intrusion Prevention Systems Petr Růžička, CSE CCIE #20166 1 Session Abstract IPS technology could be placed in many different places in the network and as such it has to
More informationOverview. Hardware Features S3100-8F-8G S F-8G S G-2F S G. S3100 Series L2 Gigabit Ethernet Switches
S3100 Series L2 Gigabit Ethernet Switches Overview The S3100 series are L2 gigabit Ethernet Switches developed by TG-NET. Except for excellent non-blocking line-speed data switching, the series support
More informationOverview of the Cisco Service Control Value Added Services Feature
CHAPTER 1 Overview of the Cisco Service Control Value Added Services Feature Revised: May 27, 2013, Introduction The VAS feature enables the Cisco SCE platform to access an external expert system for classification
More informationNIC TEAMING IEEE 802.3ad
WHITE PAPER NIC TEAMING IEEE 802.3ad NIC Teaming IEEE 802.3ad Summary This tech note describes the NIC (Network Interface Card) teaming capabilities of VMware ESX Server 2 including its benefits, performance
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationValue Added Services (VAS) Traffic Forwarding
CHAPTER 12 Revised: June 27, 2011, Introduction This chapter provides an overview of VAS traffic forwarding, explaining what is it and how it works. It also explains the various procedures for configuring
More informationCisco Networking Academy Curriculum - Semester Three Scope and Sequence
Cisco Networking Academy Curriculum - Semester Three Scope and Sequence Course Description: This is the third course in four courses designed to introduce new content and extend previously learned networking
More informationInformation About Topology
CHAPTER 3 Revised: December 24, 2010, Introduction This chapter describes the possible deployment topologies of the SCE 2000. The Cisco SCE solution offers a number of basic topology options that permit
More informationBuffered Distributor Proposal. Gigabit. (a.k.a. Full Duplex Repeater) (a.k.a. Buffered Repeater) Packet Engines. Bernard Daines
Gigabit Buffered Distributor Proposal (a.k.a. Full Duplex Repeater) (a.k.a. Buffered Repeater) Bernard Daines Packet Engines (59) 922-919 FAX (59) 922-9185 bernardd@packetengines.com Mailing Address Shipping
More informationSharkFest'17 US. Validating Your Packet Capture: How to be sure you ve captured correct & complete data for analysis
SharkFest'17 US Validating Your Packet Capture: How to be sure you ve captured correct & complete data for analysis Dupes, Drops, and Misses, Oh My! *New title; same product J. Scott Haugdahl and Mike
More informationConfiguring SPAN. Configuring SPAN. SPAN Sources. This chapter includes the following sections: Configuring SPAN, page 1
This chapter includes the following sections:, page 1 SPAN Sources The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by
More informationBehavior-Based IDS: StealthWatch Overview and Deployment Methodology
Behavior-Based IDS: Overview and Deployment Methodology Lancope 3155 Royal Drive, Building 100 Alpharetta, Georgia 30022 Phone: 770.225.6500 Fax: 770.225.6501 www.lancope.com techinfo@lancope.com Overview
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationEqualLogic Storage and Non-Stacking Switches. Sizing and Configuration
EqualLogic Storage and Non-Stacking Switches Sizing and Configuration THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationConfiguring SPAN and RSPAN
Finding Feature Information, page 1 Prerequisites for SPAN and RSPAN, page 1 Restrictions for SPAN and RSPAN, page 2 Information About SPAN and RSPAN, page 3 How to Configure SPAN and RSPAN, page 14 Monitoring
More informationAggregate Interfaces and LACP
The following topics explain aggregate interface configuration and how LACP functions on managed devices: About Aggregate Interfaces, on page 1 LAG Configuration, on page 2 Link Aggregation Control Protocol
More information1 Mojo S-2000 Series Managed PoE Switches
Datasheet 1 Mojo S-2000 Series Managed PoE Switches Highlighted Features Mojo cloud-managed switch 8-port, 24-port, and 48-port models 130 / 370 / 740 Watt power budget PoE & PoE+ Support (802.3af/at)
More informationConfiguring SPAN and RSPAN
CHAPTER 32 This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 3750-X or 3560-X switch. Unless otherwise noted, the term switch refers to a Catalyst
More informationTG-NET S5500 series switches are the next-generation enhanced IPv6 Layer 3 Core Switches. They adopt modular design, support up to four 10GB ports,
S5500 Series L3 10G Managed Switches Overview TG-NET S5500 series switches are the next-generation enhanced IPv6 Layer 3 Core Switches. They adopt modular design, support up to four 10GB ports, can achieve
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationCisco CISCO Data Center Networking Infrastructure Design Specialist. Practice Test. Version
Cisco 642-971 CISCO 642-971 Data Center Networking Infrastructure Design Specialist Practice Test Version 1.1 QUESTION NO: 1 Cisco 642-971: Practice Exam Which service module configuration is recommended
More informationOn the Cisco Nexus 5548 Switch, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.
