Unified Visibility Fabric

Visibility Fabric

Visibility your way

Unified Visibility Fabric

  • Overview
  • Architecture
  • Benefits
  • Challenges
  • Resources

An Innovative Approach

Visibility today means insight into infrastructure blind spots. Driven by the need for real-time decision making, network traffic provides network operations and security administrators with an authentic source of data to base these decisions. For pervasive visibility, the network traffic should be acquired from a variety of devices and applications, across physical, virtual and SDN/NFV environments, as well as private and public clouds. As infrastructure becomes more distributed, traffic volume and speeds increase, and the adoption of emerging technologies continues, the need to converge on a unified visibility infrastructure that not only simplifies and automates network traffic visibility, but also provides built-in intelligence will drive the ongoing evolution of the Unified Visibility Fabric. Given the complexity in today’s infrastructure, it is important that the fabric provides visibility into physical, virtual, remote sites as well as emerging SDN/NFV infrastructure as a single unified fabric with a common management and policy model, rather than as a set of disjoint nodes. Such a unified management model allows rapid visibility into infrastructure blind spots.

SPAN Port to intelligent fabric nodes - Visibility Fabric

Visibility Fabric Nodes
Distributed nodes that provide pervasive visibility across physical, virtual, remote sites and future SDN/NFV production networks

GigaVUE® Fabric Nodes: High-performance GigaVUE fabric nodes form the foundation of a distributed fabric. The fabric nodes are modular and extensible for a range of scale and performance requirements from 1Gb 1RU nodes to 2.4Tb chassis-based solutions.

In larger visibility infrastructures, these nodes are typically organized into an edge-core architecture. The core layer of visibility is characterized by scale and intelligence capabilities that are essential to operators as network traffic diversity, complexity and volume continues to increase. Typically, this function is provided by the GigaVUE H Series, which when combined with the GigaSMART traffic and flow processing provides the core of any visibility architecture.

The edge of the Fabric is offered in a variety of form factors—

  • The GigaVUE TA Series forms the physical edge of the visibility infrastructure.
  • Optionally, Gigamon’s market-leading software, GigaVUE-OS, may also be used on white box hardware to economically extend reach into every rack of a mega data center.
  • GigaVUE-VM forms the virtual edge of the visibility infrastructure and extends visibility within virtual networks and monitors traffic between virtual machines. This will be particularly important in future NFV environments, where critical components of the network infrastructure will get virtualized—maintaining accurate visibility in such a disaggregated environment is paramount.
  • The GigaVUE-HB1 node is an ideal choice for space constrained locations, smaller sites, or remote sites where native GigaSMART intelligence is required.
TAPs provide non-intrusive access to (physical) traffic at various network interface speeds—1Gb (Copper or Fiber), 10Gb, 40Gb (including Cisco 40Gb BiDi) and 100Gb. TAPs could be active, passive or embedded and are offered for a variety of cable types and split ratios.

Together, the Visibility Fabric nodes provide traffic aggregation, filtering, replication, and intelligent packet and flow manipulation optimized for the tools that manage, analyze and secure the network. Dynamic changes can be made easily without impacting the production network so IT organizations can be agile and responsive to threats, events or anomalies on the network.

Fabric Services and Traffic Intelligence Tier
Fabric services powered by GigaVUE-OS and traffic intelligence powered by GigaSMART for pervasive intelligent visibility

The Visibility Fabric nodes offer two distinct sets of services: fabric services and traffic intelligence.

Fabric services are powered by the underlying operating system (GigaVUE-OS). Examples of fabric services include Flow Mapping, clustering and inline bypass.

  • A foundational service of the fabric is Flow Mapping®. Gigamon’s patented Flow Mapping technology identifies and directs incoming traffic flows of interest to single or multiple tools based on user-defined rules implemented from a centralized management system. Flow Mapping allows multi-tenant access and segregation of monitored traffic and policies by providing advanced role-based management.
  • Clustering allows multiple GigaVUE nodes to be managed as a single logical entity akin to a “logical chassis”. An important attribute of clustering is the ability to extend GigaSMART® traffic intelligence to anywhere in the cluster. For example, by clustering a white box running GigaVUE-OS with an intelligent GigaVUE H Series fabric node, a GigaSMART application can even be applied to a commodity port in the cluster, even though the latter does not have the hardware resources to perform the GigaSMART function.
  • Inline bypass bridges the performance gap between the network and critical security tools that need to be placed inline (e.g. intrusion protection systems, advanced threat protection security tools, etc.). By applying intelligence such as application-aware bypass, traffic can be selectively distributed to such inline security tools. The bypass functions can either be logical or physical.
Traffic intelligence is powered by GigaSMART technology. GigaSMART provides stateful and packet-level optimization and normalization functions that run as software applications on high-performance compute engines in the fabric nodes. GigaSMART applications span a variety of functions. Example GigaSMART applications include:

