Cost-Effective Monitoring for Multi-Device Copper Networks is Here!

Cost-Effective Monitoring for Multi-Device Copper Networks is Here!

Proper access is the core component of any visibility architecture—you need to be able to capture the data before you can properly analyze it. To further help our customers, Ixia has released a new regenerator tap for copper networks. Regeneration means you get the same clean copy of incoming data distributed to multiple output ports in real time.

The Ixia Net Optics Regeneration Taps solve the key physical layer challenges of multi-device monitoring for 10, 100, and 1000MB (1 GbE) copper networks. Up to 16 devices can be connected to a single regenerator tap. This helps IT maximize resources and save on access points because multiple devices can monitor link traffic simultaneously through one cost-effective tap. Secure, passive access for many devices will deliver a superior return on your monitoring investments.

The regeneration tap is perfect for simple out-of-band access or when you need in-line monitoring. Once you have the proper data, it can then be forwarded to a packet broker for filtering or sent on directly to monitoring tools.

To get more details on the on this new product offering, visit the Ixia Copper Regenerator Tap product page.

Additional Resources:

Ixia Copper Regenerator Taps

Solution Focus Category

Network Visibility

Thanks to Ixia for the article.

Bell Begins Gigabit Broadband Rollout

Bell Canada has announced it is launching 1Gbps fibre-to-the-home (FTTH) services under the Gigabit Fibe banner, initially for 50,000 homes and businesses in Toronto during summer 2015, with a target of eventually delivering 1Gbps services to 1.1 million premises across the city. Bell will also launch Gigabit Fibe in selected locations in other cities in Ontario, Quebec and the Atlantic provinces before the end of 2015. Services will initially offer a maximum 940Mbps speed but will rise to the promised 1Gbps or higher in 2016 as modem equipment is upgraded. The operator’s press release adds that in Toronto, around 70% of the network will be aerial (strung on utility poles via a partnership with Toronto Hydro) and the remainder underground.

Other cities lined up for Gigabit Fibe include: Quebec City, Montreal, Laval, Blainville, Gatineau, Joliette, Saint-Jerome, Chicoutimi, Sherbrooke, Vaudreuil/Valleyfield, St. John’s, Charlottetown, Halifax, Saint John, Fredericton, Moncton, Sudbury, North Bay, Peterborough and Kingston.

Thanks to TeleGeography for the article.

Detecting Netflix Traffic On Your Network

Detecting Netflix Traffic On Your NetworkNetflix is a provider of on demand internet streaming media and is available to users in the majority of locations all over the world. The service is becoming increasingly popular and by the end of last year had a total of 57.4 million subscribers. In parallel with this growth, we have seen a corresponding increase in the number of people questioning the impact that Netflix traffic is having on their network.

Watching Netflix can use around 1 GB of data per hour for each stream when viewing in standard definition and up to 3 GB per hour for each stream in high definition. The ‘Internet is slow today’ could easily be as a result of a single user streaming Netflix.

There are a couple of ways you can check for Netflix traffic on your network after installing LANGuardian. The easiest way to do this is to click on, reports, top website domains and simply type in Netflix into the appropriate field.

Detecting Netflix Traffic On Your Network

Example below from our demo system shows Skype appearing on the network. It is the same idea for Netflix, simply type in the website name and click on view. You can also drill-down from here to find the associated username and IP addresses.

Detecting Netflix Traffic On Your Network

An alternative way is to look at the IDS rule set in LANGuardian. The IDS in LANGuardian contains two signatures to detect Netflix on your network and they can be found under sid: 2007638 and 2013498 which are included below:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”POLICY Netflix On-demand User-Agent”; flow:to_server,established; content:”|0d 0a|User-Agent|3a| WmpHostInternetConnection”; nocase; reference:url,doc.emergingthreats.net/2007638; classtype:policy-violation; sid:2007638; rev:5;)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”POLICY Netflix Streaming Player Access”; flow:to_server,established; uricontent:”/WiPlayer?movieid=”; content:”|0d 0a|Host|3a| movies.netflix.com|0d 0a|”; nocase; reference:url,netflix.com; classtype:policy-violation; sid:2013498; rev:2;)

You could also create a custom report which would allow you to search for specific IDS events like Netflix by following the guide here on the forum.

Thanks to NetFort for the article.

