Anue Net tool optimizer
Content
Net Tool Optimizer Demo Guide
www.anuesystems.com
07-12-11
NET TOOL OPTIMIZER DEMO GUIDE
Overview
This document describes the Anue Systems 5200 Net Tool Optimizer (NTO) Demo application. The 5200 Demo Simulation allows you to simulate the steps required to aggregate, filter and replicate network traffic from taps and SPAN ports and deliver that traffic to your critical network monitoring, security, and application monitoring tools. The simulation configuration provides several examples that can be used for reference.
System Requirements
1. Windows XP/Vista/7. 2. 1 gigabyte (GB) RAM. 3. 1 gigahertz (GHZ) or faster processor. 4. At least 60 Megabytes (MB) of available space on the hard disk.
Getting Started
Thank you for downloading the Net Tool Optimizer Demo. After installing the application, launch the program by double clicking on the Net Tool Optimizer Demo 3.x.x icon that was installed on your desktop or access the following menu option: Start -> All Programs -> Anue Systems -> Net Tool Optimizer 3.x.x -> Net Tool Optimizer 3.x.x. The Net Tool Optimizer Control Panel will then display.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 2
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Demo Configuration Overview
The Net Tool Optimizer has an intuitive and easy to use GUI interface (Control Panel). The default configuration of the demo displays several monitoring scenarios in the diagram area which are described in detail below.
Note: All of the features available in the demo application, except for traffic simulation, are available when using an actual 5200 Net Tool Optimizer.
Figure 1 - 5200 Net Tool Optimizer Control Panel Logically, traffic flows through the Net Tool Optimizer from left to right. At the left side of the control panel, ingress traffic is connected to Network Ports. Network Ports are then connected to Dynamic Filters (displayed in the center of the control panel). Dynamic Filters are then connected to Tool Ports where egress traffic is delivered to your tools.
Note: Network Ports and Tool Ports also contain filters that can be used in conjunction with Dynamic Filters.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 3
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
In the demo, the Network Ports, Dynamic Filters and Tool Ports have been given detailed descriptions that display on their icons. The descriptions make it easy to understand the port and filter purpose and function. Customized icons have also been applied to ports.
Tip: Pressing the F7 key on the keyboard enables tool tip help for most of the objects and features in the control panel GUI. Pressing the F7 key again disables tool tip help.
Aggregation and Security
This monitoring scenario delivers traffic from two separate Taps to the same IDS tool.
Figure 2 - Aggregation and Security Example The Dynamic Filter, displayed in the center of the figure above, has been configured to Pass All traffic. Note that two 1G ports have been connected to a 1G tool. In this scenario, the user must be sure that the combined traffic will not exceed 1G or packets will be dropped at the Tool Port. Filtering, described in the next example, can be used to remove unwanted traffic and ensure that tools only received the required traffic. Simulated traffic is running in the demonstration software to mimic a real network environment. Right click on the Tool Port and select Statistics to view the Tool Port Statistics. Statistics can also be displayed for Network Ports and Dynamic Filters.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 4
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 3 - Tool Port Statistics
According to the label, the Tool Port is connected to the Sourcefire IDS tool.
The lock symbol on the Tool Port indicates that the tool has been secured using the Access Control features. Only designated personnel and System Administrators can modify the Tool Port settings. To view these settings, double click on the Tool Port and select the Access Control tab.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 5
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 4 - Tool Port Access Control Notice that the ability to Modify the port settings requires that a user be a member of the Security Mgmt group. The ability to Connect/Disconnect Inputs can also be secured with Access Control. Groups can be viewed and maintained under the Groups View of the Control Panel.
Figure 5 - Groups View
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 6
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
The Groups view indicates that the users “bbrother” and “securityguy” are members of the Security Mgmt group. Only these users, and any System Administrator, can modify the Sourcefire IDS Tool Port settings.
Multi-Stream Traffic to Several Tools and Filter Traffic
The 2nd monitoring scenario multi-casts traffic from two Network Ports to several Tool Ports.
Figure 6 - Multi-Stream and Filtering Example This example delivers traffic from 2 separate SPANs to a Niksun NetVCR tool and OPNET App Monitor tool.
Tip: Note that traffic can also be multi-cast from a single Network Port to many Tool Ports. The Dynamic Filter also displays information that indicates traffic will be filtered.
