next-generation data center solution big switch monitoring fabric · big monitoring fabric - at a...
Post on 10-Jun-2020
8 Views
Preview:
TRANSCRIPT
Next-generationDataCenterSolutionBigSwitchMonitoringFabric
PhilHuang<phil_huang@edge-core.com>SDNSolutionEngineer,OpenNetworkingDivision
2017/01/20,ISAC
AboutMe
2©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
PhilHuang§ Edgecore SDNSolutionEngineer
§ BigSwitchNetworks§ CumulusLinux§ Pica8§ OF-DPA&OpenNetworkLinux
§ON.Lab ONOS/CORDAmbassador§ Speakerdeck
§ pichuang
Agenda
3©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
§WhyBigSwitchNetworks?§WhyBigMonitoringFabric(BMF)?
§ Overview§ Out-of-Band&&Inline
§ Architecture§ UseCases
§ BigSwitchNetworksLabs
WhyBigSwitchNetworks?TheNext-GenerationDataCenterNetworkingCompany
©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com 4
AboutBigSwitchNetworks
5©2016Edgecore Networks.Allrightsreserved|www.edge-core.com
DeliveryHyperscale-styleNetworking/MonitoringToAnyDatacenterDCSwitchingSolution
BigCloudFabric
Integratewith• VMWare• OpenStack
DCSecurityandMonitoringSolution
BigMonitoringFabric
• PervasiveVisibility• DMZSecurity
WhyBigMonitoringFabric?SDNEnabled,UltraLowCostNetworkVisibility
©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com 6
ApplicationPerformanceMonitoring
NetworkPerformanceMonitoring
SecurityMonitoring
CustomerExperienceMonitoring
TrafficAnalytics/Recorders
NetworkMonitoringSolutionLandscape
7©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
LegacyNPBChallenge
8©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
PRODUCTIONNETWORK
Non-optimalMonitoringMonitoringatCoredueto
HighNPBcosts
WanttoMonitordeeper?BuymoreNPBs(&tools)
NPBVISIBILITY TOOLS
NPBVISIBILITY TOOLS
Growingyournetwork?BuyevenmoreNPBs NPB
VISIBILITY TOOLS
Box-by-boxconfig,troubleshooting
(Complex&Expensive)
Limited,siloed networkvisibility
(Suboptimaltoolusage)
Siloed accesstoyourhigh-pricedtools(Suboptimaltoolusage)
TAPS/SPAN
Ports
NPB:NetworkPacketBreaker
Big MonSERVICE NODE
RegexDedupSliceHdr Strip NetFlow*
BigMonitoringFabric- AtAGlance
9
DC / CAMPUS NETWORK ETHERNET SWITCHING FABRIC WITH SERVICE NODES
CENTRALIZED OUT-OF-BAND
TOOL FARMNETWORKPERFMONITORING
APPPERFMONITORING
SECURITYTOOLS
VOIPMONITORING
TRAFFICRECORDERS
CENTRALIZED TOOL FARM
BIG MONITORING FABRIC
CONTROLLERS
1/10/40/100G OPEN ETHERNET SWITCH FABRIC
FILTE
R P
ORT
S
SERVICE PORTS
DEL
IVER
Y P
ORT
S
PRODUCTIONNETWORKAnyVendorAnyTopology
AnyVM
TAP
& S
PAN
PO
RTS
DMZEXTRANET
INLINE TOOLSIPSSSLWebCASBWANDLP
ACL-basedSPAN
3rd Party SERVICE NODE3rd Party SERVICE NODENPB as 3rd Party SERVICE NODE
SSLObfuscate
Centralized,SinglePaneofGlass
Flexible,Scale-outFabric
TAP & SPAN
REMOTEL2-GRE
TAP & SPAN
REMOTEL2-GRE
2 Deployment Options
• Out-of-Band
• Inline
1 Secure Every Rack
3 Service Node Chaining Secure/
Monitor/TAPEveryRack/VM
1
EliminateToolSilos
AdvancedPacketFunctions
InvestmentProtection
3
2 Centralize Tools
4 DMZ / Extranet Security
DMZ/ExtranetSecurityTool
Chaining
4
5 Extend security / monitoring for every location
