Browse Prior Art Database

VISUAL TOOL TO TRACE TRAFFIC FLOW FOR MULTI-BLADE DEVICE

IP.com Disclosure Number: IPCOM000250436D
Publication Date: 2017-Jul-14
Document File: 4 page(s) / 300K

Publishing Venue

The IP.com Prior Art Database

Related People

Keying Bi: AUTHOR [+2]

Abstract

Modular security platforms may permit users to install various types of security services and perform flexible service chaining. While modular security platforms greatly reduce the number of resources that users need to manage, such platforms increase the difficulty associated with troubleshooting. However, modular security platforms also create an opportunity to troubleshoot multiple services in one setting. The flow tracer described herein enables users to analyze security information and event management (SIEM) logs separately to monitor traffic flows without examining each service manager. The flow tracer integrates this information into one page with one button.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

VISUAL TOOL TO TRACE TRAFFIC FLOW FOR MULTI-BLADE DEVICE

AUTHORS: Keying Bi

David Sward

CISCO SYSTEMS, INC.

ABSTRACT

Modular security platforms may permit users to install various types of security

services and perform flexible service chaining. While modular security platforms greatly

reduce the number of resources that users need to manage, such platforms increase the

difficulty associated with troubleshooting. However, modular security platforms also

create an opportunity to troubleshoot multiple services in one setting. The flow tracer

described herein enables users to analyze security information and event management

(SIEM) logs separately to monitor traffic flows without examining each service manager.

The flow tracer integrates this information into one page with one button.

DETAILED DESCRIPTION

Modular security platforms may include both physical and virtual security solutions

that provide service provider cloud and network functions virtualization environments. For

example, a modular security platform may have three blades, and may enable network

administrators to create multiple logical devices on the modular security platform.

Troubleshooting on such a multi-blade and multi-device platform is particularly

challenging. To understand what happens to a traffic flow due to the policies of the virtual

devices, users are typically required to log into each virtual device manager event viewer

and manually correlate events to analyze whether a traffic flow has passed, and if not,

where the flow was dropped. This requires excessive time, and does not guarantee the

network administrator will discover what happened to the traffic flow.

Figure 1 below illustrates the challenges a network administrator may face using

such conventional technology. In the example of Figure 1, one blade has distributed denial

of service (DDOS) security measures, FileScan, and an Adaptive Security Appliance

(ASA). Each has its own manager. If a traffic flow is dropped, the user would examine

Copyright 2017 Cisco Systems, Inc. 2

each device manager, read the events and policy, and search through many irrelevant

details to have a chance of discovering the step at which the traffic was dropped.

Figure 1

Figure 2 below illustrates the flow tracer described herein.

Figure 2

This flow tracer permits users to discover what happened to a traffic flow by

visualizing the flow. Users may specify the traffic flow to be captured at the top left portion

of Figure 2. The bottom left portion of Figure 2 is the high-level overview of where the

flow has traveled inside the device and information regarding whether the flow has

successfully passed this device. If the flow failed to pass the device, the flow tracer displays

Copyright 2017 Cisco Systems, Inc. 3

the blade at which the flow was dropped. A green line indicates that the flow passed the ...