This chapter includes the following sections:, page 1 SPAN Sources The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by
More informationCisco - Catalyst G-L3 Series Switches and WS-X4232-L3 Layer 3 Modules QoS FAQ
Page 1 of 7 Catalyst G-L3 Series Switches and WS-X4232-L3 Layer 3 Modules QoS FAQ Document ID: 19641 Questions Introduction Which QoS features do the Layer 3 (L3) Catalyst switches support? What is the
More information8-Port 10/100TX 802.3at PoE + 2-Port Gigabit TP/SFP Combo Web Smart Ethernet Switch FGSD-1008HPS
8-Port 10/100TX 802.3at PoE + 2-Port Gigabit TP/SFP Combo Web Smart Ethernet Switch FGSD-1008HPS Presentation Outlines Product Overview Product Features Product Benefits Applications 2 / 34 Product Overview
More informationConfiguring SPAN and RSPAN
24 CHAPTER This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage information for
More informationMonitor Commands. monitor session source, page 2 monitor session destination, page 4
monitor session source, page 2 monitor session destination, page 4 1 monitor session source monitor session source To create a SPAN or RSPAN source session, use the monitor session source command in switch
More informationNetwork Security Platform Overview
Quick Tour Revision B McAfee Network Security Platform 8.1 Network Security Platform Overview McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and
More informationPass-Through Technology
CHAPTER 3 This chapter provides best design practices for deploying blade servers using pass-through technology within the Cisco Data Center Networking Architecture, describes blade server architecture,
More informationUsing Switches with a PS Series Group
Cisco Catalyst 3750 and 2970 Switches Using Switches with a PS Series Group Abstract This Technical Report describes how to use Cisco Catalyst 3750 and 2970 switches with a PS Series group to create a
More informationConfiguring Tap Aggregation and MPLS Stripping
This chapter contains the following sections: Information About Tap Aggregation, page 1 Information About MPLS Stripping, page 3 Configuring Tap Aggregation, page 4 Verifying the Tap Aggregation Configuration,
More informationLoad Balancing Technology White Paper
Load Balancing Technology White Paper Keywords: Server, gateway, link, load balancing, SLB, LLB Abstract: This document describes the background, implementation, and operating mechanism of the load balancing
More informationIntroducing Campus Networks
Cisco Enterprise Architecture Introducing Campus Networks 2003, Cisco Systems, Inc. All rights reserved. 2-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 2-2 Campus Data Center Combines switching
More informationConfiguring IEEE 802.3ad LACP EtherChannels on the Cisco MWR 2941
29 CHAPTER Configuring IEEE 802.3ad LACP EtherChannels on the Cisco MWR 2941 Cisco MWR 2941 Release 3.5.1 and later supports IEEE 802.3ad Link Aggregation Control Protocol (LACP) EtherChannels. Note The
More information10 Port L2 Managed Gigabit Ethernet Switch with 2 Open SFP Slots - Rack Mountable
10 Port L2 Managed Gigabit Ethernet Switch with 2 Open SFP Slots - Rack Mountable Product ID: IES101002SFP The IES101002SFP 10-port Ethernet switch delivers flexibility and control of your network by letting
More informationChapter Seven. Local Area Networks: Part 1. Data Communications and Computer Networks: A Business User s Approach Seventh Edition
Chapter Seven Local Area Networks: Part 1 Data Communications and Computer Networks: A Business User s Approach Seventh Edition After reading this chapter, you should be able to: State the definition of
More informationAbstract. AM; Reviewed: WCH/JK 9/11/02. Solution & Interoperability Test Lab Application Notes 2002 Avaya Inc. All Rights Reserved.
