PacketExpert ™ – PacketBroker (Wire-speed Ethernet Tap) 818 West Diamond Avenue - Third Floor, Gaithersburg, MD 20878 Phone: (301) 670-4784 Fax: (301) 670-9187 Email: info@gl.com 1 1 Website: http://www.gl.com
Supported Platforms PacketBroker for PacketExpert ™ 10G 2
Ethernet Technology 3
Just bigger Pipes, but same Ethernet packets 4
Non Intrusive Network Monitoring • Packet Capture and analysis is the core of Network monitoring • When monitoring live networks, non intrusive monitoring is very important so as not to disturb the network being monitored • Non intrusive monitoring is achieved by sniffing a live network link connecting two network nodes, and copying the packets without altering them in any way or disturbing the link 5
Wirespeed Filtering 6
Port Mirroring 7
Disadvantages of Port Mirror/SPAN Method • Depends on switch CPU for processing it - burdening it • Packets may drop • No Filters • Tx and Rx direction are not separated 8
Pass-through and Output Ports • The PacketExpert ™ 10G hardware unit is equipped with both Electrical/Optical ports (1000 Mbps) and only Optical ports (10G). The 10G: Port 1 and Port 2 optical only ports can be configured in Pass-through mode, and the 1G: Port1 and Port2 is used in either SFP or Electrical mode to act as output ports . 9
PacketBroker in Network 10
Features • A network tap like application, with additional advanced features like ➢ Active network tap - capable of handling bidirectional 100% wirespeed traffic upto 1 Gb/s ➢ Wirespeed Filtering - powerful and easy to use ➢ Packet Modification to convey useful information like Timestamp inband ➢ Output aggregation - both direction traffic multiplexed on the same output Based on PacketExpert ™ hardware platform • Ports 2 and 3 act as the Active/Pass through ports • Ports 1 and 4 act as the Output ports 11
Packet Tap, Filter, Aggregation, Modification, & Output 12
Capture Traffic of Interest 13
Wirespeed Filter 14
Filter Configuration Menu 15
Filter Configuration Options 16
Dynamically Enable/Disable Filters 17
Dynamically Enable/Disable Filters 18
Filter Configuration in Raw Mode 19
Filter Configuration in Packet Mode 20
Continuous Filter Mode 21
Mono Trigger Filter Mode 22
Packet Aggregation User Interface The filtered traffic is combined and sent out through a single output port If the combined bandwidth exceeds the wirespeed of the output port, may cause packet loss. Hence, the onboard memory (2 GB DR2 RAM) is used as a temporary buffer to store the traffic before sent out at wirespeed. Thus, upto 2 GB of traffic can be buffered. 23
Packet Modification Need to convey very useful information such as the timestamp, port number, filter number etc. to the analysis tool May not have the flexibility to convey it outband – may need to do it inband PacketBroker provides this functionality by conveying it in the MAC header of the output packets 24
Packet Modification… • Timestamp, Filter Number, Board Serial Number and Port Number fields are written on top of the Src MAC address and Dst MAC Address fields • Ethernet CRC is recalculated • Original MAC header will be lost, but many times, this may be fine if interest is only in higher layers (IP, TCP/UDP etc) 25
Packet Modification 26
Packet Modifier Enable/Disable 27
PacketModifer Field Config Menu 28
Packet Modifier Field Configuration 29
Packet Modifier Board Serial Number Config UI 30
Port Statistics 31
Thank You 32
Recommend
More recommend