In the figure above, the “three green arrows in – 1 green arrow out” symbol indicates that filtering has been enabled. Labels are automatically displayed at the left side of the Dynamic Filter which provide a brief description of the defined filter criteria. This Dynamic Filter has Layer 3/Layer 4 - v4 and VLAN with IP criteria configured.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 7
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Filter Notes Filter criteria can also be defined at the ingress within Network Ports. Traffic removed at the Network Port will NOT be available to any tools. Filter criteria can also be defined at egress within Tool Ports. This option is useful when more than one tool is connected to a Dynamic Filter and only some of the tools need to receive specific traffic types. To configure filtering, double click on a port or Dynamic Filter and select the Filter Criteria tab.
Figure 7 - Filter Criteria Tab The intuitive GUI makes complex filter criteria easy to define. For example, based on Figure 7 above, only traffic that matches the following criteria will pass through the Dynamic Filter:
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 8
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
IPv4 packets on VLAN 56, 57, 58, 59 or 60 AND an IP source or destination address of 192.168.40.1 or 192.168.40.5.
Making Modifications and Saving Configurations
The demo configuration can be modified and saved as described below. Enable Additional Ports To enable additional ports, double click on a disabled port (disable ports are grayed out) in the diagram area. The port properties will display. Begin to configure port settings such as the port description, media type, port mode, port icon, etc. The Filter Criteria tab allows the filter criteria to be configured. The Connections tab provides one method for connecting ports and Dynamic Filters. The Access Control tab allows ports and Dynamic Filters to be secured.
Figure 8 - Configure Port Properties
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 9
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Tip: The simulator will place ports that use the default port icon out of service (a red X will appear on the port). Select a custom icon to place a port in an “in-service” or link up state.
Modify the Configuration To modify the existing connections displayed in the Diagram area, simply drag a line between a port and a Dynamic Filter. To delete a connection, select the connection with the mouse and press the Delete key on the keyboard. To make new connections, draw a connection between ports. A Dynamic Filter that denies all traffic will automatically be created between the ports. You will be prompted to configure the Dynamic Filter (see the figure below). Dynamic Filters can be configured at any time.
Figure 9 - Configure Dynamic Filter Prompt
Importing and Exporting a Configuration Unlike an actual 5200 Net Tool Optimizer, the 5200 Demo Simulation configuration will revert to the initial configuration upon restart of the application. To preserve any configuration changes that you have made, a configuration must exported (saved) and then imported (restored). To save a configuration, select File -> Export Configuration from the menu above the diagram area. Three export options are available: Full Backup, Traffic Configuration and Custom. All of the export options can be customized to export only the desired configuration settings. To restore a configuration, select File -> Import Configuration from the menu above the Diagram area.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 10
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Additional Features
This section describes additional features that are available in the NTO and that can also be evaluated in the NTO demo application.
Port Groups Port groups provide the ability to aggregate ports into higher bandwidth trunks for load balancing tool traffic or interconnecting Net Tool Optimizers. The Demo Simulation configuration contains one Interconnect port group and one Load Balance port Group. The diagram area icons for the port groups are displayed below.
Libraries The Library View displays collections of filter templates and a custom icons library that can be shared by all users. Users create the collections of commonly used filters and icons. Collections can also be shared between 5200 systems by copying one or more collection from one 5200 and pasting it into the library of another system or by exporting them from one system and importing them into another. The Library View provides a Filter Templates tab and Custom Icons tab.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 11
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 10 - Library View
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 12
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Advanced Feature Module (AFM) The AFM is an optional expansion module that can be installed into the NTO chassis. This section describes the advanced filtering and packet modification features that are available in the NTO Control Panel when an AFM is installed. These options are available on ports PB1 and PB2 in the demo application. To access the AFM features, click on the network port that has the “AFM” logo. Then select the Advanced tab. A brief description of the AFM features is provided below.
Figure 11 - AFM Features
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 13
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
MPLS Stripping: Use this feature to remove MPLS labels from packets. De-duplication: Streams of traffic directed to a NTO tool port may contain duplicate packets. Use this feature to remove duplicate packets before the NTO forwards traffic to a tool. Packet Trimming: Some network analysis tools only require a portion of a packet. Use this feature to trim packets to the desired length and indicate the packet header information that should be retained. Extended Burst Protection (only available on 1G tool ports): Short bursts of network traffic can exceed the queuing resources of an NTO 1G port and lead to dropped packets. Use this feature to buffer up to 200 MB of traffic. Buffering occurs when traffic bursts above the 1G line rate.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 14
www.anuesystems.com
www.anuesystems.com
07-12-11
NET TOOL OPTIMIZER DEMO GUIDE
Overview
This document describes the Anue Systems 5200 Net Tool Optimizer (NTO) Demo application. The 5200 Demo Simulation allows you to simulate the steps required to aggregate, filter and replicate network traffic from taps and SPAN ports and deliver that traffic to your critical network monitoring, security, and application monitoring tools. The simulation configuration provides several examples that can be used for reference.