Getting Visibility of What is Happening on your Internet Connection

Getting Visibility of What is Happening on your Internet Connection

When it comes to understanding what is happening on your network, one of the most common questions I get is how you can find a data source to understand what is happening on an Internet connection. The most common data sources that people mention are:

  • Reports from an ISP
  • Reports available directly from firewalls or routers
  • SNMP data
  • Log files
  • Packet capture

The easiest reports to get are the ones from an ISP or directly from network devices. The image below shows an example of these.

Getting Visibility of What is Happening on your Internet Connection

While it does give us some idea as to what is happening, it lacks detail as to what is causing those peaks. The same problem will exist for any application which uses SNMP (simple network management protocol) as a data source. You will get an alert that there is excessive traffic on your Internet connection but you will lack the detail you need to troubleshoot why this is happening.

This then brings us on to gathering flow records like NetFlow. NetFlow and other flow standards allow you to see what systems are connecting to what and how much data is been exchanged. This is very useful information as we can now break down those peaks into what system is connecting to what.

Getting Visibility of What is Happening on your Internet Connection

The problem with this is that while this is a view of what system is connecting to what, it is hard to read. Users do not connect to IP addresses. They use applications and connect to services like YouTube. For that reason flow based tools are not a good option for monitoring Internet activity. The problem is even worse if you use proxy servers. Flow records will just show IP addresses connecting to the proxy server IP address and at the other side you have the IP of the proxy connecting to IP addresses outside your network.

Lets now look at two other sources of data; log files and packet capture. Server log files are inappropriate for gathering usability data. They are meant to provide server administrators with data about the behaviour of the server, not the behaviour of the user. The log file is a flat file containing technical information about requests for files or websites on the server. Log files can also be easily overwritten and need to be pulled back to a SIEM for indexing and storage.

The final data source is packet capture. The wonderful world of bits and bytes where only the geeks dare to travel. The thing is that modern deep packet inspection tools make the job of processing network packets really easy. You can download them and within minutes you can start to drill down and see what is actually moving around your network.

The following image is a good example of this. Here we can see two users downloading an OVA file from netfort.com. Really easy to read and it shows exactly what happened. No issues with trying to resolve IP addresses and no hours spent looking through packet capture files.

Getting Visibility of What is Happening on your Internet Connection

Finally, I spoke to someone during the week and when I mentioned that you could monitor Internet traffic with a SPAN or mirror port he reported that he had no managed switch. In most cases you need a managed switch to setup a SPAN\mirror port. However, if you do not have a managed swich you can always deploy a cheap network TAP. These devices allow you to get a copy of traffic going in and out of a network connection.

In my case the network manager had a Cisco ASA 5505 deployed. This is actually a hybrid device with an 8 port switch and firewall features. To configure a SPAN port on an ASA 5505 you need to use the following commands.

ASA(config)# int ethernet 0/0

ASA(config-if)# description Firewall Connection

ASA(config-if)# exit

ASA(config)# int ethernet 0/1

ASA(config-if)# description Deep Packet Inspection Tool

ASA(config-if)# switchport monitor ethernet 0/0 both

ASA(config-if)# exit

If you need to check if your switch supports SPAN or mirror ports there is a good guide at this link.

http://www.netfort.com/downloads/product-documentation/core-switch-documentation/

So that is it for this post. If you really need to find out what is happening on your Internet connection, look inside the network packets!

Thanks to NetFort for the article.

Feds Study Telus, Rogers Bids for Mobilicity; Founder Proposes Alternative MVNO Strategy

