Page 2
Network Instruments, LLC. (Network Instruments) warrants this hardware product against defects in materials and workmanship for a period of 90 days (1 year for nTAPs) from the date of shipment of the product from Network Instruments, LLC. Warranty is for depot service at Network Instruments corporate headquarters in Minneapolis, MN or London, England.
DEVELOPER’S liability to the END-USER under this agreement shall be limited to the amount actually paid to DEVELOPER by END-USER for the SOFTWARE giving rise to the liability. Ownership and Confidentiality END-USER agrees that Network Instruments, LLC owns all relevant copyrights, trade secrets and all intellectual property related to the SOFTWARE. Technical Support US &...
Chapter 1: Getting Started............................. 6 Matrix technical specifications..................................7 Supported QSFP/SFP/SFP+ media types............................... 9 How to connect Matrix to your network..............................9 How to set IPv4 network settings................................10 How to set IPv6 network settings................................10 How to set the system time and date............................... 11 Chapter 2: Layouts................................
Page 5
Understanding the load balancing process.............................39 Chapter 10: Packet Deduplication..........................40 How to deduplicate packets..................................40 How to direct the Matrix to identify duplicate packets.........................40 How to enable packet deduplication in a rule..........................41 Understanding packet deduplication..............................41 What is deduplication and why do I need it?..........................41 Scenario 1: Receiving network traffic from multiple routers....................
Chapter 1: Getting Started The Matrix is a network management switch that can filter, de-duplicate, trim and time stamp inbound traffic and replicate, aggregate, or load-balance outbound traffic before sending it to your network and security monitoring tools. Figure 1: Matrix in your network...
The Matrix can perform multiple operations on inbound data before it is transmitted out tool ports: Filter traffic of interest to specific analysis devices: filters are created using open source BPF Unix- based language and/or an intuitive GUI interface. Filter traffic by variables, including clients or servers, applications, packet length, or ports, and incorporate Boolean logic.
Page 8
(HTTPS) or command line interface (SSH). The left light is solid yellow when an Ethernet cable is connected. The right light blinks green with activity. K GPS Port for attaching an optional Network Instruments GPS timing device. Dimensions Power 19 in (W) x 1.73 in (H) x 18 in...
How to connect Matrix to your network Before you can configure or use the Matrix, you must complete the basic installation by connecting power cables and inserting SFP modules. 1. Insert the two power cables (F).
Next, change the network settings. How to set IPv4 network settings The Matrix must be added to your network like other devices. Use the network settings page to set IPv4 settings for IP address and netmask, gateway, host name, and more.
10. (Optional) In IPv6 DNS Address 2, type the IPv6 address of a DNS server. 11. Click Save. You successfully added the Matrix to your network with IPv6 settings. The changes take effect immediately. How to set the system time and date You can set or change how the current date and time is acquired.
Page 12
If you select NTP, you must type an NTP server IP address in Server 1. 4. Click Save. The clock source is set. Both the system time and date of the Matrix are set by the selected clock source. 12 | Matrix™ (pub. 25.Apr.2014)
Chapter 2: Layouts Understanding layouts Operation of your Matrix is configured in an arrangement called a layout. The layout defines port connections, speeds, and the rules in use. For most users, the default layout is sufficient. In the default layout, they will set their port definitions, how network ports are connected to tool ports, and which rules are used and do little else.
How to create an additional layout You can create a layout to quickly and radically change how your Matrix operates—similar to a preset. Rules and filters, which network ports are connected to which tool ports, link aggregation, load balancing schemes, traffic isolation, and more, can be simultaneously made active with a single change of a layout.
How to activate a different layout After a layout is created, you can activate it at any time. Activating a layout immediately changes how the Matrix operates. Tip! Only activate a saved layout if you understand how the layout affects the operation of the Matrix.
Page 16
A download begins in your browser. 5. Save the downloaded layout file to a suitable location. You successfully exported a layout to a file. The file can be kept for archival, and it can be imported by other appliances. 16 | Matrix™ (pub. 25.Apr.2014)
Connections must be made between (ingress) network ports and (egress) tool ports before rules can take effect. There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).
There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).
There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).
The rule opens and is ready to edit. 4. Make your changes. 5. Click Save. You successfully created a rule. Whenever this rule is used to connect network ports to tool ports, the logic is applied. 20 | Matrix™ (pub. 25.Apr.2014)
How to edit a rule You can edit a rule to change which filter is bound to it or to configure options. Tip! You can also edit by double-clicking rules in a layout. To edit a rule: 1. Starting in the dashboard, click Rules. The rules and filters designer appears, where rules and filters can be created and edited.
3. In the Apply Rule submenu, click Select and click a rule. All of your created rules are in this submenu. You successfully applied a rule in an active layout. Your applied rule takes effect immediately. 22 | Matrix™ (pub. 25.Apr.2014)
Chapter 5: Filters How to create a filter You can choose what network traffic reaches your analysis tools. Use filters to ensure that only packets with certain characteristics are forwarded to tool ports. To create a filter: 1. Starting in the dashboard, click Rules. The rules and filters designer appears, where rules and filters can be created and edited.
Consider this scenario: Digital Imaging and Communications in Medicine (DICOM) is a set of network protocols used to store, retrieve, and query, patient medical images and reports. Furthermore, the electronic security of patient 24 | Matrix™ (pub. 25.Apr.2014)
Page 25
health information is protected in the United States in part by the HIPAA Security Rule. In this scenario, aid HIPAA compliance by editing a filter (page 24) to exclude DICOM traffic from flowing to certain tools. Understanding filters and filtering | 25...