Configuring a Hunt Group Between a Microsoft Windows NT 4.0 Server Equipped with Two Compaq Gigabit Server NICs and an Avaya P882 MultiService Switch - Issue 1.0 Abstract These Application Notes provide
More informationCisco Virtual Office High-Scalability Design
Solution Overview Cisco Virtual Office High-Scalability Design Contents Scope of Document... 2 Introduction... 2 Platforms and Images... 2 Design A... 3 1. Configure the ACE Module... 3 2. Configure the
More informationBIG-IP TMOS : Routing Administration. Version 13.1
BIG-IP TMOS : Routing Administration Version 13.1 Table of Contents Table of Contents Overview of TMOS Routing...9 Overview of routing administration in TMOS...9 About BIG-IP system routing tables...
More informationEnterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.
DATASHEET Enterasys K-Series Product Overview The Enterasys K-Series is the most cost-effective, flow-based switching solution in the industry. Providing exceptional levels of automation, visibility and
More informationConfiguring Modular QoS on Link Bundles
A link bundle is a group of one or more ports that are aggregated together and treated as a single link. This module describes QoS on link bundles. Line Card, SIP, and SPA Support Feature ASR 9000 Ethernet
More informationIntroduction to Ethernet. Guy Hutchison 8/30/2006
Introduction to Ethernet Guy Hutchison 8/30/2006 What is Ethernet? Local area transport protocol Layer 2 of the OSI stack Zero/minimal configuration Low-cost, high performance Best-effort delivery Original
More informationINTELLAPATCH Switches
TM INTELLAPATCH Switches The Leader in Physical Layer Switching & Automation ELEXO 20 Rue de Billancourt 92100 Boulogne-Billancourt Téléphone : 33 (0) 1 41 22 10 00 Télécopie : 33 (0) 1 41 22 10 01 Courriel
More informationConfiguring EtherChannels and Link-State Tracking
CHAPTER 37 Configuring EtherChannels and Link-State Tracking This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the switch. EtherChannel provides fault-tolerant high-speed
More informationEnhancing Network and Data Centre Return on Investment
Product Brief NORTEL NETWORKS ALTEON STACKABLE WEB SWITCHES 180 AND ACEDIRECTOR SERIES Enhancing Network and Data Centre Return on Investment Nortel Networks award-winning Alteon 180 Series and Alteon
More informationConfiguring EtherChannels and Layer 2 Trunk Failover
28 CHAPTER Configuring EtherChannels and Layer 2 Trunk Failover This chapter describes how to configure EtherChannels on Layer 2 ports on the switch. EtherChannel provides fault-tolerant high-speed links
More informationConfiguring SPAN and RSPAN
34 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationTraditional network management methods have typically
Advanced Configuration for the Dell PowerConnect 5316M Blade Server Chassis Switch By Surendra Bhat Saurabh Mallik Enterprises can take advantage of advanced configuration options for the Dell PowerConnect
More informationEtherChannel and Redundant Interfaces
This chapter tells how to configure EtherChannels and redundant interfaces. Note For multiple context mode, complete all tasks in this section in the system execution space. To change from the context
More informationConfiguring SPAN and RSPAN
Prerequisites for SPAN and RSPAN, page 1 Restrictions for SPAN and RSPAN, page 1 Information About SPAN and RSPAN, page 3 How to Configure SPAN and RSPAN, page 14 Monitoring SPAN and RSPAN Operations,
More information3. What could you use if you wanted to reduce unnecessary broadcast, multicast, and flooded unicast packets?
