Gigamon Visibility Fabric

Scalable, Pervasive VisibilityGigamon Visibility Fabric1 2014 Gigamon. All rights reserved.1Formed in 2004 with First Product Ship in 2005IPO at June 2013, NYSE:GIMOCreated the Traffic Visibility Network, a concept recently adopted by the Gartner, Inc. analyst firm as the Network Packet Broker product categoryMultiple patented innovations 9 Granted and 18 PendingOver 6000 GigaVUEs deployed in over 40 CountriesProducts designed and built in the USAInstalled in over 200 of the Fortune 1000

Gigamon the CompanyMarket Maker, Market Leader2

2014 Gigamon. All rights reserved.Before reviewing the products it is important to note that Gigamon created the concept of a traffic visibility network in 2004, and continues to innovate and lead the market in this area. Gartner, a market analysis company, recently recognized the increasing need for this technology by starting to track what they call the Network Packet Broker product category.2The Problem and Solution3

Tools not connected everywhereTo many disparate touch points create network fragilityTool performance not optimizedPoint access to network data for toolsMaintenance, change control burdenExpensive, complex

All tools are connectedFewer network touch pointsIncreased tool performanceIncreased tool pervasivenessReduce Change Mgmt BurdenCost savings Capex/OpexTools Needs Continue to Increase

Centralize & Optimize Data Acquisition

2014 Gigamon. All rights reserved.

Gigamon. The Smart Route to Visibility.Realizing the Value and Power of Intelligent Visibility.

2014 Gigamon. All rights reserved.4The Gigamon OpportunityThe Why 5NetworkFixedMobileServersPhysicalDevicesApplicationsIn houseVirtualEmployeeCloudCorporateDataExplodingEvolvingDynamic InfrastructureStatic Management and Security ToolsVisibility Fabric 2014 Gigamon. All rights reserved.Before we discuss products, lets first describe some of the challenges and opportunities in the market today.This is a build slide, so discuss the challenges as they roll up.IT is in a state of change. What once was a fixed network has become mobile. Servers have moved from the physical world to Virtual. Some applications that were within the data center have move to the cloud and data is exploding with shifts to 10G, LTE, or server farms. Even devices that were once controlled by IT at corporate have shifted to the Employee with iPads and other mobile devices.Click This dynamic Infrastructure still needs to be made visible to static management and security tools. Click Thus the need for a Visibility Fabric, an interwoven mesh that brings in data, voice, and video and sends it intelligently to where it is needed.5Improving Monitoring Systems with GigamonApplication/Network Performance Monitoring

Analytics

NetworkPerformanceManagementNetworkForensicsSecurity

Router/Switch & Server Farm

ApplicationPerformanceManagement

2014 Gigamon. All rights reserved.Some network monitoring approaches such as SNMP-based analysis and flow protocols provide summary information and do not have to examine each packet in order to function.

However, each solution within these five example network security and monitoring categories depend upon examination of the actual packets traversing the network.

6

TAPs & Aggregators

GigaVUE-2404GigaVUE-420GigaVUE-212G-SECURE-0216

GigaVUE-HD8GigaVUE-HD4GigaVUE-HB1

G-TAPG-TAP A SeriesGigaVUE-TA1

Visibility Fabric NodesPervasive visibility across physical (corporate to remote) virtual, and future SDN production networksUnified Visibility Fabric Architecture7Management

Orchestration

Applications & Tools Infrastructure, User Community

WriteRead

Flexible GUI and central provisioning of Fabric Nodes across physical, virtual, and future SDN islandsAPI/SDK= Future AvailabilityServices

SlicingMaskingTunnelTime StampLoad BalanceHeader Stripping

Adaptive Packet Filtering

Applications

ReadWriteReadWriteReadWriteWriteRead

GigaVUE-HC2 2014 Gigamon. All rights reserved.The Gigamon UVFA.GigaVUE-HC2 plays a critical role within the fabric; designed to simplify customer visibility needs. 7Traffic VisibilityFlow MappingTool 2 (IDS)Tool 3 (CEM)Tool 4 (Web)Tool 5 (SQL)Tool 6 (Recorder)Tool 1 (VoIP)IngressPortsEgress PortsVoIPIDSCEMWEBMap RuleMap RuleMap RuleMap RuleMap RuleConfigurable Hardware Based RulesBound to Ingress Ports 2014 Gigamon. All rights reserved.Flow Mapping permits all traffic in and then based on the mapping rules, sends matching traffic to one or more egress ports. Since all traffic is permitted in, all packets are evaluated for matches to the mapping rules. The matching is done at the ingress, so there is no congestion no matter how much traffic flows through the map. The rules are handled by hardware, so there is no packet processing bottleneck.