Chapter 6: Users and Groups How to set a user authentication scheme You can leverage your organization's existing authentication service in the Matrix. Set a user authentication scheme to command your Active Directory, LDAP, TACACS+, or other server, to perform authentication duties for the Matrix.
How to authenticate locally Selected by default, local authentication allows the Matrix to handle all users, groups, and permissions. This authentication scheme is especially useful if no third-party authentication server is available. 1. Starting in the dashboard, click System. 2. Click Authentication.
5. Click Save. The Matrix now uses Active Directory for authenticating users. How to authenticate using NIMS Use NIMS authentication to allow a Network Instruments Management Server to authenticate users. 1. Starting in the dashboard, click System. 2. Click Authentication.
You can add users so they have the ability to authenticate and log in. When adding a user, be aware that each user of the Matrix must be assigned group membership. You are able to assign group membership during the creation of the user.
How to delete a user If a user is no longer needed, you can delete it. Deleting a user erases it from the Matrix. The user can no longer log in or authenticate with the Matrix because the entry no longer exists.
3. Click the Groups tab. 4. Click Add. 5. Configure the settings of the group. You successfully added a user group. When user additions are made to the group, they inherit the permissions and properties of the group. How to edit a user group You can edit a user group to change the behavior of its members.
Doing so is useful when several different analysis tools need access to the same traffic. Figure 2: Example of traffic replication Replicating network traffic is straightforward using the Matrix: tool ports always replicate the traffic of network ports they are connected to (unless load balancing is enabled). The traffic that replicates is the post-processed traffic, such as after filtering, trimming, deduplication, and more, has occurred.
When traffic replication is used, a single data stream is copied and forwarded to multiple tool ports. Replication is necessary for providing identical traffic to different tools. Traffic replication produces one or more copies of network traffic. In its simplest form, the Matrix is replicating network traffic just by connecting one network port to one tool port (page 17).
6. Use a drag-and-drop operation to connect another network port to the same rule. Both network ports are being aggregated and forwarded to the tool port. Multiple network links (represented by network ports) are now aggregated. 34 | Matrix™ (pub. 25.Apr.2014)
Link aggregation does not automatically create link redundancy. Although link aggregation may have a role in a link redundancy strategy using the Matrix, aggregating network links does not provide any type of redundancy or high availability. However, if using the Matrix for this purpose, combining link aggregation with...
Understanding speed conversion Speed conversion creates network visibility. The Matrix can convert the speed and interface of a network link to something compatible with analysis tools. Analysis tools can then access traffic they cannot natively inspect.
Chapter 9: Load Balancing How to load balance With load balancing, you can distribute network port traffic more evenly across tool ports. Choose the type of load balancing that works best with your analysis tools: balance by network conversations or balance by packet volume.
Network conversations are severed by using this type, so ensure that any connected tools can operate effectively without intact conversations. 6. Click Save. 38 | Matrix™ (pub. 25.Apr.2014)
Load balancing does not interact with applications to achieve results. The purpose of load balancing is for taking traffic and distributing it more evenly to the analysis tools connected to tool ports. The Matrix is designed to perform load balancing without agent software or other potential points of failure.
Chapter 10: Packet Deduplication How to deduplicate packets You can remove duplicate packets that reach the Matrix. This ensures that tool ports only send unique packets to analysis tools, increasing the accuracy and efficiency of analysis. Packet deduplication requires two steps: 1.
How to enable packet deduplication in a rule In a rule, you can enable packet deduplication. Any duplicate ingress packets, coming from network ports connected to the rule, are removed before being forwarded to tool ports and ultimately your analysis tools. Prerequisite(s): ...
In some cases you may want to retain the duplicate packets, such as when packets are being looped or when multiple VLANs are used with your Matrix. Retaining a copy of duplicate packets and their traversal through both VLANs may be necessary when verifying whether the traffic was routed properly.
Prerequisite(s): These steps require that at least one rule exists in your rules library. You can create a new rule if necessary. Some benefits of packet trimming with the Matrix include: Lowering link utilization between tool ports and tools...
Page 44
64 bytes. 6. Click Save. You successfully enabled packet trimming in a rule. Connecting this rule between network and tool ports causes ingress packets to be trimmed, if necessary, before being forwarded to analysis tools. 44 | Matrix™ (pub. 25.Apr.2014)
You can upgrade the firmware to ensure maximum performance and stability of the system, and to update the documentation and tooltips. Prerequisite(s): Network Instruments continually releases improvements through firmware updates. Ensure you have the latest firmware by downloading it from ftp://ftp.netinst.com/pub/Matrix/1024/firmware/. Firmware upgrades consist of two simultaneous updates: 1.
Chapter 13: Licensing Understanding the licensing process Your Matrix is pre-licensed. Relicensing the device requires that you request a new license from Network Instruments and then import a multi-line license string. The device is pre-licensed at the factory. The license enables ports in blocks of four starting at port 1. It also indicates the number of blocks that are 10 Gb-capable.
Info and device license ID from System > License. Doing so makes matching license to the correct device easier later on when you receive the new licenses. You will receive an e-mail message from Network Instruments with the device license ID and a new license string. Save this e-mail message!