Canada’s two largest mobile operators by users, Rogers and Telus, have recently tabled takeover offers for financially struggling smaller cellco Mobilicity, although any potential deal is subject to federal government approval under strict wireless spectrum transfer rules aimed at preserving competition, the Financial Post reports. According to sources quoted by the paper, a group of creditors and directors of Mobilicity met over the weekend to assess offers from both national operators exceeding the previous CAD350 million (USD285 million) offer from Telus rejected last year by Industry Canada under the spectrum transfer rules designed to prevent nationwide incumbents gaining smaller competitors’ 3G/4G frequencies. Telus spokesperson Shawn Hall confirmed that the company remains interested in purchasing Mobilicity and put forth a proposed transaction to Industry Canada for review, while talks remain ongoing and confidential, with Rogers currently unwilling to comment. A key part of a potential deal would involve agreeing a free-of-cost transfer of Mobilicity’s AWS-1 frequencies to mid-tier cellco Wind Mobile post-purchase to circumvent the government’s competition-guarding policy. Telus confirmed that its latest proposal includes this free-transfer clause, and although this idea has previously been rejected by Industry Canada, there could be federal backing for a move bolstering Wind’s position following March’s AWS-3 spectrum auction in which Wind raised its profile against nationwide players Rogers, Telus and Bell by winning set-aside licences in Ontario, Alberta and British Columbia for minimal prices after Mobilicity failed to find the funding to participate. So far, the government is remaining opaque on the latest prospects for a deal, with Minister of Industry James Moore’s press secretary Jake Enwright saying on Sunday: ‘We’ve had a clear position on these types of transactions for some time. We’ll not approve spectrum transfer requests that decrease competition in the wireless sector.’

Meanwhile, a separate proposal has been aired by Mobilicity founder John Bitove – backed by his holding company Obelysk – and a group of Mobilicity employees who have made an offer to Industry Canada to become a mobile virtual network operator (MVNO). Mobilicity itself is not involved in the MVNO bid.

Mobilicity has around 157,000 remaining subscribers and a network of around 450 3G cell sites in Toronto, Vancouver, Edmonton, Calgary and Ottawa, operating under court-sanctioned creditor protection since September 2013 as it continues to seek an optimal exit strategy for creditors and investors.

Thanks to TeleGeography for the article. 

Improving Network Visibility – Part 4: Intelligent, Integrated, and Intuitive Management

In the three previous blogs in this series, I answered an often asked customer question – “What can really be done to improve network visibility?” – with discussions on data and packet conditioning, advanced filtering, and automated data center capability. In the fourth part of this blog series, I’ll reveal another set of features that can further improve network visibility and deliver even more verifiable benefits.

Too quickly summarize, this multi-part blog covers an in-depth view of various features that deliver true network visibility benefits. There are five fundamental feature sets that will be covered:

When combined, these capabilities can “supercharge” your network. This is because the five categories of monitoring functionality work together to create a coherent group of features that can, and will, lift the veil of complexity. These feature sets need to be integrated, yet modular, so you can deploy them to attack the complexity. This will allow you to deliver the right data to your monitoring and security tools and ultimately solve your business problems.

This fourth blog focuses on intelligent, integrated, and intuitive management of your network monitoring switches – also known as network packet brokers (NPB). Management of your equipment is a key concern. If you spend too much time on managing equipment, you lose productivity. If you don’t have the capability to properly manage all the equipment facets, then you probably won’t derive the full value from your equipment.

When it comes to network packet brokers, the management of these devices should align to your specific needs. If you purchase the right NPBs, the management for these devices will be intelligent, integrated, and intuitive.

So, what do we mean by intelligent, integrated, and intuitive? The following are the definitions I use to describe these terms and how they can control/minimize complexity within an element management system (EMS):

Intuitive – This is involves a visual display of information. Particularly, an easy to read GUI that shows you your system, ports, and tool connections at a glance so you don’t waste time or miss things located on a myriad of other views.

Integrated – Everyone wants the option of “One Stop Shopping.” For NPBs, this means no separate executables required for basic configuration. Best-of-breed approaches often sound good, but the reality of integrating lots of disparate equipment can become a nightmare. You’ll want a monitoring switch that has already been integrated by the manufacturer with lots of different technologies. This gives you the flexibility you want without the headaches.

Intelligent – A system that is intelligent can handle most of the nitpicky details, which are usually the ones that take the most effort and reduce productivity the most. Some examples include: the need for a powerful filtering engine behind the scenes to prevent overlap filtering and eliminate the need to create filtering tables, auto-discovery, ability to respond to commands from external systems, and the ability to initiate actions based upon user defined threshold limits.

At the same time, scalability is the top technology concern of IT for network management products, according to the EMA report Network Management 2012: Megatrends in Technology, Organization and Process published in February 2012. A key component of being able to scale is the management capability. Your equipment management capability will throttle how well your system scales or doesn’t.

The management solution for a monitoring switch should be flexible but powerful enough to allow for growth as your business grows – it should be consistently part of the solution and not the problem and must, therefore, support current and potential future needs. The element management system needs to allow for your system growth either natively or through configuration change. There are some basic tiered levels of functionality that are needed. I’ve attempted to summarize these below but more details are available in a whitepaper.

