Data Analyzer (DANZ) Glossary

Access List (ACL)

The switch configuration used for the purpose of filtering Layer 2, Layer 3, or Layer 4 traffic.

See Filtering with Port ACLs

Advanced Mirroring

An Arista feature set which includes support for filtered, multi-destination mirroring, mirroring to EOS of data plane traffic, advanced load-sharing, and packet truncation.

 

Aggregation Group

A configuration or grouping of Tap and Tool ports together where traffic from all Tap ports in a group will be replicated to all Tool ports in the same group.  A tool port can be a member of multiple aggregation groups whereas a tap port is allowed to map to only one aggregation group at any time.

See Basic Use of Aggregation Groups

 

Agile Ports

A feature that allows for a set of four 10G interfaces on a single switch to be configured as one native 40G interface compatible with 40G-xR4 standards.

 

Application Performance Management (APM)

A monitoring and management tool that analyzes and reports on the performance and availability of software applications.

 

Bit Masking

Due to compliance requirements, some bits residing in the datagram (for example a Social Security number) of a packet could require the need to mask or obfuscate that data.  This requires hardware capable of capturing the entire packet and searching for specified bit patterns in the datagram and then obfuscating those bit patterns.

 

Boundary Clock

A PTP functionality that consists of multiple network connections and can accurately bridge synchronization from one network segment to another.

 

Buffer Tuning

A feature that allows for custom configuration of RX and TX buffer allocation on a per interface basis as well as the ability to manipulate how fixed and shared buffers are allocated to each interface and traffic class.

 

Class Map

The switch configuration that provides an ordered set of rules to match, based upon access-lists (ACL).

 

Data Analyzer (DANZ)

An Arista functionality which provides a set of features and tools to enhance instrumentation and network/application performance monitoring within the functional areas of Advanced Monitoring, Tap Aggregation, microburst latency and analysis, and on-board event handling and scheduling.

 

Direct Attached Cables (DAC)

Also known as a twinax cable, connects one network resource to another through an integrated cabling system that includes mechanical connectors and built in transceivers on either end of the structured cable.  Typically available in shorter length cables to help reduce the cost of the infrastructure.

 

Deep Packet Inspection (DPI)

Traditional DPI in security devices inspects all bytes of a packet from Layer 2-7.  In Tap Aggregation switches, it allows the administrator to inspect and match (then take action on) additional bytes in the L2/L3/L4 header.

See Deep Inspection with Tap Aggregation

 

Denial of Service (DoS)

A type of network attack that attempts to make a machine or network resource unavailable to users through various vulnerabilities of the infrastructure.

 

Generic Routing Encapsulation (GRE)

An overlay technology that uses a tunneling technique to perform any Layer 3 protocol-in-IP encapsulation that provides a means to create private point-to-point connections similar to a virtual private network (VPN)


Google Protocol Buffers (GPB)

A method of serializing structured data useful in storing and analyzing large volumes of data.  Utilized by the LANZ streaming feature to transmit LANZ records at a high rate.

 

GPRS Tunneling Protocol (GTP)

A group of IP-based protocols used to carry general packet radio service (GPRS) traffic within networks.  GTP traffic can consist of signalling traffic (GTP-C), user data traffic (GTP-U), and GTP prime (GTP’) data used for carrying the charging data.

 

Header Stripping –

The ability of all datagrams to have specific headers (i.e. MPLS, VLAN, etc) stripped from the packet and forwarded on at line rate.

 

Hybrid Tap Mode

In modular systems, hybrid tap mode allows for specific line cards to operate in Tap Aggregation mode while other line cards operate in a traditional Layer 2 or Layer 3 function.

 

Identity VLAN

An additional header (in the case of traffic with an existing 801.1q header) or an initial 802.1q header called an identity VLAN tag can be added to traffic to identify the source of said traffic and/or take action based upon that tag value when egressing the Tap Aggregation switch.

See Tap Aggregation VLAN List Filtering

 

Intrusion Detection System (IDS)

An IDS is a passive security tool which performs data analysis on network traffic.

 

Key Frames

Used in timestamping applications where the timestamp consists of a 31-bit value rolling over approximately every 6 seconds.  The key frame contains the current ASIC and UTC time of the switch and is used to correlate the frame timestamps to determine absolute time.

 

Latency Analyzer (LANZ)

An Arista feature that provides visibility of network congestion hot-spots by monitoring in real-time the occupancy level of each of the switch’s interface queues and calculates the effect any buffering has on application latency while at the same time monitoring packet drops during congestion events.

 

Link Layer Discovery Protocol (LLDP)

A link layer protocol standard (IEEE 802.1AB) used by devices to advertise their identity and capabilities on a local area network at a fixed interval.  Each frame contains one LLDP Data Unit (LLDPDU) and each LLDPDU contains a set of type-length-value (TLV) structures designating information such as chassis ID, port ID, and other identifying information.