System Requirements
1. Windows XP/Vista/7. 2. 1 gigabyte (GB) RAM. 3. 1 gigahertz (GHZ) or faster processor. 4. At least 60 Megabytes (MB) of available space on the hard disk.
Getting Started
Thank you for downloading the Net Tool Optimizer Demo. After installing the application, launch the program by double clicking on the Net Tool Optimizer Demo 3.x.x icon that was installed on your desktop or access the following menu option: Start -> All Programs -> Anue Systems -> Net Tool Optimizer 3.x.x -> Net Tool Optimizer 3.x.x. The Net Tool Optimizer Control Panel will then display.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 2
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Demo Configuration Overview
The Net Tool Optimizer has an intuitive and easy to use GUI interface (Control Panel). The default configuration of the demo displays several monitoring scenarios in the diagram area which are described in detail below.
Note: All of the features available in the demo application, except for traffic simulation, are available when using an actual 5200 Net Tool Optimizer.
Figure 1 - 5200 Net Tool Optimizer Control Panel Logically, traffic flows through the Net Tool Optimizer from left to right. At the left side of the control panel, ingress traffic is connected to Network Ports. Network Ports are then connected to Dynamic Filters (displayed in the center of the control panel). Dynamic Filters are then connected to Tool Ports where egress traffic is delivered to your tools.
Note: Network Ports and Tool Ports also contain filters that can be used in conjunction with Dynamic Filters.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 3
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
In the demo, the Network Ports, Dynamic Filters and Tool Ports have been given detailed descriptions that display on their icons. The descriptions make it easy to understand the port and filter purpose and function. Customized icons have also been applied to ports.
Tip: Pressing the F7 key on the keyboard enables tool tip help for most of the objects and features in the control panel GUI. Pressing the F7 key again disables tool tip help.
Aggregation and Security
This monitoring scenario delivers traffic from two separate Taps to the same IDS tool.
Figure 2 - Aggregation and Security Example The Dynamic Filter, displayed in the center of the figure above, has been configured to Pass All traffic. Note that two 1G ports have been connected to a 1G tool. In this scenario, the user must be sure that the combined traffic will not exceed 1G or packets will be dropped at the Tool Port. Filtering, described in the next example, can be used to remove unwanted traffic and ensure that tools only received the required traffic. Simulated traffic is running in the demonstration software to mimic a real network environment. Right click on the Tool Port and select Statistics to view the Tool Port Statistics. Statistics can also be displayed for Network Ports and Dynamic Filters.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 4
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 3 - Tool Port Statistics
According to the label, the Tool Port is connected to the Sourcefire IDS tool.
The lock symbol on the Tool Port indicates that the tool has been secured using the Access Control features. Only designated personnel and System Administrators can modify the Tool Port settings. To view these settings, double click on the Tool Port and select the Access Control tab.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 5
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 4 - Tool Port Access Control Notice that the ability to Modify the port settings requires that a user be a member of the Security Mgmt group. The ability to Connect/Disconnect Inputs can also be secured with Access Control. Groups can be viewed and maintained under the Groups View of the Control Panel.
Figure 5 - Groups View
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 6
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
The Groups view indicates that the users “bbrother” and “securityguy” are members of the Security Mgmt group. Only these users, and any System Administrator, can modify the Sourcefire IDS Tool Port settings.
Multi-Stream Traffic to Several Tools and Filter Traffic
The 2nd monitoring scenario multi-casts traffic from two Network Ports to several Tool Ports.
Figure 6 - Multi-Stream and Filtering Example This example delivers traffic from 2 separate SPANs to a Niksun NetVCR tool and OPNET App Monitor tool.
Tip: Note that traffic can also be multi-cast from a single Network Port to many Tool Ports. The Dynamic Filter also displays information that indicates traffic will be filtered.
