The Big Monitoring Fabric (Big Mon) Service Node provides advanced flow and packet handling for visibility and security architectures. Network owners can now precisely define the traffic each tool receives — eliminating unnecessary or sensitive data so that tools can perform at their best and information privacy is assured.
The Big Monitoring Service Node, offers an architectural cost advantage to traditionally designed packet broker networks, where the high cost of custom filtering and processing, on a per switch basis, becomes centralized, with cost reductions, as well as ease of programming. Specialized switches with custom chips are eliminated and replaced with 10/40 Gbps wire rate, commodity like switches. Similarly, custom filtering is also replaced with centralized, scalable X86 commodity based server appliance (s). Combined together, the wire rate switches selectively forward traffic, to the service node (s), where the processing intensive work belongs, within industry standard X86, Intel based DPDK servers.
This commodity based packet broker approach can be deployed in several different ways. In brownfield data centers off of TAP and SPAN ports, and/or in greenfield, where the customer has the luxury of starting with a clean sheet of paper. In either approach, the centralized service node, with its scale out architect offers plenty of low cost commodity horsepower for processing data packets inclusive of the following:
De-duplication, packet slicing, Netflow creation, header stripping, Reg Ex matching, GTP Correlation, UDP Replication, and/or metadata re-distribution to netops and secops tools.
The above approach offers investment protection, where new packet processing features can be more easily introduced and deployed, with software upgrades to the service nodes. As customers add more server racks and top of rack leaf switches, they can leverage this lower cost approach with wire speed, commodity based TOR switches, again either in line with SPAN ports, or out of band with optical TAPs.
And if history is any indication of adoption trends, using X86 servers for CPU intensive applications has been proven over and over again, whether it be for applications, virtual networking, virtual storage, WAN compression, load balancing etc etc. Network Packet processing is directly applicable here!
Managed by the Big Mon Controller, the Big Mon Service Node auto-discovers and orchestrates the network, so owners can now precisely define the traffic each tool receives - eliminating unnecessary or sensitive data so that tools can perform at their best while information privacy is assured.
Since Big Mon Service Node is built with industry-standard x86 DPDK servers, it offers advanced packet handling functions at up to 160G performance per node. Connecting multiple Big Mon Service Nodes allows for terabit-scale performance, meeting the requirements of even the most demanding data centers - removing payloads or headers; masking sensitive data; performing deep packet inspection, and generating Netflow for flow-based analysis tools. The Big Mon Service Node simply and scalably allows redundant or irrelevant packets — or specific packet contents — to be filtered.
Big Mon Service Node ensures only traffic of interest, in its preferred state (such as with certain headers removed), is passed on to each tool. The Big Mon Service Node provides advanced metadata generation, including NetFlow and IPFIX, for non-packet-based flow collectors, allowing users to perform sophisticated flow analysis. This approach unifies Netflow as one source type, for all downstream tools. The flexible design of the Big Mon Service Node allows data center operators to optimize traffic flow data from anywhere, for any tool, and with a common format.