Splunk for Networking and SDN

Copyright 2013 Splunk Inc. Splunk for Networking and SDN Stela Udovicic Senior Product Marke?ng Manager, Splunk #splunkconf

Legal No?ces During the course of this presenta?on, we may make forward- looking statements regarding future events or the expected performance of the company. We cau?on you that such statements reflect our current expecta?ons and es?mates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward- looking statements, please review our filings with the SEC. The forward- looking statements made in this presenta?on are being made as of the?me and date of its live presenta?on. If reviewed aser its live presenta?on, this presenta?on may not contain current or accurate informa?on. We do not assume any obliga?on to update any forward- looking statements we may make. In addi?on, any informa?on about our roadmap outlines our general product direc?on and is subject to change at any?me without no?ce. It is for informa?onal purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obliga?on either to develop the features or func?onality described or to include any such feature or func?onality in a future release. Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respeccve owners. 2013 Splunk Inc. All rights reserved. 2

Agenda! Intro! Network Monitoring with Splunk Enterprise! Challenges: Why SDN?! Splunk Enterprise for SDN! Customer Use Cases 3

About Me! Stela Udovicic: Sr. Product Marke?ng Manager, Solu?ons Marke?ng! Responsible for: IT Opera?ons use cases Networking, storage, *nix! Over 15 years networking experience with variety of technologies 4

Network Monitoring Aspects with Splunk Enterprise

Networks Generate Tons of Data Offload search load to Splunk Search Heads Auto load- balanced forwarding to as many Splunk Indexers as you need to index terabytes/day Mobile Apps Data Center 6

Network Monitoring Aspects! Splunk Enterprise analyzes, trends and correlates any text based machine data from networking elements with other technology?ers Syslog (faults, errors,etc.) Performance metrics Access audits (AAA, etc.) Security events (APT, DDoS etc.)! SNMP polling and traps! Traffic flow analy?cs: NetFlow, sflow, IPFIX, etc.! Load balancer visibility (F5, Citrix NetScaler): Splunk Enterprise provides applica?on level visibility ê Security ê Opera?ons 7

SNMP in Splunk Enterprise! Simple Network Management Protocol (SNMP) widely supported by networking vendors! Splunk SNMP Modular Inputs SNMP polling and traps! Splunk analy?cs or integrated with other NMS tools! Splunk Enterprise reports on, trends, and correlates SNMP data with machine data from other technology?ers such as applica?ons, etc. Managed Elements SNMP Traps SNMP Agent SNMP Polling NMS MIB MIB MIB 8

Why NetFlow in Splunk Enterprise? (sflow,, IPFIX, etc.) Traffic Engineering Capacity Planning Security Analysis IP Accoun=ng and Usage- based Billing Applica=on, Users, SLA Monitoring Troubleshoo=ng 9

Network Visibility: Splunk Enterprise Plus NetFlow Logic Applica?on and Network Monitor App! Fast real-?me NetFlow data conversion into syslog with rules and consolida?on! Correlate NetFlow ac?vity with other machine data! Packaged NetFlow based solu?ons for security and network monitoring! Deployed in NASA Advanced Supercompu?ng Group for network monitoring and tracking the roll- out to IPv6 Ac?onable intelligence from routers and switches 10

Network Mapping and Monitoring: InterMapper App for Splunk Enterprise! Live and and real-?me view network behavior to op?mize performance and avoid bollenecks! Correlate InterMapper data with machine data from other technologies for end- to- end visibility into infrastructure! Combine easy drill- downs from network map with search and repor?ng for increasing opera?onal insight and saving improving MTTR 11

Challenges: Why SDN?

Challenges: Tradi?onal Network Configura?on! Complex, closed, proprietary! Features such as rou?ng, VPNs, etc., implemented in millions of lines of code! Proprietary packet forwarding ICs Long deployment cycles Increased power consump?on Expensive Networking Element Features Vendor OS Networking Element Features Vendor OS Networking Element Features Vendor OS 13

Why SoSware- Defined Network?! Changing traffic palerns in datacenters from north- south to east- west Server and storage virtualiza?on Automa?on (rapid provisioning of networking resources) Elas?city! Scaling issues with tradi?onal resources driven by rapid rise in applica?on traffic and virtual machines mobility 14

SoSware- Defined Network Compute Applica?on Delivery Security Storage Wan Op?miza?on Services Network Virtualiza?on Wan Traffic Engineering Service Chaining (CSP) WAN Path Resiliency Other Applica?ons SDN Controller (Network Abstrac?on, Policy Mapping, Topology Database) Applica?ons APIs Device Control Protocol Networking Element (NE) (Physical/Virtual) NE NE NE 15

