Complexity in data centers has grown exponentially with the introduction of new technologies to scale IT infrastructure to keep pace with business demands. This dynamic has caused IT departments to seek out new tools to help manage and secure complex IT environments in modern data centers.
The broad adoption of these tools has created new, arduous challenges, including the difficulty of managing various network connections and monitoring specific traffic flows at scale. Leading-edge IT organizations have started adopting software-based network packet broker (NPB) solutions to solve these complex IT challenges with increased agility and flexibility.
Over the past few years, network packet brokers have been used to simplify the deployment and ongoing management of network monitoring and security products. NPBs sit between the network infrastructure and tools layer, and they deliver specific flows to tools based on user-defined policies. This “brokering” function helps IT departments support more tools, as well as reduce operational complexity and cost.
+ Also on Network World: Infrastructure monitoring: Turn data into knowledge and minimize slowdowns +
As the IT environment continues to become more dynamic, it raises the question as to when an organization needs to modernize its monitoring solution. Traditional NPBs are stand-alone appliances that are priced at a premium and not operationally agile. Once a chassis-based NPB’s ports are consumed, an entire new large chassis is required for additional workloads, regardless of the actual additional monitoring capacity needs.
Consider the shift that network infrastructure went through. Data centers were built on large, monolithic chassis, but recently they have given way to more scale-out, agile software-defined networks. One could argue that as networks evolve, so should the supporting infrastructure, such as NPBs.
This is the thesis behind Big Switch Networks’ next-generation NPB, Big Monitoring Fabric. The graphic below compares a traditional chassis NPB from Gigamon with Big Switch’s fabric based approach. The Big Switch solution can be thought of as an agile, scale-out monitoring fabric deployed on a merchant-silicon-based high-performance switch and Intel DPDK x86 service node architecture that is easier to manage and scale NPB functionality. Additionally, Big Monitoring Fabric has now surpassed feature parity with most traditional NPBs.
Source: Big Switch
The actual physical fabric is several interconnected Ethernet nodes capable of running at 1, 10, 40 or 100 Gig speeds. The SDN-based inline fabric can be deployed at the data center edge to support internal tools or at the DMZ for inline security policy and service chain insertion. The network is managed by the Big Monitoring Fabric (Big Mon) SDN controller to enable programmatic operations through RESTful APIs for dynamic, multi-system operations, dynamic load balancing of tools and service chain configuration.
The traffic collected from the top of rack switches that make up the SDN fabric is directed to the high-performance (40G to 160G) Big Mon DPDK x86 Service Node. This is deployed centrally and administered through the SDN controller for deep packet and flow inspection and the management of white lists or black lists for filtering purposes. Advanced services such as de-duplication and packet slicing can also be instantiated on the service node. The SDN controller additionally interfaces with an in-built analytics engine that aggregates the data and looks for insights to improve network performance or anomalies that may indicate a security breach.
Big Switch launched its NPB fabric more than three years ago, but it has taken a series of subsequent product releases to catch up with the same range of features as the traditional NPB players. The 6.0 release of Big Mon has closed the feature gap. The release introduces key capabilities, such as NetFlow generation, packet masking and header de-encapsulation, as well as some predefined analytics, such as top applications, top users and triggers. The Big Switch fabric lets customers monitor any workload regardless of whether it is deployed on bare metal, in a virtual machine or container, or in the public cloud.
What you can do with Big Switch’s solution
The following examples highlight the flexibility of the solution:
vSphere virtual machine monitoring
The challenge with monitoring vSphere traffic is that much of the traffic stays either inside a host or a vSwitch, so it’s never sent to an NPB to be forwarded to tools. Typically, this could be solved through a separate monitoring VM, but that solution is CPU-intensive, creates operational complexity across networking and virtualization teams, and adds incremental cost. Using API interactions with vSphere, Big Switch solution can direct VM-to-VM traffic to the Big Mon fabric and then passed to various visibility and security tools. The below video provides more detail on Dynamic Monitoring of VMware vSphere Workloads.
Docker container monitoring
Containers are a promising new entrant to the IT environment and are the ultimate in agile infrastructure. One organization I talked to uses containers for the build process of their application, which runs in just a few minutes. The challenge is that container-to-container traffic poses a similar problem as VM traffic, as the data stream never leaves the switch or the host. Similar to its VM solution, Big Switch can be programmed to direct container traffic to tools, regardless of whether the containers are running in a VM or on bare metal. More detail on Container Traffic Monitoring can be found in the below video.
Public cloud monitoring
There are two ways of leveraging the Big Switch fabric. A single Big Mon Controller can be used to monitor the on-premise and cloud traffic through a VPN gateway, effectively creating a monitoring solution for a hybrid cloud. Alternatively, a Controller could be deployed in an Amazon Web Services VPC for independent monitoring. In either model, once the traffic is sent back to the data center, it can be processed and directed to the tools. The below video provides more detail on Public Cloud Traffic Visibility.
Some organizations I’ve talked to have been conservative with data center modernization, as deploying and managing monitoring and security for the network is thought to be complex and time consuming. However, Big Switch’s Big Monitoring Fabric can operate in any environment regardless of vendor, including traditional switching, virtual, container and public cloud environments.
The scalability and agility enabled with Big Monitoring Fabric allows IT departments to operate and innovate faster, which means faster rollouts of services and applications and more immediate responses to security incidents. Big Monitoring Fabric is an easy way to get started with SDN and data center modernization.