DMZ/Secure/Monitor/TAPEveryLocation
5
BMFInlineArchitecture
10©2016Edgecore Networks.Allrightsreserved|www.edge-core.com
1/10/40/100G
DMZFirewall
PerimeterFirewall
WebProxyIPSSSLDecryption
InlineToolChainsTrafficDistribution/LoadSharing
BigMonitoringFabricController
TrustedZoneDC/Enterprise/CampusNetwork
UntrustedZoneInternet/ISP
CABS APTProtection
UseCase– DMZ/InlineSecurity
11©2016Edgecore Networks.Allrightsreserved|www.edge-core.com
1/10/40/100G
BigMonitoringFabricController
UntrustedZoneInternet/ISP
TrustedZoneSwitchB
TrustedZoneSwitchA
TrustedZoneSwitchC
A
B
C
IPSPo
ol
FirewallPoo
l
UseCase– ActiveDefenseSystem
12©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
1/10/40/100G
BigMonitoringFabricControllers(HA-enabled)
TrustedZoneCampusNetwork
UntrustedZoneInternet/ISP
Firewall
LogAnalysisIDSIPS
Non-whitelistedDataTrafficWhitelistedDataTrafficSPANControlPlane AlertsAlerts
1.WhitelistedTrafficNotification
2.InvokeBMFControllerRESTAPI3.Auto-programwhitelistrules
ResearchInstitute• Easytouse• Simplifieddeploymentforhandinghigh
performancedatatransfers
BMFOut-of-BandArchitecture
13©2016Edgecore Networks.Allrightsreserved|www.edge-core.com
1/10/40/100GOpenNetworkSwitch
ServicePorts
Filte
rPorts
DeliveryPo
rts
Service Nodes / NPB
TAP/S
PAN
DC/Enterprise/CampusNetwork
VisibilityTools1. NetworkPerformance
Monitoring2. ApplicationPerformance
Monitoring3. SecurityTools4. VoIPMonitoring5. Flow-basedMonitoring
Centralized Tool FarmScale-up/out Network
Switch Fabric with Service Nodes
BigMonitoringFabricController
UseCase– CentralizedToolsandManagement
14©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
BigMonitoringFabricControllers
RemoteLocationMonitoringTroubleshootnetworkproblemsinremotelocationsviacentralizetools
10/40GOpenNetworkSwitch
ServicePorts
Tunn
elPorts
DeliveryPo
rts
L2GRETunnels
Service Nodes / NPB
BuildingA
BuildingX
VisibilityTools
PrimaryDataCenter/NOC
USAdvancedTechnologyProvider
UseCase– PervasiveSecurity
15CentralizedToolFarm
Tier-1USFinancialServicesInstitution• Centralizedtoolfarmfor120racks• Mixof1/10/40GTAPs,SPANsandTools• NPBcostswerereducedbymorethan60%
• Increasingmonitoringnetworkcapacity
BigSwitchNetworksLabHands-OnExperiencewithSDNProducts
©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com 16
BigSwitchLabsLink
17©2016Edgecore Networks.Allrightsreserved|www.edge-core.com
http://labs.bigswitch.com/edgecore
TryDifferentBSNUseCases
18©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com
BigMonitoringFabric§ Inline§ Out-of-Band§ Analytics
BigCloudFabric§ P/P+VEdition§ OpenStackIntegration§ VMWarevCenter§ ProgrammabilityandAutomation
©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com 19
Cumulus®
Linux®
Network OS
©2016EdgecoreNetworks.Allrightsreserved|www.edge-core.com 20
WeareREADY toassistPOCforyou!
©2016Edgecore Networks.Allrightsreserved|www.edge-core.com 21
OpenNetworkingfrom
Freedom
ControlInnovation
©2015Edgecore Networks.Allrightsreserved.Subjecttoerrorsandmisprints.|www.edge-core.com
top related