Network Visibility

Open visibility into 40Gbps and 100Gbps network segments

EndaceAccess Head-Ends at a glance

  • Network visibility Head-End system for 40GbE and 100GbE network segments
  • Accurately multiplexes 40GbE and 100GbE traffic into 12 x 10GbE 'slices'
  • Compatible with any 10GbpE-capable monitoring or security tool
  • Flow-safe intelligent load balancing helps manage oversubscription.

Download Datasheet

EndaceAccess Network Visibility Head-Ends

EndaceAccess™ Network Visibility Head-Ends give SecOps and NetOps teams access to network traffic on 100GbE and 40GbE network segments. The ability to monitor, protect and record network traffic on high-speed segments is critical, but true 40Gbps and 100Gbps-capable security and network monitoring tools simply don't exist.

Organizations have already heavily invested in 10GbE-capable security and network monitoring tools and these tools are core to their security and monitoring processes. The challenge is how to extend the reach of those tools into 40GbE and 100GbE networks.

EndaceAccess Head-Ends solve this problem by ingesting 40GbE or 100GbE traffic and load balancing it out over multiple 10GbE ports. This means existing 10GbE tools gain visibility into the traffic carried inside 40GbE and 100GbE links, the useful life of those tools is extended and the return on that investment is improved.

EndaceAccess Benefits

EndaceAccess Head-Ends provide a host of benefits to organizations with 40GbE and 100GbE networks:

  • Increased return on investment (ROI) by leveraging existing 10GbE monitoring investment for 40GbE and 100GbE links
  • Compact design minimizes rack space, cooling and power footprint
  • Intelligent load balancing makes it easy to manage the load fed to connected devices or applications and prevent saturation
  • Efficient centralized management via EndaceCMS™ Central Management Server
  • High reliability with redundant solid state drive (SSD) for system boot, dual redundant power supplies and the ability to continually operate through a software upgrade/reboot. System state can be viewed through SNMP and the Lights-Out Management (LOM) interface

EndaceAccess specifications

EndaceAccess Head-Ends are available in 100GbE and 40GbE configurations.

EndaceAccess Configuration Options
EndaceAccess 100 EndaceAccess 40
Dimensions 2 RU 1 RU
Protocol support 100GbE and 40GbE LAN and WAN 40GbE LAN and WAN
Ingress Ports 2 2
Output ports 24x10GbE 12x10GbE
Power supplies 2+2 redundant 650W AC 1+1 redundant 650W AC
Download EndaceAccess Datasheet

EndaceAccess system architecture

EndaceAccess Head-Ends deliver continuous, 100% accurate feeds of traffic to third-party tools. Uniquely, EndaceAccess systems support both LAN and WAN protocols, making them ideal for both new data center builds and high-speed WAN deployments. They are designed to interoperate with any third-party or custom monitoring tool as well as our own range of EndaceProbe™ network recorders and hosting platforms.

EndaceAccess Head-Ends support 2 ingress ports, which connect to the network in either direction via a passive network tap. Using a flow-safe, load-balancing algorithm, network traffic is steered towards 12x10Gbps egress ports for connection to 10Gbps ports on remote appliances. An important benefit of an intelligent load-balancing algorithm is that it allows traffic to be throttled to ensure that the receiving tool does not become overloaded. If the receiving 10Gbps monitoring tool can only handle 3Gbps of traffic before it saturates, the EndaceAccess system ensures it never receives more than 3Gbps of traffic.

EndaceAccess visibility headend

Deployment scenarios

EndaceAccess Head-Ends can be deployed in a number of ways to meet the differing needs of organizations. They can:

  • Feed 10Gbps-capable tools with network traffic captured off 100GbE or 40GbE links
  • Be used in conjunction with a network packet broker appliance to feed multiple 10Gbps-capable tools with network traffic
  • Be used to feed one or more EndaceProbes - to deliver 100% accurate network recording at full 100Gbps line rate. Note: EndaceProbes can also natively access 40Gbps links.

Deployment and management

An EndaceAccess Headend typically sits at the top of the rack and feeds multiple appliances in the rack below it. Each of the appliances in the rack sees a discrete 10Gbps output feed (or multiple 10Gbs feeds) from the originating 100GbE or 40GbE link.

The number of appliances required to consume the traffic depends on how much traffic there is and the real throughput performance of the appliances being used. With 20Gbps of traffic in each direction and an appliance that's capable of handling 5Gbps of bi-directional traffic, four appliances will be needed.

EndaceAccess Head-Ends support CLI and web configuration interfaces, as well as providing support for SNMPv3 status and statistics. A full range of statistics can be extracted. They can also be managed via EndaceCMS™ Central Management Server which provides centralized management for all the connected Endace appliances - such as EndaceFlow™ NetFlow Generators, EndaceProbes and EndaceAccess Head-Ends.

EndaceAccess Head-Ends are highly resilient with redundant power supplies, fully redundant SSD-based system disks and can be upgraded without impacting packet processing.

Intelligent Network Recording at 100G

For many organizations, the transition to 100GbE prompts a complete reevaluation of their monitoring strategy. Although the ability to see a 100GbE link as multiple 10GbE links solves the basic problem, it is not perfect because engineers ideally want to see the link as a single"rolled-up" entity, and this is beyond the capability of most of today's 10GbE tools.

However, using EndaceProbes and EndaceVision, organizations can create a single, rolled-up view of a 40GbE or 100GbE network segment. That enables them to visualize, search and retrieve network traffic across an entire monitoring and recording fabric of EndaceProbes - including the traffic on 40GbE and 100GbE links.