Optimize security platform performance
Challenge
A leading telecommunications provider commissioned Profitap to better integrate and optimize its cyber security solution with its network infrastructure. The key technical criteria were to collect relevant traffic from key interception points in the network and forward it to two centrally located and managed cyber security platforms.
The telecom sector requires tremendous performance, reliability and scalability to provide the best customer service because, for the most part, we rely on loyal customers who renew their subscriptions year after year and confirm service reliability. We provide a wide range of services, including data storage, IP, voice and wireless services, while managing thousands of network devices, including routers, LAN switches, firewalls, application devices or wireless access points. Due to the nature of their work, network failures due to equipment damage or data security risks are not an option for us. We have plans to improve and strengthen our two security platforms, but without full network visibility, we know this will not be enough.
The telecommunications network is a complex, heterogeneous hybrid network with fixed and cloud deployments. Associated with it are huge technical and operational challenges in a multi-vendor and multi-partner environment. After one recent network upgrade, the customer required optimizing how traffic is organized between TAPs and site-specific security tools. With a limited number of input ports available to the security tools, the number of TAP connections forwarded to the tools was also severely limited. On each monitoring output, we have two TAP ports (one for each side of the link) supporting 96 links, for a total of 192 monitoring outputs from the TAPs. With only 8 ports on the two available security platforms, a different solution is required. How to solve it?
Among the main challenges facing the client, we can designate:
- Achieve 100% visibility of network traffic to ensure smooth network operations.
- Insufficient number of input ports available in security tools to accommodate all key capture points.
- Increase in tool costs due to increasing number of checkpoints.
- Different types of media from different sources on the web.
Solution
As a solution to the customer's problem, Profitap has chosen the new generation of Network Packet Brokers (NGNPB), from the X2-Series, to eliminate deadlocks in the network by offering a large number of ports, optimizing the performance of monitoring and security tools across the network, ensuring that each tool has access to the relevant packet data. Network Packet Brokers support the aggregation of multiple input ports into aggregated output ports toward intrusion detection systems (IDS) and other analysis tools.
In addition, Profitap's high-density modular TAPs, MOD-TAPs, were used, providing up to 24 modules per MOD-TAP, which allowed us to monitor as many as 96 links in 4U using 4 MOD-TAPs. This gives us 192 monitoring TAP ports which, combined with the 100 Gbps ports found in the NBP Profitap X2-6400G, allow us to take full advantage of their advanced aggregation features. Using 40Gbps multimode QSFP+ breakout cables to connect 10Gbps ports on each TAP output, we can connect 4 TAPs to each of the 100Gbps ports on the Network Packet Broker. The great advantage of MOD-TAP modular TAPs, is their flexibility, allowing us to mix and match different fiber types in the same chassis, which makes it much easier to meet the requirements of local server rooms.
In several cases, monitoring of copper connections was also required. Booster In-Line TAPs were used for lossless aggregation of 4 10/100/1G in-line connections to a single 1/10G output port. In this way, although the monitored ports were copper, ultimately to the Network Packet Broker the data goes through the fiber port.
A more common scenario would be to install two package brokers that perform aggregation. In this case, the problem is that the two package brokers will operate independently of each other. This means doubling the time to configure rules and update existing ones, not to mention the possible conflicts that may arise between existing and new rules. Profitap X2-Series Network Packet Brokers benefit from the ability to create 6,000 non-conflicting rules, so there can be no conflict between new and existing rules, keeping all rules in parallel with each other.
Managing as many as 192 TAP ports with a single network packet broker, makes installation and maintenance much easier.
In addition to port aggregation, NGNPBs have many interesting and very useful features, such as:
- Packet slicing - reduces the required bandwidth for security tools by removing unnecessary packet fragments.
- Load balancing - distributes the load among the available tools.
Network Packet Brokers X2-Series: Customer Benefits
The solution offered by Profitap optimized the performance of the security tools involved. The cost of the project has also been significantly reduced due to the ability to perform aggregation and optimization of all traffic in a single network packet broker. The conflict-free operation of Profitap's X2 series network packet brokers also ensures that there can be no conflict between new and existing rules. This saves time configuring new rules when new tools and TAPs are added to the existing infrastructure. The main benefits of the solution are simplified cabling architecture, operational cost savings and ease of maintenance.
In particular:
- Optimized the performance of network analysis and security tools
- Remove blind spots from all network environments and gain access to integrated, cost-effective network monitoring, security and analytics
- Non-conflicting rules allow network engineers to easily add new tools and manage existing traffic flow without affecting the existing configuration.