Many data centre managers that need to monitor new 10G network segments can't currently justify the significant investment in new monitoring devices, but high density aggregation filtering systems make it possible to get the job done using 1G monitoring tools. For a 10G tool, such as an analyser, prices often start at $50,000, while the annual support contract can add another 15%.
So the investment for an organisation that has, say, five geographically dispersed data centres, each equipped with five analysis tools, can run to over $1 million in capital costs and nearly $200,000 in annual support fees. Given this challenge, many organisations are finding ways to use existing 1G tools to monitor both the 1G infrastructure as well as the 10G links. What makes this possible is the advancement of aggregation and filtering technology.
Devices supporting aggregation and filtering have been available for some time, but they are typically limited to 1U units offering 24 to 36 ports per chassis. Therefore it has been necessary to "trunk," or daisy-chain, multiple units together to achieve the optimal port density to ensure the required level of monitoring. This approach brings with it unnecessary cost and management issues that are now mitigated by single chassis aggregation and filtering systems with much higher port densities and enterprise-class designs.
As a rule, all devices offering aggregation and filtering allow users to combine multiple network links, pare the stream down to only the necessary data and direct the resulting traffic to a specified tool or series of tools. Filtering the data to only the required information – such as a range of IP addresses or virtual LANs – prevents the likelihood of oversubscription where packet loss occurs.
With recent advancements, single chassis featuring up to 144 ports of combined aggregation, filtering and switching capability are now available, which is up to four times the maximum port count generally achievable in the market.
So why should data centre managers consider a high-density unit? To begin with, it eliminates the need to trunk multiple devices together, which introduces the potential of multiple points of failure in the monitoring process. A second issue is the need to manage multiple platforms – keeping tabs on arrays of individual daisy-chained boxes is time consuming. Managing bandwidth is also critical. A trunked architecture makes it more challenging for managers to oversee aggregated bandwidth – between SPANs and tools, as well as across the chassis. If this combined bandwidth is not well managed, oversubscription will occur and packets will be dropped.
A single high density chassis, with the combined switching, aggregation and filtering capability, negates all the problems that come with a trunked approach. It also offers IT managers another benefit – a highly scalable platform from which it is practical to monitor a 10G network using the enterprise's existing 1G tools.
Reducing overall tool count
While using 1G tools to monitor 10G links is one reason to deploy an aggregation and filtering solution, there are other benefits as well. An important one is the ability to achieve 100% network visibility with fewer tools overall.
Many enterprises have multiple data centres, each of which requires monitoring services that include deep packet inspection, traffic analysis, network break-fix, equipment upgrades and more. The availability of aggregation, filtering and matrix switching technology makes it possible to reduce monitoring equipment investments by an average of 50% per data centre while still guaranteeing they will have 100% network visibility.
The monitoring tool is physically connected to the chassis once and engineers can share that tool electronically from their workstations. An embedded web interface lets users connect any monitored network segment to any monitoring device with just a few mouse clicks. Then, in a many-to-one connection scenario, users can aggregate a series of SPAN or Tap links, filter down the traffic to a specific level and direct it to a designated analysis device.
This technology can also help eliminate the all too familiar problem of SPAN port contention. Investing in a platform that supports multicasting – that is, one-to-many or many-to-many connectivity – gives users the ability to send the traffic from one or more SPANs or Taps out to multiple tools. This allows different user groups (such as operations and security) to view the same data for different reasons – making efficient use of a finite number of monitoring points.
Further, media conversion and distance extension are no longer problematic, as they can be in situations where users want to centrally locate tools that are beyond the reach of copper SPAN ports. With a platform offering media conversion, users can route data from a copper link, convert it to single-mode fiber, and then convert back to copper (or to multimode fiber, depending on the tool interface). All this can be done within one blade, and on a per-port basis as necessary, anywhere in the chassis.
An optimal feature set
Although IT managers can expect to have some choices when it comes to selecting an aggregation and filtering platform, the field of options is not broad in scope, especially for high-density chassis. However, these solutions do exist and the technology is well-proven. The following will help you choose a platform that delivers the required functionality and addresses an enterprise's cost and performance objectives.
If we consider the typical enterprise – one with one or more data centres and a complex network environment – an aggregation, filtering and switching solution should include the following feature set:
- A customisable and scalable port mix – Most network infrastructures are built on a mix of copper and fibre Ethernet. Look for a solution with a chassis that features up to 144 ports and allows the user to interchange blades so in any multi-blade chassis the user can choose a higher port count of copper or fibre, or a higher count of 1G or 10G ports. It is also beneficial if this chassis is scalable, so that it can be partially populated to begin with and additional blades can be added as the need arises.
- An array of expansion ports – In addition to the port mix available on the face of the device, look for an array of backplane ports that can also be used for aggregating traffic. That enables you to take one or more of the ports on the chassis face and aggregate that traffic through the backplane of the device, then send it onto the desired tool or tools. This makes it possible to aggregate more ports per unit for a lower overall cost.
- Filtering capability – Because filtering is managed through the GUI, a solution with an intuitive screen interface is of particular value. A clear, user-friendly interface enables users to build complex filters with Boolean logic through a series of drop-down menus and fill-in fields. Filter options should include all common Ethernet and Layer-3 parameters, and it should be possible to save these filters, recall them, and share them across multiple users for maximum efficiency.
One should expect that an aggregation and filtering solution designed for large enterprise networks incorporates a feature-set designed to ensure maximum uptime. Look for redundant controllers with seamless automatic failover and hitless software upgrades. Other features to look for include independent control and data planes – resulting in the ability to maintain traffic in the event of failure – and hot-swappable components such as the fan modules, power supplies and transceivers.
Finally, given the strategic role networks now play in the enterprise, the need for security cannot be understated. This is particularly important since the network will have many users, in many locations and geographies, all with simultaneous remote access. So any solution considered should offer several advanced administrative features required in a secure environment, including:
- Integrated TACACS+ and RADIUS support
- SNMP v1/2c/3 support
- SSL & SSH encryption
- Logic preventing SPAN port loops
Aggregation and filtering are not new capabilities, but the ability to obtain them on a single high-density chassis is. And the benefits of this unique combination of capabilities should not be lost on data centre managers, especially given the opportunities it presents to enhance network monitoring and uptime, to capitalise on higher-speed network technology, and to maximise capital as well as equipment investments.
Find your next job with techworld jobs