PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a fortune on hardware that does not scale? - David Murray
•
1 like•98 views
Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a fortune on hardware that does not scale? - David Murray
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (15)
Similar to PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a fortune on hardware that does not scale? - David Murray
Similar to PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a fortune on hardware that does not scale? - David Murray (20)
Recently uploaded
Recently uploaded (20)
PLNOG15: Network Monitoring&Data Analytics at 10/40/100GE speeds. Why spend a fortune on hardware that does not scale? - David Murray
- 1. Redefining Tap Aggregation Redefining TAP Aggregation Architecture PLNOG15, 28th September 2015 David Murray, Systems Engineer EMEA dm@arista.com
- 2. Redefining Tap Aggregation Environmental Dynamism Impact of Outage Distribution/ Complexity of Workflow Interface Utilization # Applications Per Server Threat Complexity Regulatory Requirements Network monitoring used to be simple.. • Simple networks with few paths • Low speed, low utilization links • Solitary applications • Static environments • Few interdependencies • Limited regulation Data centers don’t look like this anymore:
- 3. Redefining Tap Aggregation Environmental Dynamism Impact of Outage Distribution/ Complexity of Workflow Interface Utilization # Applications Per Server Threat Complexity Regulatory Requirements RIP PCI MITA CALEA MiFID HIPAA 💀 💀 💀 💀 💀 💀 💀 💀 💀 📷 🐦 🎮 💻 📂 🎶 ⛅ ⛅ ⛅ Multi-dimensional complexity introduces new challenges: • Convergence • Consolidation • Virtualization • Workload Mobility • Heterogeneous Workloads • Distributed Applications • Transient/Short Lived Applications • Increasing Regulation and Recording Modern, scalable facilities are complex to monitor
- 4. Redefining Tap Aggregation “Hey Dave, its Bob from the server team” “Hi this is Dave in network support, how can I help?” “I’m having some problems with vMotion I’ve had a ton of failures this morning – it must be the network” “How’s it going Bob? What can I do for you?” “Let me check my SNMP statistics ….. Well, the 5 minute moving average utilization looks good everywhere and I can ping all the ESX hosts” “Huh? What good is 5 minutes? Is there anything we can do to look into it?” “It looks good just now, let me hook up a sniffer and let me know if it happens again.” <Click> Unfortunately this is still a common story…
- 5. Redefining Tap Aggregation How do we get from this ….
- 6. Redefining Tap Aggregation To this ..
- 7. Redefining Tap Aggregation Reactive Single Point Monitoring Monitoring Infrastructure Costs • Needle? How do we monitor today?
- 8. Redefining Tap Aggregation Flow feed Reactive Single Point Monitoring Coarse Network Flow Analysis Monitoring Infrastructure Costs • High Level Wide Overview • Low Startup Costs • No Deep Analysis • Needle? How do we monitor today?
- 9. Redefining Tap Aggregation Flow feed Reactive Single Point Monitoring Coarse Network Flow Analysis Full Out-of-Band Environment • MaximumVisibility • Very High Cap/OpEx • Proprietary/Closed Environment • High Level Wide Overview • Low Startup Costs • No Deep Analysis • Needle? How do we monitor today? Monitoring Infrastructure Costs
- 10. Redefining Tap Aggregation *aka Matrix Switching, Network Packet Brokers, Aggregation Taps Mirror Port Mirror Port Mirror Port TAP PortTAP Port Monitoring Application(s) Aggregation platform Filtered Traffic Sources ($) Optical/Electrical Taps Mirror Ports Aggregators ($$$) Consolidate, filters and steer traffic towards the tool farm Tools ($$$) APM, Packet Capture, Capacity Planning, Threat Detection, Risk Analysis, etc. So what is TAP Aggregation* ?
- 11. Redefining Tap Aggregation Proprietary Solutions at Proprietary Price Points Products can be an order of magnitude more expensive than the networks they monitor Complex and Expensive Per Feature, Per Port Licensing Complex portfolios and per-port feature licenses obstruct getting the job done Independent Procurement, Logistics and Support Chain Multiple platforms, inconsistent UI, multiple hardware architectures, complex codebase Limited Usability and Lifetime Single use case, feature specific platforms Limited investment protection Disproportionately High Entry Cost Limits the ability to deploy a single solution across the infrastructure What is wrong with this picture?
- 12. Redefining Tap Aggregation “Hey Bob, its Dave in networks” “Hi this is Bob in the server team, how can I help?” “I just called to let you know that the network was slow this morning and you might have had trouble with some vMotion” “How’s it going Dave? I’m a little tied up, is it urgent?” “Let me check the logs, I’ve been looking into a major e-mail outage” “Yeah, it looks like at 9:12am somebody tried a major migration across pods – it looks like the e-mail servers… <Click> So how do we get to this point?
