Network visibility and insight have never been more important. As security threats continue to increase, ensuring application performance meets the needs of the business is critical. With this challenge in mind, have Network Packet Brokers (NPBs) kept up?

For the most part, NPBs do the same thing today as they did when they first hit the market. Packet feeds via TAPs and SPANs from the production network are still delivered to tools based on policy. As visibility networks are required to scale, each NPB is an island -- both from a configuration and a visibility standpoint. Sure, speeds and feeds have increased, and policy managers have been introduced in order to help scale configuration management, but fundamentally, the NPB fails to provide any additional insight, as it is still a series of pipes getting packets to tools.

Big Switch’s Big Monitoring Fabric (Big Mon) is highly differentiated in its approach to visibility. In addition to basic NPB functions, such as shipping packets from the production network to performance and security tools, Big Mon also provides insight into what is happening on the network. Big Mon leverages a pair of centralized HA controllers, which treat the entire NPB fabric (using open network switches and industry-standard servers) as one. This architecture provides the foundation for a scalable, cost-effective NPB and lends itself to provide a single point of visibility across the entire environment.

Building on the capabilities of Big Mon, Big Switch recently introduced Big Mon Recorder Node and Big Mon Analytics Node to deliver high-performance packet recording, querying and replay functions, and unprecedented network visibility to monitor, discover and troubleshoot network and application performance issues as well as accelerate root cause of security breach discovery, respectively.

Analytics capabilities have been available via Big Mon for some time, as a Virtual Machine, but are now scaling out with the introduction of Big Mon Analytics Node, a dedicated appliance that collects metadata at scale as traffic traverses the visibility fabric. Through the use of easy-to-navigate dashboards, Analytics Node provides valuable insight to what is happening on the network in areas of performance and security. As an example, the following Summary Dashboard provides a high-level view of the network.

chartImage 1: Additional detail can be gleaned by drilling down: for example,
what DHCP Client/Servers are present, and what OS is being used


chartImage 2: Insight provided by Analytics Node using metadata is a
great starting point when troubleshooting performance
and examining a potential security event.

How does Big Mon take insight to the next level from here? That’s where the Big Mon Recorder Node comes in. Big Mon Recorder Node is an appliance that attaches to the Big Mon visibility fabric and based on policy, records copies of packets as they traverse the fabric. As an element of the visibility fabric, the Recorder Node is managed and configured from the Big Mon Controller.

When a security or performance event is observed, the packets of interest can be queried from the Packet Recorder, which provides the packets via either a PCAP file for further analysis, or replay of the traffic to a tool attached to the fabric.

If we consider the scenario of an Intrusion Detection System (IDS) detecting a potential security event, of importance to a network security team is not only the event, but what happened during the lead up to the specific event. With Packet Recorder, traffic to and from the host(s) of interest can be retrieved for additional forensics.

chartImage 3: After selecting Source / Destination traffic of interest in
Analytics, Recorder Node provides detail of the content
of that traffic using Deep Packet Inspection.


chartImage 4: From there, the contents can be downloaded as a
PCAP file (Get Packets) or replayed to a tool attached
to the monitoring fabric (Replay).

With Big Monitoring Fabric, Big Switch is delivering invaluable network insights that are both scalable and affordable -- not just mere plumbing. Stay tuned for what’s coming next after Analytics Node and Recorder Node!

For more information, contact Big Switch Networks at and be sure to check out

Dwayne Wenger,
Sr. Systems Engineer

To learn more about Big Mon Analytics Node and Recorder Node, you can connect with Dwayne on LinkedIn, or follow him on Twitter @dwaynewenger.