SDN-based traffic, such as traffic from OpenFlow switches, are now optimized for performance monitoring and enhanced security by this joint solution from IBM SDN Virtual Environments and VSS Monitoring Network Packet Brokers.
Converged Monitoring Fabric for SDN-based Environments, an IBM and VSS Monitoring Solution
1. Converged Monitoring Fabric For
Software Defined Networks
VSS Monitoring NPBs and IBM Software
Defined Network for Virtual Environments
Solution Brief
INDUSTRY
CHALLENGES
The IBM and VSS Monitoring
The open-source nature of SDN systems has made it challenging to deploy because
it requires network engineers to develop new software engineering skills. This has
complicated deployments and limited many projects to “do-it-yourself” or small-scale
instances. Along with the challenge of SDN’s open-source beginnings (as well as
features still in development), monitoring systems leveraging network packet broker
(NPB) capabilities similarly required modifications and qualification to support SDN.
converged monitoring fabric
solution enables large-scale,
cost-effective monitoring for
virtual-host traffic, physical
networks, cloud infrastructure,
and SDNs ensuring
performance and delivering
security for enterprises and
service providers alike.
VSS Monitoring has collaborated with IBM to combine the benefits of SDN and NPBs
in a converged solution that delivers wire-speed operation and fail-safe monitoring,
ensures deterministic delivery of packets to security systems and analytics tools. The
unified controller in the IBM SDN VE solution and VSS Monitoring network packet
brokers provides hardware-accelerated SDN for performance and security monitoring.
INTRODUCING VSS MONITORING NETWORK PACKET BROKERS WITH
HIGHLIGHTS
IBM SOFTWARE DEFINED NETWORK FOR VIRTUAL ENVIRONMENTS
ƒƒ VSS
Monitoring with network packet brokers
Monitoring & IBM
combine the benefits of
SDN and NPBs
ƒƒ Converged
monitoring
fabric delivers wire-speed
operation and fail-safe
monitoring
ƒƒ Combines
purpose-built
NPB performance and
optimization with IBM
Unified OpenFlow
Controller
ƒƒ Leverages
hardwareaccelerated SDN for
monitoring and security
Network packet brokers (NPBs) have emerged over the last several years as a critical
element that enable network and security engineers to operate at the scale of today’s
networks. Without NPBs, the task of ensuring network performance and securing
large-scale networks has become exceptionally difficult. With terabytes of data to sift
through, delivering the right data to the right tools and systems proves difficult. This can
cause time to resolution for many network problems to grow longer and can expose a
network to security risk. Performance tools and security systems need to receive traffic
of interest so they can monitor networks while NPBs ensure that traffic is delivered in
a flexible, cost-effective manner. For both security analysis systems, such as IDS/IPS,
and network visibility tools that manage performance, NPBs provide enablement and
operation efficiency for TAP aggregation, time stamping, packet cleanup, payload
slicing, protocol stripping, and traffic delivery optimization services. Delivering traffic
to these tools is the challenge for network engineers tasked with network troubleshooting
and problem resolution. NPBs address that challenge.
Adopting software-defined networks
As network architectures evolve to include software-defined networks, the need for
network packet brokers increases. Like traditional networks, software defined networks
also require performance management and network security systems due to their
dynamic nature and multi-tenant architectures. As network providers adopt SDN
and take their deployments out of the lab, they are looking to build on their existing
infrastructure to monitor and manage large-scale networks.
2. Converged Monitoring Fabric Using SDN, OpenFlow, and Network Packet Brokers; Solution Brief
Combining SDN with NPB
As workloads become virtualized and distributed, associating
monitoring tools with a single physical port poses problems.
As network performance gains are achieved and speeds
surpass 10Gbps, reaching 40Gbps and even 100Gbps,
monitoring tools and security systems require their traffic
optimization infrastructure, such as load balancing, and
health monitoring systems to keep pace with network speeds
and maintain continuous monitoring. Consistent traffic
forwarding optimization and advanced packet optimization
features require purpose-built equipment to maintain line-rate
performance. By using NPBs to aggregate traffic from SDN
OpenFlow switches, virtual hosts, and traditional networks
in a high performance system and then forwarding that
traffic to monitoring tools over a monitoring fabric, network
operators can maintain network visibility as they roll out new
services. Employing NPBs in combination with monitoring
OpenFlow enabled switches allows enterprises and network
providers to use SDN technologies in combination with NPBs
to facilitate SDN deployments.
