GigaSMART Perpetual Licenses

Note:  In addition to perpetual licenses, floating software licensing options are available for GigaSMART applications with GigaVUE‑OS and GigaVUE-FM 5.7.00. Refer to GigaSMART Floating Licenses.

Table 1: GigaSMART Applications by License Type lists GigaSMART perpetual licenses available on GigaVUE H Series nodes.

Table 1: GigaSMART Applications by License Type

Base GigaSMART Applications

GigaVUE-HC0 Module – The base applications include Packet Slicing, Masking, Trailer, and IP and L2GRE Tunnel Decap.

GigaVUE‑HC3 SMT-HC3-C05 Module – The base applications include Packet Slicing, Masking, Trailer, and IP and L2GRE Tunnel Decap.

GigaVUE‑HC1 Node – The base applications include Packet Slicing, Masking, and Trailer.

GigaVUE-HB1 Node – The base applications include Packet Slicing, Masking, and Trailer.

GigaSMART Packet Slicing

Packet slicing lets you truncate packets after a specified header and offset or simply an offset, preserving the portion of the packet required for network analysis and adding a recalculated CRC to match the new packet length.

GigaSMART packet slicing can parse variable-header packets, starting slicing after a named header or tunnel type (VLAN, MPLS, GTP, and so on). This way, you can slice packets without having to rely on a fixed offset.

Because they are smaller, sliced packets are analyzed more efficiently and require less disk space to store. Your tools can process fewer bits and have more room to store the vital portions of each packet, enhancing storage and analysis performance.

GigaSMART Masking

Masking lets you overwrite specific packet fields with a specified pattern so that sensitive information is protected during network analysis.

Privacy compliance is crucial for financial, insurance, and healthcare enterprises. GigaSMART masking lets you give network engineers the data they need while still keeping private data private.

As with the slicing feature, GigaSMART masking can automatically compensate for variable length headers, allowing you to specify a mask target in terms of a particular packet header.

How to Use GigaSMART Trailers

When trailers are enabled in a GigaSMART operation, each packet is tagged with a trailer field containing metadata about the packet and how it was processed. You can configure the trailer to include the original packet’s CRC as well as a Source ID field identifying the port on the GigaVUE H Series node where the packet entered the system. The GigaVUE node type, box ID, and port ID are all included in the Source ID field, making it easy to identify the source of each packet entering the Visibility Platform.

GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel)

Use GigaSMART encapsulation and decapsulation operations to send traffic arriving on one GigaSMART-enabled node over the Internet to a second GigaSMART-enabled node. There, the traffic is decapsulated and made available to local tool ports.

This feature is useful when instrumenting remote data centers – you can tunnel selected portions of the traffic from the remote GigaSMART-enabled node to tools in a central location. Traffic is encapsulated at the sending end of the tunnel and decapsulated at the receiving end.

IP fragmentation and reassembly is supported. Refer to GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation.

GigaSMART IP encapsulation/decapsulation is licensed differently for the GigaVUE line cards, modules, and nodes as follows:

■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART IP decapsulation is included with base license.
■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART IP encapsulation requires Advanced Tunneling license.
■   GigaVUE‑HC1 Node – GigaSMART IP encapsulation/decapsulation requires Tunneling license.
■   GigaVUE-HB1 Node – GigaSMART IP encapsulation/decapsulation requires Tunneling license.

Note:  GigaSMART operations with a tunnel component can only be assigned to GigaSMART groups consisting of a single GigaSMART engine port.

GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation

Use GigaSMART Layer 2 (L2) Generic Routing Encapsulation (GRE) tunnel encapsulation to send traffic from one GigaSMART node over the Internet to a second GigaSMART node using L2GRE encapsulation. Then use GigaSMART L2GRE tunnel decapsulation at the second GigaSMART node to decapsulate the traffic before sending it to local tool ports.

IP fragmentation and reassembly is supported. Refer to IP Fragmentation and Reassembly on L2GRE and GMIP Tunnels.

