TAP Aggregation with DANZ

The Missing Economics of Network Visibility

Arista DANZ provides the ability to cost-effectively capture and analyze all traffic and flows in a datacenter or service provider network for enhanced visibility, security and troubleshooting without the prohibitive costs and scaling limitations of traditional Network Packet Brokers.

Why It Matters
Alternative traffic visibility solutions require expensive and proprietary hardware that is not designed to scale with the dynamics, density and speeds of next-generation datacenters. Arista DANZ provides precision visibility economically, using proven high-value datacenter Ethernet switching platforms.

Who Should Care
IT professionals who need visibility into all network traffic for troubleshooting, security, compliance and reporting purposes need DANZ.

What It Solves
High-density 10/25/40/50/100GbE TAP aggregation is cost-effective, programmable, non-blocking, manageable and scalable. DANZ scales to meet current and future needs for flexibility, agility, speed and scale.



Organizations are increasingly making the decision to build out-of-band monitoring networks in response to the need for better visibility into application and network performance. Out-of-band monitoring networks allow the consolidation of tools into a centralized location and improve the agility of IT operations staff in responding to problems. In addition, because they allow continuous visibility into the network, monitoring networks are also becoming essential in enabling improved security, compliance and forensic reporting within the datacenter.

Historically, visibility solutions for large datacenters used a combination of network patches, passive Test Access Points (TAPs) and port mirroring to feed traffic to monitoring tools, along with whatever embedded instrumentation (e.g., RMON/SNMP) those tools could access from the network infrastructure. In some cases, TAPs were accessed directly by tools mobilized on crash-carts, and in other cases the tools were pre-placed in the network wherever they were expected to be needed.

Continuous visibility and monitoring were impossible in this scenario. As datacenter densities, dynamics and scale increased a new approach to data access and network visibility became necessary. First to emerge on this scene were traditional Network Packet Brokers (NPBs) and their proprietary monitoring fabrics.

NPBs enabled centralization of tools and promised to enable IT to respond to network issues more quickly by reconfiguring visibility on demand. Traditional NPBs provided basic traffic conditioning, filtering, source identification, time stamping and redistribution of traffic at appropriate speeds to centralized tools.

However, because they were based on expensive purpose-built network processors and FPGAs, NPBs supported relatively low port densities and limited throughput, at a very high cost per port. In most cases, achieving 100% visibility required investments multiple times the cost of production network infrastructures. The result: overwhelming acquisition and support cost, making it impossible to build monitoring networks at rising datacenter scale or achieving adequate coverage. The Arista Data ANalyZer (DANZ) feature set, described below, delivers an order of magnitude improvement in the economics of cloud-scale visibility, delivering scalable TAP aggregation and advanced mirroring with exceptional density, flexibility and precision.

The Solution

Arista Networks^® offers a new approach to TAP aggregation that delivers high density, non-blocking 10/25/40/50/100GbE visibility powered by our award winning programmable datacenter switches and Arista EOS^® software. Arista’s unique Ethernet switch-based TAP aggregation capabilities leverage state-of-the-art programmable switching platforms to integrate continuous packet capture ubiquitously into the network, as shown in Figure 1. This helps avoid the need for additional hierarchically deployed appliances, which require additional physical interconnects, power and rack space. In smaller scale environments or remote facilities, the Arista switching platforms can leverage Arista’s advanced mirroring capabilities with integrated packet processing, filtering and time-stamping functionality to allow direct integration with third party analysis tools, eliminating the need for a dedicated TAP aggregation network entirely. In larger scale implementations, a multi-tier approach with separate TAP and data-access layers may be scaled as needed while leveraging the programmatic control mechanisms in Arista’s EOS, to configure and control the analysis network.

Disruptive Economic Value

Arista’s TAP aggregation capabilities deliver the ability to construct networks that give continuous visibility into network and application performance and security. All of this comes with a cost structure that is an order of magnitude less than what has been possible previously.

• Acquisition costs are substantially reduced by leveraging high performance merchant silicon based switches
• Annual support costs are reduced by moving to higher reliability platforms with common sparing & software
• High efficiency designs of Arista datacenter switches reduce power and cooling costs
• High density and flexible portfolio of Arista fixed configuration and modular platforms, with up to 432 ports of 100GbE each, assures rack space requirements are minimized and needs can be met with simpler designs
• The operational ease-of-use and automation enabled by the programmability of Arista EOS, CloudVision, and its support of industry standard user interfaces reduce training and deployment time

Key Architectural Differentiators

The Arista TAP aggregation architecture delivers fundamentally new capabilities. These include:

