1. Manuals
  2. Brands
  3. Network Instruments Manuals
  4. Switch
  5. Matrix
  6. User manual

Network Instruments Matrix User Manual

Network management switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Matrix™
User Guide

Advertisement

Table of Contents
loading

Summary of Contents for Network Instruments Matrix

  • Page 1 Matrix™ User Guide...
  • Page 2 Network Instruments, LLC. (Network Instruments) warrants this hardware product against defects in materials and workmanship for a period of 90 days (1 year for nTAPs) from the date of shipment of the product from Network Instruments, LLC. Warranty is for depot service at Network Instruments corporate headquarters in Minneapolis, MN or London, England.

  • Page 3: Technical Support

    DEVELOPER’S liability to the END-USER under this agreement shall be limited to the amount actually paid to DEVELOPER by END-USER for the SOFTWARE giving rise to the liability. Ownership and Confidentiality END-USER agrees that Network Instruments, LLC owns all relevant copyrights, trade secrets and all intellectual property related to the SOFTWARE. Technical Support US &...

  • Page 4: Table Of Contents

    Chapter 1: Getting Started............................. 6 Matrix technical specifications..................................7 Supported QSFP/SFP/SFP+ media types............................... 9 How to connect Matrix to your network..............................9 How to set IPv4 network settings................................10 How to set IPv6 network settings................................10 How to set the system time and date............................... 11 Chapter 2: Layouts................................
  • Page 5 Understanding the load balancing process.............................39 Chapter 10: Packet Deduplication..........................40 How to deduplicate packets..................................40 How to direct the Matrix to identify duplicate packets.........................40 How to enable packet deduplication in a rule..........................41 Understanding packet deduplication..............................41 What is deduplication and why do I need it?..........................41 Scenario 1: Receiving network traffic from multiple routers....................

  • Page 6: Chapter 1: Getting Started

    Chapter 1: Getting Started The Matrix is a network management switch that can filter, de-duplicate, trim and time stamp inbound traffic and replicate, aggregate, or load-balance outbound traffic before sending it to your network and security monitoring tools. Figure 1: Matrix in your network...

  • Page 7: Matrix Technical Specifications

    The Matrix can perform multiple operations on inbound data before it is transmitted out tool ports: Filter traffic of interest to specific analysis devices: filters are created using open source BPF Unix- based language and/or an intuitive GUI interface. Filter traffic by variables, including clients or servers, applications, packet length, or ports, and incorporate Boolean logic.
  • Page 8 (HTTPS) or command line interface (SSH). The left light is solid yellow when an Ethernet cable is connected. The right light blinks green with activity. K GPS Port for attaching an optional Network Instruments GPS timing device. Dimensions Power 19 in (W) x 1.73 in (H) x 18 in...

  • Page 9: Supported Qsfp/Sfp/Sfp+ Media Types

    How to connect Matrix to your network Before you can configure or use the Matrix, you must complete the basic installation by connecting power cables and inserting SFP modules. 1. Insert the two power cables (F).

  • Page 10: How To Set Ipv4 Network Settings

    Next, change the network settings. How to set IPv4 network settings The Matrix must be added to your network like other devices. Use the network settings page to set IPv4 settings for IP address and netmask, gateway, host name, and more.

  • Page 11: How To Set The System Time And Date

    10. (Optional) In IPv6 DNS Address 2, type the IPv6 address of a DNS server. 11. Click Save. You successfully added the Matrix to your network with IPv6 settings. The changes take effect immediately. How to set the system time and date You can set or change how the current date and time is acquired.
  • Page 12 If you select NTP, you must type an NTP server IP address in Server 1. 4. Click Save. The clock source is set. Both the system time and date of the Matrix are set by the selected clock source. 12 | Matrix™ (pub. 25.Apr.2014)

  • Page 13: Chapter 2: Layouts

    Chapter 2: Layouts Understanding layouts Operation of your Matrix is configured in an arrangement called a layout. The layout defines port connections, speeds, and the rules in use. For most users, the default layout is sufficient. In the default layout, they will set their port definitions, how network ports are connected to tool ports, and which rules are used and do little else.

  • Page 14: How To Create An Additional Layout

    How to create an additional layout You can create a layout to quickly and radically change how your Matrix operates—similar to a preset. Rules and filters, which network ports are connected to which tool ports, link aggregation, load balancing schemes, traffic isolation, and more, can be simultaneously made active with a single change of a layout.