Nguyen The Nhat - Take Exam Exam questions Time remaining: 00: 00: 51 1. Which command will give the user TECH privileged-mode access after authentication with the server? username name privilege level
More informationBIG-IP TMOS : Routing Administration. Version 13.0
BIG-IP TMOS : Routing Administration Version 13.0 Table of Contents Table of Contents Overview of TMOS Routing...9 Overview of routing administration in TMOS...9 About BIG-IP system routing tables...
More informationInterfaces for Firepower Threat Defense
This chapter includes Firepower Threat Defense interface configuration including Ethernet settings, EtherChannels, VLAN subinterfaces, IP addressing, and more. About Firepower Threat Defense Interfaces,
More informationDifferent network topologies
Network Topology Network topology is the arrangement of the various elements of a communication network. It is the topological structure of a network and may be depicted physically or logically. Physical
More informationMcAfee IntruShield Network IPS Sensor Pioneering and Industry-Leading, Next-Generation Network Intrusion Prevention Solution
Data Sheet McAfee Network Protection Solutions McAfee IntruShield Network IPS Sensor Network Intrusion Prevention Solution The Challenge The risks to enterprise and service provider security continue to
More informationEthernet Hub. Campus Network Design. Hubs. Sending and receiving Ethernet frames via a hub
Campus Network Design Thana Hongsuwan Ethernet Hub 2003, Cisco Systems, Inc. All rights reserved. 1-1 2003, Cisco Systems, Inc. All rights reserved. BCMSN v2.0 1-2 Sending and receiving Ethernet frames
More information5 What two Cisco tools can be used to analyze network application traffic? (Choose two.) NBAR NetFlow AutoQoS Wireshark Custom Queuing
1 Refer to the exhibit. After configuring QoS, a network administrator issues the command show queueing interface s0/1. What two pieces of information can an administrator learn from the output of this
More informationHillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Enhanced Intelligent QoS
Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Enhanced Intelligent QoS Keywords: Hillstone T-Series Intelligent Next-Generation Firewall (ingfw), Enhanced Intelligent QoS (iqos),,
More informationConfiguring EtherChannels and Link-State Tracking
30 CHAPTER Configuring EtherChannels and Link-State Tracking This chapter describes how to configure EtherChannels on Layer 2 ports on the Catalyst 2960 switch. EtherChannel provides fault-tolerant high-speed
More informationConfiguring Box-to-Box Redundancy
CHAPTER 3 This chapter describes how to configure redundancy between two identically configured Cisco Content Services Switches (CSSs). Information in this chapter applies to all CSS models, except where
More informationConfiguring EtherChannels and Layer 2 Trunk Failover
35 CHAPTER Configuring EtherChannels and Layer 2 Trunk Failover This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the switch. EtherChannel provides fault-tolerant high-speed
More informationData and Computer Communications
Data and Computer Communications Chapter 16 High Speed LANs Eighth Edition by William Stallings Why High Speed LANs? speed and power of PCs has risen graphics-intensive applications and GUIs see LANs as
More informationCisco Series Internet Router Architecture: Packet Switching
Cisco 12000 Series Internet Router Architecture: Packet Switching Document ID: 47320 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Packet Switching:
More informationValidation of Cisco SCE8000
Isocore Technical Report Validation of Cisco SCE8000 ISOCORE Internetworking Lab ISOCORE Technical Document Reference: ITD: 13039 Version (v1.3): 4/10/09 ISOCORE Internetworking Lab 1 12359 Sunrise Valley
More informationConfiguring iscsi in a VMware ESX Server 3 Environment B E S T P R A C T I C E S
Configuring iscsi in a VMware ESX Server 3 Environment B E S T P R A C T I C E S Contents Introduction...1 iscsi Explained...1 Initiators...1 Discovery and Logging On...2 Authentication...2 Designing the
