The switch to 10G networks is underway. According to the Network Observations blog (see link below), more than half of businesses (2,500+ users) will have switched to 10G networks by the end of 2008. The trend is not just limited to the United States, as it also reported that about 25% of global companies will join the race to 10G this calendar year.

While these numbers are relevant to the largest businesses and corporations, smaller businesses will also soon require such extensive bandwidth to manage day-to-day IT and network operations. In preparation, vendors have begun to drive demand through the use of price cuts and aggressive marketing.

With reduced prices on 10G equipment, many organizations choose to immediately upgrade their bandwidth for new technology purchases. After all, why buy older, slower technology at comparable prices, when your organization can simply start preparing for the future now?

THE CHALLENGE: 10G MONITORING Given the current state of the economy, network operations teams are challenged to do “more with less,” a phrase that has caught on enough to become an industry theme of late. This trend is showing up in 2009 budget estimates, which are expected to fall an average of 2.5% from 2008 levels, according to Gartner Research. In response, decision makers are being forced to further evaluate all capital purchases and make difficult decisions about canceling or delaying some transactions.

10G projects are not immune to the budget crisis. Although the cost of 10G equipment has been reduced recently, it is still sold at a higher price than 1G tools. At the same time, businesses are faced with the daunting task of monitoring 10G networks to ensure their critical business applications are secure and operating at acceptable performance.

With the move to 10G, many IT strategists are concerned about whether they will need to upgrade the different types of network monitoring tools and applications they have already purchased. These business-critical tools include: application monitors, intrusion detection systems, compliance tools, data loggers, VOIP monitors, and protocol analyzers. Few organizations have the budget to upgrade some, let alone all of these tools.

THE SOLUTION: ADDING TOOLS Imagine a world where you can use your 1G tools to monitor a 10G network. It can be done because of two important enablers:

1. Most tools only need to see a small fraction of network traffic to do their job. In fact, sending more data than necessary actually degrades efficiency, because the tools can’t keep up.
2. Tool aggregation, a new industry trend, allows traffic to be filtered and dynamically directed to the right tools. With this technique, you can increase monitoring coverage and save money.

Tool Aggregation allows traffic to be received at 10G bandwidths and filtered based on Layer 2/3/4 criteria. In most cases, traffic on a 10G link can be reduced to 1G or less by filtering out data that a tool doesn’t need to see, so your existing 1G tools can still be used. If the filtered traffic is greater than 1G, operators can still use their 1G tools by load balancing the traffic across two 1G tools using Tool Aggregation. With proper filtering, in many cases multiple 10G links can be monitored with a single 1G tool.

so exactly What Should the traffic be filtered? It depends on the tools you are using, the applications you are monitoring, and your business goals. For example, a typical application performance monitoring tool only needs to view TCP traffic for the specific application ports it is monitoring. Also, most VOIP monitors only need to see certain protocols like SIP, SCCP and MGCP. Tools work most efficiently when only the specific traffic needed by each tool is sent to them. Only then can 1G tools be used to monitor 10G links.

FILTRATION: THE KEY INGREDIENT Filtering may seem like a simple concept, but there is actually more to it. If not done correctly, incomplete filtering can compromise network coverage.

There are three key areas where Tool Aggregation and similar products differ: ease of use, accuracy, and self-maintenance.

Ease of use: Does the system offer an intuitive interface/GUI?

Some available systems require the user to enter many lines of complex and cryptic filtering rules through a command line interface (CLI). Other systems offer drag-and-drop GUIs that reduce the administration time required for the system from hours to minutes. Your network operations team is already striving to do “more with less,” so the solutions you choose should be as easy to use as possible.

Accuracy: Does the system automatically handle overlapping packets?

Overlapping packets meet the filter criteria of more than one tool and therefore must be sent to multiple tools for each tool to do its job. This case can be easily overlooked, but in reality, overlapping packets occur widely in most data centers. If overlapping packets are handled incorrectly, your tools will not see all the correct packets and your monitoring coverage will be severely compromised. Why invest in buying and implementing powerful and expensive tools if you don’t send them all the packages they need to monitor?

Typical filters run in sequence. Sequential filtering processes the required filter for the first tool and then sends the remaining data to subsequent tools. The problem with this approach is that downstream tools don’t get the full set of data they need to monitor. For systems that use a CLI to manage filters, correcting this problem is exceedingly difficult and burdensome for the operator; it is not uncommon for overlay packet filters to require the coding of over a hundred lines of complex rules. In a down economy, who has the budget to add staff so you can have a filter coding language expert on staff?

Insist on solutions that automatically and accurately handle overlapping packet filtering. The user simply specifies the data they want each tool to receive, and the system takes care of the complexity.

Self-maintenance: Does the system automatically adjust its filters when changes to your network configuration occur?

Overlapping packet filter rules are not only difficult to initially configure with a CLI-based sequential filtering system. They must also be continuously maintained whenever a change is made to the network, the tool itself, or the filter settings. And let’s face it… your network is continually changing. If you don’t keep up with manual maintenance of filters via a CLI, coverage is significantly compromised when tools don’t get the data they need to do their job. However, IT departments do not have the resources to keep a dedicated filtering expert on staff. If you’re looking to maximize monitoring coverage accuracy as well as operational convenience, do yourself a favor and look for a solution that automatically maintains filters as your network changes.

BENEFITS OF ADDING TOOLS Benefits related to 10G

– Use 1G tools to monitor 10G links

– Use 100MB tools to monitor 1G links

– Filter traffic so each tool gets only the data it needs, allowing you to operate with full efficiency, even in mixed 10G/1G environments

– Reduce the costs of implementation, administration and operation of monitoring tools

Other key benefits

– Share SPAN and TAP ports so more tools can monitor different segments of the same traffic

– Aggregate traffic from many links, allowing tools to cost-effectively monitor more network segments

– Maximize coverage across all network segments, providing full visibility and control over data flows to network and application monitoring tools

ANUE TOOLS AGGREGATE The Anue 5200 Series Tool Aggregator was designed to address all of these issues. By adding SPAN and TAP ports to a centralized tool farm, all tools have access to the network traffic that each tool needs to perform its assigned task. You can then aggregate and multicast network traffic to the appropriate tools at full line speeds. Provides the ability to filter on a variety of Layer 2/3/4 parameters and protocols, offering significant control over load balancing and tool coverage, even with a mix of 10G ports and 1G tools.

The product’s advanced filtering approach accurately and automatically handles overlapping packets in situations where port sharing must send the same traffic to multiple tools. The user simply specifies what traffic to send to each tool, and all overlays are handled automatically and precisely. Users do not have to write cryptic filter rules. Equally important, the 5200 tool aggregator’s advanced filter rules are self-maintaining. When network or tool configurations change, each tool automatically continues to get everybody of the data that tool is specified to receive.

Plus, it’s very easy to use, with an intuitive GUI that provides simple “drag and drop” control over all of these features, without the need for command line coding or other cumbersome administration techniques. Anue Tool Aggregator improves network visibility and maximizes ROI for monitoring tools, even in mixed 10G and 1G environments.
ABSTRACT 10G is here, and IT strategists must determine how their organizations will migrate to new 10G technologies. Fortunately, tool aggregation can provide the capabilities needed to preserve existing investments in monitoring tools using advanced filtering techniques and intuitive GUI-driven operation.

Network Observations blog for more detailed information on the introduction to this article.