Gigamon Chief Technology Officer Shehzad Merchant is a 20-year networking veteran responsible for leading strategy for the company’s Visibility Fabric, an architecture that provides network visibility and control. He is the former CTO at Extreme Networks and author of several networking and communications patents.
SDNCentral: What does Gigamon see as the role of visibility with SDN, NFV, and network virtualization?
Merchant: SDN, NFV, and network virtualization hold the promise of simplifying and enabling a more agile IT organization, but they also add complexity when it comes to monitoring, security, and troubleshooting. The ability to do these tasks in network virtualization environments – and more broadly, SDN and NFV environments – is a prerequisite for the broader adoption of these technologies.
Take the case of network virtualization: It’s extremely hard to diagnose whether a problem is in the hypervisor, virtual switch, virtual overlay network, or physical underlay network. Compounding this issue is the fact that these technologies straddle the compute and network boundary, blurring departmental ownership lines.
Our Visibility Fabric extends traffic-based visibility into SDN, NFV, and network virtualization environments. This empowers enterprises and service providers to migrate to next-generation business infrastructure through active network visibility during and after the migration.
Since everything is going virtual and centralized, shouldn’t visibility be part of the SDN controller or cloud management platform?
When we think of pervasive visibility – whether for performance monitoring, security, or troubleshooting – there is a set of sources to gain information from. You have information from the SDN controller through APIs such as REST APIs; information gained by looking at traffic – both by packet and flow; and information extracted by actively probing the network and infrastructure. Each approach has its merits and drawbacks, but only the traffic-based approach delivers a live, real-time picture.
Relying solely on the controller to provide visibility is a dangerous and incomplete solution. A controller may believe everything is fine, but if any of the components of the underlying infrastructure such as the switches, routers, virtual switches, etc., is misbehaving, the controller may be unaware and report a healthy infrastructure.
The controller has very limited ability to track network traffic associated with user and application sessions beyond the first few packets. The actual packets need to be examined – not just the initial flow set up – if you want to get accurate transaction analysis, monitor the real-time quality of a streaming voice or video application, or secure an application or user traffic tunneled through HTTP.
Our Visibility Fabric looks at network traffic to provide a far more accurate measure of the state of the network, not just what the controller believes or assumes is going on. Ultimately, network traffic does not lie.
How does Gigamon fit in an NFV world?
The first applications to get virtualized tended to be tier-two or -three applications. Now, NFV includes mission-critical infrastructure – both the network itself and the network appliances that deliver services. This is a big leap.
We aid a shift of this magnitude by providing a way to manage, monitor, and secure the network throughout the process. Our GigaVUE-VM – the virtualized instance of our physical appliance – provides the ability to re-establish visibility in an NFV world. By selectively controlling which virtualized network functions to monitor down to the vNic level, the GigaVUE-VM provides fine-grained visibility into the NFV environment.
GigaVUE-VM filters and optimizes traffic from virtualized network functions for delivery to network performance or security tools. It also automatically modifies monitoring policies as virtualized network functions move across physical servers during a live VM migration, so you can maintain continuous visibility.
With network virtualization taking hold in data centers, how does Gigamon add value?
Today the network is the glue binding all other elements of the data center and cloud. Hence, virtualizing the network has to be done in a measured, thoughtful, and methodical way.
Over time, virtual networks will get instantiated and terminated dynamically without user intervention. An administrator may never know a virtual network has been set up, moved across physical hosts, or torn down. Nevertheless, the administrator still needs to ensure application performance, security, and troubleshooting capabilities are not compromised at any point. This will need critical capabilities designed into the monitoring infrastructure from the outset.
First, is the ability to monitor each discrete plane of the virtualized network independently, both the virtual overlay and the physical underlay.
Second, is that the monitoring and security infrastructure needs to function effectively in the world of virtualized network overlays even though they may not have the intelligence to understand overlay technologies.
Finally, as virtual machines move dynamically within the data center, the network overlays can also dynamically change. The ability to track traffic to and from a virtual machine regardless of its location, and regardless of which overlay it is associated with, is going to be important to ensure security and consistent application performance.
Our solutions address all these challenges. Our Visibility Fabric has the ability to filter and aggregate traffic at the virtual overlay level, the physical underlay level, and the user and application level. We also have the ability to deliver native user content to the tools, independent of the overlay encapsulation used, whether it’s VXLAN or some other encapsulation.
Our deep integration with SDN controllers such as VMware’s NSX controller gives us the ability to enforce “follow-the-VM” monitoring policies so visibility is maintained in a location-independent manner.
We’ve seen a lot of activity in the open source/open networking space. What’s your opinion on the role of open source, and what’s Gigamon’s contribution?
The open source movement is a powerful force that can transform the networking industry. But we believe the industry will adopt both open source and proprietary vendor solutions.
That said, we also are investing in and working with commercial-grade solutions such as VMware’s NSX. Ultimately our objective is to empower our customers to choose the best solution to meet their needs.
Are Gigamon’s margins threatened by the white box movement coupled with programmable controls (OpenFlow, etc.)? We’ve already seen some commercial products on the market using these components.
White box solutions tend to work well in a mature market where the functionality is relatively commoditized and where there is broad availability of merchant silicon. For the traditional networking space, this is absolutely the case. However, our market is not in that space.
We are focused on tool offload and consolidation, which differ significantly from the world of traditional networking. We enable tools to run more efficiently by centralizing and offloading key functions into our Visibility Fabric that would traditionally be performed by monitoring, management, and security tools.
One good example is our Visibility Fabric’s traffic de-duplication function. Another is our unsampled Netflow generation capability. And when it comes to carrier-class scale and breadth, we can correlate GTP control streams with user traffic, a capability that requires packet processing and significant compute.
You simply cannot deploy a traffic-based monitoring framework and realize its full benefits without some of these core capabilities. As white boxes are positioned now, they lack these core functions. This means the traffic inspection burden is pushed back into the tools.
Ultimately, it’s a zero-sum game. Either the higher-value inspection, modification, correlation, and duplication functions are centralized within a purpose-built Visibility Fabric, where they are performed more cost-effectively, or they are distributed and loaded onto each tool, driving up tool cost and reducing performance. The white box solutions force the latter path.
The value of our solution is inherent in our software. Our appliances are purpose-built delivery vehicles to enable the software. If white box technology becomes available to meet our requirements, we will embrace it to allow greater investment in our software where our core differentiation lies. We are constantly exploring this approach and will move quickly if such a solution becomes available.
How would you describe the overall picture for Gigamon as networking moves into next-generation SDN frameworks and platforms?
SDN simplifies IT operations and enables agile business infrastructure, but it also opens up new security risks, troubleshooting complexities, and demanding application management. SDN adoption will be stymied unless there is a path to ensure the continuity of securing, monitoring, and managing infrastructure during and after the transition to SDN environments. We want to play an active role in accelerating the move to SDN by providing solutions that enable seamless and pervasive visibility as businesses transition their IT infrastructure. Our Visibility Fabric stack closely parallels the SDN stack and provides a software-defined approach to monitoring, or as we call it, SDM.