Scalable Network Monitoring with SDN-Based Ethernet Fabrics Prashant Gandhi VP, Products & Strategy Big Switch Networks gandhi@bigswitch.com 1
Agenda Trends in Network Monitoring SDN s Role in Network Monitoring Monitoring Fabric based on SDN & Bare-metal switching Customer Use Cases 2
Why Network Monitoring? Physical Workloads Virtual Workloads Monitoring Tools Production Network Net Mon SLA Mon Sec Mon App Mon Data Recorder VOIP Mon Every organization needs to Monitor Enterprises, Service Providers, Public Sector, Cloud 3
Customer Requirements Physical Workloads Virtual Workloads Monitoring Tools Net Mon App Mon Production Network Sec Mon VOIP Mon SLA Mon Data Recorder Bandwidth: 10G, 40G Scale: 100s of Ports Flexibility: Any Tool to Any Tap Multi-tenancy: Multiple IT Teams Cost Optimized: Lower CapEx and OpEx 4
Gen-1: Tap & Tool Silo Tools 1/10GE Network Probe / Recorder 1/10GE Performance Monitoring Appliance Security Appliance Physical & Virtual Workloads Manual Connections Complex Silo operation May 2014 Big Switch Networks (www.bigswitch.com) 5
Gen-2: Limited Tap Aggregation Tools Physical & Virtual Workloads Complex Limited-scope Operation Higher cost : Network Packet Broker 6
Gen-3: SDN-based Monitoring Fabrics SDN Controller 1G/10G/40G SDN-based Ethernet Monitoring Fabric based on Bare-metal Switches 1G/ 10G/ 40G Physical & Virtual Workloads Monitoring Fabric s as Service Nodes Tool Farm 7
SDN s Role in Network Monitoring 8
Learnings from Hyperscale DCs IT at the Speed of Business Add/Modify/Retire Apps Secure, elastic infrastructure Massive Simplification Simple to provision Simple to trouble-shoot Simple to add/remove Programmatic / Automated Dramatic TCO Reduction Reduce CapEx Reduce OpEx 9
Learnings from HyperScale DCs Bare Metal - HW / SW disaggregation - No vendor lock-in - Much lower CapEx SDN - No complex protocols on HW - Massive simplification w/ SDN Controller - Fast speed of change - Much lower OpEx Modern Network Architecture - Application Agility - Operational Simplicity - Lower TCO (and choice) 10
SDN 2.0 Architectural Evolution Accelerate Production-grade SDN and Bare-metal deployments SDN 1.0: Research Automa=on Tool SDN Controller OpenFlow APIs SDN App North- bound APIs SDN 2.0: Produc/on Automa=on Tool North- bound APIs SDN App SDN Controller OpenFlow & Extensions (Thick) NetOS OF Tradi=onal Switch HW Mul=ple SW vendors for a single solu=on OF agent from HW vendor varied implementa=ons Limited access to switch ASIC access & Switch HW Issues: Scalability?, Resiliency?, Support? (Thin) SDN OS Bare Metal Switch HW Switch Light OS SW solu=on from single vendor supportable Full access to switch ASIC and Switch HW Hierarchically implemented Control- Plane Scalable, Resilient same as tradi=onal network 11
Gen-3: SDN-based Monitoring Fabrics SDN Controller 1G/10G/40G Network Monitoring Fabric based on SDN and Bare-metal Switches 1G/ 10G/ 40G Physical & Virtual Workloads Monitoring Fabric s as Service Nodes Tool Farm 12
Big Switch SDN Product Portfolio 1 2 Datacenter Monitoring Fabrics Big Tap Monitoring fabric of bare metal switches for mul=- tenant connec=ons between network taps and tools (1 st produc=on- grade applica=ons for mul=ple customers) Unified P+V Cloud Fabric Datacenter switching and rou=ng fabric using Switch Light OS pswitches and vswitches for secure cloud automa=on (e.g. OpenStack) 13
SDN Example: Monitoring Fabric (Based on SDN and Bare-metal Switches) 14
Gen-3: Monitoring Fabrics Controller 1G/10G/40G 1G/ 10G/ 40G Physical & Virtual Workloads Monitoring Fabric s as Service Nodes Tool Farm 15
Monitoring Fabric: Components Filter Ports (Tap and facing ports) Controller Monitoring Fabric Delivery Ports (Tool facing ports) Controller (SW) Single pane of glass VM or appliance Built-in GUI, CLI, REST Policy management Fabric (forwarding) management Switch control & management Role-based Access Control Trouble-shooting, fault detection Clustering for High Availability Switches Hardware: Bare-metal switch OS: Switch Light No complex protocols Auto installation via ONIE Ports Filter, Service, Delivery 16
