Big Tap is a unified network monitoring application that runs on Big Network Controller, a platform for Open Software-Defined Networking (SDN). Big Tap provides continuous and ubiquitous network visibility to network operators seeking to implement cost-effective and flexible network monitoring. Big Tap delivers monitoring functions to your Open SDN, increasing the utility of security tools, monitoring tools, and network packet brokers. Big Tap provides unprecedented visibility into application traffic, getting the right traffic to the right tool at the right time without requiring additional aggregation appliances or manual configuration of Switched Port Analyzer (SPAN) ports and network taps.
A monitoring network with Big Tap and Big Network Controller
- Ubiquitous and continuous network monitoring
- Optimizes the utility of security monitoring and NPM appliances
- Filters and directs traffic to meet analytical tool needs
- Exploits Ethernet switching cost efficiency & performance scalability
- Eliminates network TAP sprawl & expense
- A first SDN application for your network
Traditional Network Monitoring Challenges
Traffic monitoring can be a powerful tool in all networked environments—campus, data center, ISP POPs, Internet core—to address a variety of needs, including performance monitoring, troubleshooting, data recording, auditing, compliance, and security monitoring. While network traffic monitoring is a powerful tool, it is underutilized in the average network due to the excessive cost and inflexibility of conventional monitoring architectures.
In a traditional networking monitoring deployment, monitoring appliances must be directly connected to each network tap or SPAN port. If network operators want to create network-wide visibility, they must either manually connect target network segments to the monitoring appliances or purchase and deploy expensive security and monitoring appliances at each network segment. As a result, only a small segment of network traffic is typically available to network security and monitoring tools. The relatively inflexible and expensive nature of networking monitoring and network taps imposes undesirable limitations on how, when, and where network traffic can be inspected. To complicate things further, the migration of networks from 1Gbps to 10Gbps to 40Gbps creates further scalability challenges for the monitoring and security appliances trying to ingest data at these rates.
The Solution: Big Tap
Big Tap leverages the flexibility and programmability of the Open SDN architecture to overlay network monitoring functions on top of high-performance Ethernet switches and to extend ubiquitous network traffic visibility to all security and monitoring appliances.
Network Monitoring with Enterprise Wide Network Visibility
Big Tap can transform OpenFlow-enabled, high performance Ethernet switches into aggregation devices and work with network packet brokers (NPBs) to filter and selectively forward network traffic to security and monitoring appliances. Big Tap enhances the functionality of each network security and monitoring appliance by dynamically extending its functionality to any traffic flow within the network fabric. Utilizing OpenFlow Ethernet switches from ecosystem partners, Big Tap can filter ingress traffic flows from any network tap or SPAN port and forward it to an aggregation, security, or monitoring tool. Big Tap can program OpenFlow switches to filter through terabits of incoming traffic by source / destination address (L2 or L3), filter by protocol to reduce traffic rates to monitoring appliances, and replicate traffic to multiple appliances or numerous other traffic filters. Big Tap delivers the flows of interest to the appropriate aggregation appliance and analysis tools, optimizing tool utilization and increasing the scope, usability, and performance of the entire network monitoring system while dramatically reducing the cost of building monitoring networks.
Ethernet Switching Cost Efficiencies and Performance Scalability
Big Tap utilizes the underlying cost efficiencies of Ethernet switches, and as a result, it is much more cost-effective than other vertically integrated network monitoring solutions. Unlike solutions that rely on dedicated appliances that utilize purpose- built hardware architectures and which often lag increases in switching performance, Big Tap supports line-rate monitoring applications through the use of OpenFlow-enabled 1 Gbps, 10Gbps, and 40 Gbps Ethernet switches.
Big Tap is compatible with OpenFlow switches manufactured by ecosystem partners, including switches based on Switch Light, a thin-switching software platform from Big Switch Networks:
- Switch Light for Broadcom supports switching platforms from the following manufacturers: Accton, Celestica, and Quanta.
- Switch Light for Linux supports the Kernel-based Virtual Machine (KVM) hypervisor on Linux distributions from Canonical and Redhat.
Customers benefit from the high volume, rapid development cycles that have driven the price-to-performance Ethernet curve for many years. As customer networks evolve from 1Gbps, to 10Gbps, to 40Gbps, Big Tap can support the upgrade and replacement cycles as new data plane elements are added to the Open SDN, allowing security and monitoring to scale directly with the network.
Ultimate Deployment Flexibility via Open SDN Ecosystem
Big Tap delivers ultimate deployment flexibility through the ecosystem partnerships enabled by the Open SDN architecture, including support for a number of physical and virtual data plane switches. Big Tap supports a broad range of OpenFlow-enabled physical switches from market-leading vendors, including Arista Networks, Brocade, Dell/Force10, Extreme Networks, Hewlett Packard (HP), International Business Machines (IBM), and Juniper Networks*. And Big Virtual Switch supports all the major hypervisor virtual switches utilized by Citrix Xen, Linux KVM, Microsoft*, and VMware.
Big Tap can scale from a small number of monitored network segments and monitoring devices to hundreds or thousands of segments and devices. A Big Tap deployment can scale up and out just like an Ethernet switch backbone can scale out in a data center. For example, customers can start with a single OpenFlow Ethernet switch to support initial deployments, but can then scale out the Ethernet switch fabric to support a growing number of ingress ports from monitor segments and egress ports to monitoring devices.
Big Tap is one of many potential applications that unlock new customer value through the open and flexible Open SDN architecture. Big Tap increases monitoring agility and efficiency, while dramatically reducing operating expenses.
*Support available in pre-production code, and not yet in general available code. General availability of these platforms in 2013.