Are you getting the best performance from your monitoring and security tools - or
is oversubscription causing them to drop packets and miss messages? Today's
skyrocketing traffic and high-speed 10 Gbps links put severe pressure on vital
tools like performance analyzers and Intrusion Prevention
Systems (IPSs) that
inspect traffic to block data leaks and malware. Load balancing not only prevents
oversubscription, it also helps you gain the best value from your 1G tool investment
by leveraging them on 10G links.
Performance of security tools such as IPSs, Database Activity Monitors
(DAMs), and Data Loss Prevention devices (DLPs) depends upon the complexity of the
security rule base. A security device with a long, complicated rule base does not
perform at as high a level as one with a limited policy. In other words, there is a
tradeoff between security and performance...
Load Balancing is the Answer—But What's Your ideal Approach?
With Load Balancing, one size doesn't fit all—so it's vital to choose the right solution. Depending on traffic type, Net Optics offers an unrivaled spectrum of options for getting the most from your network tools.
Load balancing can distribute 10G traffic to multiple 1G tools—plus aggregate traffic from multiple1G and 10G links and distribute it to share the load. Flows to be kept intact can be identified by IP address pairs, by IP source address only, by IP destination address only, or by other packet header fields. Non-flow-based traffic can be load balanced using a packet-by-packet round-robin algorithm.
Static Load Balancing
splits traffic to let multiple tools work on different parts of it. For example, when 10G traffic exceeds 1G tool capacity, you can filter and send packets with odd IP source addresses to one 1G tool and even addresses to another—or use other differentiators.
Dynamic Load Balancing
is engineered for 10G line speeds. It actively monitors load levels on output channels and adjusts traffic distribution in near-real time to keep loads even, based on analysis of entire packet flows.
Net Optics Load Balancing Solutions:
is ideal for telecoms needing to balance RTP traffic or decode RTP headers for call center applications with traffic going out to VoIP recorders. Static load balancing is ideal for the distribution of RTP traffic.
performs dynamic inline load balancing for IPSs with link-state awareness. That means if a tool in the load balance set fails, the solution redistributes traffic to the remaining tools until the failed tool is repaired or replaced and the link comes back up. Director Pro also provides Deep Packet Inspection (DPI
) functionality, enabling fine-grained selection of traffic to be load balanced.
For Static Load Balancing Out to 10G Tools, Choose the xStream Platform
splits traffic into multiple streams so data
can be processed by two or more tools working in parallel - ideal for government
and service provider forensics and compliance needs. Director xStream
traffic from any network port or aggregated set of network ports and distributes
it to two, three, four, or any number of available monitor ports, balancing loads
by IP address, port, protocol, VLAN
, MAC address - or any other packet header field.
The device's ultra-low latency ensures minimal delays that can degrade the accuracy
of timing analysis.
Director xStream Pro
's dynamic load balancing is complemented with Deep Packet Inspection (DPI
) and filtering capabilities among many other functions. To balance loads, data is processed by 2 to 16 tools working in parallel and supporting four independent dynamic load balancing groups—ideal out-of-band load balancing for forensic traffic recorders and performance analyzers with 10G interfaces. Splitting traffic into multiple streams allows data to be processed by 2 to 16 tools working in parallel, while retaining flow integrity. Timestamping is available to completely eliminate the effects of device latency on timing analysis, and per-second network analytics enable detection of microburst congestion in real time. DPI
allows inspection of every bit of every packet—payloads as well as headers—at full 10 Gbps line rate.
is Net Optics' new purpose-built load balancing solution that distributes flow-coherent traffic to multiple monitoring tools working in parallel. While it supports out-of-band (sniffing) monitoring for traffic recorders, its greatest strength is inline monitoring for IPSs and other inline tools. It also supports 10G to 1G data rate conversion, letting you monitor 10G traffic with a pool of 1G tools for the most cost-efficient approach in the industry. In addition, a breakthrough tool-sharing topology lets several independent links share a pool of inline tools.