Policy Example 1 Controller Tool Farm F1 x D1 Policy P1: Filter Port: F1 Delivery port: D1 Match packets with source ip=10.1.1.x/24 All Packets that do NOT match the rule are DROPPED (filtering opera=on) Production Network Monitoring Fabric s as Service Nodes 17
Policy Example 2 Controller Tool Farm D1 D2 Policy P2: Filter Port: F2 Delivery port: D1, D2, D3 Match packets with source ip=10.1.1.x/24 F2 D3 All packets matching the rule are replicated and sent to the designated tools (as per policy) Production Network Monitoring Fabric s as Service Nodes 18
Service Chaining of s Controller Tool Farm s as Service Nodes for adv. packet processing: Time- stamping De- duplica=on packet slicing Service Chaining: Mul=ple s can be logically chained on a per- policy basis for sophis=cated flow processing Production Network Monitoring Fabric s as Service Nodes 19
Tool Scaling Controller Tool Farm Tool Load- balancing: Scale tool bandwidth Production Network Monitoring Fabric s as Service Nodes 20
Monitoring VM-to-VM Traffic vswitch Enable R vswitch Enable R Physical Network Same Monitoring Fabric is leveraged for monitoring VM-to-VM traffic R- Span Traffic Big Tap Monitoring Fabric Prod Traffic Tools 21
Multi-tenant Operation Monitoring as a Service Self- service monitoring for each group Role- based authoriza=on and privileges Local and/or remote authen=ca=on Tenant- Aware GUI, CLI and REST API TACACS+ Santa Clara, CA USA AprilMay 2014 Big Switch Networks (www.bigswitch.com) 22
Event-Triggered Monitoring Programmatic creation of policies based on an event using REST APIs Normal packet Packet of Interest Controller Invoke REST API of the Monitoring Fabric Wireshark (Capture) Dynamically provision / activate / update the policy Traffic of interest is now replicated to the capture tool too. Snort (IDS) Monitoring Fabric 23
Graphical User Interface (GUI) Highly functional GUI Dashboard Topology System Status Policy Management RBAC for user selfservice workflows. 24
Filter Ports (Tap and facing ports) Monitoring Fabric: Functionality Controller Monitoring Fabric Delivery Ports (Tool facing ports) Rich Feature Set 7-tuple policies (L2 L4) IPv6 support Fine-grain Role-Based Access Control Intelligent Policy Resolution VM-to-VM monitoring Programmatic control Service chaining of s Operational Simplicity Auto-Installation Fabric Management & Programmability Enhanced GUI Workflows Scalable Architecture Tool scaling (via load balancing) Fabric scaling (scale-out) Policy scaling (via optimization) 25
Customer Use Cases 26
Customer Benefits & Use Cases Bandwidth: 10G, 40G Scale: 100s of Ports Flexibility: Any Tool to Any Tap Multi-tenancy: Multiple IT Teams Cost Optimized: Lower CapEx and OpEx Large Web 2.0 Datacenter: Network ops, security and compliance teams all share the same taps LTE Operator: 4G LTE network monitoring for trouble-shooting and compliance Large Hi-Tech Company: Self-service production tapping for software developers Santa Clara, CA USA April-May 2014 Big Switch Networks (www.bigswitch.com) 27
Customer Traction Large-scale deployment of SDN across multiple customers 10+ Customers (Enterprise, Mobile SP, Hyper-Scale) Multi-hundred ports per DC, Multiple DCs Repeat purchases FYI, we just had a the other day. We had a customer facing issue that s been going on for a month. We thought it was an issue with the ISP. Being able to take a capture off the Core device, we were able to prove it was an issue in our own infra. to identify once we had access to the data. - Network Administrator in a Fortune 50 Company 28
Big Switch & Dell Partner to Accelerate SDN Deployments Big Switch SDN solution integrated with Dell s Open Networking Switches Big Switch SDN solutions integrated with Dell s Open Networking Switches Dell is single point of contact for customers Open networking switches Resell of SW Global support and services 29
Thank You! 30