[1] A data monitoring switch is a networking hardware appliance that provides a pool of monitoring tools with access to traffic from a large number of network links. It provides a combination of functionality that may include aggregating monitoring traffic from multiple links, regenerating traffic to multiple tools, pre-filtering traffic to offload tools, and directing traffic according to one-to-one and many-to-many port mappings. [2]
Data monitoring switches enable organizations to use their monitoring tools more efficiently, centralize traffic monitoring functions, and share tools and traffic access between groups. Some of these devices also provide functionality that helps justify tool purchases and simplify deployment and management of the device itself.
Several other terms have been used to describe this class of devices, including data access switch, tool aggregator, network packet broker, net tool optimizer, and distributed filter tap.
A data monitoring switch typically provides 24 to 38 ports in a 1U 19-inch chassis, with higher port density devices expected in the future (ask about dimensions from the vendor - devices with higher port density or many card slots may be 2U or larger). Ports may be dedicated as network inputs or tool output, or maybe configurable as either, with most products trending toward the latter. Network input ports may be paired to provide in-line connectivity (integrated Tap function), or out of band (mirrored) to take input from external network Taps or network switch SPAN ports. Some devices can interconnect chassis to configure logical systems with hundreds of ports, although user interface complexity can serve as a limiting factor in many products.
When several monitoring tools are connected to the data monitoring switch's tool ports, copies of traffic from any of the network ports can be switched to any of the tools using the data monitoring switch's management interface. A unique characteristic of the data monitoring switch, as opposed to matrix switches and aggregating Taps, is that it can support a flexible set of port mappings including:
In addition to directing monitoring traffic, data monitoring switches are capable of filtering traffic by Layer 2 to Layer 4 protocol criteria such as VLAN or IP address, enabling only traffic of interest to be sent to specific tools. This capability can prevent tool oversubscription and facilitate drilling down on issues.
As this is still a relatively new set of technologies, there are several different approaches to the hardware and software configurations. As such, each product sports benefits that none of the competitors includes. Some data monitoring switches offer different management interfaces (fully integrated GUI, automation, etc.), load balancing across multiple tool ports, filtering on patterns in packet payloads, and converting media and data rates so tools can be used to monitor traffic from dissimilar links.
The more advanced products offer enhanced security (access control, port permissions, etc.) either on the individual level or by using groups, filter library / archiving, and the ability to manage multiple devices simultaneously from a single interface.
Data monitoring switches support either or both of the following internal management interfaces:
External interfaces are also available as follows:
A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.
A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capture is the process of intercepting and logging traffic. As data streams flow across the network, the analyzer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
A digital subscriber line access multiplexer is a network device, often located in telephone exchanges, that connects multiple customer digital subscriber line (DSL) interfaces to a high-speed digital communications channel using multiplexing techniques. Its cable internet (DOCSIS) counterpart is the cable modem termination system.
JTAG is an industry standard for verifying designs of and testing printed circuit boards after manufacture.
Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.
In computing, Web-Based Enterprise Management (WBEM) comprises a set of systems-management technologies developed to unify the management of distributed computing environments. The WBEM initiative, initially sponsored in 1996 by BMC Software, Cisco Systems, Compaq Computer, Intel, and Microsoft, is now widely adopted. WBEM is based on Internet standards and Distributed Management Task Force (DMTF) open standards:
A network tap is a system that monitors events on a local network. A tap is typically a dedicated hardware device, which provides a way to access the data flowing across a computer network.
In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.
Catalyst is the brand for a variety of network switches, wireless controllers, and wireless access points sold by Cisco Systems. While commonly associated with Ethernet switches, a number of different types of network interfaces have been available throughout the history of the brand. Cisco acquired several different companies and rebranded their products as different versions of the Catalyst product line. The original Catalyst 5000 and 6000 series were based on technology acquired from Crescendo Communications. The 1700, 1900, and 2800 series Catalysts came from Grand Junction Networks, and the Catalyst 3000 series came from Kalpana in 1994.
In systems management, out-of-band management is a process for accessing and managing devices and infrastructure at remote locations through a separate management plane from the production network. OOB allows a system administrator to monitor and manage servers and other network-attached equipment by remote control regardless of whether the machine is powered on or whether an OS is installed or functional. It is contrasted to in-band management which requires the managed systems to be powered on and available over their operating system's networking facilities.
The current portfolio of PowerConnect switches are now being offered as part of the Dell Networking brand: information on this page is an overview of all current and past PowerConnect switches as per August 2013, but any updates on current portfolio will be detailed on the Dell Networking page.
The Remote Network Monitoring (RMON) MIB was developed by the IETF to support monitoring and protocol analysis of local area networks (LANs). The original version focused on OSI layer 1 and layer 2 information in Ethernet and Token Ring networks. It has been extended by RMON2 which adds support for Network- and Application-layer monitoring and by SMON which adds support for switched networks. It is an industry-standard specification that provides much of the functionality offered by proprietary network analyzers. RMON agents are built into many high-end switches and routers.
A bypass switch (or bypass TAP) is a hardware device that provides a fail-safe access port for an in-line active security appliance such as an intrusion prevention system (IPS), next generation firewall (NGFW), etc. Active, in-line security appliances are single points of failure in live computer networks because if the appliance loses power, experiences a software failure, or is taken off-line for updates or upgrades, traffic can no longer flow through the critical link. The bypass switch or bypass tap removes this point of failure by automatically 'switching traffic via bypass mode' to keep the critical network link up.
Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices.
Avaya Unified Communications Management in Computer Networking is the name of a collection of GUI software programs from Avaya. It uses a service-oriented architecture (SOA) that serves as a foundation forunifying the configuration and monitoring of Avaya Unified Communications Servers and data systems.
The Dell blade server products are built around their M1000e enclosure that can hold their server blades, an embedded EqualLogic iSCSI storage area network and I/O modules including Ethernet, Fibre Channel and InfiniBand switches.
Arista Networks, Inc. is an American computer networking company headquartered in Santa Clara, California. The company designs and sells multilayer network switches to deliver software-defined networking (SDN) for large datacenter, cloud computing, high-performance computing, and high-frequency trading environments. These products include 10/25/40/50/100/200/400/800 gigabit low-latency cut-through Ethernet switches. Arista's Linux-based network operating system, Extensible Operating System (EOS), runs on all Arista products.
A packet capture appliance is a standalone device that performs packet capture. Packet capture appliances may be deployed anywhere on a network, however, most commonly are placed at the entrances to the network and in front of critical equipment, such as servers containing sensitive information.
Dell Networking is the name for the networking portfolio of Dell. In the first half of 2013, Dell started to rebrand their different existing networking product brands to Dell Networking. Dell Networking is the name for the networking equipment that was known as Dell PowerConnect, as well as the Force10 portfolio.
DNOS or Dell Networking Operating System is a network operating system running on switches from Dell Networking. It is derived from either the PowerConnect OS or Force10 OS/FTOS and will be made available for the 10G and faster Dell Networking S-series switches, the Z-series 40G core switches and DNOS6 is available for the N-series switches.