docWhy Protocol Inspector?
download 
Report Transcription
Why Protocol Inspector?
Protocol Inspector Series Does: • 7-layer decoding for application layer problem isolation • Full line rate packet capture on full duplex links up to Gigabit Ethernet speed 1 Presentation Presenter Date Company Confidential Protocol Inspector 1. What is Protocol Inspector 2. Key Features 3. Who is it for? 4. How does it help in troubleshooting? 5. Protocol Inspector Hardware 6. Deployment Example 2 Presentation Presenter Date Company Confidential What is Fluke Protocol Inspector Series • Stand alone or Distributed – Windows-Based Software – Distributed Software or Hardware Modules • In-Service, Non-Intrusive Monitoring and Analysis • 10/100 and Gigabit Networks • Compatible with 69X traffic analyzers • Measuring Network QoS Independent of Network Infrastructure • Rackmounted or Portable 3 Presentation Presenter Date Company Confidential Why Protocol Inspector? 1. Highest Performance in the industry 2. Best Distributed and Integrated Architecture 3. Product line designed for switched networks 4 Presentation Presenter Date Company Confidential 1. High Performance – Silicon-accelerated Full-Bandwidth Performance – Full line-rate hardware for 10/100 & Gigabit – No dropped packets » Accurately measure network performance » Must catch all of call set-up to measure QoS » Even with heavy pre-filtering and slicing configured – Transmit and capture at line-rate » Test and certify network devices » Accurate measure of throughput and latency 5 Presentation Presenter Date Company Confidential 2. Integrated & Distributed Architecture – Remote protocol links all Distributed PI, 69X traffic analyzers, 12-Taps and Protocol Inspector across the network. – One Protocol Inspector station supports multiple Distributed PI and other PI stations – Peer-to-peer architecture – Scalable to support growth of the network 6 Presentation Presenter Date Company Confidential Hardware & Software Integrated – Instrument the network with hardware collection nodes » Single and multiport non-invasive taps » Rackmounted hardware analyzer and probes – Protocol Inspector software analysis stations » Single code base for all topologies » Access hardware collection nodes remotely » Access other Protocol Inspector stations remotely 7 Presentation Presenter Date Company Confidential Distributed System Example Gigabit Distributed Protocol Inspector 100Mbps multimode fiber Tap-1 Fast E’net Traffic Analyzer Gigabit Gigabit singlemode backbone switch backbone Distributed Protocol Inspector Tap-1 Distributed Protocol Inspector Protocol Inspector 100 Mbps switch Gigabit backbone switch Tap-1 Tap-12 100 Mbps Server switch server farm Distributed Protocol Inspector 10/100 Mbps local hub Protocol Inspector 8 Presentation Presenter Date Company Confidential Distributed System Example Gigabit Distributed Protocol Inspector 100Mbps multimode fiber Tap-1 Fast E’net Traffic Analyzer Gigabit Gigabit singlemode backbone switch backbone Distributed Protocol Inspector Tap-1 Distributed Protocol Inspector Protocol Inspector 100 Mbps switch Gigabit backbone switch Tap-1 Tap-12 100 Mbps Server switch server farm Distributed Protocol Inspector 10/100 Mbps local hub Protocol Inspector 9 Presentation Presenter Date Company Confidential 3. Design for Switched Networks – Full-duplex Distributed PI hardware » Sync’d dual interfaces – Fault-tolerant link taps » non-intrusive monitoring and analysis » See complete full-duplex link traffic 10 Presentation Presenter Date Company Confidential Span Port Doesn’t Cut It switch •Depending on mirror ports is risky DPI or GPI Full-duplex tapped link •Only half-duplex •Filters all errors Brand NA Sn*ff*r Half-duplex Mirror Port •Impossible to troubleshoot 10/100 Mbps local hub 11 Presentation Presenter Date Company Confidential Who is it for? • Network Engineers that conduct evaluation of tough problems – Device Latency during deployment timing sensitive application such as VoIP – Security measurement that require capturing of every single packet – Troubleshooting application specific problem e.g. frequent web server connection drop 12 Presentation Presenter Date Company Confidential What’s new • Unbundle software options – Traffic Generation, Expert Analysis, and Remote Control • New Features in V3.0 – Improved UI for Filter configuration – Optional H.323 Protocol decode and VoIP QoS metrics – New Gigabit Ethernet DPI & Fiber Taps – Launch-able from NI V4.1 even when agent is running 13 Presentation Presenter Date Company Confidential Protocol Inspector Software Models Product Name PI-100 PI-010 PI-020 PI-040 PI-080 PIP-040 PIP-050 PIP-100 PIP-ENH Protocol Inspector X Expert Analysis Option Traffic Generator Option Remote Control Option VoIP Option X X X X X X X X X X X Obsolete on July 24 X X PIP-040 and PIP-050 are promoted as limited time bundle -> through the end of 2000 14 Presentation Presenter Date Company Confidential New Easy to Use Filter Setup 15 Presentation Presenter Date Click to see demo Company Confidential VoIP support Press to view VoIP Primer • New VoIP Option with QoS Metrics – Reports over 30 metrics of quality » By Conversation (shows all calls) » By Channel (shows all channels within a call) – Full H.323 Decode Suite plus; » MGCP, RTP, RTCP, SIP, Gateway, ASN.1 » Cisco SSP protocol – With DPI, you won’t miss a packet while monitoring the VoIP data stream 16 Presentation Presenter Date Company Confidential New GPI and FTAP Hardware Fiber TAP Gigabit Distributed Protocol Inspector 17 Presentation Presenter Date Company Confidential Gigabit Ethernet Support • Distributed and integrated architecture – Extension of existing 10/100 architecture – No monitoring • Fault tolerant, non-intrusive analysis with Passive Rack-mountable Fiber Taps – Move, add, re-deploy analyzers; it never disturbs the link • Silicon accelerated full-bandwidth hardware with hot-swappable GBIC interface for 1000Base-Lx 18 Presentation Presenter Date Company Confidential New DPI and Tap Hardware Product Name DPI-110 DPI-112 TAP-1 TAP-12 GPI-110 GPI-112 GPI-020 FTAP-101 FTAP-102 FTAP-003 FTAP-012 19 Presentation Presenter Date Description Distributed PI, Half Duplex Distributed PI, Full Duplex Single Port Tap 120V 12-Port Tap Gigabit, Distributed PI, HDX-SX Gigabit, Distributed PI, FDX-SX 1000Base-Lx Single-mode G-BIC MAU with one duplex SC connector Multi-mode Fiber TAP, 1 port (10Base-F, 100Base-Fx and 1000Base-Sx) Single-mode Fiber TAP, 1 port (10Base-F, 100Base-Fx and 1000Base-Lx) Rackmount Kit for three Fiber Tap Rackmount Kit for twelve Fiber Tap Company Confidential New 691 & 692 Traffic Analyzers • 691 single port RMON2 probe • 692 dual port full-duplex RMON2 probe • Works with TFM and Protocol Inspector • No mirror port 20 Presentation Presenter Date Company Confidential Protocol Inspector Hardware GPI and DPI Tap products 21 Presentation Presenter Date Company Confidential 10/100Mbps Distributed PI RJ-45 Port Console Management Port Tap Port MII Port . .. … .… .… .… …. …. …. …. Power Status Link 100 Link 100 … …… …… …… …… …… …… …… … .. Link 100 ……………………. ……………………. …………… …………… …………… …………… …………… …………… …………… …………… … …... … …... Analyzer Ports Dedicated 10/100Mbps Management Port for out-of-band control 35 nsec timestamp resolution 22 Presentation Presenter Date Company Confidential Gigabit Distributed PI Management Port (RJ-45) . .. … .… .… .… …. …. …. …. Power Status Link 100 Test Link Test Link Input (Rx) Ports Console …………… …………… …………… …………… …………… …………… …………… …………… … …... Output (Tx) Ports … …... Tap Control Hot Swappable GBIC to support 1000Base-Lx 25 nsec timestamp resolution 23 Presentation Presenter Date Company Confidential Configuring the DPI or GPI • Serial Connection using straight through serial cable • Telnet if IP address is known • Packets are Captured by the DPI or GPI, but Decoded by Protocol Inspector software. Keep this in mind when using a Distributed Analyzer on the other side of a WAN link. (Avoid slow WAN link) • Communication between DPI/GPI with PI uses RSP (Remote Service Protocol) over IP - can be encrypted 24 Presentation Presenter Date Company Confidential Setting up DPI/GPI or 69X • HELP for a list of the command • Remember to reboot to use the setting: set syshwreset warm 69X only Command list found in Quick Start Guide 25 Presentation Presenter Date Company Confidential PI directly link to DPI VT-100 Terminal Emulator > PCMCIA Adapter Crossover Cable Management Port …. ….. …… .…… .…… .…… ……. ….… .…… ….… ……. ……. Link Status Link Status Link 100 Link 100 …………… ………. …… …… … .… … … ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… To LAN Segments 26 Presentation Presenter Date Company Confidential External Taps • Non intrusive connectivity – Break once, connect many • Support inline connection only. • Fail safe - link not disturbed when power is lost • Tap-12 provides selective-port mirroring 27 Presentation Presenter Date Company Confidential Server Performance with Tap-1 • Full-line rate, full-duplex packet capture • Timestamp at 25nsec (GPI) or 35nsec (DPI) resolution 28 Presentation Presenter Date Server TAP-1 DPI-112 Company Confidential Measuring Device Latency with Tap-1 • Requires DPI or GPI with two media modules • Synchronize the two media modules Switch Tout = 100msec Tin = 0 S C ISCO YSTEMS TAP-1 TAP-1 DPI-112 Tdelta= 100msec 29 Presentation Presenter Date Company Confidential Measuring Throughput • Elapsed Time • Throughput Column 30 Presentation Presenter Date Company Confidential Deployment example 1 - Backbone Gigabit Distributed Protocol Inspector Tap-1 100Mbps multimode fiber Gigabit backbone switch Gigabit singlemode backbone Distributed Protocol Inspector Tap-1 Distributed Protocol Inspector Protocol Inspector 100 Mbps switch Gigabit backbone switch Tap-1 100 Mbps Server switch Tap-12 server farm 10/100 Mbps local hub 31 Presentation Presenter Date Company Confidential DPI-112 with Tap-12 for Full Duplex Link Tap Port To terminal emulator Console To LAN …. ….. …… .…… .…… .…… ……. ….… .…… ….… ……. ……. Link Status ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… ………………… Link Status Link 100 …………… ………. Link 100 …………… ………. or VT-100 9-Pin Serial Cables Console 1 2 3 4 5 To LAN To LAN Segment #1 Segment #2 6 7 8 9 10 11 12 A B To LAN Segment #9 Selection of port could be controlled via a remote PI software 32 Presentation Presenter Date Company Confidential Deployment example 2 - Server Farm Gigabit backbone switch Gigabit backbone switch Tap-1 Tap-12 Protocol Inspector 100 Mbps switch Presentation Presenter server farm Distributed Protocol Inspector 10/100 Mbps local hub 33 100 Mbps Server switch Date Company Confidential What about remote sites • RSP runs on IP and is routable • Monitor data requires little bandwidth – GPI support limited monitoring (only traffic and error stats) • Be aware of slow links – Viewing of captured packet requires transfer of the whole capture file – Transfer of a 64Mbyte capture file over a 64kbps Frame Relay link takes > 8000 second. 34 Presentation Presenter Date Company Confidential Protocol Inspector 35 Presentation Presenter Date Company Confidential