Sean Flack, Arista Networks
Peter Draper, ExtraHop Networks
ARISTA NETWORK SOLUTIONS: COST-‐EFFECTIVE NETWORK DATA ANALYSIS
ExtraHop Integra.on with Arista DANZ for Real-‐Time Opera.onal Intelligence Absolute visibility and insight all the 2me in real 2me
10/40/100GbE Networks for the Virtualized Cloud & Data Center
« Established in 2004 in Santa Clara, CA « > 1 Million+ 10GbE Ports Shipped « > 2000 Customers Worldwide « > 600 Employees Profitable, self-‐funded, pre-‐IPO network infrastructure leader EOS Network OperaXng System for the soZware defined data center
ABOUT ARISTA NETWORKS
2
ARISTA NETWORKS PORTFOLIO
Extensible OperaXng Syste
m
7048 T
48-‐port Data Center Class Gigabit Ethernet
Full Arista EOS
7500E
Lossless, Modular, High Density Cloud, Switching
Systems
1152x 10G, 288x 40G, 96x 100G, SDN+NPB
Fully Programmable
Data Plane + Control Plane
7050 S/Q
16 Port 40G or 64/52 Port 10G SDN Enabled
Dense VirtualizaXon (10G / 40G Uplinks)
Programmable Control Plane
7150 Series
Ultra Low Latency Next GeneraXon
24, 52, & 64-‐ports 10G-‐40G, SDN+NPB
Fully Programmable
Data Plane + Control Plane
7050 T
Dense 36-‐64 Port SDN Enabled 10GBASE-‐T
(10/40G Uplinks)
Programmable Control Plane
3
« Headquartered in Seable, founded in 2007 « DisrupXve soluXon for IT Ops Management
« Technology leadership in real-‐Xme, applicaXon-‐fluent analysis of network traffic
EXTRAHOP NETWORKS
“The ExtraHop team's F5 BIG-‐IP engineering heritage has allowed them to build a highly scalable monitoring and real-‐Xme analyXc plajorm for deep protocol understanding and decoding.”
-‐ APM Innovators: Driving APM Technology and Delivery EvoluTon
Industry Recogni.on Select Customers
Technology Partners
4
EXTRAHOP CURRENT PLATFORMS
EH3000 • 1U appliance • 1-‐3Gbps • 300-‐1000 devices
EH6000 • 2U appliance • 3-‐10Gbps • 1000-‐3000 devices
EH1000v • Virtual appliance • 1Gbps • 50-‐250 devices
EH2000v • Virtual appliance • 3Gbps • 300-‐1000 devices
Discovery Edi.on • Virtual appliance • 1Gbps • Simplified UI
Discovery Edi.on Virtual Appliances run on VMware or MicrosoS
Physical appliances required for: • SSL Decryp.on • Precision Packet Capture
Flexible Pricing Op.ons: • Perpetual • Subscrip.on • Hybrid
EH8000 • 2U appliance • 20Gbps L2-‐L7 analysis • 3000+ devices
5
A BRAVE NEW WORLD OF IT SERVICE DELIVERY? • Data center consolidaXon, automaXon and cloud acceleraXng • VirtualizaXon and volume = huge scale and big data volumes • Fast 10G, 40G and 100G networking has now become economical • Non-‐intrusive monitoring infrastructures have become essenXal
…new approaches to be[er visibility,
but at what cost?
Visibility Fabrics
Network Packet Brokers
Centralized Monitoring
$$$$$$$$$$$
6
NPB MONITORING FABRICS CAN MULTIPLY COST
• Network Monitoring “Data Access Layer”
• Doubles infrastructure costs • Increases complexity
• Proprietary short lived technologies
• Doesn’t scale as speeds increase
TradiXonally, customers could only use simple port mirroring (SPAN), passive TAPs and expensive monitoring switches
Monitoring fabrics are very $$$, increase to management sprawl and
Are Not SDN friendly
TAP
7
OUT WITH THE OLD….