As with performance monitoring, traffic delivery can also be
optimized for high-traffic loads. Tasks can be optimized as
networks grow by enabling the ports that egress the SDN
to be captured by an NPB similarly to traditional network
mirrors or TAP ports. Such architectures enable OpenFlowbased SDN systems to share the duty of aggregating and
forwarding traffic with NPBs. The OpenFlow switches can
be programmed by the controller to filter and forward
traffic to specified NPB supported ports. The NPB ports
can provide further filtering, including forwarding specified
traffic of interest to different tools and systems, as well as
optimizing the packet flows with a range of packet services,
such as time stamping, slicing, de-duplication, fragment
reassembly, protocol stripping, encapsulation filtering, and
load balancing. With traditional platforms, these packet
manipulation and modification services are not typically
supported within SDN-based systems, while they are crucial
for both performance management and security deployments.
The combined system supports the best of both worlds and
can be part of an SDN infrastructure that is easier to manage
and deploy without foregoing elements required for successful
monitoring applications.
Converged monitoring fabric:
vMesh and OpenFlow
The VSS Monitoring vMesh architecture provides a powerful
foundation for a monitoring fabric. The vMesh architecture
uses proprietary technology in a high availability management
platform that enables users to build a managed mesh of NPB
systems. This enables complete traffic access and visibility,
including traffic that is forwarded from an OpenFlow switch
within an SDN. Traffic that enters the vMesh network can
be made available to tools and systems on the LAN and
across WAN segments, including private clouds. The VSS
vMesh technology is available on all vBroker, vProtector
Series, Distributed Series, and Finder Series models, which
are managed by VSS Management Center (vMC). Each NPB
functions as a node in a vMesh architecture, allowing users
to design and build global NPB systems for accessing traffic
where each node connects with up to 255 other nodes as
part of the monitoring fabric. Deploying the IBM SDN VE
solution to support OpenFlow switches enables SDN traffic to
be added to this system. In the combined system, traffic from
thousands of ports can be monitored for traditional networks
and virtualized networks. The vMesh architecture supports
auto-discovery and self-configuration to ease management.
If a port or node fails, traffic is automatically redirected to
an open pathway to ensure traffic delivery to the destination
tool or system. In the converged monitoring fabric solution,
adding SDN traffic is as simple as connecting OpenFlow
switches to any NPB that supports vMesh.
VSS Monitoring network packer brokers and the IBM SDN
VE solution combine to deliver a converged monitoring
fabric. This unified system delivers significant flexibility while
maintaining network visibility on physical networks, virtual
networks, and within private cloud infrastructures. In SDN
VE network VSS Monitoring NPBs can deliver increased
performance, visibility, and other advanced services. The
IBM components of the combined system insert an SDN
layer that provides TAP aggregation for virtual hosts and
OpenFlow networks, achieving a high degree of flexibility
that leverages the benefits of the IBM SDN VE solution. For
KVM and VMware virtual networks on existing physical
switches, this enables automated network provisioning and
application deployment, including OpenStack support (via a
Neutron plug-in).
The converged monitoring fabric from VSS Monitoring and
IBM helps network administrators deliver a monitoring network
that scales at the pace of modern data center networks. The
system can operate in conjunction with production SDN
networks or the solution can be deployed as a stand-alone
monitoring network. In a monitoring network deployment,
the OpenFlow switches are used to aggregate and forward
traffic for monitoring purposes only. The monitoring network
3. Converged Monitoring Fabric Using SDN, OpenFlow, and Network Packet Brokers; Solution Brief
application can be deployed incrementally, a few SDN
switches and a few NPBs at a time, and, because the system
operates on copied traffic and not production data, network
managers may use OpenFlow switches in a lower-risk
environment while gaining expertise in SDN. The solution
transforms OpenFlow-enabled switches into aggregation
devices that work with NPBs to filter and selectively forward
network traffic to NPBs, where further brokering services can
be applied. The inbound traffic is filtered on ingress ports
from network TAPs or SPAN ports and forwarded to NPB
nodes within the vMesh. Advanced services can be applied
before the traffic is forwarded to other nodes in the vMesh or
on to security systems and monitoring tools.
IBM SDN VE Reference Architecture with VSS Monitoring Network Packet Brokers
Host
Host
Host
SDN VE VGW
Virtual Network 2
SDN VE EGW
VMs
5000V Virtual Distributed
Switch Controller
VMs
SDN VE Connectivity Service
VMs
SDN VE Management Console
VMs
IBM SDN VE
with OpenFlow
Controller
Virtual Network 1
Distributed vSwitch
5000V VDS
vSwitch
5000V VDS
vSwitch
Distributed vSwitch
IP Underlay NW
VLAN/VNID Mapped NW
Host
Distributed vSwitch
Data Center Physical
IP Network
VMs
VMs
To Network
Ports
(SPAN/TAP)
VSS
Management
Console
TO
Tools
Figure 1: IBM SDN VE with Converged monitoring fabric, NPBs and OpenFlow switches
aggregating and forwarding traffic and NPBs providing advanced services.