Data monitoring switch

Last updated July 20, 2024

^[1]A data monitoring switch is a networking hardware appliance that provides a pool of monitoring tools with access to traffic from a large number of network links. It provides a combination of functionality that may include aggregating monitoring traffic from multiple links, regenerating traffic to multiple tools, pre-filtering traffic to offload tools, and directing traffic according to one-to-one and many-to-many port mappings.^[2]

Data monitoring switches enable organizations to use their monitoring tools more efficiently, centralize traffic monitoring functions, and share tools and traffic access between groups. Some of these devices also provide functionality that helps justify tool purchases and simplify deployment and management of the device itself.

Several other terms have been used to describe this class of devices, including data access switch, tool aggregator, network packet broker, net tool optimizer, and distributed filter tap.

Function

A data monitoring switch typically provides 24 to 38 ports in a 1U 19-inch chassis, with higher port density devices expected in the future (ask about dimensions from the vendor - devices with higher port density or many card slots may be 2U or larger). Ports may be dedicated as network inputs or tool output, or maybe configurable as either, with most products trending toward the latter. Network input ports may be paired to provide in-line connectivity (integrated Tap function), or out of band (mirrored) to take input from external network Taps or network switch SPAN ports. Some devices can interconnect chassis to configure logical systems with hundreds of ports, although user interface complexity can serve as a limiting factor in many products.

When several monitoring tools are connected to the data monitoring switch's tool ports, copies of traffic from any of the network ports can be switched to any of the tools using the data monitoring switch's management interface. A unique characteristic of the data monitoring switch, as opposed to matrix switches and aggregating Taps, is that it can support a flexible set of port mappings including:

One network link to one monitoring tool
One network link to many monitoring tools (regeneration)
Many network links to one monitoring tool (aggregation)
Many network links to many monitoring tools (dynamic many-to-many connectivity)

In addition to directing monitoring traffic, data monitoring switches are capable of filtering traffic by Layer 2 to Layer 4 protocol criteria such as VLAN or IP address, enabling only traffic of interest to be sent to specific tools. This capability can prevent tool oversubscription and facilitate drilling down on issues.

As this is still a relatively new set of technologies, there are several different approaches to the hardware and software configurations. As such, each product sports benefits that none of the competitors includes. Some data monitoring switches offer different management interfaces (fully integrated GUI, automation, etc.), load balancing across multiple tool ports, filtering on patterns in packet payloads, and converting media and data rates so tools can be used to monitor traffic from dissimilar links.

The more advanced products offer enhanced security (access control, port permissions, etc.) either on the individual level or by using groups, filter library / archiving, and the ability to manage multiple devices simultaneously from a single interface.

Device Management

Data monitoring switches support either or both of the following internal management interfaces:

A text-based command-line interface (CLI) accessed with a terminal emulation program either locally over a serial port or remotely over a secure (e.g., SSH) network connection; this interface is sometimes preferred by network administrators, although many data center professionals complain that CLI is too complex.
A Web browser-based graphical interface; While most vendors offer drag and drop capabilities, there is a wide range of GUI options offered on these products, some requiring CLI and some not. This interface is preferred by IT generalists, executives, and IT stakeholders who manage to monitor but do not have physical access to the data center floor.

External interfaces are also available as follows:

A platform (Windows) based server; this interface is preferred for managing a large number of devices through a single interface
Third-party SNMP management tools; this interface in preferred in environments with centralized SNMP management systems such as IBM Tivoli or HP OpenView ^[1]

Advantages

Data monitoring switches facilitate centralizing network traffic monitoring in the NOC.
By providing remote monitoring and control, they save the time and expense of traveling to remote locations to install monitoring tools.
They make it easier to share tools among groups.
With data rate conversion capabilities, they enable 1 Gigabit tool to support 10 Gigabit links, and 10 Gigabit tools to monitor traffic aggregated from multiple 1 Gigabit links.
They prevent tool oversubscription by pre-filtering traffic.
They can tap network links directly, instead of relying on switch SPAN ports for monitoring access.
Because of their high port densities compared to discreet Taps, they save rack space and power and can have a lower price per port.
They are fully passive and unable to disrupt network traffic in the most commonly found circumstances. (Integrated Taps, if present have fail-to-wire on power failure.) This is compared to SPAN ports, where network traffic can be disrupted if the switch is not properly configured while setting up the SPAN port.^[3]

Disadvantages

Data monitoring switches take a simple concept, the passive network Tap, and make it an expensive, complex device that requires configuration and management.
They are non-standard – different vendor devices operate and are managed differently.
Entry-level pricing is expensive – if just a few links or tools need to be instrumented, the price per port will be high.
Advanced functionality on some products can be very cumbersome to activate and maintain over time.
Command-Line interfaces are often required for the vast majority of the functions, even on many boxes that also offer a GUI. While CLI offers a great deal of control over the operations of the box, only the utmost of advanced users will be able to configure filtering and connections using CLI without overlooking problems such as filter overlaps, replication and accuracy checks, and ongoing active system management.

