The Big Monitoring Fabric (Big Mon) Service Node provides advanced flow and packet handling for visibility and security architectures. Network owners can now precisely define the traffic each tool receives — eliminating unnecessary or sensitive data so that tools can perform at their best and information privacy is assured.
Today’s data centers need a variety of tools to defend the network and keep traffic and applications performing at their peak. Many tools are designed to analyze only specific types of traffic. Handling irrelevant or redundant traffic slows tool performance and risks oversubscription, which would lead to packet loss and monitoring gaps.
Big Mon Service Node ensures only traffic of interest, in a preferred state (such as with certain headers removed), is passed on to each tool. The Service Node can also eliminate duplicate packets, which can occur when a network link is tapped at multiple segments.
Defending and monitoring the data center while avoiding data privacy or security violations can be challenging. Scrubbing tools of disallowed data requires additional, often error prone workflows. Big Mon Service Node simplifies compliance by prescreening traffic and eliminating or masking sensitive data before it reaches tools.
The Big Mon Service Node provides Netflow generation for non-packet-based flow collectors, allowing them to perform sophisticated flow analysis.
Big Mon Service Node is built with industry-standard x86 DPDK servers and offers the most advanced packet handling functions at up to 160G performance. With a cluster of service nodes, up to terabit-scale can be deployed to meet the needs of the most demanding data centers. Remove payloads or headers; mask sensitive data; perform deep packet inspection, and generate Netflow for flow-based analysis tools. The Big Mon Service Node simply and scalably allows redundant or irrelevant packets — or specific packet contents — to be eliminated.
Because the Service Node is deployed as a service, it can be leveraged for both Big Mon Out-of-Band and Big Mon Inline deployments. This flexible design allows data center operators to optimize traffic from anywhere, for any tool.
|De-duplication||Remove unnecessary duplicate packets that result from monitoring multiple segments of a network link||Maximize tool efficiency|
|Packet Slicing||Remove sensitive data from a packet, such as payload||Prevent storage of sensitive data|
|Packet Masking||Mask sensitive data within a packet||Prevent storage of sensitive data|
|Header Stripping||Remove unnecessary or non-ingestible headers so tools can perform analysis||Allow tools to analyze traffic from a wider selection of traffic sources (such as a mobile/LTE network)|
|Regular Expression Matching (DPI)||Perform custom inspection and L7 filtering/blocking||Filter at application level and deploy terabit-scale attack mitigation in the DMZ|
|Netflow Generation||Generate Netflow||Service flow-based collectors and analytics tools|
A cluster of service nodes, together with Big Mon Inline and associated security tools, can form a powerful BigSecure Architecture for enabling dynamic cyber-defense in the DMZ with Terabit-scale attack mitigation capability.