The Big Monitoring Fabric (Big Mon) Recorder Node addresses many of the scalability and wire rate packet recording as well as retrieval challenges, within high speed data center networks, while leveraging a scale-out X86 appliance approach that is tightly integrated as part of the SDN fabric.
Traditional, closed solutions require touch points on different devices to identify and send packets to the recorder. Secondly, having the packet recorder capture packets at line rate and at the same time, be able to retrieve packets efficiently, is not something traditional recorders do well. Finally, there is the question of how easy is it to get packets out of the recorder as pcap or as a packet replay function. Big Mon Recorder node built on an industry-standard x86 server appliance, integrates with the Big Mon Fabric (controller and analytics), to provide immense simplicity and high capture / query performance, even at scale. This integrated approach tremendously simplifies user workflows:
The Big Mon Recorder Node is offered with the same hardware and software design principles as the Big Monitoring Fabric. Commodity based, 10/25/40/100G Gbps switches are used to fan the data packets in towards the recorder nodes. This fan-in model, works as a monitoring network adjacent to any data center network. Optical TAPs, and/or Span ports are connected to this monitoring network. Data Packets are then processed at wire rate through the requisite switch / service node fabric, where traffic is filtered based on event-triggered policies, and / or explicit filters. The requisite packets are then sent to the recorder nodes.
The recorder nodes are based on X86 appliance and these can scale out horizontally as they directly connect to the switches in the Big Mon Fabric. Traffic can be load balanced into the appliance nodes with link aggregation, thus reducing the risk of oversubscription, and packet loss which could greatly compromise the data being recorded.
Big Mon Recorder Node is useful for incident management, fraud detection, troubleshooting, security analytics and more. The use cases range from historical capture and replay of malicious behavior in the network to recording Voice Over IP calls, to recording suspicious transactions coming to / from a host, to data being sent to targets not on a white list, to file transfers that appear suspicious, to traffic flows that have never been seen before. All of these are telltale signs that unwanted behaviors are taking place and need to be reviewed.
Big Switch Networks is at the forefront of the next generation of networking technologies. By combining commodity switch hardware (“white box / brite box”) with sophisticated SDN control software, the company is delivering modern networking fabrics for the world’s most advanced data centers looking to achieve high degrees of network automation at cloud-competitive price points.