GigaSMART L2GRE encapsulation/decapsulation is licensed differently for the GigaVUE line cards, modules, and nodes as follows:

■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART L2GRE decapsulation is included with base license.
■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART L2GRE encapsulation requires Advanced Tunneling license.
■   GigaVUE‑HC1 Node – GigaSMART L2GRE encapsulation/decapsulation requires Tunneling license.
■   GigaVUE-HB1 Node – GigaSMART L2GRE encapsulation/decapsulation requires Tunneling license.

Note:  GigaSMART operations with a tunnel component can only be assigned to GigaSMART groups consisting of a single GigaSMART engine port.

GigaSMART VXLAN Tunnel Decapsulation

Starting in software version 5.3, support for VXLAN tunnel termination is added to GigaSMART. VXLAN encapsulated packets originating from any device, such as the Gigamon cloud solution or a customer-specific device, will be received on an IP interface associated with a network port, then the packets will be terminated at GigaSMART. The VXLAN payload (the inner packet) will be sent to tools. The reassembly of fragmented IP packets is also supported.

GigaSMART VXLAN tunnel decapsulation is licensed differently for the GigaVUE line cards, modules, and nodes as follows:

■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART VXLAN tunnel decapsulation is included with base license.
■   GigaVUE‑HC1 Node – GigaSMART VXLAN tunnel decapsulation requires Tunneling license.
■   GigaVUE-HB1 Node – GigaSMART VXLAN tunnel decapsulation requires Tunneling license.

Note:  GigaSMART operations with a tunnel component can only be assigned to GigaSMART groups consisting of a single GigaSMART engine port.

GigaSMART Custom Tunnel Decapsulation

Starting in software version 5.3, support for custom tunnel termination is added to GigaSMART. Use custom tunnel termination to terminate a custom tunnel header that is received at the IP interface associated with a network port, but is not known to GigaSMART. The destination IP and MAC addresses must match the IP and MAC addresses of the network tunnel.

The packets that are successfully received at GigaSMART on a custom tunnel can be stripped, after some validations are performed, or can be sent to tools. GigaSMART leverages the existing generic header stripping operation to remove the tunnel header. The reassembly of fragmented IP packets is also supported.

GigaSMART custom tunnel decapsulation is licensed differently for the GigaVUE line cards, modules, and nodes as follows:

■   GigaVUE‑HC2 and GigaVUE‑HC3GigaSMART custom tunnel decapsulation is included with base license.
■   GigaVUE‑HC1 Node – GigaSMART custom tunnel decapsulation requires Tunneling license.
■   GigaVUE-HB1 Node – GigaSMART custom tunnel decapsulation requires Tunneling license.

Note:  GigaSMART operations with a tunnel component can only be assigned to GigaSMART groups consisting of a single GigaSMART engine port.

Advanced Tunneling License/Tunneling License

The Advanced Tunneling License/Tunneling License enables the following GigaSMART applications:

GigaSMART IP Encapsulation/Decapsulation (GigaSMART Tunnel)

As described above, GigaSMART IP encapsulation requires Advanced Tunneling license on GigaVUE‑HC2, and GigaVUE‑HC3.

On GigaVUE-HB1 and GigaVUE‑HC1, GigaSMART IP encapsulation/decapsulation requires Tunneling license.

GigaSMART Layer 2 GRE Tunnel Encapsulation/Decapsulation

As described above, GigaSMART L2GRE encapsulation requires Advanced Tunneling license on GigaVUE‑HC2, and GigaVUE‑HC3.

On GigaVUE-HB1 and GigaVUE‑HC1, GigaSMART L2GRE encapsulation/decapsulation requires Tunneling license.

GigaSMART VXLAN Tunnel Decapsulation

As described above, GigaSMART VXLAN tunnel decapsulation requires Tunneling license on GigaVUE-HB1 and GigaVUE‑HC1.