Basic management needs (these features are needed for almost all deployments)

  • Centralized console – Single pane of glass interface so you can see your network at a glance
  • The ability to quickly and easily create new filters
  • An intuitive interface to easily visualize existing filters and their attributes
  • Remote access capability
  • Secure access mechanisms

Small deployments – Point solutions of individual network elements (NEs) (1 to 3) within a system

  • Simple but powerful GUI with a drag and drop interface
  • The ability to create and apply individual filters
  • Full FCAPS (fault, configuration, accounting, performance, security) capability from a single interface

Clustered solutions – Larger solutions for campuses or distributed environments with 4 to 6 NEs within a system

  • These systems need an EMS that can look at multiple monitoring switches from a single GUI
  • More points to control also requires minimal management and transmission overhead to reduce clutter on the network
  • Ability to create filter templates and libraries
  • Ability to apply filter templates to multiple NE’s

Large systems – Require an EMS for large scale NE control

  • Need an ability for bulk management of NE’s
  • Require a web-based (API) interface to existing NMS
  • Need the ability to apply a single template to multiple NE’s
  • Need role-based permissions (that offer the ability to set and forget filter attributes, lock down ports and configuration settings, “internal” multi-tenancy, security for “sensitive” applications like CALEA, and user directory integration – RADIUS, TACACS+, LDAP, Active Directory)
  • Usually need integration capabilities for reporting and trend analysis

Integrated solutions – Very large systems will require integration to an external NMS either directly or through EMS

  • Need Web-based interface (API) for integration to existing NMS and orchestration systems
  • Need standardized protocols that allow external access to monitoring switch information (SYSLOG, SNMP)
  • Require role-based permissions (as mentioned above)
  • Requires support for automation capabilities to allow integration to data center and central office automation initiatives
  • Must support integration capabilities for business Intelligence collection, trend analysis, and reporting

Statistics should be available within the NPB, as well as through the element management system, to provide business intelligence information. This information can be used for instantaneous information or captured for trend analysis. Most enterprises typically perform some trending analysis of the data network. This analysis would eventually lead to a filter deployment plan and then also a filter library that could be exported as a filter-only configuration file loadable through an EMS on other NPBs for routine diagnostic assessments.

More information on the Ixia Net Tool Optimizer (NTO) monitoring switch and advanced packet filtering is available on the Ixia website. In addition, we have the following resources available:

Additional Resources:

Ixia Net Tool Optimizer (NTO)

White Paper: Building Scalability into Visibility Management

Ixia Visibility Solutions

Thanks to Ixia for the article.

JDSU’s Network Instruments Launches GigaStor Portable 10 Gb Wire Speed

Mobile Forensics Unit Streams Packets to Disk 5 Times Faster than Previous Generation

Network Instruments, a JDSU Performance Management Solution (NASDAQ: JDSU), announced today the launch of its new GigaStor Portable 10 Gb Wire Speed retrospective network analysis (RNA) appliance. The new portable configuration utilizes solid state drive (SSD) technology to stream traffic to disk at full line rate on full-duplex 10 Gb links without dropping packets.

“For network engineers, remotely troubleshooting high-speed networks used to mean leaving powerful RNA tools behind, and relying on a software sniffer and laptop to capture and diagnose problems,” said Charles Thompson, chief technology officer for Network Instruments. “The new GigaStor Portable enables enterprises and service providers with faster links to accurately and quickly resolve issues by having all the packets available for immediate analysis. Additionally, teams can save time and money by minimizing repeat offsite visits and remotely accessing the appliance.”

Without GigaStor Portable’s insight, engineers may spend hours replicating a network error before they can diagnose its cause. GigaStor Portable can be deployed to any remote location to collect and save weeks JDSU's Network Instruments Launches GigaStor Portable 10 Gb Wire Speedof packet-level data, which it can decode, analyze, and display. The appliance quickly sifts through data, isolates incidents, and provides extensive expert analysis to resolve issues.

The GigaStor Portable 10 Gb Wire Speed with SSD provides 6 TB of raw storage capacity, and includes the cabling and nTAP needed to install the appliance on any 10 Gb network and start recording traffic.

Thanks to Network Instruments for the article.