Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Multi Stage Filtering

Multi Stage Filtering
Technical Brief
With the increasing traffic volume in modern data centers, largely driven by e-Business
and mobile devices, network and application performance monitoring has become more
and more challenging. All indications point to a continually increasing data load for the
foreseeable future, making “Big Data” a key challenge for every network.
In addition, security monitoring with tools such as IDS, IPS
and Malware Detection is now a critical function within every
company, whether that company does business online or not.
Security concerns add to the complexity of providing a scalable
network monitoring architecture because it’s no longer enough
to monitor for performance – now you’re monitoring Big Data
for critical content.
As data volumes increase beyond the ability of tools to
examine every packet, effective packet filtering at the network
monitoring switch becomes a bottleneck – you can’t look at
everything, and you can’t afford to drop crucial packets. In this
environment, traditional ingress and egress packet filtering may
fall short in certain aspects. A more intelligent filtering system
is needed to address Big Data and the increasing number and
variety of monitoring tools.
Challenges from Traditional Filtering
A short review of traditional packet filtering allows a better
understanding of the rationale for Multi Stage Filtering. Each
mode of filtering provides certain features and bears certain
shortcomings that are solved through APCON’s Multi Stage
Filtering environment.
Ingress Filters
Ingress filters either allow (pass) or deny (drop) traffic on
ingress ports. If a pass filter is applied to an ingress port,
all traffic specified in the filter is sent to the egress on all
configured connections. This type of filter is adequate when
all the tools need to receive the same type of traffic. However,
if tools are expecting different types of traffic, an ingress filter
will not be flexible enough to support those different needs.
In general, only one filter can be tied to an ingress port. If the
data flowing into an ingress port is multicast to several ports
for use by different tools, the same ingress filter is applied to
all these different connections.
Output 1
Web Monitoring
Input 1
Ingress Filter for passing
Web Traffic
Output 2
VoIP Monitoring
● Ingress Filter for passing Web Traffic applied to Input Port 1
● Both Output Port 1 and 2 will receive Web traffic,
even though Output Port 2 is looking for VoIP traffic
● Another filter for passing VoIP traffic cannot be applied
to Input Port 1
T E C H N I C A L
B R I E F
Technical Brief – Multi Stage Filtering
On the other hand, if a drop filter is applied to an ingress port, the
various tools sharing this ingress port will not receive dropped
traffic even if some of these tools need to see that traffic.
For these reasons, ingress filters are suitable only for monitoring
scenarios of limited variation and well-defined scope. In reality,
ingress filtering is rarely used, especially with the increasing
number of tools that monitor different types of network traffic
flowing from the same data source.
Egress Filters
Egress filters allow only specific traffic to be sent to the tool
connected to the egress port. Egress filtering is more granular
and flexible than ingress filtering. However, oversubscription
and dropped packets can occur in some of the following
scenarios:
▪ Traffic aggregated from multiple ingress ports causing
oversubscription and wholesale packet drops before
packets can be filtered
▪ Traffic from high bandwidth 10G or 40G ingress ports
being sent to low bandwidth 1G ports, exhausting the
buffer and dropping packets
▪ Ingress traffic being replicated and multicast to all egress
ports before filtering, which can overload the switching
capacity, resulting in potential packet drops
To be used effectively, monitoring tools require pinpoint
accuracy, and each tool needs to receive a complete set of
accurate traffic; nothing more and definitely nothing less.
To achieve this granular division of traffic, a new and more
sophisticated way of filtering is needed. The goal is to ensure
that all monitoring tools receive the data they are expecting
in an environment of ever-increasing data volume and
monitoring complexity.
Multi Stage Filtering
APCON Multi Stage Filtering (MSF) provides a more adaptable
and precise method of specifying exactly which packets from
an ingress stream should be transmitted to each egress port.
This allows exact processing of aggregated or high capacity
10G and 40G streams for use with 1G monitoring tools.
APCON’s Multi Stage Filtering solution supports up to 3 stages
of filtering through a Filter Stack. The Filter Stack makes
use of your existing filter library and links selected filters
together to provide more configurable filter programming. The
“building block” filters that engineers have previously created
and stored in their filter library are based on a Boolean logic
combination of different rules. Each rule provides the ability
to filter on over 35 predefined Layer 2, Layer 3 and Layer 4
parameters including IPv4/IPv6 addresses, application TCP
or UDP port numbers, VLAN IDs, MAC addresses, and more.
In addition, users can filter on the actual physical ingress port
of the APCON switch as well as by custom offset in the packet
header and payload for DPI.
