Network migration to 100Gb introduces a new series of challenges: From managing a higher traffic network capacity volume to migrating your existing security services and handling more complex security needs. All of these must be addressed to ensure a successful migration. You will need a network packet broker (NPB) that grants you the visibility and flexibility to make this happen.
A good NPB will let you:
The migration to a 100Gb link is completed and the legacy inline
security appliances are processing up to 10Gbps of traffic each.
As throughput on the 100Gb link increases, you will need to connect and load balance traffic among multiple devices. Advanced packet brokers can be set to split traffic between the security devices. As the traffic load increases on the 100Gb link, it has to be easy to add another inline appliance to manage the network capacity.
If one of the devices fails, you must detect the failure (using heartbeat detection) and have the NPB automatically bypass it, so it will not have an adverse effect on the other deployed solutions. The traffic will then have to be configured to load balance between the remaining devices, or to fail-open or fail-close to the network.
These NPB features enable the IT department to use the existing lower-throughput devices on the newly migrated 100Gb network. The extended life of your existing security solution devices will enable you to defer allocation of a higher budget upfront for more expensive, higher throughput security solution devices and capacity expansion.
Judicious use of advanced packet brokers will provide you a ‘pay-as-you-grow’ migration process where you can increment lower-cost security solution devices, as needed for your network, thus rationalizing your deployment.
Security managers should be able to easily configure the desired security solution behavior should one of the inline devices fail.
They need to target specific traffic to reach each device using advanced traffic filtering features to address various security aspects related to traffic.
For added security and network reliability, the intrusion prevention solution should be connected using passive Taps.
The Niagara Networks N2 series meets all of these criteria.
It introduces a visibility adaptation layer between your network infrastructure and your security services and can be configured to load balance traffic between attached devices. The N2 sophisticated flow-aware load balancing schemes are user-configurable, and different load balance schemes can be supported simultaneously for different sets of connected security devices.
Moreover, the advanced second-generation packet broker will dynamically adjust the load balancing based on the number of actively attached devices, as detected by the heartbeat mechanism. Deployment of the Niagara Networks N2 series will thus beneficially affect the overall ROI of your 100Gb network migration.