GigaSMART Custom Tunnel Decapsulation

As described above, GigaSMART Custom tunnel decapsulation requires Tunneling license on GigaVUE-HB1 and GigaVUE‑HC1.

GigaSMART ERSPAN Tunnel Decapsulation

Some Cisco equipment provides the ability to mirror specific traffic to a remote destination through an ERSPAN tunnel. A GigaSMART-enabled GigaVUE H Series node with the Advanced Tunneling license installed can act as the receiving end of an ERSPAN tunnel, providing GigaVUE packet distribution for packets sent from remote Cisco equipment. Both ERSPAN Type II and Type III header decapsulation are supported.

GigaSMART ERSPAN decapsulation is licensed differently for the GigaVUE line cards, modules, and nodes as follows:

■   GigaVUE‑HC2, and GigaVUE‑HC3GigaSMART ERSPAN decapsulation requires Advanced Tunneling license.
■   GigaVUE-HB1 and GigaVUE‑HC1 nodes – GigaSMART ERSPAN decapsulation requires Tunneling license.

Note:  GigaSMART operations with a tunnel component can only be assigned to GigaSMART groups consisting of a single GigaSMART engine port.

De-duplication License

The De-duplication License enables the following GigaSMART applications:

GigaSMART De-Duplication

Packet de-duplication lets you remove duplicate IPv4 and IPv6 packets (and also non-IP packets) before they are unnecessarily processed or stored by tools. Duplicate packets can occur when both the ingress and egress data paths are sent to a single output (for example, as a result of a SPAN operation on a switch). They can also appear when packets are gathered from multiple collection points along a path. GigaSMART de-duplication lets you eliminate these packets, only forwarding a packet once and thus reducing the processing load on your tools.

Header Stripping License

The Header Stripping License enables the following applications:

GigaSMART Header Addition

Use this feature to add VLAN tags to packets. VLAN tag addition is handy when differentiating stripped packets from non-stripped packets on common IP ranges (for example,10.x.x.x; 192.168.x.x) or when removing an arbitrary-length MPLS label stack and replacing it with a single, predictable, four-byte VLAN tag between the source address and ethertype field in the Layer 2 header.

GigaSMART Header Stripping

Stripping operations let you remove headers from tagged packets or headers and trailers from tunneled (encapsulated) packets:

■   Header Stripping – Remove headers from MPLS, MPLS+VLAN, VLAN, VN-Tag, Cisco FabricPath Header, GRE, or VXLAN tagged packets before they are sent to tool ports. Remove headers from any protocol by specifying the offset of the fragment and the length of the packet. This feature is handy when working with tools that either cannot recognize these headers or have to engage in additional processing to adjust for them.
■   Tunnel Stripping – Remove both the header and trailer of ISL or GTP-encapsulated packets, preserving the packet within for analysis. This is handy when sending data to tools that cannot parse the ISL or GTP tunnel information.

Adaptive Packet Filtering (APF) License

The Adaptive Packet Filtering License enables the following GigaSMART applications:

 GigaSMART Adaptive Packet Filtering (APF)

Adaptive Packet Filtering (APF) provides filtering on specific encapsulation protocol parameters. Additionally, it has the ability to look beyond the encapsulation protocol parameters into the original (encapsulated) data packet, to filter on source and destination IP or Layer 4 port numbers. APF offers the ability to look for content anywhere in the data packet and make intelligent filtering and forwarding decisions.

Adaptive Packet Filtering includes fragmentation awareness whereby all IP fragments associated with the filtered data packet are always forwarded allowing a complete view of the traffic stream for accurate analytics. APF also provides a powerful filtering engine that identifies content (based on patterns) across any part of the data packet, including the data packet payload.

APF filters packet-by-packet, but does not have the concept of sessions. For application session filtering (ASF) and packet buffering on application session filtering, refer to GigaSMART Application Session Filtering (ASF) and Buffer ASF.