More informationPortable 2-Port Gigabit Wirespeed Streams Generator & Network TAP
Portable 2-Port Gigabit Wirespeed Streams Generator & Network TAP NuDOG-301C OVERVIEW NuDOG-301C is a handheld device with two Gigabit ports for Ethernet testing. The main functions of NuDOG-301C include
More informationConfiguring TAP Aggregation and MPLS Stripping
This chapter describes how to configure TAP aggregation and MPLS stripping on Cisco NX-OS devices. This chapter contains the following sections: About TAP Aggregation, page 1 About MPLS Stripping, page
More informationSmart Managed PoE-Powered 5-Port Gigabit Switch
Product Highlights Powered by Receives power from upstream Switch or Injector No local power source needed Ideal for use in hard to reach locations Extender Supports Pass-through Propagates power to one
More informationCubro Packetmaster EX48600
Cubro Packetmaster EX48600 PRODUCT REVIEW Network Packet Broker (NPB) At a glance The Packetmaster EX48600 is a high performance network packet broker up to Layer 4 that aggregates, filters, duplicates,
More informationASIT-33018PFM. 18-Port Full Gigabit Managed PoE Switch (ASIT-33018PFM) 18-Port Full Gigabit Managed PoE Switch.
() Introduction Description 16 * 10/100/1000M PoE ports + 2 * Gigabit SFP optical ports. L2+ function with better performance of management, safety & QoS etc. Supprt Layer 2 switching function, including
More informationT H E TOLLY. No September 2002
No. 202149 September 2002 Dell PowerConnect 3248 versus 3Com SuperStack 3 Switch 4400 and Cisco Systems, Inc. Catalyst 2950 Layer 2 Fast Ethernet/Gigabit Ethernet Switching Competitive Evaluation Premise:
More informationEvent-Based Software-Defined Networking: Build a Secure Science DMZ
White Paper Event-Based Software-Defined Networking: Build a Secure Science DMZ What You Will Learn As the need to efficiently move large data sets around the world increases, the Science DMZ - built at
More informationInterfaces for Firepower Threat Defense
This chapter includes Firepower Threat Defense interface configuration including Ethernet settings, EtherChannels, VLAN subinterfaces, IP addressing, and more. About Firepower Threat Defense Interfaces,
More informationMaximizing visibility for your
Maximizing visibility for your OptiView Series III Integrated Network Analyzer Network management and security departments have different network access requirements from the end user and server groups.
More informationConfiguring EtherChannels
27 CHAPTER This chapter describes how to configure EtherChannel on Layer 2 interfaces. EtherChannel provides fault-tolerant high-speed links between switches, routers, and servers. You can use it to increase
More informationJSH2402GBM. Introduction. Main Features Combo Port Mixed Giga Ethernet SNMP Switch. Picture for reference
JSH2402GBM 24+2 Combo Port Mixed Giga Ethernet SNMP Switch Introduction Picture for reference The 24+2 Combo Port Mixed Giga Ethernet SNMP Switch is ideal for medium to large Internet bar or enterprise,
More informationH3C S5130S-LI Gigabit Access & 10G Uplink Switch Series
DATASHEET H3C S5130S-LI Gigabit Access & 10G Uplink Switch Series Overview H3C S5130S-LI is the latest development of Gigabit speed Layer 2 Ethernet switch. It s the second generation intelligent managed
More informationGigabit Metro Ethernet Switches
Product Highlights Gigabit Ethernet Speed High-speed ports provide the latest Ethernet technology while remaining backward compatible for connections to older computers and equipment Revolutionary Energy
More informationThe following steps should be used when configuring a VLAN on the EdgeXOS platform:
EdgeXOS VLANs VLAN Overview This document provides an overview of what a VLAN is and how it is configured on the EdgeXOS platform. Use the step-by-step guide below to configure a VLAN on the Edge appliance
More informationGroup Configuration Mode Commands
