ComputerWorld.in

Monitoring 10G links with 1G tools

Many data center managers that need to monitor new 10G network segments can't currently justify the significant investment in new monitoring devices, but high density aggregation filtering systems make it possible to get the job done using 1G monitoring tools.

For a 10G tool, such as an analyzer, prices often start at $50,000, while the annual support contract can add another 15%. So the investment for an organization that has, say, five geographically dispersed data centers, each equipped with five analysis tools, can run to over $1 million in capital costs and nearly $200,000 in annual support fees.

Given this challenge, many organizations are finding ways to use existing 1G tools to monitor both the 1G infrastructure as well as the 10G links. What makes this possible is the advancement of aggregation and filtering technology.

Devices supporting aggregation and filtering have been available for some time, but they are typically limited to 1U units offering 24 to 36 ports per chassis. Therefore it has been necessary to "trunk," or daisy-chain, multiple units together to achieve the optimal port density to ensure the required level of monitoring. This approach brings with it unnecessary cost and management issues that are now mitigated by single-chassis aggregation and filtering systems with much higher port densities and enterprise-class designs.

As a rule, all devices offering aggregation and filtering allow users to combine multiple network links, pare the stream down to only the necessary data and direct the resulting traffic to a specified tool or series of tools. Filtering the data to only the required information – such as a range of IP addresses or virtual LANs – prevents the likelihood of oversubscription where packet loss occurs.

With recent advancements, single chassis featuring up to 144 ports of combined aggregation, filtering and switching capability are now available, which is up to four times the maximum port count generally achievable in the market.

So why should data center managers consider a high-density unit? To begin with, it eliminates the need to trunk multiple devices together, which introduces the potential of multiple points of failure in the monitoring process. A second issue is the need to manage multiple platforms – keeping tabs on arrays of individual daisy-chained boxes is time consuming. Managing bandwidth is also critical. A trunked architecture makes it more challenging for managers to oversee aggregated bandwidth – between SPANs and tools, as well as across the chassis. If this combined bandwidth is not well managed, oversubscription will occur and packets will be dropped.

A single high-density chassis, with the combined switching, aggregation and filtering capability, negates all the problems that come with a trunked approach. It also offers IT managers another benefit – a highly scalable platform from which it is practical to monitor a 10G network using the enterprise's existing 1G tools.

Reducing overall tool count
While using 1G tools to monitor 10G links is one reason to deploy an aggregation and filtering solution, there are other benefits as well. An important one is the ability to achieve 100% network visibility with fewer tools overall.

Many enterprises have multiple data centers, each of which requires monitoring services that include deep packet inspection, traffic analysis, network break-fix, equipment upgrades and more. The availability of aggregation, filtering and matrix switching technology makes it possible to reduce monitoring equipment investments by an average of 50% per data center while still guaranteeing they will have 100% network visibility.

The monitoring tool is physically connected to the chassis once and engineers can share that tool electronically from their workstations. An embedded Web interface lets users connect any monitored network segment to any monitoring device with just a few mouse clicks. Then, in a many-to-one connection scenario, users can aggregate a series of SPAN or Tap links, filter down the traffic to a specific level and direct it to a designated analysis device.

This technology can also help eliminate the all too familiar problem of SPAN port contention. Investing in a platform that supports multicasting – that is, one-to-many or many-to-many connectivity – gives users the ability to send the traffic from one or more SPANs or Taps out to multiple tools. This allows different user groups (such as operations and security) to view the same data for different reasons – making efficient use of a finite number of monitoring points.

Further, media conversion and distance extension are no longer problematic, as they can be in situations where users want to centrally locate tools that are beyond the reach of copper SPAN ports. With a platform offering media conversion, users can route data from a copper link, convert it to single-mode fiber, and then convert back to copper (or to multimode fiber, depending on the tool interface). All this can be done within one blade, and on a per-port basis as necessary, anywhere in the chassis.