  • Page 15: How To Activate A Different Layout

    How to activate a different layout After a layout is created, you can activate it at any time. Activating a layout immediately changes how the Matrix operates. Tip! Only activate a saved layout if you understand how the layout affects the operation of the Matrix.
  • Page 16 A download begins in your browser. 5. Save the downloaded layout file to a suitable location. You successfully exported a layout to a file. The file can be kept for archival, and it can be imported by other appliances. 16 | Matrix™ (pub. 25.Apr.2014)

  • Page 17: Chapter 3: Ports

    Connections must be made between (ingress) network ports and (egress) tool ports before rules can take effect. There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).

  • Page 18: How To Define A Tool Port

    There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).

  • Page 19: How To Define A Network Port

    There are no dedicated ingress and egress ports in the Matrix; all physical ports can assume either one of these roles. You, an administrator, can designate a physical port as either a (ingress) network port or (egress) tool port by using the web interface (dashboard) or command line interface (CLI).

  • Page 20: Chapter 4: Rules

    The rule opens and is ready to edit. 4. Make your changes. 5. Click Save. You successfully created a rule. Whenever this rule is used to connect network ports to tool ports, the logic is applied. 20 | Matrix™ (pub. 25.Apr.2014)

  • Page 21: How To Edit A Rule

    How to edit a rule You can edit a rule to change which filter is bound to it or to configure options. Tip! You can also edit by double-clicking rules in a layout. To edit a rule: 1. Starting in the dashboard, click Rules. The rules and filters designer appears, where rules and filters can be created and edited.

  • Page 22: How To Apply A Rule In The Active Layout

    3. In the Apply Rule submenu, click Select and click a rule. All of your created rules are in this submenu. You successfully applied a rule in an active layout. Your applied rule takes effect immediately. 22 | Matrix™ (pub. 25.Apr.2014)

  • Page 23: Chapter 5: Filters

    Chapter 5: Filters How to create a filter You can choose what network traffic reaches your analysis tools. Use filters to ensure that only packets with certain characteristics are forwarded to tool ports. To create a filter: 1. Starting in the dashboard, click Rules. The rules and filters designer appears, where rules and filters can be created and edited.

  • Page 24: How To Edit A Filter

    Consider this scenario: Digital Imaging and Communications in Medicine (DICOM) is a set of network protocols used to store, retrieve, and query, patient medical images and reports. Furthermore, the electronic security of patient 24 | Matrix™ (pub. 25.Apr.2014)
  • Page 25 health information is protected in the United States in part by the HIPAA Security Rule. In this scenario, aid HIPAA compliance by editing a filter (page 24) to exclude DICOM traffic from flowing to certain tools. Understanding filters and filtering | 25...

  • Page 26: Chapter 6: Users And Groups

    Chapter 6: Users and Groups How to set a user authentication scheme You can leverage your organization's existing authentication service in the Matrix. Set a user authentication scheme to command your Active Directory, LDAP, TACACS+, or other server, to perform authentication duties for the Matrix.

  • Page 27: How To Authenticate Locally

    How to authenticate locally Selected by default, local authentication allows the Matrix to handle all users, groups, and permissions. This authentication scheme is especially useful if no third-party authentication server is available. 1. Starting in the dashboard, click System. 2. Click Authentication.

  • Page 28: How To Authenticate Using Active Directory

    5. Click Save. The Matrix now uses Active Directory for authenticating users. How to authenticate using NIMS Use NIMS authentication to allow a Network Instruments Management Server to authenticate users. 1. Starting in the dashboard, click System. 2. Click Authentication.

  • Page 29: How To Change The Administrator Password

    You can add users so they have the ability to authenticate and log in. When adding a user, be aware that each user of the Matrix must be assigned group membership. You are able to assign group membership during the creation of the user.

  • Page 30: How To Import Users

    How to delete a user If a user is no longer needed, you can delete it. Deleting a user erases it from the Matrix. The user can no longer log in or authenticate with the Matrix because the entry no longer exists.

  • Page 31: How To Edit A User Group

    3. Click the Groups tab. 4. Click Add. 5. Configure the settings of the group. You successfully added a user group. When user additions are made to the group, they inherit the permissions and properties of the group. How to edit a user group You can edit a user group to change the behavior of its members.

  • Page 32: Chapter 7: Replication

    Doing so is useful when several different analysis tools need access to the same traffic. Figure 2: Example of traffic replication Replicating network traffic is straightforward using the Matrix: tool ports always replicate the traffic of network ports they are connected to (unless load balancing is enabled). The traffic that replicates is the post-processed traffic, such as after filtering, trimming, deduplication, and more, has occurred.

  • Page 33: Understanding Network Traffic Replication

    When traffic replication is used, a single data stream is copied and forwarded to multiple tool ports. Replication is necessary for providing identical traffic to different tools. Traffic replication produces one or more copies of network traffic. In its simplest form, the Matrix is replicating network traffic just by connecting one network port to one tool port (page 17).

