Data Center Network Monitoring with TAPs
Hello All, Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic. How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs. Thanks in advance for any suggestions. Mitch
Ultimately this is one of the things that SDN schemes such as OpenFlow bring a data center for free. Distributed flow statistics collection through OenFlow's extensible infrastructure gives you a huge range of reporting and analysis capabilities, with no taps needed. Every network port is in essence a tap. Here's an interesting paper on one open source OF tool: https://www.nas.ewi.tudelft.nl/people/Fernando/papers/MonitoringOpenFlow.pdf -mel beckman
On Jun 21, 2015, at 9:50 PM, Mitch Howards <hbf9121@hotmail.com> wrote:
Hello All,
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs.
Thanks in advance for any suggestions.
Mitch
On 20 Jun 2015, at 23:06, Mitch Howards wrote:
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
Take a look at flow telemetry options you have for your IDC hardware - a combination of flow telemetry, plus the ability to divert traffic into an instrumented sinkhole for full packet-capture is something to consider. SPAN sessions count against your frames per-second budget; not recommended for serious, high-traffic applications. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
Here's a recent forum thread that discussed the same exact topic. You might find some insight: http://www.reddit.com/r/networking/comments/3aip3p/data_center_network_monit... On Sat, Jun 20, 2015 at 11:06 AM, Mitch Howards <hbf9121@hotmail.com> wrote:
Hello All,
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs.
Thanks in advance for any suggestions.
Mitch
I'm designing the first phase of a datacenter network monitoring project for my company. We are starting with SPAN at access layer and plan to control traffic volume using filtering, slicing, de-dupe, etc. There are instances when we need to do capacity/delay analysis on L2 traffic and Ixia, APCON, Emulex etc. are coming out with flow generators for SPAN/TAP traffic. We may decide to go with TAP in the future as we found a vendor that was willing to implement functionality to allow us to offload flow generation from our access/distribution/core devices by creating templates based on the source device/interface. In essence, to our monitoring tools, netflow traffic will seem as if it is coming from the real device. Best Regards, Kristian J. Francisco On Mon, Jun 22, 2015 at 9:44 AM, Rafael Possamai <rafael@gav.ufsc.br> wrote:
Here's a recent forum thread that discussed the same exact topic. You might find some insight:
http://www.reddit.com/r/networking/comments/3aip3p/data_center_network_monit...
On Sat, Jun 20, 2015 at 11:06 AM, Mitch Howards <hbf9121@hotmail.com> wrote:
Hello All,
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs.
Thanks in advance for any suggestions.
Mitch
Some colleagues wrote up Microsoft DEMon: https://sharkfest.wireshark.org/sharkfest.12/presentations/A-4_Leveraging_Op... -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Kristian Francisco Sent: Saturday, June 27, 2015 9:12 PM To: Rafael Possamai <rafael@gav.ufsc.br> Cc: nanog@nanog.org Subject: Re: Data Center Network Monitoring with TAPs I'm designing the first phase of a datacenter network monitoring project for my company. We are starting with SPAN at access layer and plan to control traffic volume using filtering, slicing, de-dupe, etc. There are instances when we need to do capacity/delay analysis on L2 traffic and Ixia, APCON, Emulex etc. are coming out with flow generators for SPAN/TAP traffic. We may decide to go with TAP in the future as we found a vendor that was willing to implement functionality to allow us to offload flow generation from our access/distribution/core devices by creating templates based on the source device/interface. In essence, to our monitoring tools, netflow traffic will seem as if it is coming from the real device. Best Regards, Kristian J. Francisco On Mon, Jun 22, 2015 at 9:44 AM, Rafael Possamai <rafael@gav.ufsc.br> wrote:
Here's a recent forum thread that discussed the same exact topic. You might find some insight:
http://www.reddit.com/r/networking/comments/3aip3p/data_center_network _monitoring/
On Sat, Jun 20, 2015 at 11:06 AM, Mitch Howards <hbf9121@hotmail.com> wrote:
Hello All,
Was wondering what folks are using to monitor traffic on their networks. Looking into Ixia and APCON devices for dedup and other filtering features as well as passive fiber TAPs to capture the traffic.
How are folks handling TAP'ing large data center networks? TAPs at the "distribution layer" would be the best fit for my network but that would require a ton of passive fiber TAPs for the incoming fibers to the distribution switches. The end goal is to not only capture the north-south traffic on the network but also east-west traffic. It seems more efficient to just use SPANs but there are many limitations using SPANs.
Thanks in advance for any suggestions.
Mitch
participants (6)
-
Jason Sherron
-
Kristian Francisco
-
Mel Beckman
-
Mitch Howards
-
Rafael Possamai
-
Roland Dobbins