40GE Networks: Are We There Yet?

Talking with customers is the best part of my job. I am constantly talking with our customers and prospects about their needs and future requirements. Such discussions often start with some ‘speeds and feeds’ questions. It’s always interesting to see how similar customers (sharing the same geo location or industry) have similar needs.

When it comes to a 10/40/100G Ethernet discussion it is clear that the customers in North America are consuming more bandwidth, require higher port density and have aggressive deployment plans for 40G and 100G. If you follow our company you must be aware of the recently announced 40G fiber Tap for high-performance networks that was developed to address customer needs.

“Many of our largest customers are already looking ahead to 40 Gigabit network deployments, and Net Optics is providing long-term investment protection in our current line of products.”

So, are we there yet? Not really, but it’s coming:

40G networks are still not very common but they are not as rare. The recovery of the economy provides good tailwind and customers are deploying solutions. I hope that I will be able to share some statistics of our deployments in the future.

-- Sharon

Deep Packet Inspection

Talking with many analysts and reviewing reports in the past weeks regarding our latest announcement of Director Pro and its unique capabilities, I found myself in a strange situation: Explaining what DPI (Deep Packet Inspection) is and what a makes a DPI-able solution like Director Pro different from other platforms that might have the ability to search for some data within portions of the packet.

Let's make it clear. The Net Optics Director product has the ability to filter content (or do pattern matching) within portions of the packet that can go all the way to Layer 7 in some cases. It can even go "deep" there, but it doesn't include DPI. Director Pro, on the other hand, has the DPI capabilities.

So what's the difference and why is it that almost a decade since DPI was introduced to the market, people still do not use the term correctly?

Trying to answer my own question I found that there aren't too many good resources explaining what DPI is and how it works. Many sites would reference security solutions, Proxy vs. Stateful Inspection (the memories….).

So read and copy:

Deep Packet Inspection is the ability to apply filters to a packet or multiple packets at any location, regardless of packet length (or how "deep" the packet is) or the location of the data to be matched within this packet. A DPI system does not care about header, payload and its size. A DPI system does not care about the offset of the filter. A DPI system is totally independent of the packet.

DPI is a function. Security solutions like IPSs, Application Firewalls and DLP devices use DPI. Content delivery platforms use DPI. Director Pro offers DPI.

In short, DPI can be used for different purposes. Director Pro is using DPI to provide better pre-filtering. The Dynamic Load Balancing engine can perform a better balancing job based on content.

-- Sharon

(Image source)

Combat Advanced Persistent Threats with Network Access for Monitoring

Advanced Persistent Threat (APT) is a term that has become widespread in response to cyberattacks like the one on Google. And although it has become popular lately, it was not developed recently and has been used for quite a while primarily in military and government circles to describe cyberattacks perpetrated by highly organized and skilled groups. These furtive attacks are complex, technical, and persistent.

One might wonder how this is anything new, as any kind of cyberattack could be considered complicated. It is important to note that is it the process of implementation which makes these kinds of attacks different than traditional cyberattacks. The significant distinction is in the methodical exploitation of vulnerabilities in stages, from selecting individual targets, to baiting and phishing, and on to the continuous extraction of sensitive information.

An article in InformationWeek, “Anatomy of A Modern Hack”, summarizes the steps and phases of Advanced Persistent Threats.

Recently, these kinds of attacks have been carrying over from government into the corporate world for the purpose of obtaining trade secrets and stealing intellectual property. In order to combat these attacks, there is a need for network monitoring, which is discussed in a Computerworld article. Specifically, the second of three suggestions mentions monitoring. Ed Skoudis, co-founder of InGuardians, a Washington-based security consultancy, said:

Advanced persistent threats by definition are designed to get around firewalls, antivirus software, intrusion detection systems and other controls a company might have in place for blocking illegal access to data. So companies need to have tools for monitoring anomalous behavior on their network, and for detecting unusual long-term persistent network connections and other ‘outlier behavior’… Also vital is the need for companies to monitor their logs closely, Skoudis said. Looking at firewall logs, network based IDS alerts and Web proxy server logs can help companies identify suspicious activity on their networks, he said.