- 13. Redefining Tap Aggregation Introduce Commodity Economics Effective monitoring requires universal deployment – avoid proprietary hardware Simplify Upgrades and Licensing Complex portfolios and per-port feature licenses obstruct getting the job done Make High-End Features Universal Consistent capabilities ensure there are no poor relations Minimize Operational Overhead Universal OS, API and FRUs Maximize Usability Minimal learning curve to make it easy to get the most out of the platform Key requirements to open up visibility
- 14. Redefining Tap Aggregation TAP Aggregation the Arista way TAP/Mirror Aggregation for 100M – 100G Traffic Filtering, Slicing, Load balancing and Steering Precision Hardware Time-stamping and PTP Microburst Detection, Analysis and Capture Integrated Flow Analysis Open RESTful APIs, Industry Standard CLI Common Equipment with all Arista 1RUs *Full Feature Data Centre Switch Tool FarmSources
- 15. Redefining Tap Aggregation Aggregation is just one component ….
- 16. Redefining Tap Aggregation Event Monitor & Database • Automatically track all events for 3 forwarding data structures: MAC,ARP and Route table • When did the ARP entry last refresh? • When did the route change? • When was the last OSPF hello received? • Data at your fingertips: • Get to the root cause when quickly and easily • SQLite files with pre-allocated disk space • DB structure - query through thousands of events switch# show event-‐monitor mac match-‐time last-‐hour 2013-‐07-‐14 12:19:57|100|00:0f:53:0d:62:84|||removed|666 2013-‐07-‐14 12:26:30|100|ec:46:70:00:33:e4|Ethernet22|learnedDynamicMac|added|668 2013-‐07-‐14 12:34:57|100|ec:46:70:00:33:e4|||removed|669 switch# show event-‐monitor arp match-‐time last-‐day 2013-‐07-‐13 13:29:03|192.168.1.101|Management1|68:96:7b:27:1d:e9|0|added|43 2013-‐07-‐13 16:06:08|192.168.1.253|Management1|||removed|44 switch# show event-‐monitor route match-‐time last-‐week 2013-‐07-‐08 09:21:56|1.1.1.1/32|receive|1|0|added|0 2013-‐07-‐08 09:21:56|127.0.0.1/32|connected|1|0|added|1 2013-‐07-‐08 09:21:56|172.168.1.1/32|receive|1|0|added|2 MAC Table ARP Table Route Table SQLite files store events Mroute Table IGMP snooping Table
- 17. Redefining Tap Aggregation EOS Data Analysis puts the power in your hands Application Performance Threat Detection Compliance Fault Analysis Forensics
- 18. Redefining Tap Aggregation Burst analysis sFlow feed Integrated Fine and Coarse Monitoring • Fully Integrated TrafficVisibility In DC Leaf and Spine Redefining monitoring and aggregation
- 19. Redefining Tap Aggregation Burst analysis Tap Aggregation sFlow feed Burst analysis sFlow feed Integrated Fine and Coarse Monitoring Combined Infrastructure & Aggregation • DC Leaf and Spine with: • Integrated Aggregation • Timing, Filtering, Slicing and Load balancing • Fully Integrated TrafficVisibility In DC Leaf and Spine Redefining monitoring and aggregation
- 20. Redefining Tap Aggregation Burst analysis Tap Aggregation sFlow feed Burst analysis sFlow feed Integrated Fine and Coarse Monitoring Combined Infrastructure & Aggregation Full Out-of-Band Environment Monitoring Infrastructure Costs • Full feature Tap Aggregation • Open, extensible environment • Common equipment with DC • Ethernet economics • DC Leaf and Spine with: • Integrated Aggregation • Timing, Filtering, Slicing and Load balancing • Fully Integrated TrafficVisibility In DC Leaf and Spine Redefining monitoring and aggregation
- 21. Redefining Tap Aggregation Application Performance Management Compliance Capacity Planning Microburst Detection and Analysis Intrusion Detection Security / Threat Management Lawful Interception Traffic Recording Government Finance Service Providers Web 2.0, Cloud and Data Center Education Healthcare Innovations that unlock visibility in all verticals
- 22. Redefining Tap Aggregation Extensive partner and open eco system
- 23. Redefining Tap Aggregation Introduce Commodity Economics Ethernet economics and common hardware enable universal monitor Simplify Upgrades and Licensing Multi-speed 100M-100G with no forklift or license Make High-End Features Universal Single device-wide license for all features Incremental implementation Minimize Operational Overhead Common equipment, OS, APIs, CLI, Support infrastructure and logistics Maximize Usability Straightforward path from in-band to full visibility infrastructure in a single product family Arista: Redefining network visibility
- 24. Redefining Tap Aggregation Arista 1/10/40/100GbE Tap Aggregation Platforms • 2 x 100GbE in 1RU • 64 x 10GbE SFP+ • Triple Speed MXP – 10/40/100GbE 7280SE-72 • 4 or 8-slot modular chassis • 1152 x 10GbE in 11RU • 288 x 40GbE • 96 x 100GbE 7500E 7280SE-68 • Quad-speed 100M/1/10/40G ports • Up to 64 x 10GbE in 1RU7150S