Organizations with multiple sites and multiple networks often use Generic Routing Encapsulation (GRE) to securely connect remote networks such as branch offices. Other GRE tunneling uses might be to reduce the number of hops between two end points, carrying traffic types not supported by the WAN and connecting discreet tenants in a network. There are many use cases in all industries for this useful technology. One new use case, perhaps overlooked is backhauling TAP mirror traffic to monitoring and security tools at a central location.
Network Critical is introducing GRE support in a new release of the SmartNA-XL Hybrid TAP/Packet Broker. This breakthrough technology offers many operational and financial benefits to multi-site/multi-network organizations. A few examples might be bank branch offices, oil and gas companies with far flung exploration platforms, government services with multiple offices, retail locations, and mobile phone network providers. All of these organizations have a central headquarters and many geographically dispersed remote sites. Many may already be using GRE for network connections. The new SmartNA-XL now allows centralized connection of monitoring and security tools to the list of GRE applications.
Save on Tool Expense
GRE support in TAPs and Packet Brokers allows multi-network organizations to centralize their monitoring and security tools, thus saving CAPEX budget. Establishing a GRE tunnel from the central network hub out to remote network sites allows mirror traffic collected by remote TAPs to be sent directly to a centralized stack of monitoring tools. Remote sites only require TAPs to safely collect and copy network traffic. Rather than deploying costly monitoring and security tools at multiple remote sites, these tools can be located and optimized at a secure, central site.
This architecture also saves on OPEX allowing the central site IT staff to manage tools and traffic from both central and remote sites. Additional staff to manage remote site visibility will not be necessary. Physical travel to various remote sites is also mostly eliminated as all traffic and management will be done centrally.
Better Tool and Network Efficiency
You might ask, “Why can’t tool equipment be centralized without using GRE by just sending the mirror traffic through the network or internet?” That is a good question. The answer is in the key word, mirror. Mirror traffic created by the TAP and sent to tools, is essentially a duplication of all the network traffic passing through links. Sometimes, even duplicated network traffic is further duplicated. Sending a secondary copy of all remote traffic back through the network to central tools creates additional traffic potentially requiring more links and network equipment. Creating a GRE tunnel bypasses the intermediate hops and routers in the network freeing up that equipment for passing live traffic.
Monitoring and security tools rarely need to see all network traffic. Remote TAPs can filter traffic, reducing the input to tools and allowing them to work more efficiently. Without TAP filtering, tools are required to read all traffic and locally process the filtering. Removing this task allows tools to work faster, more efficiently and focused on the critical traffic.
Security
Deploying TAPs at unstaffed, remote locations raises some security questions. Are open ports available to anyone with a Wireshark to capture and record confidential traffic? Can someone unplug an existing port connection and hack into live link traffic at the remote site? The SmartNA-XL has multiple layers of security to prevent hacking at unmanned sites.
Unused ports can be disabled upon deployment so no one can access traffic from those ports. Further, if an active port connection is unplugged, it is automatically disabled until an administrator re-activates the port. Administrator privileges are password protected so only authorized personnel will be able to change configuration options or alter TAP functions.
Flexibility
The SmartNA-XL offers flexibility at many levels. On the physical level, the five-slot chassis allows for variety of port modules depending on port media and speed requirements. Modules are available for fiber, copper and SFP at speeds of 1Gbps to 10Gbps. There is also a 40Gbps slot in the back of the chassis for access to high speed optical networks or for chassis expansion. While modules are available for primary access with TAP fail-safe capabilities, it also offers many sophisticated Packet Broker features such as aggregation, filtering, and load balancing.
When connected at a remote site using GRE tunnels there are also deployment options available depending on the tools at the other end. If the monitoring tools support GRE, the SmartNA-XL can feed encapsulated packets directly to the tools. If the tools do not support GRE, a SmartNA-XL with our PacketPro module can be deployed with tools at the central site to de-encapsulate the GRE packets and feed native traffic to the tools.
Simplicity
Creating GRE tunnels, managing port maps, filtering traffic, load balancing, aggregation are all sophisticated packet broker features that save time and money. But wait, there is more. The SmartNA-XL utilizes a unique Graphical User Interface (GUI) that makes accessing, deploying and managing these features fast, accurate and simple. The Drag ’n Vu GUI developed by Network Critical uses a sophisticated computational engine that does the hard math in the background so all you need to do is drag, point and click. Status reporting is also much simpler with the newly added dashboard that provides a visual summary of network health and activity.
Summary
Networks are more diverse today. As the world wakes up to the new normal with a more geographically dispersed workforce and mobile workforce, understanding and securing network traffic is critical.
New visibility tools such as the SmartNA-XL Hybrid and the PortPlus Packet Broker are indispensable network tools. If you already have SmartNA-XL in your network, contact www.networkcritical.com/support for firmware update information. If your network visibility strategy is still undefined or lacking the power to keep up with these new trends, feel free to reach out to a Network Critical expert for a system review.