Splunk for SDN

Splunk Enterprise Play in SDN Real- =me Visibility Into Dynamic Traffic Flows Op=mizing Networking Resources for Applica=on Needs Correla=on Across Technology Silos Virtual, Physical, etc. 17

Real-?me Visibility Into Dynamic Flows Services Applica?ons Compute Applica?on Performance Security Network Virtualiza?on Wan Traffic Engineering Service Chaining(CSP) API Storage Wan Op?miza?on WAN Path Resiliency Other Applica?ons SDN Controller (Network Abstrac?on, Policy Mapping, Topology Database) Host at HQ If match, forward to port A & port B Port A NE 3 Port B Networking Element (NE) 1 (Physical or Virtual) NE 2 18

Op?mized Network for Applica?on Needs Services Applica?ons API Compute Applica?on Performance Security Network Virtualiza?on Wan Traffic Engineering Service Chaining(CSP) Storage Wan Op?miza?on WAN Path Resiliency Other Applica?ons SDN Controller (Network Abstrac?on, Policy Mapping, Topology Database) NE2 NE1 NE3 19

Splunk for Arista: Network Telemetry! Splunk for Arista switches powers network telemetry and eliminates the need for an external traffic analyzer! Virtual Networks Analy?cs Module for real-?me visibility into dynamic traffic flows! Data center infrastructure cost savings through reduc?on in number of taps and span ports 20

Network Telemetry: Virtual Network Analysis! Splunk Enterprise enables real-?me visibility into traffic samples! Layer 2 through Layer 7 headers and payload decoded! Splunk searches can be based on any of L2- L7 fields A sampled packet decoded into L2, L3, L4 and L5- L7 headers (if they exist). Another sampled packet 21

Virtual NAM: Who are the Top Talkers in a VLAN? 22

Virtual NAM: Where is My Traffic Going? 23

Customer Use Cases

Network Monitoring at WorldPay U?lizing Splunk, the network team is now able to search all firewall logs in a maler of seconds using a consistent, vendor agnos?c, web interface allowing for rapid troubleshoo?ng and problem iden?fica?on. Simon Helson, Telecoms Engineer WorldPay Reduced MTTR & Savings in Engineering Resources! Moved from being reac?ve to proac?ve. Able to iden?fy and remediate the problem before systems go down! MTTR reduced from two days to less than 20s! Engineers able not focus on crea?ve ac?vi?es that bring business value 25

Splunk at Na?onal Wireless Provider: LTE and Backbone Network Monitoring Enterprise Data Center Mobile Apps MME HSS enodeb enodeb RAN RAN Radio Access Network HSS Home Subscriber Server MME Mobile Mobility En?ty S- GW Serving Gateway P- GW Packet Data Network Gateway SGSN Serving GPRS Support Node enodeb/node B Carrier Internet S- GW (Mobile Core) P- GW SGSN Internet Backbone Content Provider 26

Network Monitoring at BT Splunk gives our customer service, NOC staff and network engineers comprehensive real-?me event data for incident response, chronic problem iden?fica?on and op?miza?on BT Plarorm Architect Before Splunk! Network issues went undetected as errors buried in logs! Network monitoring and engineering teams missing access to important event data! Scripts to analyze raw data were slow and difficult With Splunk:! Search terabytes of data for network transac?ons across every component of network stack! Index syslog, SNMP traps, configura?on and NetFlow data! Performance degrada?on detec?on before it impacts services 27

Summary! Splunk Enterprise is an analy?cs plarorm built to scale for real-?me and historical visibility into dynamic traffic palerns! Splunk Enterprise helps you to tailor networking resources to to the needs of applica?ons! Splunk provides cross- opera?onal visibility across complete infrastructure (applica?ons, networking, virtual, security) 28

Next Steps 1 Download the.conf2013 Mobile App If not iphone, ipad or Android, use the Web App 2 Take the survey & WIN A PASS FOR.CONF2014 Or one of these bags! 3 Go to sessions on next slide! 29

Next Steps! Download Splunk at www.splunk.com for free!! Visit our Partner Pavilion to see Splunk and Partner Apps in ac?on!! Come to Far EasTone Telecommunica?ons session: Achieving Customer Intelligence with Splunk ( 10/01/2013 from 4.30:5.30)! Come to Vello Systems session Respond to Your Applica?on! Within 30 min you will have imported demo data, run searches, created reports! Splunk for Infrastructure Monitoring hlp://www.splunk.com/view/infrastructure- monitoring/sp- CAAAHXJ! Download apps and template from: hlp://apps.splunk.com/ Splunk SNMP Modular Inputs Partner networking apps: Vello Systems, NetFlow Logic, InterMapper, ExtraHop, Boundary, etc. 30

THANK YOU