Flow Mapping negates the need to ever use ingress port filters, but there are times when using egress filtering can be used in conjunction with Flow Mapping. For example, a tool port that is looking at VoIP or web traffic can be filtered to look at a specific IP address by applying an egress filter rather than changing the entire map.

Flow Mapping offers line-rate, low latency packet forwarding and can scale the Visibility Fabric to hundreds of network ports. Because Flow Mapping does not filter at the ingress, all the packets are available for all the tools. Because flow mapping does not send tools unnecessary traffic, they get all the traffic they need.

Flow Mapping is a patented technology that unique to Gigamon. Other vendors rely on ingress and egress filtering. Flow Mapping allows a flexible and scalable approach to traffic filtering.

Because ingress ports receive traffic from the production network, they are called network ports. Similarly, egress ports send traffic to the analysis and monitoring tools, so they are called tool ports.

8

Packet SlicingMaskingSource Port LabelingTunnelingAdvanced IP TunnelingIncluding ERSPANTerminationDe-DuplicationHeader StrippingTime StampingL7 Load Balancing

13 patents issued in the US

28 patents pending worldwide

Gigamon Technologies9

2014 Gigamon. All rights reserved.Patents: 13 granted, 28 pending

One key patent is around our Flow Mapping technology. It is a key differentiator, and should it essentially grants Intellectual Property rights for Gigamon to do the filtering and distribution of traffic differently (and better) than everyone else.Make sure that you ask your Fishnet and Gigamon reps to explain Flow Mapping.It is the clear differentiator between Gigamon and others.And when you hear from the other vendors we do what Gigamon does, but we are cheaper.. Understand that One of the important things that they Dont do is Flow Mapping.(Click)

9GigaSMART Packet Modification features empower monitoring and analysis tools to do more and see more. Features include:FeatureDescriptionGigaSMARTAdvanced Packet Manipulation10De-DuplicationMaskingPacket SlicingTag StrippingTunneling

Time StampingIngress Port LabelingGTP CorrelationPattern MatchIdentify and remove duplicate packetsOverwrite sensitive information within packets for complianceGood for compliance and traffic volume reductionStrip MPLS labels, VLAN Tags, VNTags, Tunnels and moreForward traffic via routable packets to another GigaSMART for distribution Add fields containing ingress port time stamp Add fields identifying the interface packets were received uponReal-time GTP session correlation for LTE and 3G networks Search through an entire packet looking for a pattern

2014 Gigamon. All rights reserved.GigaSMART Packet Modification offers many useful features, and is fully extensible. Additional or new features may be added to the existing hardware platform via simple software and license upgrades. Start with a single feature to support a particular network situation, and add features as your network monitoring and analysis requirements evolve.

Reviewing the available features: Offloading De-duplication to the Visibility Fabric improves analyzer performance, prevents analyzers from incorrectly interpreting repeat packets, and reduces traffic volume. Data masking and packet slicing are important for confidentiality and compliance. Packet slicing is also used to remove unnecessary data payload information for reduced storage and increased monitoring throughput. Tag stripping makes traffic accessible to more monitoring and analysis tools. Tunneling permits greater use of centralized tool resources, allows better monitoring and security to be applied to remote sites from centrally managed resources, and supports extension of monitoring coverage for temporary or new sites with minimal equipment deployment. Time stamping allows for correlated or remote monitoring and analysis of streaming protocols such as VoIP and video, for jitter and latency measurements, and for precise analysis of application response times in situations where nanoseconds may make a difference. Ingress port labeling may be used either for troubleshooting, or for sorting and filtering within test results. Layer 7 Load Balancing provides flexible and configurable options for how traffic is distributed among multiple like-analyzers. GigaSMART is now able to search through an entire packet looking for a pattern. You dont have to specify the location.