The Filter Stack allows you to prioritize filtering on the
ingress port. Filters in the Filter Stack are processed from
top to bottom in the order defined. The first filter in the stack
examines all the traffic. The next filter in the stack sees only
what is passed by the first filter, and so on.
Filter Stack results may be mapped directly to destination
egress ports, or to egress filters and then to the destination
egress ports, or to a different Filter Stack at the next stage of
the Multi Stage Filter. There is a new built-in filter called the
Default Channel, and this catches all the remaining packets
at the bottom of a Filter Stack. If the Default Channel is not
defined, all remaining packets in the stack will be discarded.
Technical Brief – Multi Stage Filtering
Example of using Filter
Stage
Stack
on1Stage
1
INGRESS
onlyStage 2
INGRESS
Stage 1
Input 2
Input 3
EGRESS
SWITCH
EGRESS
Stage 3
Filter 1
Output 1
Filter
Filter 2
1
Output 2
1
Output
Aggregated
Stream
Filter 2
Filter 3
Output 2
Output 3
Aggregated
Stream
Filter 3
Output 3
Filter 4
Output 4
Filter
Filter 4
5
Output 4
Output 5
Filter 5
Output 5
Input 1
Input 1
Input 2
Stage 2
SWITCH
Stage 3
Input 3
Example of using multiple Filter Stacks on all 3 Stages
INGRESS
Stage 1
Stage 2
Stage 1
Filter
Stack
Stage
2 1
INGRESS
Filter 1
Input 1
Filter
Filter 2
1
SWITCH
EGRESS
SWITCH
EGRESS
Stage 3
Stage 3
Output 1
Filter 6
Filter Stack 1
Filter Stack 3
Filter
Filter 7
6
Filter 6
Output
Output 1
2
Filter Stack 3
Input 1
Input 2
Input 2
Input 3
Input 3
Aggregated
Stream
Aggregated
Stream
Filter 2
Filter 3
Filter Stack 2
Filter 7
Filter 8
Filter 6
Output 2
Output 3
Filter Stack 2
Filter 3
Filter 4
Filter
Filter 9
8
Filter 9
Output 3
Filter Stack 4
Filter 6
Output 4
Filter Stack 4
Filter 5
4
Filter
Filter 5
Filter 6
Output 4
Output 5
Output 5
Technical Brief – Multi Stage Filtering
Benefits of Multi Stage Filtering
APCON’s Multi Stage Filtering solution provides diverse benefits,
depending on how the filter stacks are used. Many of the
benefits fall into the following categories:
Intelligent Traffic Distribution
APCON Multi Stage Filtering can filter incoming packets on
aggregated connections, customizing the output sent to each
egress port. This can optimize the tool performance as each
tool now sees only the traffic that it is expecting and nothing
else. Multi Stage Filtering greatly enhances tool performance
and also maximizes effective throughput.
Performance Enhancement
Multi Stage Filtering is efficient because it saves packet
replication overhead compared to simple egress filtering. This
reduces data throughput requirements across the switch
backplane and at the egress ports. If multiple tools need to
see the same data, Multi Stage Filtering can replicate any
needed traffic to any number of tools. The result is that switch
backplane resources will be much more efficiently utilized
and dropped packets minimized or eliminated.
Bandwidth Control
Because Multi Stage Filtering forwards only required traffic
to each egress port, oversubscription resulting in dropped
packets at egress ports can be managed. With effective
filtering, even a connection from a high bandwidth 10G or
40G ingress port to a low bandwidth 1G egress port can be
managed effectively. Similarly, an aggregated connection from
multiple ingress ports, or a combination of aggregation and
high bandwidth ingress ports can be managed. As long as the
actual required traffic is less than the egress port rate, full
data flow can be guaranteed.
Ease of Use
APCON’s Multi Stage Filters are configured and viewed using
APCON’s fourth-generation graphical interface, making filter
construction and implementation easy and accurate. Existing
APCON filter libraries may be repurposed for Multi Stage use
from the switch management software.
Feature Integration
In addition to the intelligent traffic distribution capabilities,
Multi Stage Filtering can be used with the native Port Tagging
and Load Balancing features that are included with every
INTELLAFLEX blade. This can further enhance the analysis
function and the traffic load management capabilities of
APCON INTELLAFLEX technology. Additionally, Multi Stage
Filtering may be combined with APCON’s advanced services
blades such as Time Stamping, Packet Slicing, Packet
Deduplication and INTELLASTORE®.
Technical Brief – Multi Stage Filtering
Multi Stage Filtering Usage Examples
Here are several specific use cases in which Multi Stage Filtering helps
with intelligent traffic distribution and eliminating dropped packets.