• High density, non-blocking, wire-speed 10/25/40/50/100GbE packet capture with advanced traffic management capabilities provided in the same hardware deployed in next-generation datacenters, so all network traffic can be monitored without loss and visibility orchestrated with the rest of the datacenter infrastructure.
• Software Defined Networking (SDN) support, enabled by the programmability of Arista EOS and CloudVision, makes it possible to directly target and steer specific network flows to the desired analysis tools.
• Arista Latency ANalyZer (LANZ) feature enables detection of microbursts and congestion at tool ports so that network operators can take appropriate action to maintain network visibility under heavy loads.
• MPLS header removal and Traffic Steering for TAP Aggregation is useful to steer traffic towards tools that lack the ability to parse MPLS headers. This is required in service provider deployments to meet regulatory and monetization requirements. MPLS header removal mitigates the need for new or upgraded tools.
• Support for legacy port extender protocols such as VN-TAG and 802.1BR. Removing these port extension headers enables existing software to analyze this traffic without upgrading or replacing expensive packet analysis tools.
• Support for emerging network virtualization models, such as VXLAN overlays, to maintain visibility of any workload in hyper-dynamic virtualized public and private clouds.

Ease of Management

As networks scale and incorporate dense virtualization and cloud capabilities, many users find that the management tools do not scale well to address the issue of visibility. Arista’s TAP aggregation solutions tackle the need for flexible standards based and open management through a set of integrated user and programmable interfaces. These include an easy-to-access web-based graphical user interface (GUI), an industry-standard and familiar network command line interface (CLI) and an open programming interface using JavaScript Object Notation (JSON) API structures.

These interfaces are based on the core state-database of Arista EOS SysDB to provide compatibility and real-time synchronization of configuration state and to allow for integration with event-driven and cloud platform-based orchestration and management layers.

• Web-Based GUI: User-friendly graphical interface for security and devops teams looking for a one-stop solution to configuring and checking the operation of monitoring policies —accessible via CloudVision.
• CloudVision: Configuration management, orchestration and change control management provide powerful capabilities for managing and automating configuration using Configlets and Configlet Builders across a large multi-tier tap aggregation monitoring network. Configlets enable reuse and inheritance of configuration code, which increases consistency, reduces human error and improves overall efficiency. CloudVision also provides a central management capability to view, configure and launch the Arista TAP Aggregation Manager GUI. Leverage Zero-Touch Provisioning & Replacement (ZTP/ZTR) to manage the entire lifecycle of fully automated TAP Aggregation and data plane network services. Develop automated workflows and new value with CloudVision’s powerful APIs, which are complementary to Arista EOS eAPI.
• Industry-standard network CLI: for network operations and design teams that are familiar with network configurations and operation. The Arista CLI allows them to access the full power of Arista’s EOS operating system to control both the monitoring networks and the physical infrastructure.
• Directly programmable JSON API: eAPI provides a JavaScript Object Notation (JSON) programming interface for configuration and monitoring of TAP aggregation, as well as advanced mirroring and other system capabilities into tools and orchestration/automation frameworks

Arista DANZ Capabilities

Advanced network packet capture is supported with the Arista DANZ feature set on Arista 7150-series, 7280E-series, 7280R-series fixed configuration switches, and the 7500E-series and 7500R-series modular switches. These capabilities include:

• The ability to aggregate, replicate and capture traffic at line rate for analysis without affecting production flows
• Any-to-any packet replication at 10/25/40/50/100Gbps, making it possible to copy traffic to multiple tools for analysis in any size network from single rack to large cloud infrastructures
• Extensive L2/3/4 & DPI hardware filtering for traffic identification and redistribution at wire-rate on all ports
• Flexible packet truncation for simplified data privacy and header analysis with reduced tool load
• Precision packet time-stamping for precision transaction flow analysis to the nanosecond level
• Source identification tagging to determine at what parts of the network traffic was captured
• Flexible traffic redistribution with multiple load sharing schemes to enable support of lower speed tools in high-speed networks with configurable symmetrical and flow-correct placement of traffic on each tool

Conclusion

Next generation TAP aggregation using DANZ makes it possible to cost-effectively and losslessly monitor all datacenter network traffic while capturing and analyzing only the traffic that is important. With its best-in-class business value and speeds up to 100G, Arista lowers CAPEX and OPEX versus traditional packet brokers.

Arista DANZ is the first solution to deliver high density and programmability for monitoring operations in a visibility solution that is built to last, all based on proven open switching platforms and without proprietary fabrics or inflexible designs. With DANZ, customers can transform opaque datacenter traffic into visibility for better application and network performance management, traffic recording and analysis, security threat detection and mitigation, compliance and troubleshooting.

*Note: Not all of the features are supported on all platforms at first availability - check with your Arista Networks representative for more information and to discuss your specific needs for scalable, cost-effective monitoring in the datacenter.