In order to thwart these kinds of attacks complete network visibility is needed. Net Optics provides network access solutions designed for security and monitoring tools that counter these kinds of attacks on government and enterprise networks. We offer complete network visibility allowing comprehensive monitoring to combat successful infiltration of your organization’s network. For more information or to schedule a demonstration of our network access solutions for security, as well as forensic and performance monitoring, contact a Customer Service Representative at (408) 737-7777 or cs-support@netoptics.com.

Social Media Campaign for #RSAC and #HIMSS

1. ATTN: RSA & HIMSS attendees! Find out how 2 win a social media tshirt & enter 2 win an iPod Touch during the shows. #RSAC#HIMSS10 #RSAC2010
   
2. STEP 1: Follow us on Twitter & check our Tweets regularly during the #RSAC & #HIMSS10 shows. Look for the BubbleTweet Video link. #HIMSS
   
3. STEP 3: Bring the CODEWORD to the Net Optics booth staff for a FREE social media t-shirt and the chance to win an iPod Touch! #RSAC #HIMSS10
   
4. STEP 2: Watch our BubbleTweet Video & get the CODEWORD.#HIMSS #RSAC2010
   

Ready, Set, GO

Some games are over, others are about to begin.

RSA Conference 2010 will begin tomorrow.

Like our friends, colleagues and peers in other companies, we are ready and exited to join the security community at large during the show.

Net Optics will provide live demo, including some very exciting 10G-based scenarios with real traffic (using traffic generators). We will be making a lot of splash with new announcements.

Come see us at booth #2339

Meet The Team

The next few days are going to be very busy at Net Optics. We will participate in several very large events almost in parallel. (and in some case there's no "almost").

You are invited to meet the team and enjoy live demos with real products (not just mock ups) and IXIA generated traffic:

February 23-25
Dubai, U.A.E

ISS World MEA is the world's largest gathering of Middle East and African Law Enforcement, Intelligence and Homeland Security Analysts and Telecom Operators responsible for lawful interception, electronic investigations and network Intelligence gathering.



March 1-5
San Francisco, CA
Booth 2339

RSA Conference is the most comprehensive forum in information security offering enterprise and technical professionals one-stop learning.

March 1-4
Atlanta, GA
Booth 5255

The Healthcare Information and Management Systems Society (HIMSS) is a comprehensive healthcare-stakeholder membership organization exclusively focused on providing global leadership for the optimal use of information technology (IT) and management systems for the betterment of healthcare.

Tsunami Alert

I’m writing this blog post on my flight, which unfortunately has no Internet connection. How is it possible to fly without network connectivity? Services and tools that only years ago seemed impossible are now the standard (like star wars laser beams).

As I am talking with customers in order to understand their strategic business initiative and solution needs, it is clear to me that we are on the edge a revolutionary change in the way that data centers are being built and used.

Data centers are built with servers, storage and networking gear to serve applications. During the recent few years we have witnessed several revolutions:

• Servers are being virtualized in a way that a single server no longer serves a single application. From a 1:1 ratio between servers and applications, the rate now is more like 1:x10, getting close to 1:100.

• Storage systems grow to support the growing demand and the new virtualized architecture and Fiber Channel as a stand alone technology is being mashed into the network fabric now (FCoE)

While network capacity grows nicely from 1G to 10G, IT leaders need to make a decision whether they support existing demand with 40G technologies or leapfrog to 100G in order to buy some time before 1T technologies will be required.

I didn’t mention aspects of power consumption, area and location considerations (those servers need a place to live), access to the apps and security.

It feels like a giant tsunami wave is about to wash the data centers: beyond the need for more speed (that comes with the necessary equipment refreshment), there’s a need to redesign the way that the networks are being built. SAN is virtually part of the LAN and soon the network will be a unified fabric.

Times of great change require recalibrating the way we are thinking and create a great opportunity to innovate. Stay tuned; the fun part is just about to start.

--Sharon

10Gbps Hype

I was giving a presentation about mastering the Hype Cycle the other day. In case that you are not familier with this tool here's a short description:

A Hype Cycle is a graphic representation of the maturity, adoption and business application of specific technologies. It was coined by Gartner in 1995 and it is becoming an influential tool to assess trends, adaptation and predict success. In my opinion it is pretty accurate too.

If you play with the model you can find interesting results. Since I am studying the 10Gbps market, I thought that the following diagram would intrigue anyone whi is interested in marketing and trends.