200 Mbps SIP Traffic
5 Gbps non-SIP Traffic
Input 1
200 Mbps SIP Traffic
5 Gbps non-SIP Traffic
100 Mbps SIP Traffic
2.7 Gbps non-SIP Traffic
SIP Traffic Monitoring
600 Mbps
Output 2
Data Traffic Monitoring
8 Gbps traffic of interest
(1G port)
Input 2
100 Mbps SIP Traffic
2.7 Gbps non-SIP Traffic
Output 1
Aggregated
Stream
Input 3
(10G port)
Input 4
● Aggregate total inputs of 16G traffic. 600M are SIP traffic and 15.4G are non-SIP traffic.
● Multi Stage Filter of SIP traffic forwards the 600M of SIP to the 1G voice monitoring tool
on Output Port1 with no drops.
● Multi Stage Filter for Output 2 selects 8 Gbps of non-SIP traffic of interest to be analyzed
by the 10G data monitoring tools.
3 Gbps Total Input Traffic:
SIP – 400 Mbps
Multicast – 800 Mbps
Host IP1 – 500 Mbps
Host IP2 – 400 Mbps
Others – Remaining
Input 1
Output 1
(1G port)
SIP Traffic Monitoring
(expecting 400 Mbps)
Output 2
(1G port)
Multicast Traffic Monitoring
(expecting 800 Mbps)
Output 3
(1G port)
Host Monitoring for IP1 and IP2
(expecting 900 Mbps)
Output 4
(1G port)
Remaining Traffic Monitoring
(expecting 900 Mbps)
● Total input of 3 Gbps traffic.
● Applying egress filters on individual output ports might experience packet drops as
oversubscription might occur before the egress filters.
● Multi Stage Filtering will pass all appropriate traffic to the output ports accordingly without any drops.
Technical Brief – Multi Stage Filtering
Conclusion
With the increasing “big data” traffic volume stressing networks
of all sizes, network and application performance monitoring
have become more and more challenging. In addition, security
monitoring such as IDS, IPS and Malware Detection has become
a critical path item for every company.
ABOUT APCON
APCON develops innovative, scalable
technology solutions to enhance
network monitoring, support IT traffic
analysis, and streamline IT network
management and security. APCON
is the industry leader for state-ofthe-art IT data aggregation, filtering,
and network switching products, as
well as leading-edge managementsoftware support. Organizations
in over 50 countries depend on
APCON network infrastructure
solutions. Customers include Global
Fortune 500 companies, banks
and financial services institutions,
telecommunication service providers,
government and military, and
computer equipment manufacturers.
Traditional ingress and egress filtering falls short of modern
efficiency requirements. However, APCON’s industry-first Multi
Stage Filtering provides 100% network visibility by delivering
the right data to the right monitoring tools without packet loss.
With all three stages of the Multi Stage Filtering configured, this
technology meets your most complex and rigorous monitoring
requirements and delivers the next generation of intelligent
network monitoring.
Multi Stage Filtering is just one of APCON’s answers to the
growing challenge of providing scalable, highly available, and
state-of-the-art network monitoring architecture at an affordable
price. By eliminating waste in switch, port, and tool bandwidth,
your existing investment in monitoring tools can last longer and
serve you more effectively.
Contact Us
Please email sales@apcon.com
or call 503–682–4050 if you have
any questions
APCON, Inc. ▪ apcon.com ▪ +1 503–682–4050 ▪ 800–624–6808
© 2015 APCON, Inc. All Rights Reserved. INTELLASTORE® is a Registered Trademark of APCON, Inc.
@APCON ▪
company/APCON ▪ APCON is an Equal Opportunity Employer – MFDV
13067-R1-0915
Related documents
Digital image processing Examination 2 CONTINUES ON THE
Digital image processing Examination 2 CONTINUES ON THE
Experiment 1: Lab Techniques
Experiment 1: Lab Techniques
ANESTHESIA FOR IVC FILTER REMOVAL
ANESTHESIA FOR IVC FILTER REMOVAL
Teaching Pronunciation (2hrs) – Trainer`s Notes
Teaching Pronunciation (2hrs) – Trainer`s Notes
BE Semester-VII (CE) Question Bank Image Processing All
BE Semester-VII (CE) Question Bank Image Processing All
Using Progress Monitoring Tools to Inspire Student Success
Using Progress Monitoring Tools to Inspire Student Success
Effective Wavelength
Effective Wavelength
Water Purification Alternative.Worksheet
Water Purification Alternative.Worksheet
ECE 649
ECE 649
What would be the dimensions of the filter?
What would be the dimensions of the filter?
Download