• First generaXon network visibility was unable to scale-‐out & up • Modern proprietary NPBs are proving to be too expensive • Analysis Tools can not scale to 10G much less 40G and 100G
….enter a new generaXon of network visibility, soZware simplicity
Historical & Audit DB’s
OpTonal TAPs
SoSware Defined Switches as Full Capability
Network Packet Brokers
Timestamped
LANZ / AEM Detec.on & Automa.on
LANZ
Precision Visibility
Mirrored Port
Mirrored Port
Mirrored Port
AEM
ü Less Complexity ü Less Cost ü Beber Visibility
OpTonal TAPs
Filtered
Reduced
Mirrored Port
TOGETHER
8
Aggregator(s) *
THE THREE COMPONENTS OF DATA ANALYSIS
Opera.ons Intelligence Analyzers & Capture Tools
Data Access Network Packet Brokers/
TAP AggregaXon or Matrix Switch
Traffic Sources Passive
Network Taps or SPAN (mirror) ports
* A.k.a.: Matrix Switch, Network Packet Broker, Data Access Switch, Traffic Visibility Network
9
Aggregator
THE THREE COMPONENTS OF DATA ANALYSIS
Opera.ons Intelligence Homegrown to …. Advanced
analyXc tools
Traffic Sources TAPs: <$500 each
Taps and SPAN/Mirror ports provide copies of network
traffic
Aggregators combine, filter, replicate and distribute
traffic to tools Data Access
Network Packet Brokers/ TAP AggregaXon
or Matrix Switch
Tools capture, analyzer, visualize and report on captured data down to
applicaXon and flow level
10
Precision Data Analysis Network
Advanced MulX-‐desXnaXon Mirroring Ø Enables packet delivery and aggregaXon for tools Ø Integrated with 10ns hardware Xme stamping Ø No impact on forwarding performance
Flexible TAP AggregaXon Ø Aggregates mirror/SPAN and TAP ports across the infrastructure
including all LEGACY equipment Ø Enables advanced filtering and traffic management above Ø Load-‐balancing and load-‐sharing (fan-‐in / fan-‐out) LANZ
Ø Real Xme microburst & congesXon monitoring in network Ø Advanced capture of internal condiXons by traffic class Ø Precisely idenXfies cause of packet loss and overload Ø Live data streaming to external receivers or SSD
Packet Filtering & ManipulaXon Ø Advanced L2-‐4 filtering and packet manipulaXon Ø IdenXficaXon of applicaXon sub-‐class by packet offset Ø TruncaXon or packet slicing, NAT, etc. at wire speed
Hardware Precision Time-‐stamping Ø Marks all mirrored packets and LANZ monitoring data with
nanosecond precision Xme-‐stamps Ø Coordinates with third-‐party applicaXons and devices
PTP 1588 Timing Services Ø Enables nanosecond scale measurement in EOS Ø Integrated 10ns Xme synchronizaXon & alignment Ø Internal or external clock stabilizaXon
AEM Advanced Event Management Ø Detects events and state-‐changes in network Ø Provides the ability for visibility to follow v-‐moXon Ø Fully customizable and programmable
ARISTA DANZ INTEGRATES NETWORK-‐WIDE VISIBILITY
11
sFLOW & LANZ EOS Programmability Traffic Steering Packet Filtering
ApplicaXons are experiencing issues in
data center
ü Cost Effec.ve ü Single solu.on with familiar CLI ü Full visibility & correla.on ü Programmability + API ü SDN Orchestra.on ü Precise Timing for correla.on
Preserves CAPEX for tool investments!
NPBS & DATA ANALYSIS: USING ARISTA DANZ
12
ARISTA AT THE DATA ACCESS LAYER
• Programmable Data Center Switches with SoZware Cloud Defined Networking • 90% of NPB features with Cloud Scale and Cloud Economy
ü Data AggregaXon with Traffic Steering and precision load-‐balancing ü Packet ManipulaXon (packet slicing, data reducXon, header-‐processing, etc.) ü Precision Time Stamping with ultra-‐precise resoluXon
• Support for 10, 40 and 100 GbE with up to 1152 ports per switch
• $400 per 10GbE port vs. $4,000 per 10GbE port
13
Risk Engines
Dashboard Displays
Historical & Audit DB’s
Exchange Gateways
SPAN Port
TAP
ExtraHop Wire Data Analysis Data Access Plalorm
Consolidates and filters mulXple TAP & mirrored ports into fewer connecXons to the applicaXon
VLAN Traffic (up to
20Gbps real-‐
Xme analysis)
ü Total cross-‐Xer visibility and insight ü Visibility and performance correlaXon
for all applicaXons, infrastructure, network, databases, storage, and user transacXons
ü Full transacXonal payload analysis ü No agents ü Scales to 20 Gbps per appliance ü Rapid deployment ü Auto-‐discovery and classificaXon of all
applicaXons, devices, and systems
ARISTA & EXTRAHOP: COMBINED SOLUTION DATA AGGREGATION FOR REAL-‐TIME OPERATIONAL INTELLIGENCE
Real-‐Xme IT operaXonal intelligence
“A tenth of the cost of alternaXves with 5 Xmes the funcXonality”
TAP
14
TAPPING NEW SOURCES OF VISIBILITY
Driven by Big Data
Technology
Wire Data
15
ACCESSING WIRE DATA
• All communica.on on the network from packets to transacXonal payload
• Real-‐.me wire protocol decoding
• Defini.ve source of truth
• Data you already have
16
Application Operations Business
APM
DB Profilers
Server logs
NPM
EUM
BTM
EXTRAHOP’S VISION FOR IT OPERATIONS
• Developers • Testers • Application architects
• Application owners • Business stakeholders
• Network engineers • System admins • Storage admins • Virtualization admins • DBAs
Remediate problems proactively
Streamline IT processes
Monitor end-user activity
Make informed IT decisions
Track security compliance
Optimize performance
Make IT infrastructure efficient
Answer business questions
Operational Intelligence Platform (Cross-tier visibility and insight)
17
WIRE DATA IS THE SOURCE OF REAL-‐TIME CROSS-‐TIER INTELLIGENCE
Web Tier
App Tier Java/.NET,, Enterprise Apps, custom
apps, middleware
Database Tier Oracle, SQL Server, DB2, Informix,
MySQL, Postgres, Sybase
Storage Tier SAN, NAS
Shared Services Authentication, DNS, FTP
Network Tier Firewalls, load balancers, WAN accelerators, switches, routers
Clients Fat clients, web browsers, mobile
devices, VDI clients
Web Services
Which users and client types are affected? What are users doing on the network?