  • Page 34: Chapter 8: Aggregation And Speed Conversion

    6. Use a drag-and-drop operation to connect another network port to the same rule. Both network ports are being aggregated and forwarded to the tool port. Multiple network links (represented by network ports) are now aggregated. 34 | Matrix™ (pub. 25.Apr.2014)

  • Page 35: Understanding Network Link Aggregation

    Link aggregation does not automatically create link redundancy. Although link aggregation may have a role in a link redundancy strategy using the Matrix, aggregating network links does not provide any type of redundancy or high availability. However, if using the Matrix for this purpose, combining link aggregation with...

  • Page 36: Understanding Speed Conversion

    Understanding speed conversion Speed conversion creates network visibility. The Matrix can convert the speed and interface of a network link to something compatible with analysis tools. Analysis tools can then access traffic they cannot natively inspect.

  • Page 37: Chapter 9: Load Balancing

    Chapter 9: Load Balancing How to load balance With load balancing, you can distribute network port traffic more evenly across tool ports. Choose the type of load balancing that works best with your analysis tools: balance by network conversations or balance by packet volume.

  • Page 38: How To Load Balance By Packet Volume

    Network conversations are severed by using this type, so ensure that any connected tools can operate effectively without intact conversations. 6. Click Save. 38 | Matrix™ (pub. 25.Apr.2014)

  • Page 39: Understanding The Load Balancing Process

    Load balancing does not interact with applications to achieve results. The purpose of load balancing is for taking traffic and distributing it more evenly to the analysis tools connected to tool ports. The Matrix is designed to perform load balancing without agent software or other potential points of failure.

  • Page 40: Chapter 10: Packet Deduplication

    Chapter 10: Packet Deduplication How to deduplicate packets You can remove duplicate packets that reach the Matrix. This ensures that tool ports only send unique packets to analysis tools, increasing the accuracy and efficiency of analysis. Packet deduplication requires two steps: 1.

  • Page 41: How To Enable Packet Deduplication In A Rule

    How to enable packet deduplication in a rule In a rule, you can enable packet deduplication. Any duplicate ingress packets, coming from network ports connected to the rule, are removed before being forwarded to tool ports and ultimately your analysis tools. Prerequisite(s):  ...

  • Page 42: Scenario 1: Receiving Network Traffic From Multiple Routers

    In some cases you may want to retain the duplicate packets, such as when packets are being looped or when multiple VLANs are used with your Matrix. Retaining a copy of duplicate packets and their traversal through both VLANs may be necessary when verifying whether the traffic was routed properly.

  • Page 43: Chapter 11: Packet Trimming

    Prerequisite(s):   These steps require that at least one rule exists in your rules library. You can create a new rule if necessary. Some benefits of packet trimming with the Matrix include: Lowering link utilization between tool ports and tools...
  • Page 44 64 bytes. 6. Click Save. You successfully enabled packet trimming in a rule. Connecting this rule between network and tool ports causes ingress packets to be trimmed, if necessary, before being forwarded to analysis tools. 44 | Matrix™ (pub. 25.Apr.2014)

  • Page 45: Chapter 12: Firmware

    You can upgrade the firmware to ensure maximum performance and stability of the system, and to update the documentation and tooltips. Prerequisite(s):   Network Instruments continually releases improvements through firmware updates. Ensure you have the latest firmware by downloading it from ftp://ftp.netinst.com/pub/Matrix/1024/firmware/. Firmware upgrades consist of two simultaneous updates: 1.

  • Page 46: Chapter 13: Licensing

    Chapter 13: Licensing Understanding the licensing process Your Matrix is pre-licensed. Relicensing the device requires that you request a new license from Network Instruments and then import a multi-line license string. The device is pre-licensed at the factory. The license enables ports in blocks of four starting at port 1. It also indicates the number of blocks that are 10 Gb-capable.

  • Page 47: How To Relicense The Device

    Info and device license ID from System > License. Doing so makes matching license to the correct device easier later on when you receive the new licenses. You will receive an e-mail message from Network Instruments with the device license ID and a new license string. Save this e-mail message!

  • Page 48: Index

    Index IEEE-1588 11 IPv4 10 Active Directory 28 IPv6 10 admin account 29 aggregation 34 authentication 26 Active Directory 28 layout LDAP 27 activate 15 local 27 create 14 NIMS 28 edit 13 RADIUS 28 export 15 TACACS+ 28 import 15 LDAP 27 load balancing 37 local authentication 27...
  • Page 49 TACACS+ 28 tool ports  17, 18 trimming 43 users add 29 delete 30 disable 30 edit 29 import 30 | 49...

Table of Contents