However, the increasing complexity of the security stack and necessary network monitoring solutions are making it harder than ever to maintain an efficient network design.
As more in-line appliances and out-of-band monitoring tools are added to the network, architects must pay close attention to the amount of traffic they’re sending to each port.
Standard breakout mode may have worked in all use cases in the past, but copying 100% of traffic to all ports is no longer an option in many cases. Let’s dive into a practical example of tapping 1G in-line and out-of-band solutions without oversubscribing your ports.
The new 1G Modular Packet Broker System from Garland Technology is designed to support breakout, aggregation, filtering, regeneration/SPAN and bypass modes for total flexibility and scalability. The 2U chassis option can help you manage your in-line and out-of-band solutions without oversubscribing 1G ports.
In this scenario, the eastbound and westbound traffic passes through the modular TAP in breakout mode. A complete copy of the traffic is aggregated and sent to corresponding appliances (in this case, the web application firewall.
However, because the monitoring ports can only support 1G, the TAPs must also filter out packets that aren’t necessary for the web application firewall to scrub. Using the remote management interface of the 1G Modular Packet Broker System, you can easily set the parameters for filtering and ensure in-line and out-of-band solutions see every bit, byte and packet® necessary.
Aside from the fact that they can’t ensure 100% packet visibility, one reason SPAN ports are inferior to network TAPs is that the number of ports is limited compared to the number of in-line
Port Mapping (or backplane filtering) on the new 1G Modular Packet Broker System means you can aggregate low traffic links and send them to a single in-line or out-of-band solution without oversubscribing ports.
Think of this in terms of your own network where you might have a Palo Alto Next-Generation Firewall and the NextComputing Packet Continuum to send traffic to. With the 1G Modular Packet Broker System and port mapping, you can take multiple 1G links and filter out any unnecessary data before sending copies to both the monitoring device and in-line security appliance.
This is just one use case for the new 1G Modular Packet Broker System. With space for up to 12 TAP modules - there are so many ways you can configure the chassis for your specific needs. All modules are hot swappable for onsite changes coupled with remote management to easily click a mouse to switch from bypass to aggregation or breakout modes.
One of the greatest benefits of the new 1G Modular Packet Broker System is the flexibility it gives you to scale your network alongside growing security and monitoring stacks. But this also means you need a strong network design to ensure appliances are seeing every bit, byte and packet® without oversubscription.
If you want to learn more about the ins and outs of network connectivity, download our latest white paper, Network Connectivity: A Go-To Guide.