Related Research Articles

A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.

A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

A digital subscriber line access multiplexer is a network device, often located in telephone exchanges, that connects multiple customer digital subscriber line (DSL) interfaces to a high-speed digital communications channel using multiplexing techniques. Its cable internet (DOCSIS) counterpart is the cable modem termination system.

JTAG is an industry standard for verifying designs of and testing printed circuit boards after manufacture.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

In computing, Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments. The WBEM initiative, initially sponsored in 1996 by BMC Software, Cisco Systems, Compaq Computer, Intel, and Microsoft, is now widely adopted. WBEM is based on Internet standards and Distributed Management Task Force (DMTF) open standards:

A network tap is a system that monitors events on a local network. A tap is typically a dedicated hardware device, which provides a way to access the data flowing across a computer network.

In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.

Catalyst is the brand for a variety of network switches, wireless controllers, and wireless access points sold by Cisco Systems. While commonly associated with Ethernet switches, a number of different types of network interfaces have been available throughout the history of the brand. Cisco acquired several different companies and rebranded their products as different versions of the Catalyst product line. The original Catalyst 5000 and 6000 series were based on technology acquired from Crescendo Communications. The 1700, 1900, and 2800 series Catalysts came from Grand Junction Networks, and the Catalyst 3000 series came from Kalpana in 1994.

<span class="mw-page-title-main">Out-of-band management</span> Management of networking equipment

In systems management, out-of-band management is a process for accessing and managing devices and infrastructure at remote locations through a separate management plane from the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management which requires the managed systems to be powered on and available over their operating system's networking facilities.

The current portfolio of PowerConnect switches are now being offered as part of the Dell Networking brand: information on this page is an overview of all current and past PowerConnect switches as per August 2013, but any updates on current portfolio will be detailed on the Dell Networking page.

The Remote Network Monitoring (RMON) MIB was developed by the IETF to support monitoring and protocol analysis of local area networks (LANs). The original version focused on OSI layer 1 and layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network- and Application-layer monitoring and by SMON which adds support for switched networks. It is an industry-standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.

A bypass switch (or bypass TAP) is a hardware device that provides a fail-safe access port for an in-line active security appliance such as an intrusion prevention system (IPS), next generation firewall (NGFW), etc. Active, in-line security appliances are single points of failure in live computer networks because if the appliance loses power, experiences a software failure, or is taken off-line for updates or upgrades, traffic can no longer flow through the critical link. The bypass switch or bypass tap removes this point of failure by automatically 'switching traffic via bypass mode' to keep the critical network link up.

Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices.

Avaya Unified Communications Management in Computer Networking is the name of a collection of GUI software programs from Avaya. It uses a service-oriented architecture (SOA) that serves as a foundation forunifying the configuration and monitoring of Avaya Unified Communications Servers and data systems.

<span class="mw-page-title-main">Dell M1000e</span> Server computer

The Dell blade server products are built around their M1000e enclosure that can hold their server blades, an embedded EqualLogic iSCSI storage area network and I/O modules including Ethernet, Fibre Channel and InfiniBand switches.

Arista Networks, Inc. is an American computer networking company headquartered in Santa Clara, California. The company designs and sells multilayer network switches to deliver software-defined networking (SDN) for large datacenter, cloud computing, high-performance computing, and high-frequency trading environments. These products include 10/25/40/50/100/200/400/800 gigabit low-latency cut-through Ethernet switches. Arista's Linux-based network operating system, Extensible Operating System (EOS), runs on all Arista products.

A packet capture appliance is a standalone device that performs packet capture. Packet capture appliances may be deployed anywhere on a network, however, most commonly are placed at the entrances to the network and in front of critical equipment, such as servers containing sensitive information.

Dell Networking is the name for the networking portfolio of Dell. In the first half of 2013, Dell started to rebrand their different existing networking product brands to Dell Networking. Dell Networking is the name for the networking equipment that was known as Dell PowerConnect, as well as the Force10 portfolio.

DNOS or Dell Networking Operating System is a network operating system running on switches from Dell Networking. It is derived from either the PowerConnect OS or Force10 OS/FTOS and will be made available for the 10G and faster Dell Networking S-series switches, the Z-series 40G core switches and DNOS6 is available for the N-series switches.

References

1 2 HP Open View
↑ Sabeesh (2017-10-24). "Arista EOS® Precision Data Analysis with DANZ". Arista Networks. Retrieved 2020-05-23.
↑ Integrating Monitoring Access Into The Network Architecture

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 HP Open View

[2] Sabeesh (2017-10-24). "Arista EOS® Precision Data Analysis with DANZ". Arista Networks. Retrieved 2020-05-23.

[3] Integrating Monitoring Access Into The Network Architecture

[1]

[2]

[3]