10GTP CorrelationSubscriber-Aware Forwarding11Real-time GTP session correlation for LTE and 3G networks Advanced subscriber-aware filtering, forwarding, and replication across one or multiple billing / monitoring toolsScalable Pay-As-You-Grow architecture to meet the traffic demands of mobile carrier networks

4G

3G

Sub ASub BSub nSub CSub D

Future Availability

CEM

RecorderSub A, Sub B, Sub C, Sub D .. Sub nSub CSub DSub A 2014 Gigamon. All rights reserved.11Static Load-balancing Across a Group of Monitoring Tools

12

2014 Gigamon. All rights reserved.12Virtual

Unique packet distribution rules for encapsulated protocolsVisibility into overlay networks in data center infrastructuresAdaptive Packet FilteringContent-based Filtering13

Physical

Label = 5ExpLabel = 4S=0TTL=0ExpS=0TTL=0GTP TID = 12345678090000B0inner packet sourceIP= 12.1.75.1Outer MPLS Label id = 4VNTAG Destination VIF_ID = 4095GRE key = 0000ABCDVXLAN ID = 5000

Future Availability

Application Performance

CEM

Billing 2014 Gigamon. All rights reserved.Multi-Protocol graphics; 13Transforms packet data across multiple devices into NetFlow recordsAdvanced filters for custom exports to one or multiple NetFlow collectors, performance, and security monitorsCombined flow analytics with packet-level analyticsHigh-performance solution to meet the rigorous demands of high-speed networks

NetFlow Generation Application Standards-Based Flow Summarization & Analytics 14Service ProviderEnterprise/DC

AppPerformance

CEM

Security

NetFlow GenerationIncoming Flows

IP Addr:1.0.0.1/32IP Addr:25.0.1.0/28IP Addr:7.1.1.1/24Src/Dst Port: 80Protocol: TCP

Incoming Packets: 1,000,000,000

Summarized NetFlow Records

Unsampled 1:1 flow record generation from incoming traffic streams

NetFlow Records1000

2014 Gigamon. All rights reserved.Why not offload this function to a GigaVUE-Node that has a dedicated processing blade which canLook at traffic that is flowing through the box or for that matter a cluster of nodes. Where you can pick and choose flows based on granular layer-2, layer-3 or layer-4 information And generate netflow records. The advantage of having a dedicated processing blade and advanced filtering capabilities allows you to generate netflow information on all the packets that you are interested in unsampled. Effectively now you have a traffic aggregation solution that can summarize flow statistics like # of bytes, packets, when a flow started and ended, information about TCP flags, DSCP Information & Optionally forward raw packets for detailed analytics.

This is really a first in the industry, where we have the ability to combine packet based analysis and flow based analysis in to the same solution. We can take traffic coming from the production network, do the traffic correlation on a packet by packet basis and then either either pre-filtering or post-filtering do the flow generation and then send the flows to the tools that are requiring flow based analysis or send the raw packets to the tools that are required packet based solutions and then there are some that do both and we can certainly do that as well in the fabric. What we are finding increasingly as well is that many tools are actually relying on both.

14Start with a VMware version 5 deploymentInstall a Visibility FabricInstall GigaVUE-FM tomanage the virtual visibilitynodes.Deploy GigaVUE-VM into each hypervisor.GigaVUE-FM interrogatesvSphere to learn the virtual environment.Configure vMaps in GigaVUE-FMAll vMaps are pushed.Selected traffic is tunneled to aGigaSMART.

GigaVUE-VMThe process in detail:15

SERVER I

HypervisorSERVER II

Hypervisor

Tunneled Traffic

VMware vSphereVirtual Gigamon Fabric Nodes 2014 Gigamon. All rights reserved.With that outline, lets go through the process in a little more detail. Start with an installation of VMware 5 or 5.1, which includes vSphere for management of the VMware virtual environment. Install a physical visibility fabric including GigaSMART. Install a Fabric Manager for management of a virtual visibility infrastructure. Deploy GigaVUE-VM into each VMware hypervisor. Launch the Fabric Manager, which will interrogate vSphere to learn the virtual environment and to stay abreast of any vMotion activity. Configure vMaps through the Fabric Manager user interface. The Fabric Manager then pushes vMap configurations to the GigaVUE-FMs. Once vMaps are deployed, selected traffic is forwarded from the virtual space through a tunnel to the designated GigaSMART for redistribution.

