Gigamon GigaVUE Stamps, Slices, and Masks At 10Gbps

Capturing data for security, application performance, or just plain old monitoring, is a requisite function for IT. As network speeds increase, the need to capture data at line rate increases accordingly, so it's natural that network taps will increase in capacity. However, not all analysis methods need access to the full packet. Gigamon has enhanced its GigaVUE-2404 platform to time-stamp packets using a GPS time source, slice off the payload and mask bit patters in the payload prior to sending

February 25, 2010

2 Min Read
Network Computing logo

Capturing data for security, application performance, or just plain old monitoring, is a requisite function for IT. As network speeds increase, the need to capture data at line rate increases accordingly, so it's natural that network taps will increase in capacity. However, not all analysis methods need access to the full packet. Gigamon has enhanced its GigaVUE-2404 platform to time-stamp packets using a GPS time source, slice off the payload and mask bit patters in the payload prior to sending the packets to the destination analyzer. The more packet-processing that can be done prior to sending the data to analyzers, the more control efficient and effective your monitoring becomes by filtering out noise and unnecessary data.

Time-stamping in a distributed enterprise, or even in a single instance, is important to know when frames have arrived at various points. Coordinating time-stamps across instances is necessary to adequately trace packet flow. Removing an intervening time server should make time-stamping more accurate, particularly when getting down into the millisecond and sub-millisecond range.

More important is the ability to slice off data from the payload, particularly useful in cases such as application performance management where the payload is not important. GigaVUE has been able to capture a portion of a packet or frame, but that was typically at fixed lengths. For example, you might set the capture limit to 128 bytes under the assumption that length will capture header data even into the TCP or UDP payload. The new slicing mechanism is smarter than that. For example, the data portion of an HTTP payload--the bytes after the HTTP headers--can be sliced off regardless of where the HTTP header boundary is.  Similarly, the encrypted payload on VPN or SSH traffic, which isn't of much value anyway, can be removed. Gigamon is currently supporting common application protocols like FTP, HTTP and VoIP. More complex application like Oracle RDBMS protocols are in the works.

The GigaVUE can also mask data in application payloads as well to keep sensitive information from unauthorized eyes. For example, an HR web application may have sensitive employee information in the payload that network administrators don't need to see. Masking that data prior to analysis lets administrators do their work without exposing sensitive information. Like slicing, the masking functionality is dynamic and flexible so that patterns can be located wherever they reside in the payload rather than at fixed locations.

GigaSMART Release 7, also announced, provides new monitoring capabilities in the management UI as well as allowing dynamic cross GigaVUE connections so that packets captured on one GigaVUE can be output to a monitor port in a different GigaVUE. Existing customers with active maintenance can upgrade at no cost.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights