Data monitoring switch: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 16:36, 21 June 2010 edit 71.41.153.244 (talk) →Advantages ← Previous edit		Latest revision as of 18:54, 19 July 2024 edit undo LuvkyStar (talk \| contribs) 237 edits Added short description Tags: Mobile edit Mobile app edit Android app edit App suggested edit App description add
(16 intermediate revisions by 13 users not shown)
Line 1: {{Short description\|Networking Hardware Appliance}} <ref name=":0" />A '''data monitoring switch''' is a networking hardware appliance that provides a pool of monitoring tools with access to traffic from a large number of network links. It provides a combination of functionality that may include aggregating monitoring traffic from multiple links, regenerating traffic to multiple tools, pre-filtering traffic to offload tools, and directing traffic according to one-to-one and many-to-many port mappings.<ref>{{Cite web\|title=Arista EOS® Precision Data Analysis with DANZ\|url=https://www.arista.com/en/solutions/precision-data-analysis-of-network-traffic\|last=Sabeesh\|date=2017-10-24\|website=Arista Networks\|language=en-gb\|access-date=2020-05-23}}</ref> Data monitoring switches enable organizations to use their monitoring tools more efficiently, to centralize traffic monitoring functions, and to share tools and traffic access between groups. Some of these devices also provide functionality that helps justify tool purchases and simplify deployment and management of the device itself. Several other terms have been used to describe this class of ~~device~~devices, including '''data access switch''', '''tool aggregator''', '''network packet broker''', '''net tool optimizer''', and '''distributed filter tap'''. == Function == <!-- Deleted image removed: [[Image:Net Optics Director.PNG\|380px\|thumb\| Standard Data monitoring switch with 1U chassis, high port density {{deletable image-caption}}]] --> A data monitoring switch typically provides 24 to 38 ports in a 1U 19-inch chassis, with higher port density devices expected in the future (ask about dimensions from the vendor - devices with higher port density or many card slots may be 2U or larger). Ports may be dedicated as network inputs or tool ~~outputs~~output, or ~~may be~~maybe configurable as either, with most ~~product~~products trending toward the latter. Network input ports may be paired to provide in-line connectivity (integrated [[Network tap\|Tap]] function), or out of band (mirrored) to take input from external network Taps or network switch [[SPAN port]]s. Some devices ~~have the ability to~~can interconnect chassis to configure logical systems with hundreds of ports, although user interface complexity can serve as a limiting factor in many products. When ~~a number of~~several monitoring tools are connected to the data monitoring ~~switch’s~~switch's tool ports, copies of traffic from any of the network ports can be switched to any of the tools using the data monitoring ~~switch’s~~switch's management interface. A unique characteristic of the data monitoring switch, as opposed to matrix switches and aggregating Taps, is that it can support a flexible set of port mappings including: One network link to one monitoring tool Line 26 ⟶ 27: Data monitoring switches support either or both of the following internal management interfaces: A text-based [[command-line interface]] (CLI) accessed with a terminal emulation program either locally over a serial port or remotely over a secure (e.g., SSH) network connection; this interface is sometimes preferred by network administrators, although many data center professionals complain that CLI is too complex. A Web browser -based graphical interface; While most vendors offer drag and drop capabilities, there ~~are~~is a wide range of GUI options offered on these products, some requiring CLI and some not. This interface is preferred by IT generalists, executives, and IT stakeholders who manage ~~monitoring~~to monitor but do not have physical access to the data center floor. External interfaces are also available as follows: A platform (Windows) based server; this interface is preferred for managing a large number of devices through a single interface Third-party [[SNMP]] management tools; this interface in preferred in environments with centralized SNMP management systems such as [[IBM Tivoli]] or [[HP OpenView]] <ref name=":0">[http://www.HP.com/Go/openview HP Open View]</ref> == Advantages == Data monitoring switches facilitate centralizing network traffic monitoring in the [[Network operations center\|NOC]]. * By providing remote monitoring and control, they save the time and expense of traveling to remote locations to install monitoring tools.▼ * They make it easier to share tools among groups.▼ ▲By providing remote monitoring and control, they save the time and expense of traveling to remote locations to install monitoring tools. * With data rate conversion capabilities, they enable 1 Gigabit ~~tools~~tool to support 10 Gigabit links, and 10 Gigabit tools to monitor traffic aggregated from multiple 1 Gigabit links. ▼ * They prevent tool oversubscription by pre-filtering traffic. ▼ ▲They make it easier to share tools among groups. * They can ~~Tap~~tap network links directly, instead of relying on switch [[SPAN port]]s for monitoring access. ▼ * Because of their high port densities compared to discreet Taps, they save rack space and power, and can have a lower price per port.▼ ▲With data rate conversion capabilities, they enable 1 Gigabit tools to support 10 Gigabit links, and 10 Gigabit tools to monitor traffic aggregated from multiple 1 Gigabit links. * They are fully passive, and unable to disrupt network traffic in the most commonly found circumstances. (Integrated Taps, if present have fail-to-wire on power failure.) This is compared to SPAN ports, where network traffic can be disrupted if the switch is not properly configured while setting up the SPAN port. <ref>[http://www.ebizq.net/topics/business_service_management/features/11496.html?page=1 Integrating Monitoring Access Into The Network Architecture]</ref>▼ ▲They prevent tool oversubscription by pre-filtering traffic. ▲They can Tap network links directly, instead of relying on switch [[SPAN port]]s for monitoring access. ▲Because of their high port densities compared to discreet Taps, they save rack space and power, and can have a lower price per port. ▲They are fully passive, unable to disrupt network traffic in the most commonly found circumstances. (Integrated Taps, if present have fail-to-wire on power failure.) This is compared to SPAN ports, where network traffic can be disrupted if the switch is not properly configured while setting up the SPAN port. <ref>[http://www.ebizq.net/topics/business_service_management/features/11496.html?page=1 Integrating Monitoring Access Into The Network Architecture]</ref> == Disadvantages == * Data monitoring switches take a simple concept, the passive network Tap, and make it an expensive, complex device that requires configuration and management. * They are non-standard – different vendor devices operate and are managed differently.▼ * Entry-level pricing is expensive – if just a few links or tools need to be instrumented, the price per port will be high.▼ ▲They are non-standard – different vendor devices operate and are managed differently. * Advanced functionality on some products can be very cumbersome to activate and maintain over time.▼ ~~Command~~* Command-Line interfaces are often required for the vast majority of the functions, even on many boxes that also offer a GUI. While CLI offers a great deal of control over the operations of the box, only the utmost of advanced users will be able to configure filtering and connections using CLI without overlooking problems such as filter overlaps, replication and accuracy checks, and ongoing active system management.▼ ▲Entry-level pricing is expensive – if just a few links or tools need to be instrumented, price per port will be high. ▲Advanced functionality on some products can be very cumbersome to activate and maintain over time. ▲Command Line interfaces are often required for the vast majority of the functions, even on many boxes that also offer a GUI. While CLI offers a great deal of control over the operations of the box, only the utmost of advanced users will be able to configure filtering and connections using CLI without overlooking problems such as filter overlaps, replication and accuracy checks, and ongoing active system management. == References ==▼ {{reflist}}▼ == See also == Line 69 ⟶ 56: *[[Network monitoring]] ▲== References == ▲{{reflist}} [[Category:Networking hardware\|Computer network security]]