---Sharon

Rattling the Tech Industry

I was at Oracle today listening to the company's top executives describing the new Oracle-Sun strategy. I can summarize my feedback in one word: WOW.

I'm sure that the folks at Oracle will continue with their success and integrate Sun well into Oracle. As a technology consumer we would benefit. As a technology vendor we will have to learn and improve.

Yesterday, InformationWeek listed the top 10 reasons for Oracle to buy Sun. In my opinion, the 8th item of the list, better integration of software, hardware and the OS will play a very important role in customer's acceptance of the integrated solution. Having been in the business of delivering solutions for more than 15 years, I have learned that providing value to the customer is one of the most important features. An integrated solution that does not require customers to build and integrate components by themselves while providing the operational and financial benefits is the right way to go.

Competitors (like IBM) have most or even all of the components as well but they lack the vision or desire to provide a fully-integrated solution to the customer.

I believe that today we witnessed an important event for the entire technology industry.

-- Sharon

10Gbps: It's here, it's now and going Xstream

It looks like 2010 will be remembered as the year of 10Gbps networking. Fueled by increasing demand for internal bandwidth within the data center and cloud computing service-rich content applications including video and music streaming (which are becoming embedded in almost every type of communication) as well as real time applications. Even though 2008 and most of 2009 were tough years for many vendors, the overall spending on networking and 10Gbps networks grew.

When I am reading articles that predict the future, I like to go back in time and search for former analysis in order to establish a baseline and compare previous predictions. Sometimes it can also provide perspective on how a market is evolving, which is important to understand the different growth vector.


Network World recently cited the Dell'Oro Group

Data center deployments of 10G Ethernet are helping to drive the market, according to Dell'Oro Group. The firm expects the global Ethernet switching market to grow modestly in 2010, to $16.3 billion from $15.6 billion in 2009. This is down considerably though from the $19.3 billion market in 2008, Dell'Oro notes

Several weeks earlier they provided some detailed numbers providing actual results for 10G vendors sales:

Total 10 Gigabit Ethernet revenues grew 10% to $737 million during the quarter, with most of the growth being driven by “purpose-built” 10 Gigabit Ethernet data center switches, Dell'Oro notes.

It is nice and very rewarding to see how in such a short amount of time those numbers beat any previous estimation (like this Cisco white paper):

These factors are expected to continue to fuel the momentum of the 10 Gigabit Ethernet market, which is expected to rapidly grow from US $385 million in 2004 to US$2.9 billion in 2009, according to the Dell’Oro Group.

At Net Optics we see the growing demand as well and support it with a variety of solutions to support customer needs for monitoring, security, audit and convergence. One of our popular solutions is the Link Aggregation switch




The iLink Agg Xstream is an intelligent link aggregator that combines traffic from as many as 20 network links or Span ports and sends it to four monitoring tools. Each of its 24 SFP+ ports accepts both 10G SFP+ and 1G-SFP transceivers, enabling 10G and 1G links, Span ports, and monitoring appliances to interconnect in any mix of speeds, including different fiber and copper media types. The iLink Agg Xstream automatically performs all data-rate and media-type conversions, enabling 10G traffic to be sent to 1G appliances, and 1G traffic to 10G tools. This capability protects your security appliance investment, because the iLink Agg Xstream enables you to apply your existing arsenal of 1G monitoring tools to your new 10G traffic links. You can aggregate the traffic from multiple 1G links and low-utilization 10G links to fill up the bandwidth of expensive 10G tools.

See a larger image version here

The iLink Agg Xstream device supports fully configurable port mapping, so it can provide many other configurations in addition to 20 network ports to four monitor ports. Preloaded aggregation configurations include:

A single 20x4 link Aggregator
Dual 10x2 aggregators
Quad 4x2 aggregators
Preloaded regeneration configurations include:

1-to-23
Dual 1-to-11
Quad 1-to-5
In addition, any port can function as a network port or a monitor port, so you can attach more than four monitoring tools or more than 20 network links, if required. Splitting the cables into separate transmit and receive fibers makes a total of 24 network inputs and 24 monitor outputs available for concurrent use. The network inputs can be connected to external Taps or switch Span ports. Direct in-line link connections are not supported.