Application Session Filtering (ASF) License

The Application Session Filtering License enables the following GigaSMART applications:

GigaSMART Application Session Filtering (ASF) and Buffer ASF

Application Session Filtering (ASF) provides additional filtering on top of Adaptive Packet Filtering (APF). With APF, you can filter on any data patterns within a packet. With ASF, you apply the pattern matching and then send all the packet flows associated with the matched packet to one or more monitoring tools.

Use ASF to create a flow session and send the packets associated with the flow session to one or more tools. A flow session consists of one or more fields that you select to define the session. Either the packets for the whole session can be captured or only the packets following a pattern match.

ASF captures packets of a session after an APF rule match. When the APF match occurs in the middle of a session, packets in the session prior to the match are not captured. With some tools needing all the packets of a flow session in order to perform data analysis, GigaSMART uses buffering to ensure that all packets belonging to a flow session are captured and forwarded to the tools. This is referred to as Application Session Filtering with buffering, or buffer ASF.

Note:  ASF and buffer ASF also require the Adaptive Packet Filtering (APF) license.

Note:  Stateful load balancing for the ASF application is included with the Application Session Filtering (ASF) license.

Advanced Flow Slicing License

The Advanced Flow Slicing License enables the following GigaSMART application:

GigaSMART Advanced Flow Slicing

GigaSMART Advanced Flow Slicing allows you to slice traffic on multiple network protocols, each with different offset. In Enhanced slicing, you can configure multiple protocols within a profile with rules for slicing of a packet which in turn reduces the number of GigaSMART Operations (GSOP) and the maps to be configured. In this feature, the slicing of packets occurs after the packet count has reached a configured value thereby preventing the slicing of control information and other important data of the networking protocols.

Once the license expires, the packets are sent to the tool port without performing packet slicing and advanced slicing, and the configuration of a new map or editing an existing map is not allowed.

During the grace period, the packets are sliced based on the existing profile.

Enhanced Load Balancing License

The Enhanced Load Balancing License enables the following GigaSMART application:

Enhanced Load Balancing

GigaSMART Enhanced Load Balancing supports evenly distributed traffic among multiple tool ports based on one or more user defined fields. When a tool port fails, the traffic is redistributed just for that tool port to other member tool ports. When the failed tool port recovers, the traffic that was redistributed is restored to the recovered tool port. Traffic across other member tool ports remain undisturbed during this process.

Once the license expires, the packets are dropped, and the configuration of a new map or editing an existing map is not allowed.

During the grace period, the packets are load balanced based on the existing profile.

GTP Filtering & Correlation License

The GTP Filtering & Correlation License enables the following GigaSMART applications:

GigaSMART GTP Correlation

The GPRS Tunneling Protocol (GTP) carries mobile data across service provider networks. GTP includes both the control plane (GTP-c) and a user-data plane (GTP-u) network traffic. Visibility into a subscriber’s session requires the ability to understand the stateful nature of GTP (v1 and/or v2).

To gain an accurate view into the subscriber’s session, GTP tunnels are used to correlate subscriber-specific control plane and user-data plane traffic.

With GTP correlation, you can gain access to the subscriber’s data in these GTP tunnels by reliably correlating and passing all of the identified subscriber’s control and data plane traffic to the analytics/monitoring tools and billing subsystems.

Using GTP correlation, you can filter, replicate, and forward specific subscriber sessions to specific tools by correlating the subscriber IDs that are exchanged as part of the control sessions to the corresponding tunnel IDs (TEID) that are part of the user-data plane traffic.

GTP correlation supports a maximum of 5 million GTP subscriber sessions for GigaVUE‑HC2 nodes, whereas, it supports 12 million GTP subscriber sessions for GigaVUE‑HC3 nodes.

Note:  Tiered License model for 250k/500k/Max Subscribers applies only to GigaVUE‑HC2. GigaVUE‑HC3 has Max license only.

Note:  Stateful load balancing for the GTP application is included with the GTP Filtering & Correlation license.

Note:  The Adaptive Packet Filtering (APF) license is included with GTP for filtering inside GTP headers.