See LLDP on Tap Ports

 

Load-balancing

This feature enables traffic from one or more Tap ports in an Aggregation Group to be evenly distributed out of one or more Tool ports either through a standard hash function or symmetrically where all packets from unique TCP sessions are sent through the same Tool port.

See Hashing for L2 Port-Channels and L3 ECMP

 

Matrix Switch

An alternative name for a Tap Aggregation Switch (See Tap Aggregation Switch)

 

Native (VLAN)

Used to carry untagged traffic across a trunk and by default VLAN 1 is used for this process.  Frames ingressing and egressing a switch without a VLAN tag are assumed to be part of the same native VLAN.

See Tap Aggregation VLAN List Filtering

 

Network Packet Broker

An alternative name for a Tap Aggregation Switch (See Tap Aggregation Switch)

 

Network TAP

A Tapping Access Point (TAP) is a hardware device that provides a way to access data flowing across either a copper or fiber network path by either splitting the signal in the case of fiber or copying the traffic in the case of copper in a 1:1 ratio.

 

Next-generation Firewall (NGFW)

An active security tool where traffic flows continuously into and out of the the NGFW.  Good or clean traffic is allowed to pass while bad traffic such as a DDoS attack or malware is blocked.

 

Optical Power Budget

Sometimes called light power budget, this is the allocation of available optical power launched into a fiber optic cable by a source.  Based upon various loss-producing mechanisms including the length of the fiber itself, couplers, attenuators, splices, etc., these factors can be used to determine if adequate signal strength will be available at the receiver to maintain a link.

 

Packet Deduplication

Ability to transmit only one copy of a packet when multiple copies are received through various tap interfaces.  Typically limited to within a certain timeframe (approx 50ms) due to hardware limitations.

 

Packet Sniffer

Sometimes called a Packet or Protocol Analyzer, this tool is used to intercept, log, and interpret traffic passing over a network link.   Some sniffers can decode the various headers in the raw data showing the content and fields according to IETF or other specifications.

 

Packet Truncation

Also known as packet slicing, the ability to reduce the length of the packet by slicing off a variable length of the datagram in order to increase the processing and monitoring throughput of various tools.

See Truncation on Tap and Tool Ports

 

Port Mirror

A special designation for a port on a network Ethernet switch used to send a copy of the traffic seen ingressing or egressing (or both) a standard network port.  Most commonly these port mirror interfaces are connected directly to a network tool or Tap Aggregation switch.

See Introduction to Port Mirroring

 

Precision Time Protocol (PTP)

A protocol (IEEE 1588) used to synchronize clocks throughout a network with accuracy in the sub-microsecond range.  PTP utilizes a master-slave architecture for clock distribution.

 

SPAN Port

Modern Ethernet switches consist of many ports.  SPAN (Switched Port Analyzer) interfaces are interface ports configured to copy ingress and egress traffic from one or more standard interface ports and redirect that copied traffic out of the SPAN interface towards traffic and security analysis tools.

See Introduction to Port Mirroring

 

Tap Aggregation Manager

A Graphical User Interface (GUI) representation of the current Tap Aggregation switch configuration detailing Tap and Tool ports along with Aggregation groups, interface statics, applied filters, etc.

See Basic Use of Aggregation Groups

 

Tap Aggregation Switch

A network device with copper and/or fiber interfaces that takes inputs from Network TAPs or SPAN ports and redirects, filters, and manipulates traffic before passing the traffic onto analysis tools such as an IDS or APM.

See Introduction to Tap Aggregation

 

Tap Port

A type of interface designed to be connected to any TAP or SPAN port.  This type of port is a RX only entity that will not transmit data and Ethernet flooding will be disabled as will protocols like LLDP and IGMP.

 

Time Stamping

The capability of the switching hardware to mark each packet on ingress with an accurate timestamp derived from the high precision on-board Oven Controlled Crystal Oscillator (OCXO).

See Timestamping Deep Dive

 

Tool Port

A type of interface designed to be connected to any data analysis or capture device.  This type of port is a TX only entity that will not receive data and Ethernet learning will not be performed on this port.

 

Traffic Filtering

Through the use of ACLs, network traffic can be filtered to only allow specific sources, destinations, or protocols through the SPAN port or Tap Aggregation switch.

See Filtering with Port ACLs

 

Traffic Steering

This feature provides the flexibility of redirecting traffic according to custom defined policies in a way that goes beyond the standard Aggregation Group method.  Through the use of class maps, and ACLs, specific traffic and be matched, and steered, away from the associated Aggregation Group and into another group or egress Tool interface.

See Tap Aggregation Traffic Steering

 

Transparent Clock

A PTP functionality that modifies the PTP messages as they pass through the device by correcting the time based upon the time spent traversing the network equipment.  This improves distribution accuracy by compensating for any queueing on the network equipment itself through the use of a follow_up message.

 

Virtual Extensible LAN (VXLAN)

A network virtualization technology that uses a tunneling technique to perform MAC-in-UDP encapsulation that provides a means to extend Layer 2 segments across Layer 3 boundaries.