Enabling SSL/TLS Inspection on Asymmetric Multi-Path Traffic (5.13)

Introduction

In multi-path redundant networks, asymmetric routing is common because upstream and downstream traffic that are part of the same session can traverse in different paths. When you have an inline tool to inspect both the paths, the tool may not receive the full session, thus creating a black hole which impacts packet inspection. The tool needs to receive all the decrypted traffic for a seamless inspection and this can be enabled by Gigamon's Resilient Inline Arrangement in a Flexible Inline solution. 

Watch this quick video to learn more about the challenges with asymmetric flow of traffic in a network.

Such resilient arrangement is particularly useful for enterprise networks that have multiple paths between the upstream and downstream devices. Otherwise, inspection in these networks containing multi-path architecture will be a challenge for NOC/SOC teams.

Design Topology

Design Overview

Gigamon's Multi-tier solution involves deployment of GigaVUE-HC devices at multilayers in the network to aggregate and manage the asymmetric traffic and enable SSL/TLS decryption on the core layer. This helps the NOC/SOC teams to overcome the challenges with asymmetric traffic flow.

GigaVUE-HC devices are deployed  in two layers: 

  • Aggregation Layer:In this layer, the traffic will be aggregated using a GigaVUE-HC1 node and sent to a GigaVUE-HC2 chassis in the Core layer.

  • Core Layer:In this layer, Gigamon's Resilient Inline Arrangement with GigaSMART Flex Inline SSL Solution is deployed with two GigaVUE-HC2 devices connecting each other through an Inter-Broker Pathway. This Flex Inline SSL Solution guides the encrypted traffic, such that the traffic flows with odd source IPs are decrypted and forwarded to the group of WAF and IPS on one side and the traffic flows with even source IPs are decrypted and forwarded to the group of WAF and IPS on the other side.

To learn more about this solution, read complete details on the Gigamon Community: Enabling SSL-TLS Inspection on Asymmetric Multi Path Traffic 5.13.