Filtering on Subscriber IDs and Version GTP stateful filtering supports filtering of GTP sessions based on the following subscriber IDs:
IMSI- The International Mobile Subscriber Identity (IMSI) is a number that identifies a subscriber of a cellular network. It is a unique identification associated with all cellular networks.An IMSI is usually a 15 digit number, associated with GSM, UMTS, and LTE network mobile phone users.
IMEI-The International Mobile Station Equipment Identity (IMEI) is a number, usually unique, that identifies 3rd Generation Partnership Project (3GPP), for example, GPRS, LTE, as well as Integrated Digital Enhanced Network (iDEN) mobile phones, and some satellite phones.The IMEI identifies the device, but has no permanent relationship to the subscriber. Instead, the subscriber is identified by transmission of an IMSI number, stored on a SIM card.
MSISDN- The Mobile Station International Subscriber Directory Number (MSISDN) is a unique number that identifies subscribers in a GSM or UMTS mobile network. This numbering plan is defined in the ITU-T recommendation E.164. The maximum length of an MSISDN is 15 digits.
Stateful Load Balancing

Stateful load balancing distributes GigaSMART processed traffic to multiple tool ports or tunnel endpoints based on GigaSMART application-specific flow sessions.With stateful load balancing, packets belonging to the same flow session maintained by GigaSMART applications are forwarded to the same tool port or tunnel endpoint within a port group.

Use the GigaSMART Operations (GSOP) page to configure load balancing. Specify one stateful application within a group of GigaSMART operations and specify a load balancing metric.

GTP, Application Session Filtering (ASF), and tunnel are the currently supported stateful applications.

Note:  GTP correlation combines with GigaSMART Load Balancing to load balance GTP traffic to a set of tool ports . To know more, refer to GigaSMART GTP Correlation

GigaSMART GTP Whitelisting and GTP Flow Sampling

Starting in software version 4.3, use GTP whitelisting and GTP flow sampling to provide subsets of GTP correlated flows to tools.

GTP whitelisting selects specific subscribers based on IMSI, while GTP flow sampling uses map rules to select subscribers. GTP whitelist-based sampling and GTP flow sampling (rule-based flow sampling) are performed prior to GTP filtering.

Note:  In addition to the GTP Filtering & Correlation License, GTP whitelisting and GTP flow sampling also require the FlowVUE license.

GTP Scaling

Starting in software version 4.5, GTP can be scaled as follows:

■   A GigaSMART group (gsgroup) associated with GTP applications can have multiple GigaSMART engine port members (e ports), up to four, forming a GTP engine group. Refer to GTP Engine Grouping.

GTP Stateful Session Recovery

Starting in software version 4.4, use GTP stateful session recovery to back up GTP sessions periodically so they can then be recovered faster after a GigaSMART line card or module reboot or a node reboot. GTP stateful session recovery provides session persistence for GigaSMART GTP applications, including GTP flow filtering, GTP whitelisting, and GTP flow sampling.

SIP/RTP Correlation License

The SIP/RTP Correlation License enables the following GigaSMART application:

GigaSMART SIP/RTP Correlation

Session Initiation Protocol (SIP) is the dominant method to initiate, maintain, modify, and terminate voice calls in service provider and enterprise networks. Real-time Transport Protocol (RTP) is used to manage the real-time transmission of voice payload across the same networks. Visibility into a subscriber’s voice traffic requires the ability to understand the subscriber attributes and stateful information contained within SIP to correlate subscriber-specific RTP traffic so that monitoring tools can achieve an accurate view of the subscriber’s traffic on the network.

The GigaSMART SIP/RTP correlation application correlates the subscriber-specific attributes and the endpoint identifiers of the RTP streams where the session is carried, as well as other SIP-related attributes that are exchanged as part of the control sessions. Use SIP/RTP correlation to leverage a subscriber-aware monitoring policy on Gigamon’s Visibility platform and to optimize current tool infrastructure investments by providing only relevant data to tools while increasing visibility into subscriber traffic. This helps improve QoE and performance. Carriers gain access to the subscriber’s traffic by reliably correlating and passing all the identified subscriber’s control and data sessions to the analytics/monitoring probes and/or billing subsystems for an accurate view of the subscriber’s sessions.