15Inter-VM traffic visibility flowing within host and across physical hostsSelectively detect, select, and forward VM traffic of interest using patented Flow MappingForwards monitored virtual traffic over existing IP network infrastructureCentralized management through the GigaVUE-FMInter-Host VM MonitoringEnhanced Visibility into the Virtualized Environment16HypervisorVM1

vSphere Distributed Switch (VDS)VM2Hypervisor

vSphere Distributed Switch (VDS)VM3

vCenter

ApplicationPerformance

Network Management

SecurityTools and AnalyticsMonitor VM1 2014 Gigamon. All rights reserved.Visibility FabricUnified Visibility FabricGigaVUE-CVExtend Gigamons Value into Software Defined Networks17Production Network

ApplicationPerformance

Network Management

SecurityTools and AnalyticsGigaVUE-CV (Controller Visibility):Extend pervasive visibility by enabling the SDN Controller to function as a Fabric Node Gather flow information from SDN controller and correlate the flows to GigaVUE-FM for dynamic provision of monitoring policies from production SDN network to the toolsEnables dynamic TAP and mirroring of data traffic from SDN infrastructure into higher-functioning Fabric Nodes (e.g. Gigamon GigaVUE H series)

TT

T

SSS

GigaVUE & GigaSMART

OpenDayLightController

Future Availability 2014 Gigamon. All rights reserved.Extend Gigamons value into SDN Monitoring InfrastructureDeliver a GigaVUE SDN Applet (Pervasive Monitoring) as a loadable module on an SDN ControllerPervasive Monitoring Applet Enables the SDN Controller to become part of Gigamons Visibility Fabric NodeDelivers advanced traffic filtering capabilities with OpenFlow-enabled switchesIntelligent traffic filtering and transformation will still be done on GigaVUE G/H/VM SeriesBenefit:Establish leadership in SDN monitoring marketDiffuse any threat to commoditizationExtend customer reach (i.e. new customers) and allows customers to become familiarize with Gigamon technology and offerings

17Gigamon BPS Solutions

With BPS the Visibility Fabric is able to bypass an inline device upon failure, allowing the production network to remain up. Since the bypass is being handed outside of the failed device, any necessary maintenance can be performed while keeping the link active. In Line By Pass Solutions18

2014 Gigamon. All rights reserved.A bypass switch shifts in-line perimeter protection devices from being single-points of failure, into manageable and more reliable security devices. In some cases all traffic must be presented to more than one in-line protection, in other cases protections may be used in parallel. For highest network availability a bypass switch is a must-have.18Gigamon Customer Success Story 19FWDLPWebBPADBTMCEMSIEM

Visibility Fabric ArchitectureDeployed VoLTE ahead of AT&T and VZW by deploying on top of existing Gigamon visibility infrastructure which was already in placeCustomer was able to de-risk deployment of new service through comprehensive visibility and Gigamon partnership with existing tool vendor partnerDeployment mostly involved handset upgrades and testing interoperability as core network already tapped and visibleWith Gigamon as monitoring vendor they are future proofed from impacts of Network Virtualisation such as SDN + NFV etc.Large US carrier: 4G-LTE VoLTE rollout (2014) 2014 Gigamon. All rights reserved.NOW, notice the diagram with a Visibility Fabric architecture deployed. All the necessary tools are still connected, but network touch points have dropped to about 15% of the previous requirement.

Now you can send tools only what they need and you can de-duplicate and slice data packets before they reach tools, which means optimized tool CPU.

And, you can buy tools based on their traffic capacity rather than connections, which means saving costs.19Thank you!

Q&A 2014 Gigamon. All rights reserved.20Gigamon.

The smart choice.

The right choice.

The proven choice for Visibility Fabric solutions.