How well are applications using the network? How well is the network delivering
applications?
Which servers are slow? What are the error messages?
Which web services are broken? Which applications are affected?
What is baseline performance? What is the impact of this code update in production?
Is authentication set up correctly on all systems? Is there a DNS misconfiguration?
Which queries are running slow? Which methods are used? How does this schema
change affect performance?
What are file access times? Which users are accessing sensitive files?
For ExtraHop, visibility and correlation of the whole application delivery chain is required for Ops Intel.
18
PERSISTENT MOBILE VISIBILITY
1. One or thousands of hypervisors are connected to Arista 7150S. 2. DANZ advanced-mirroring on 7150 with source-port tagging is enabled. All mirrored traffic sent to ExtraHop; up to
20 Gbps of real-time analysis per appliance. Arista sets the VLAN tag to VMware port before vMotion. 3. ExtraHop analyzes all mirrored data from Arista, reassembles into wire data for cross-tier visibility. Shows VMware
port before vMotion and the network and application workload performance in ExtraHop GUI. 4. Move VM from one host to another. Arista changes the VLAN tag to VMware port after vMotion, persists data
stream to ExtraHop. ExtraHop automatically highlights the vMotion event by noting that the VM moved from port 1 to port 2 based on the VLAN tag. No loss of visibility from client performance to back-end storage performance.
5. ExtraHop can show in real-time any end-user or transactional impact from vMotion event to ensure change had desired effect and if not, the impact.
VMware ESX
OpenStack or VCenter VMtracer
5Seamless and Persistent Visibility
Arista DANZ (Smart Data Aggregation)
Eth1/10 2 3
ExtraHop: Passive Cross-Tier Analytics
Scenario: Network segment (VLAN) is congested. Need to move workload and ensure no impact on end-user or application performance.
Hypervisor
Eth1/1
1
Eth1/2
419
PERSISTENT VISIBILITY FOR DYNAMIC EVENTS: A VMOTION MOVE ACROSS VLANS AND EVEN DC’S LEVERAGING VXLAN
vMoXon event starts and then completes
Performance is not impacted and no add’l
DB errors occur.
20
JOINT VALUE: 5X THE FUNCTIONALITY AT 1/10TH THE COST
• Beber visibility into growing network traffic, infrastructure, virtualizaXon and applicaXon workloads for capacity planning, rapid problem resoluXon, end-‐user experience assurance and business intelligence.
• DramaXc CAPEX savings due to consolidaXon of producXon and monitoring networks (soZware intelligence replacing hardware investment)
• Significant OPEX savings due to SDN cloud automaXon, event-‐driven programmability in both the data aggregaXon (Arista) and wire data analyXcs (ExtraHop).
21
NEXT STEPS
• Compare Arista Networks DANZ at the Data Access Layer to any alternaXve visibility soluXon for your network
• Contact : EMEA Sales Team <emea-‐[email protected]> to discuss your network requirements
• Download and read more
www.aristanetworks.com/en/products/eos/danz
For more informaXon on Arista Networks email us at: [email protected]
• Contact Michelle Edwards <[email protected]> or David Green <[email protected]> for a quick demo meeXng or proof of concept
• Download and install the free
ExtraHop Discovery EdiXon Ø InstallaXon takes 15 minutes or less Ø Located at:
www.extrahop.com/discovery
22
THANK YOU
23