Note:  The FlowVUE license is needed for session-aware load balancing for RTP.

SIP/RTP Correlation Engine

When a packet containing SIP, RTP, or RTCP traffic is received, the SIP/RTP correlation engine looks up the session in the session table for load balancing ports and sampling maps or whitelist map. All SIP/RTP traffic with port or load balancing port group is forwarded based on the session table. The correlation engine load balancing keeps track of both the SIP session and the associated multiple RTP channels.

Note: Refer GigaSMART SIP/RTP Correlation for more details.

SIP Whitelist

The SIP whitelist contains caller IDs, callee ID, the range for caller IDs, the range for callee IDs and the IP address. Each whitelist entry in a file is a SIP caller ID, callee ID, caller ID range, callee ID range or IP address. The whitelist can contain all types of entries. Whitelist entries can be alphabetic, IP address, and numeric. For each entry, specify up to 64 alphanumeric characters. Some special characters are also supported.

You can manually add one entry at a time to a whitelist file, or you can upload files in .txt format. You must provide the whitelist caller ID range in numeric. You can also provide multiple entries to the whitelist by ID range configuration. Each whitelist file can have up to 20,000 entries. One or more whitelist files can be fetched from a local directory or remote URL using HTTP or SCP.

On GigaVUE‑HC2 nodes, the whitelist database supports 500,000 entries. On GigaVUE‑HC3 nodes, the whitelist database supports 1 million entries. Multiple whitelist databases can reside on a GigaVUE node, but only one whitelist is applied to a GigaSMART group at a time. Only one whitelist map is supported for a GigaSMART group. The GigaSMART operation does not have any rules for whitelisting.

RTP Flow Sampling FlowVUE is used for session-aware (stateful) load balancing and whitelisting with sampling. Only RTP traffic will be sampled. There is no sampling of SIP traffic. Up to five flow sample maps per GigaSMART group are supported. Each flow sample map can have 20 rules. Use rules to filter on caller ID. The rules support both alphabetic and numeric characters, up to 64 characters. Some special char-acters are also supported, such as wild-card characters. Sampling is based on caller ID only (the from field).

FlowVUE License

The FlowVUE License enables the following GigaSMART applications:

GigaSMART FlowVUE

FlowVUE allows for the active sampling of a subscriber’s device (also known as a “User Endpoint IP” or UE IP) across IP networks or GTP-u tunnels. The integrity of subscriber flows is preserved by forwarding all flows associated with the sampled UE IP to all probes and analysis tools. Intelligent sampling executed by FlowVUE is deployed for understanding usage patterns. Operators can also gain visibility in to the subscribers QoE by forwarding all GTP control sessions to the monitoring tools.

By combining FlowVUE with other GigaSMART functions such as APF, network traffic can be further reduced by filtering on specific Layer-4 application ports that the operator is interested in monitoring. Overall, this helps service providers address rising tool costs by enabling them to preserve or increase tool utility and offset ARPU reduction by monetizing Big Data with tools seen in Customer Experience Management offerings.

Note:  The FlowVUE license also enables GTP whitelisting and GTP flow sampling.

NetFlow Generation License

The NetFlow Generation License enables the following GigaSMART applications:

GigaSMART NetFlow Generation

NetFlow Generation is a simple and effective way to increase visibility into traffic types and usage patterns across systems. Data can be used to build relationships and usage patterns between nodes on the network (traditionally, routers and switches collected IP traffic statistics and exported them as NetFlow Generation Records).

