As data center networks transition to modern designs to meet demands of cloud computing, data analytics and 4G/LTE mobile services, the corresponding traffic monitoring networks also need to transition to next-generation designs.  Traffic monitoring is necessary for variety of reasons, including network troubleshooting, network performance monitoring (NPM), application performance monitoring (APM), security monitoring, etc.  Multiple IT teams (NetOps, DevOps, SecOps) deploy tools such as Wireshark, data recorders, intrusion detection, data leakage, and SLA measurements for the purpose of monitoring.  Typically, a significant portion of network traffic is replicated using optical taps and/or enabling port mirroring (or SPAN) on switches and routers and is directed to monitoring tools.

Traditional Network Monitoring Solution Graphic

Challenges with Current Network Monitoring Designs

Traditionally, operation teams would directly attach monitoring tools to each tap or SPAN port and manually move tools from one port to another to troubleshoot network or application problems.  However, as data centers grew larger and larger, this manual Gen-1 approach quickly became too time consuming and too complex to co-ordinate across Ops teams and across large numbers of tap and SPAN ports.  To address this pain point, Gen-2 designs emerged (see Figure 1) using special-purpose devices called Network Packet Brokers (NPBs) that aggregated a set of taps and SPAN ports.  Monitoring tools were permanently attached to these proprietary NPB hardware to receive relevant (filtered) traffic.  While tap/SPAN aggregation and filtering has remained the top use case, NPBs also provide advance functions such as time stamping, packet slicing and de-duplication.

The exponential growth in data center traffic in the last few years as well as the demand for a higher portion of network traffic to be monitored are testing the limits of these traditional designs. Box-by-box designs need to evolve to fabric-based approaches, and traffic tapped anywhere should be able to reach any tool; and while scale needs to increase dramatically, overall costs need to be controlled.

Next Generation Monitoring Solutions with Bare-metal SDN Fabrics

To meet these requirements, Big Switch Networks pioneered the next-generation fabric-based design for data center monitoring, leveraging commodity bare-metal switches and software defined networking (SDN). 

The Big Tap Monitoring Fabric cleverly complements NPBs by augmenting Tap/SPAN aggregation and filtering functionality with a multi-tier scale-out fabric of bare metal switches. The SDN-based Big Tap Controller fully provisions the fabric – programs the forwarding paths of monitored flows, manages monitoring policies, as well as centrally controls all bare metal switches and their interconnections.  This architecture significantly simplifies overall deployment and on-going operations. Bare metal switches run Big Switch’s thin Switch Light OS and leverage the OpenFlow protocol to communicate with the Big Tap Controller.  NPB’s advance functions can still be leveraged by attaching them as service nodes to the Big Tap Monitoring Fabric.  A service node sources flows from the fabric, applies packet modification services (e.g. time stamping, de-duplication) and returns processed packets back to the fabric.  Multiple NPB service nodes can be attached to the fabric to provide sequential packet modification services via pre-defined “service chain” policy.

With Big Tap Monitoring Fabric, customers can now deploy data center-wide monitoring designs (see Figure 2) to achieve the following benefits:

  • Network-Wide Visibility – any tap to any tool at any time
  • Flexible, Scale-Out Fabric Deployment – hundreds of 1G/10G/40G ports
  • Multi-Tenant Tap and Tool Sharing – enables monitoring across multiple teams
  • Operational Simplification with Centralized Programmability – unique benefit due to SDN-based Big Tap Controller
  • Significant Cost Savings – multi-fold reduction of total cost of ownership due to bare-metal switch economics, fewer number of NPBs, optimized usage of tools and SDN-enabled operational efficiencies
Migration to SDN-centric Network Monitoring Solution Graphic

Here is one example of how customers are benefitting with Big Tap Monitoring Fabric:

“FYI, we just had a really big win […] the other day.  We had a customer facing issue that’s been going on for a month. We thought it was an issue with the ISP. Being able to take a capture off the Core device, we were able to prove it was an issue in our own infra. Took minutes to identify once we had access to the data.”  -Network Administrator at a Fortune 100 company.

With the just announced Big Tap Release 3.0 (providing greater operational simplification, higher scale and additional functionality), next-gen monitoring fabric is a risk-free way for IT organizations to experience modern network design based on bare-metal SDN.

To learn more about the Big Tap Monitoring Fabric solution or request a lab trial, please email to:

Additional Resources:

--Prashant Gandhi, Big Switch VP of Product Management