Chapter 2 General Commands Group Configuration Mode Commands Group configuration mode allows you to configure a group. A group is a collection of local servers that initiate flows from within the local
More informationAdvanced Network Tap application for Flight Test Instrumentation Systems
Advanced Network Tap application for Flight Test Instrumentation Systems Ø. Holmeide 1, M. Schmitz 2 1 OnTime Networks AS, Oslo, Norway oeyvind@ontimenet.com 2 OnTime Networks AS, Dallas, USA markus@ontimenet.com
More informationChapter 5 Reading Organizer After completion of this chapter, you should be able to:
Chapter 5 Reading Organizer After completion of this chapter, you should be able to: Describe the operation of the Ethernet sublayers. Identify the major fields of the Ethernet frame. Describe the purpose
More informationConfiguring TAP Aggregation and MPLS Stripping
This chapter describes how to configure TAP aggregation and MPLS stripping on Cisco NX-OS devices. This chapter contains the following sections: About TAP Aggregation, page 1 About MPLS Stripping, page
More informationConfiguring SPAN and RSPAN
41 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationProduct features. Applications
Applications Layer 2+ VLAN static routing application The managed switch features a built-in, robust IPv4/IPv6 Layer 3 traffic static routing protocol to ensure reliable routing between VLANs and network
More informationIntellaFlex Packet Aggregation Switching Solutions
IntellaFlex Packet Aggregation Switching Solutions Scalable High Density Intuitive Switch Management Interface ENTERPRISE-CLASS NETWORK MONITORING SWITCHES PROVIDE: Reduced capital equipment and operational
More informationConfiguring Real Servers and Server Farms
CHAPTER2 Configuring Real Servers and Server Farms This chapter describes the functions of real servers and server farms in load balancing and how to configure them on the ACE module. It contains the following
More informationTake your network Farther with Transition Networks. METRO-ETHERNET ETHERNET SOLUTION ETTx Service Aggregator Switch
Take your network Farther with Transition Networks METRO-ETHERNET ETHERNET SOLUTION ETTx Service Aggregator Switch Product Overview SM24-100SFP 100SFP-AH Next Generation Switch The SM24-100SFP-AH features
More informationGUIDE. Optimal Network Designs with Cohesity
Optimal Network Designs with Cohesity TABLE OF CONTENTS Introduction...3 Key Concepts...4 Five Common Configurations...5 3.1 Simple Topology...5 3.2 Standard Topology...6 3.3 Layered Topology...7 3.4 Cisco
More informationObserver Probe Family
Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software
More informationChapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1
Chapter 3 Part 2 Switching and Bridging Networking CS 3470, Section 1 Refresher We can use switching technologies to interconnect links to form a large network What is a hub? What is a switch? What is
More informationWhy You Should Consider a Hardware Based Protocol Analyzer?
Why You Should Consider a Hardware Based Protocol Analyzer? Software-only protocol analyzers are limited to accessing network traffic through the utilization of mirroring. While this is the most convenient
More informationIxia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights
Ixia xbalancer A Purpose-Built Load Balancer for 10G Networks Ixia s xbalancer is a load balancing appliance for monitoring high-speed network traffic and cost-effective way to share the increasing traffic
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationGigabit EasySmart Switches
Product Highlights Gigabit Ethernet Speeds High-speed ports provide the latest Ethernet technology while retaining backward compatibility for connections to older computers and equipment Layer 2 VLAN Control
More informationTOLLY. Dell Computer Corp. commissioned. Test Summary. Test Highlights
T H E TOLLY G R O U P No. 201131 September 2001 Dell Computer Corp. PowerConnect 3024 and PowerConnect 5012 Performance Evaluation Test Summary Premise: Customers looking to deploy Fast Ethernet/Gigabit
More information