In the figure above, the “three green arrows in – 1 green arrow out” symbol indicates that filtering has been enabled. Labels are automatically displayed at the left side of the Dynamic Filter which provide a brief description of the defined filter criteria. This Dynamic Filter has Layer 3/Layer 4 - v4 and VLAN with IP criteria configured.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 7
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Filter Notes Filter criteria can also be defined at the ingress within Network Ports. Traffic removed at the Network Port will NOT be available to any tools. Filter criteria can also be defined at egress within Tool Ports. This option is useful when more than one tool is connected to a Dynamic Filter and only some of the tools need to receive specific traffic types. To configure filtering, double click on a port or Dynamic Filter and select the Filter Criteria tab.
Figure 7 - Filter Criteria Tab The intuitive GUI makes complex filter criteria easy to define. For example, based on Figure 7 above, only traffic that matches the following criteria will pass through the Dynamic Filter:
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 8
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
IPv4 packets on VLAN 56, 57, 58, 59 or 60 AND an IP source or destination address of 192.168.40.1 or 192.168.40.5.
Making Modifications and Saving Configurations
The demo configuration can be modified and saved as described below. Enable Additional Ports To enable additional ports, double click on a disabled port (disable ports are grayed out) in the diagram area. The port properties will display. Begin to configure port settings such as the port description, media type, port mode, port icon, etc. The Filter Criteria tab allows the filter criteria to be configured. The Connections tab provides one method for connecting ports and Dynamic Filters. The Access Control tab allows ports and Dynamic Filters to be secured.
Figure 8 - Configure Port Properties
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 9
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Tip: The simulator will place ports that use the default port icon out of service (a red X will appear on the port). Select a custom icon to place a port in an “in-service” or link up state.
Modify the Configuration To modify the existing connections displayed in the Diagram area, simply drag a line between a port and a Dynamic Filter. To delete a connection, select the connection with the mouse and press the Delete key on the keyboard. To make new connections, draw a connection between ports. A Dynamic Filter that denies all traffic will automatically be created between the ports. You will be prompted to configure the Dynamic Filter (see the figure below). Dynamic Filters can be configured at any time.
Figure 9 - Configure Dynamic Filter Prompt
Importing and Exporting a Configuration Unlike an actual 5200 Net Tool Optimizer, the 5200 Demo Simulation configuration will revert to the initial configuration upon restart of the application. To preserve any configuration changes that you have made, a configuration must exported (saved) and then imported (restored). To save a configuration, select File -> Export Configuration from the menu above the diagram area. Three export options are available: Full Backup, Traffic Configuration and Custom. All of the export options can be customized to export only the desired configuration settings. To restore a configuration, select File -> Import Configuration from the menu above the Diagram area.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 10
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Additional Features
This section describes additional features that are available in the NTO and that can also be evaluated in the NTO demo application.
Port Groups Port groups provide the ability to aggregate ports into higher bandwidth trunks for load balancing tool traffic or interconnecting Net Tool Optimizers. The Demo Simulation configuration contains one Interconnect port group and one Load Balance port Group. The diagram area icons for the port groups are displayed below.
Libraries The Library View displays collections of filter templates and a custom icons library that can be shared by all users. Users create the collections of commonly used filters and icons. Collections can also be shared between 5200 systems by copying one or more collection from one 5200 and pasting it into the library of another system or by exporting them from one system and importing them into another. The Library View provides a Filter Templates tab and Custom Icons tab.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 11
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Figure 10 - Library View
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 12
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
Advanced Feature Module (AFM) The AFM is an optional expansion module that can be installed into the NTO chassis. This section describes the advanced filtering and packet modification features that are available in the NTO Control Panel when an AFM is installed. These options are available on ports PB1 and PB2 in the demo application. To access the AFM features, click on the network port that has the “AFM” logo. Then select the Advanced tab. A brief description of the AFM features is provided below.
Figure 11 - AFM Features
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 13
www.anuesystems.com
NET TOOL OPTIMIZER DEMO GUIDE
MPLS Stripping: Use this feature to remove MPLS labels from packets. De-duplication: Streams of traffic directed to a NTO tool port may contain duplicate packets. Use this feature to remove duplicate packets before the NTO forwards traffic to a tool. Packet Trimming: Some network analysis tools only require a portion of a packet. Use this feature to trim packets to the desired length and indicate the packet header information that should be retained. Extended Burst Protection (only available on 1G tool ports): Short bursts of network traffic can exceed the queuing resources of an NTO 1G port and lead to dropped packets. Use this feature to buffer up to 200 MB of traffic. Buffering occurs when traffic bursts above the 1G line rate.
© 2010 - 2011 Anue Systems, Inc. All rights reserved
Page 14
www.anuesystems.com
