Profitap was tasked by a leading Telecom provider to better integrate and optimize a cybersecurity solution into the network infrastructure. Key technical criteria were to collect relevant traffic from key capture points in the network and to feed it to two cybersecurity platforms that were centrally located and managed.
“The telecommunications sector requires massive strength, reliability, and scalability to assure the best customer service, as most of the time, we rely on loyal customers that renew subscriptions and attest to service reliability. We provide a broad range of services, including data storage, Internet Protocol (IP), voice, and wireless, managing simultaneously thousands of network equipment, including routers, LAN switches, firewalls, application appliances, wireless access points. Having network outages due to equipment failure or running the risk of data breaches is not an option for us. We are about to upgrade and reinforce our two security platforms, but without full network visibility, we know it would not be enough.” - Explained the customer.
The Telco network is a complicated, disparate hybrid network with both fixed and cloud deployments. It has massive technical and operational challenges with a multi-vendor and multipartner environment. After recent updates to the network, the customer required optimization in the way traffic was organized between the TAPs and the security tools on a specific site. With a limited number of input ports available on the security tools, the number of TAP connections forwarded to the tools was also greatly limited. On each monitoring output, we have two TAP ports (one for each side of the link) tapping 96 links, resulting in 192 monitoring outputs from the TAPs combined. With only 8 ports on the two security platforms available, a different solution is required. How to proceed?
The major challenges faced by the customer included:
✔ Getting 100% network traffic visibility to run the network smoothly.
✔ Not enough input ports available on security tools to accommodate all key capture points as data sources.
✔ Increase in tool cost due to growing number of monitoring points.
✔ Different media types from different sources in the network.
The Solution
Profitap selected next-generation Network Packet Broker (NGNPBs) X2-Series to help eliminate blind spots by offering high port count, optimizing the performance of the monitoring and security tools across the entire network by giving each tool the right packet data. These network packet brokers support the aggregation of many inputs to an aggregated output towards the Intrusion Detection System (IDS) and other analysis tools.
Profitap High-Density Modular TAP (MOD-TAP) provides up to 24 modules per MOD-TAP. So with 4 MOD-TAPs you can monitor up to 96 links in a 4U footprint. This accounts for 192 monitor TAP ports that connect to the X2-6400G’s 100 Gbps ports and leverage its advanced aggregation features. Using multi-mode QSFP+ 40 Gbps breakout cables for a 10 Gbps connection per TAP output, 4 TAPs could be connected on each 100 Gbps port on the Network Packet Broker. The MOD-TAP also offers flexibility by allowing different fiber types to be mixed and matched in the same chassis to meet on-premise requirements.
In a few cases, copper network connections also needed to be monitored. Profitap’s Booster In-Line Copper TAP was deployed for lossless aggregation of 4 x 10/100/1G in-line links to one 1/10G output port. This way, sub-10 Gbps connections could also be connected to the Network Packet Broker directly. A more common scenario would be installing two packet brokers performing aggregation. In this case, the issue here is that the two Network Packet Brokers will operate separately from each other. That means doubling the time of setting up rules and updating existing rules, not to mention the possible conflicts that could be created between existing and new rules. The Profitap X2-Series network packet brokers all benefit from the 6000 non-conflicting rules creation, making sure no conflict between new and existing rules can happen by keeping all rules active in parallel with each other. With all 192 TAP ports managed with a single network packet broker, maintenance and setup become much easier.
These NGNPBs offer an extensive set of features, such as:
- Packet slicing to reduce bandwidth on security tools from specific sources;
- Load balancing to spread the load between the available tools;
X2-Series Network Packet Brokers: Customer Benefits
The solution offered by Profitap optimized the performance of the security tools involved. The project’s cost was also significantly reduced by the ability to perform all traffic aggregation and optimization in a single network packet broker. Profitap’s X2-Series Network Packet Brokers’ non-conflicting rules operation also makes sure no conflict between new and existing rules can happen. This saves time setting up new rules when new tools and TAPs are added to the existing infrastructure. The main benefits of the solution include simplified cabling architecture, saving operating costs, and enabling easy maintenance.
In particular:
- Optimized performance of network analysis and security tools.
- Removed blind spots from all network environments and got access for integrated, cost-effective network monitoring, security, and analytics.
- Non-conflicting rules enable network engineers to easily add new tools and manage existing traffic flow without impacting the existing setup.
The PDF version of this use case can be downloaded here.