Startup Gigamon Systems is launching a new tool to address a relatively recent problem for IT: too many discrete monitoring tools and not enough network Switch Port Analyzer ports to plug them into.
“It used to be that having enough SPAN [switch port analyzer] ports wasnt a problem. Now with voice-over-IP IDSes [Intrusion Detection Systems], Sarbanes-Oxley [Act], and HIPAA [Health Insurance Portability and Accountability Act] requiring tools for monitoring appropriate use, sniffers and RMON probes, the network manager has a problem: too many packet grabbers,” said Tom Gallatin, co-founder of the San Jose, Calif., startup.
The new GigaVUE-MP switch provides eight 10/100 ports with a four-port expansion module. Version 2.0 adds the ability to stack the switches using 10 Gigabit Ethernet to scale the out-of-band infrastructure. That addresses the scalability limitations of existing multiport taps or matrix switches.
And unlike matrix switches, GigaVUE-MP can filter traffic, aggregate and multicast data to different monitoring tools.
“Matrix switches or taps do not allow this flexible integration and changing that Gigamon can do where you can send out things at will,” said Jeffrey Nudler, senior analyst at Enterprise Management Associates, in Portsmouth, N.H. “The other thing is that the way they structured the devices, they can scale to the point where others cant.”
“[GigaVUE-MP] is a matrix switch on steroids. It not only allows you to remotely control [monitoring devices], it will also allow you to do filtering, data aggregation and speed changes,” said Marshall Manhoff, a former senior technical manager for the network analysis group of a major ISP.
GigaVUE-MP enables users to put analyzers on any network and adjust them to any speed.
“This device just wants to see this subnet, this other device only wants to see that server—you can put on a bunch of filters so youre just going to see the traffic going to that one server,” added the user, who is using GigaVUE-MP to aggregate monitoring across two enterprise campus networks.
The new Gigamon product also allows enterprises to filter both inbound and outbound traffic and direct all of that traffic to one analyzer instead of sending it off to a dozen or more.
Also new in Version 2.0, which is available now, is the ability to logically divide and map traffic to individual tools, so that operators can split multi-gigabit traffic based on VLAN (virtual LAN) ranges, applications, IP addresses, flows or other characteristics, so that high-speed traffic wont overload any one monitoring tool.
Gigamon CEO Denny Miu said he believes that forces are converging to require a separate infrastructure for monitoring the production network.
“There is a place for monitoring where the monitoring is not on the production traffic but [on] a copy of the production traffic. Our box works on replica. With Sarbanes-Oxley, where monitoring is the equivalent of auditing, our customers need to ensure that the tools they buy dont put anything back into the network,” Miu said.
“The secondary infrastructure is exactly what Im doing,” said the Fortune 500 user. “Im building an infrastructure where I have multiple stacks of [GigaVUE-MPs] on both campuses. For the 10 Gigabit links that are connected to my core switches, I can span into the [GigaVUE-MP] and those collect traffic from multiple core switches and I can feed anything I want,” the user added.
A 10G-bps stacking channel can be used to connect as many as 640 ports. The data switch also overcomes problems introduced by SPAN ports and the risk those introduce for dropping packets on high-bandwidth links.
“With all these point tools, they all collect different data at different times, and being able to synchronize data from different tools and merge them always eluded the business,” said Nudler. “[Gigamon] solves the problem of integrated tools with access to the data, but they are also capable of presenting the identical data to everyone else.”