How to Monitor 10G Links Using 1G Tools

While these numbers are relevant to larger businesses and corporations, smaller companies will also soon require such extensive bandwidth to manage daily IT and network operations. In preparation, vendors have begun to drive demand through the use of aggressive marketing and price reductions.

With reduced prices on 10G equipment, many organizations are choosing to upgrade their bandwidth immediately for new technology purchases. After all, why purchase older, slower technology at comparable prices, when your organization can simply begin to prepare for the future now?

THE CHALLENGE: MONITORING 10G Given the current state of the economy, network operations teams are being challenged to do “more with less,” a phrase that has become pervasive enough to take on the look of an industry theme of late. This trend is showing up in 2009 budget estimates, which are expected to fall by an average of 2.5% from 2008 levels, according to Gartner Research. In response, decision makers are forced to more thoroughly evaluate all capital purchase and make hard decisions about canceling / delaying some transactions.

10G projects are not immune to the budget crunch. Although the cost of 10G equipment has come down recently, it is still selling at a premium to 1G tools. At the same time, enterprises are faced with the daunting task of monitoring 10G networks to ensure that their business critical applications are secure and running at acceptable performance.

With the move to 10G, many IT strategists are concerned about whether they will need to upgrade the many different types of network and application monitoring tools that they have already purchased. These business critical tools include: application monitors, intrusion detection systems, compliance tools, data recorders, VOIP monitors, and protocol analyzers. Few organizations have the budget to upgrade some, let alone all of these tools.

THE SOLUTION: TOOL AGGREGATION Imagine a world where you can use your 1G tools to monitor a 10G network. It can be done due to two important enablers:

1. Most tools only need to see a small fraction of the network traffic to do their jobs. In fact, sending more data than is required actually degrades efficiency, because tools cannot keep up.
2. Tool Aggregation, a new industry trend, enables traffic to be filtered and dynamically directed to the correct tools. With this technique, you can increase monitoring coverage and save money.

Tool Aggregation enables traffic to be received at 10G bandwidths and filtered on Layer 2/3/4 criteria. In most cases, traffic from a 10G link can be reduced to 1G or less by filtering out data that a tool does not need to see, so your existing 1G tools can still be used. If the filtered traffic is over 1G, then operators can still use their 1G tools by load balancing the traffic to two 1G tools using Tool Aggregation. With proper filtering, multiple 10G links can be monitored with a single 1G tool in many cases.

So exactly how should traffic be filtered? It depends on the tools you are using, the applications you are monitoring, and your business objectives. For example, a typical application performance monitoring tool only needs to see TCP traffic from the specific application ports that it is monitoring. Likewise most VOIP monitors only need to see certain protocols such as SIP, SCCP, and MGCP. Tools work most efficiently when they are sent only the specific traffic that each tool needs. Only then can 1G tools can be used to monitor 10G links.