When you think of visibility fabrics — you know, those boxes that take in copies of your traffic and send them off to your tools for analysis — who do you think of? Probably Gigamon. When searching for “visibility fabric,” Gigamon dominates the search results, and they have been the major player in the space for years now.
Searching for “network packet broker” — the hardware device used to manage the copied traffic and forward various streams to various tools — turns up Gigamon once again, but also some different names, including Ixia. Ixia? Don’t they make load generators and test equipment, that sort of thing? Yes. They do that sort of thing, among other things. But Ixia acquired Anue Systems back in 2012, placing them in the visibility fabric and network packet broker space.
My personal history with Anue goes back to years prior to 2012, where the (at the time) little startup won a bakeoff against Gigamon. I don’t remember all of why Anue won at the time. Price and a straightforward GUI, if I recall correctly. Time has marched on, and features and functionality have advanced enough for those historical issues to be moot. The point is that Ixia bought Anue, and Anue has been a decent product for a long time, based on my experience. And so it was that my ears perked up at a Tech Field Day presentation by Ixia — a chance to relive my Anue days and see if the ball had moved forward.
Ixia’s Vision ONE
Network packet brokers (NPBs) perform key specialized tasks.
1. They copy traffic from one port to another.
2. They (optionally) filter traffic going from one port to another.
This means that you can send traffic from a span port or network tap, copy it inside of the NPB, and forward it to one or more tools. The tools hang off the NPB. Your tools would be packet capture appliances, IDS boxes, traffic analysis tools, and so on.
The ability to filter traffic means that you can limit the amount of data you are sending to a tool, preventing it from being overwhelmed. The filtering is in the form of defining what specific flows should be sent to the tool. In addition, most NPBs can perform traffic slicing (aka packet trimming) where individual packets are sliced to exclude payload after the headers. For example, Ixia’s NTO 5236, NTO 5288, and NTO 7300 all support complex filtering and slicing when equipped with the appropriate module.
Ixia’s Vision ONE also supports all of the copying, filtering, and slicing we’ve discussed. Configuring the Vision ONE is done via a GUI pleasantly reminiscent of the Anue days, using drag and drop operations to connect network ports to filters to tool ports.
The network ports are where traffic is flowing in from your network. The filters are where you describe what traffic should be copied to the tool port. And the tool ports are where network analysis tools are connected. Not an especially hi-res image, but you get the idea.
Vision ONE also includes the Application and Intelligence Threat Processor (ATIP), which performs deep packet inspection and SSL decryption for flows filtered through it. ATIP provides traffic analysis describing the who, what, and where of your traffic in a dashboard.
And maybe that, by itself, isn’t all that exciting. Lots of tools provide this sort of analysis. But there’s more to the ATIP dashboard than stats. You can drill down into what’s displayed, and dig deeper. And again, perhaps not too exciting. Lots of tools allow you to drill down and see more granular information.
With Vision ONE, ATIP gets interesting because you can select specific applications it has identified, turn them into a filter, and send that traffic to another tool for further analysis. The magic ATIP button is titled “Track This Application” which sends you to a screen where you can customize the filter with many options — including regex — to get right down to just what you want to focus on.
Then with a little VLAN stitching, the app traffic is being sent to a tool where it can be analyzed in more detail. Interesting use case that, to my eyes, was quicker to use than sending everything to Wireshark and then filtering within Wireshark.
The view from the hot aisle.
Ixia’s Vision ONE visibility tool is an easy to use network packet broker with deep analysis capabilities. I could have talked about several other features the platform has to offer, including Netflow record export and lossless hardware. But the biggest feature to me was the ease of use.
I am no longer impressed with something because of the large configuration paragraphs it took to make it work. I don’t see it as a badge of honor that I was able to overcome inscrutable documentation and obtuse CLI switches to make a product behave in the way I needed.
I’m at that stage where I just like tools to work.
Ixia Vision ONE is a visibility tool worth investigating because, despite the plethora of features, you’ll have it up and running quickly. And once it is up and running, you’ll be able to remember how you configured it when you take a look six months later. That’s worth something.