Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Improving performance and security with a visibility plane in virtual network infrastructures

Andrew Harding, Vice President of Products, VSS Monitoring | Nov. 7, 2014
SDN promises numerous benefits, but adding layers of network abstraction comes at a cost: visibility into the traffic traversing the links at the physical layer.

Because virtualized networks exist as an adjunct to or overlay on a physical network, it is also important to provide physical Link Layer visibility, especially for performance management and security tools. These needs are handled by NPBs very well today, and this same requirement will continue to exist with both SDN and NFV.

NPB as a Virtual Network Function

As to the second question about somehow virtualizing NPB functionality itself, the Open Networking Foundation (ONF) announced a Sample Tap application in March 2014, and OpenFlow version 1.4 already includes a use case for configuring switches with an NPB-like functionality.

The ONF acknowledges that its Sample Tap is not meant to function in a production network, but is instead intended to be a teaching tool to help programmers gain experience with OpenFlow and Open Daylight. What is being virtualized as a part of this exercise is the NPB's configuration and control, while the actual real-time, line-rate copying and forwarding of the traffic could be handled by either a purpose-built NPB or a stripped-down NPB running in "white box" hardware.

Vendors and some users, especially at carriers and large enterprises, need to consider whether building their own monitoring systems is really more cost-effective. Implementing a sample application is a far cry from developing a matrix switch or adopting a commodity switch platform for use in production networks--especially those operating at 40Gbps or 100Gbps.

For now, switch-based monitoring systems have limitations and require significant operational changes to be deployed. Switch-based systems require NPBs to support precise time-stamping or advanced functionality, such as flow-aware load-balancing and optimization. These features are essential to enabling 1/10 Gbps tools to function effectively in 40/100 Gbps networks. Even as switch performance improves, matrix switches will continue to operate in separate hardware to keep all of the monitoring traffic out-of-band from the production network.

Organizations might capture more traffic directly from virtual hosts by utilizing a two-tier deployment where a basic virtual visibility tier aggregates ports and forwards traffic to an advanced tier that provides more in-depth visibility, sophisticated traffic grooming and/or higher performance.

At the same time, both switch-based monitoring systems and purpose-built NPBs will become increasingly open, going beyond working with SDN protocols and network virtualization labels, and exposing their own APIs. The reason for such tiering, despite the popular belief to the contrary with such an architecture, is that purpose-built NPBs are more cost-effective because they do not require the addition of software development staff or require that network architectures be abandoned in favor of something new, but not necessarily something more efficient.

In conclusion, it is clear that network solutions need to accommodate the migration to SDN and NFV as a means to lower capital and operational expenditures. During the migration, new approaches need to drive performance and cost-effectiveness without shifting those expenditures to software development teams, and without requiring costly new operating models, or the deployment of new hardware and software that merely duplicates a portion of the visibility plane.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.