It is exciting to witness rapid customer adoption of Big Monitoring Fabric (Big Mon)—the next-generation network packet broker (NPB)—for data center wide monitoring and security. Big Mon has leveraged software-defined networking (SDN) enabled fabric design and open Ethernet switches to deliver unique next-gen innovations compared to legacy NPB boxes, such as scale-out architecture, zero-touch operations, programmatic operations and high performance services in addition to traditional NPB packet functions. Customers are now inquiring how Big Mon can support their emerging needs to monitor cloud-native applications, such as containers and public cloud workloads. Today, we are pleased to demonstrate Big Mon’s ability to dynamically monitor any workload (bare-metal, VM, container) anywhere (on-premise or in public cloud). Big Mon leverages programmatic operations with workload orchestration system to enable on-demand monitoring of workload traffic. Our approach is in contrast with legacy NPB vendors’ proprietary “monitoring” VM appliances, which are intrusive, impacts server performance and adds substantial cost due to per server pricing model.

 
Dynamic Virtual Machine (VM) Monitoring

Big Mon provides a flexible, SDN-programmable visibility infrastructure for monitoring VMware SDDC as well as OpenStack cloud environments. It supports two deployment modes for intra-server and inter-server VM-to-VM traffic monitoring:  

  • Continuous monitoring of VM traffic: Hypervisor virtual switches can be configured to granularly SPAN VM-to-VM traffic leveraging built-in vSwitch traffic filters. The SPAN traffic is aggregated and processed by the Big Mon fabric as per monitoring policy and then sent to the associated monitoring tools.  This mode is useful for continuous VM traffic monitoring.

  • Dynamic monitoring of VM traffic: With programmatic operations across Big Mon controller and VMware vSphere, an on-demand SPAN session can be created for enabling VM-to-VM visibility. This mode is useful for immediate troubleshooting of VM performance or connectivity issues. 

For VMware SDDC, Big Mon leverages VMware vSphere APIs to dynamically SPAN VM traffic. Intra-server and Inter-server VM traffic belonging to vSphere, NSX, and vSAN can be monitored.

Demonstration of dynamic VM-to-VM monitoring here.

Big Mon’s API-driven approach is in contrast with the legacy “monitoring VM” alternative, which is intrusive, costly and performance impacting. The legacy alternative requires careful coordination between virtualization and network admins during deployment, troubleshooting, HA, as well as SW upgrades – thus significantly reducing operational agility. An additional VM for monitoring has its own per-server CapEx cost, plus it robs CPU cycles from application VMs thus driving overall CapEx cost even higher.

 

Container Monitoring

Containers are a new atomic unit of computing that is ideal for emerging cloud-native, distributed applications. Data center operators are evaluating various container technologies, including Docker, Kubernetes, Mesosphere and Red Hat OpenShift.  Containers offer a layer of compute abstraction—like virtual machines—but are lightweight, have much higher density and tend to have a much shorter lifecycle. This highly distributed container-based application deployment leads to tremendous increase in east-west traffic compared to monolithic applications.

To provide container-centric visibility, Big Mon architecture supports both deployment models:

  • containers embedded in VMs

  • containers on bare-metal Linux hosts

It enables container visibility in VMware vSphere as well as Linux KVM environments.  

Watch our Demonstration of container traffic monitoring within vSphere VM is here.


 

Public Cloud Monitoring

As application developers leverage public cloud resources – such as AWS and Microsoft Azure – to develop and run applications, IT organizations need to ensure compliance and security policies are extended to public cloud workloads.  In AWS, for example, a multi-tier application can run in an isolated Virtual Private Cloud (VPC), lacking any traffic monitoring capability.  
 

Big Mon extends its logical monitoring fabric to public cloud environments.  It supports two deployment models:

  • Single Big Mon for unified traffic visibility of both on-premise and public cloud applications (as shown in the diagram)

  • Self-contained Big Mon in public cloud for independent (isolated) visibility environments

 

Big Mon also allows a flexible tool deployment model where existing on-premise centralized tool farms can continue to be used for public cloud traffic. Additionally, some monitoring tools can also be placed in the public cloud.

Watch our Demonstration of self-contained monitoring in public cloud here.

 

 
In only 3 years, Big Monitoring Fabric, the next-generation NPB, has not only achieved feature parity with legacy NPB, but has also offered simplicity, programmability, hardware vendor choice and attractive economics.
 

Additionally, Big Mon is breaking-away on the innovations front with two additional announcements:

  • BigSecure Architecture – enables, in partnership with best-of-breed security tool providers, dynamic cyber-defense with Terabit-scale attack mitigation to combat intensified thread landscape

  • Big Mon Release 6.0 (currently in beta)

    • delivers performance leadership with 160G service node, with multi-node clustering capability to achieve multi-Terabit scale

    • adds NetFlow generation, header de-capsulation and packet masking services (in addition to de-duplication, packet slicing and regex/DPI filtering)

    • provides deep visibility and telemetry with Analytics 2.0, including real-time / historic dashboards for top users, top apps, triggers and custom reports

 

It’s easy to test drive next-generation NPB with Big Mon online labs.

 

Prashant Gandhi

VP and Chief Product Officer