  • Packet Slicing / Masking: Slice/mask confidential information in a packet before sending it to a monitoring tool
  • Header Stripping: Remove extraneous headers to deliver normalized IP packets to monitoring tools. This is especially useful when adopting network virtualization or SDN
  • De-duplication: Remove duplicate instances of the same packet to avoid unnecessary traffic processing by tools
  • GTP (GPRS Tunneling Protocol) Correlation: Correlate traffic between user and data planes in 3G and 4G/LTE mobile networks
  • SSL Decryption: Decrypt SSL encrypted traffic to offload tools from the decryption function
  • NetFlow Generation: Generate NetFlow records from traffic fed to the Visibility Fabric
  • FlowVUE™: Subscriber-based IP sampling that enables existing tools to connect to high-speed traffic pipes by providing a representative view of traffic for diagnostic coverage and many more.

Fabric Control (Management) Tier
Unified End-to-End Provisioning and Control Across Visibility Infrastructure

GigaVUE-FM (Fabric Manager) provides centralized management and a common policy framework for the Visibility Fabric. GigaVUE-FM delivers a single-pane-of-glass view of all the physical and virtual nodes across the Visibility Fabric, while also providing an easy-to-use wizard-based approach for configuring patented Flow Mapping and GigaSMART traffic policies.

In addition to centralized management and control, GigaVUE-FM features fabric-wide reporting, scheduling capabilities, backup and restore functions and enhanced monitoring capabilities to proactively monitor and troubleshoot hot spots in the visibility infrastructure.

The GigaVUE-FM solution provides a set of REST APIs to integrate with "third-party" applications and tools that seek to take advantage of these APIs to enable dynamic changes in the Visibility Fabric.

Application Tier
Software-Defined Visibility: Programmability, Automation, and Tool Integration through an Open Extensible Framework

The Applications Layer interfaces with GigaVUE-FM Fabric Manager through a set of forthcoming APIs. These APIs will allow third-party development of applications, integration with SDN controllers, and integration with other specialized IT Applications and Tools infrastructure.

GigaVUE-FM features pre-integration with VMware vCenter APIs to track vMotion events across virtualized infrastructure—this integration allows continuous visibility without administrator intervention.

Together, this framework allows an extensible environment for visibility into infrastructure blind spots and maximizes performance of the tool infrastructure.

Benefits

The Unified Visibility Fabric™ is an innovative solution that delivers pervasive and Active Visibility of network traffic across communication networks. A Unified Visibility Fabric can address the monitoring challenges facing today’s IT organizations by helping to:

Extend Visibility: Bridge islands of physical, virtual, and eventually SDN/NFV worlds with end-to-end visibility for tools across enterprise, data center, cloud, and service provider infrastructure. This unified management model allows rapid visibility into infrastructure blind spots by providing a common fabric for IT operations management tools such as security, APM, NPM, and others.

Respond Dynamically: Modify network traffic out-of-band and add tools without impacting the production network. This architecture will provide an open environment through a set of forthcoming APIs and SDKs to be developed by Gigamon to address “just-in-time” responsiveness to real-time events that occur within the network through automation and orchestration.

Improve ROI: Control traffic to avoid oversubscription, extend the life of existing tools and ensure that the tools used to manage, analyze and secure the network receive the critical information they require to realize their full potential.

Reduce Costs: Centralize tools into a “Unified Tool Rail” to reduce CAPEX; simplify management to reduce OPEX with a flexible policy engine that enables parallel monitoring policies to serve multiple departments simultaneously.

Enable Scale: Invest in a solution that can grow to address future needs as your network grows from 1Gb to 10Gb, 40Gb, or 100Gb, and evolves from physical to virtual to SDN and NFV environments.


Challenges

As the networking landscape changes with emerging technologies like virtualization, cloud computing, mobility and Big Data, organizations are looking to traffic visibility as an essential component in managing, analyzing and securing their networks. However legacy approaches offer limited traffic visibility with limited filtering capabilities; are difficult and costly to scale and manage; and often require change orders or network downtime in order to adapt to the evolving network.

The Enterprise Strategy Group Report* highlights a variety of drivers that both identify the shortcomings of current alternatives and substantiate the need for a new approach.

Respondents reported that:

  • 36% Cannot provision mirror/SPAN ports fast enough
  • 38% Have monitoring/security tools that cannot keep up
  • 48% Have tools that need too many connections ports
  • 40% Do not have enough mirror/SPAN ports for their tools

As a result, relying on the status quo would result in a significant drop in agility, overload of security and monitoring tools and a continued negative impact on CAPEX and OPEX, all of which ultimately impact the scope of visibility.

* ESG Research Brief: Networking Spending Trends, March 2012


SHARE