Its key features are listed below:

• Increases monitoring efficiency by enabling tools to view the traffic on as many as 20 network links (from external Taps or Port Aggregators) or 20 Span ports simultaneously
• Improves monitoring flexibility with fully configurable port mappings (any number of links to any number of tools)
• Provides complete visibility at 10 Gbps without interfering with the data stream and without introducing a point of failure
• Supports media type and data rate conversion with SFP+ or SFP transceiver modules on both the network and monitor ports
• Enhances monitoring security because no IP address is needed
• Provides RMON statistics such as packet counts, bandwidth utilization, and threshold alarms to increase monitoring efficiency
• No interference with the data stream and no point of failure introduced
• Remote traffic statistics and configuration
• Security options control user access
• Redundant power ensures uptime
• Compatible with all Net Optics Taps
• IEEE 802.3 compliant
• Fully RoHS compliant

While no one can really predict the future, we definitely try to create it by adding more 10G solutions that will allow us to deliver solutions and address customer needs.

--Sharon

Network Capacity is Growing. More Ports Needed

There is no doubt that the amount of data traveling through the Internet, private clouds and any other network you can think of is growing very fast.

According to the new industry market study from Insight Research, overall telecommunications services revenues are expected to grow at a compounded rate of nearly 13.8% over the next few years, reaching $3.7 trillion by 2015.

Verizon plans more 100G and 40G deployments and NTT America is reportedly preparing to launch 100G services to accommodate continued growth of traffic demand on its network.

Besides the growth of bandwidth requirements, there are additional bandwidth consumers: servers, PCs, routers and switches that should be connected at the data center at faster rates without increasing the amount of "tin" that is deployed. In other words, for every single rack-mount unit deployed at the data center, more connections are required.

For this reason a next generation connector was developed. The SFP+ is about 30% smaller, require fewer components and consumes less power than the XFP. It will also cost less. For a top-of-the-rack switch, SFP+ will likely provide excellent cost, power and latency characteristics and still have enough reach to be very feasible inside the rack.If you are looking at 10G networks, you should consider using standard SPF+ connectors.



Image source: http://images.pennnet.com/articles/lw/cap/cap_303890.jpg

See also 10 Gigabit Ethernet – Alphabet Soup Never Tasted So Good! on Intel blogs Benjamin Hacker 3/2008

Technology Insights

Goldman Sachs released today an interesting document that predicts upcoming trends for the year and beyond. A January 10, 2010 document titled "Mapping 2010: Key Tech Trends to Watch" lists (like the name suggests) the key IT trends for 2010 based on customer surveys. This is the 50th issue of a spending report for 100 top managers with strategic decision making authority at multinational Fortune 1000 companies (of which, many are Net Optics customers). If you have access to Goldman Sachs reports I suggest that you read it as it includes many interesting insights that are relevant for organizations of all types and sizes.

Most of the comments are on spot and inline with our observation:

Over the next few years, we expect IT spending to be disproportionately directed toward several disruptive technologies (most notably virtualization) that will be the key enablers of next-generation data centers. 2010 should serve as an inflection point as plans made during the downturn, when CIOs investigated technologies that will increase flexibility and make costs more variable, come to fruition. This adds an important secular growth driver to the cyclical rebound we expect in tech spending given the under-investment across virtually every area of tech over the past year as the economy weakened.

In our opinion this will increase the need to provide data monitoring for capacity optimization, performance and activity monitoring in order to measure how those new solutions are being used. Net Optics tools are already used by the majority of top Fortune organizations as a basis for smart and intelligent monitoring.

-- Sharon

Net Optics Releases Director™ Web Manager

On January 8th, Net Optics released Director™ Graphical User Interface (GUI) Web Manager. This release offers a rich user interface for the Director™ Data Monitoring Switch to make configuration easier and allow point-and-click access.

A variety of new features are included in the release. The GUI’s JavaScript architecture supports robust interactive graphics. One can now specify ranges for IP addresses, ports and VLANs, and display the RMON statistics on a port-by-port basis. With the addition of port naming and aliases, users can easily identify the monitoring devices or network devices connected to a port. Also included is “wand-over” functionality that displays all the filters and network statistics that apply to a port. For commonly filtered network statistics and traffic of interest, you can specify filter policies with new and existing port mappings.

For more information please see the Software Management Suite page on the Net Optics Web site.