The advanced capabilities of GigaSMART® technology can be leveraged to summarize and generate unsampled NetFlow Generation statistics from incoming traffic streams. Offloading NetFlow Generation to an out-of-band solution like the Gigamon Visibility Platform completely eliminates the risk of expending expensive production network resources in generating these analytics. Combined with the flexibility offered by Gigamon’s patented Flow Mapping® technology, operators can pick and choose from the incoming flows to generate NetFlow Generation statistics, without losing critical information.

NetFlow Generation supports NetFlow version 5, 9, IPFIX.

The port used to export NetFlow records is configured as an IP interface.

When NetFlow collects SSL metadata, it makes use of the GigaSMART SSL application, however, only the NetFlow Generation license is needed for NetFlow to collect SSL metadata.

NetFlow supports second level maps that are used for configuring filtering rules enabled through Adaptive Packet Filtering (APF). After the APF rules are applied, second level maps send traffic to NetFlow and then to IP interface with tool ports.

Note:  NetFlow with second level maps requires the Adaptive Packet Filtering license.

Note:  GigaSMART operations with a NetFlow component can be assigned to multiple GigaSMART groups or GigaSMART groups consisting of multiple GigaSMART engine ports.

SSL Decryption Licenses

The SSL Decryption Licenses enable the following GigaSMART applications:

GigaSMART Passive SSL Decryption

Secure Sockets Layer (SSL) Decryption is a cryptographic protocol that adds security to TCP/IP communications such as Web browsing and email. The protocol allows the transmission of secure data between a server and client who both have the keys to decode the transmission and the certificates to verify trust between them. Passive SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network.

On GigaVUE H Series nodes, GigaSMART line cards or modules perform the decryption of SSL traffic. Using GigaSMART for decryption provides a single decryption point, enabling decrypted data to be sent to tools for inspection. Using GigaSMART removes the decryption function from tools and offers improved performance.

Before SSL traffic is decrypted, the de-duplication GigaSMART operation can be performed. Decrypted traffic from the GigaSMART line card or module can be filtered, aggregated, and replicated and then sent to one or more monitoring tools for analysis.

Use Passive SSL decryption on the GigaSMART line card or module with passive or offline traffic. Tap the traffic to and from a server and pass it to the GigaVUE H Series node with the GigaSMART line card or module.

For secure storage of private keys, Entrust nShield Hardware Security Module (HSM) is integrated with Passive SSL decryption. Refer to Entrust nShield HSM for SSL Decryption for Out-of-Band Tools.

GigaSMART SSL Decryption for Inline and Out-of-Band Tools

SSL decryption for inline tools provides visibility into encrypted traffic. Inline SSL decryption delivers decrypted packets to tools that can be placed inline or out-of-band. The tools look into decrypted packets for threats, such as viruses or other malware.

The amount of Internet traffic that is encrypted is increasing, and much of it is encrypted with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

Malware increasingly uses encrypted SSL traffic, thus a significant percentage of attacks hide in SSL. Inline SSL decryption delivers a complete view of encrypted applications and hidden threats in your organization.

Many applications, such as email, also use SSL. Encryption protects data from being viewed in transit over the Internet such as in an exchange of emails. Encryption also keeps the data private. But when data is encrypted, packets are not inspected, which can create blind spots in your network.

Providing visibility into encrypted traffic eliminates this blind spot. SSL/TLS blind spots in your network can be eliminated across any port or application, for example, port 443, or email, Web, or VoIP applications.

Note:  Inline SSL decryption is supported on GigaVUE‑HC1, GigaVUE‑HC2, and GigaVUE‑HC3.

Refer to Work with GigaSMART Operations for details.

NOTES:

■   GigaSMART Stateless load balancing is included with base licenses. Stateful load balancing for GTP and ASF are included with the GTP Filtering & Correlation and Application Session Filtering (ASF) licenses. Stateful load balancing for tunnel is included with the tunneling licenses. Refer to GigaSMART Load Balancing.
■   GigaSMART MPLS traffic performance enhancement does not require a separate license. Refer to GigaSMART Traffic Performance Enhancement.