In this last series of the blog, we will explain some different approaches to monitor modern overlay networks. All vendors talk about security, and everyone offers cool software tools to analyze any threat you can consider. The issue is only to get the right traffic to the relevant devices. Tapping and removing the underlay network header is not enough and does not solve the problem because the overlay is highly dynamic, and in layer two transparent overlay networks you will have most probably duplicate IP ranges. Such removal of tunnel information leads to wrong results, and in the case of dynamic tunnels, the visibility tools must follow the overlay network across the data centre. Dynamic tunnel filtering is the need - decoding of signalling and routing traffic is needed. Inband signalling and decoding is a must for future visibility.
Each network infrastructure has different requirements for a network monitoring solution. There are several tools and solutions available and therefore the careful selection of a suitable solution is a must. An optimized solution provides more control over the network and better performance.
Let's look at the three different solution designs offered by Cubro.
Solution Design 1
- Remove & Correlate flows across the path
- Correlate flows based on the underlay transport information.
- Combine flow/path segment based on BGP
- Enrich Data from Switch in band Telemetry
- Enrich Data with switch Table Information
Solution Design 2
The other possible option is dynamic VXLAN filtering. This solution is not as perfect as solution 1, but can reuse "old" monitoring gear. Old equipment can be repurposed because dynamic VXLAN filtering would assure that only the traffic from the relevant overlay is filtered out and sent to legacy monitoring tools.
The challenge is that only a few NPBs are capable of VXLAN filtering. The second issue is that this must be done dynamically. For that reason, some signalling protocols must be decoded by the packet broker or an external appliance. This leads us to our third solution - Cubro Cloud Switch (CCS).
Solution Design 3
The most advanced solution would be to use the Cubro Cloud Switch because the CCS combines an advanced switching fabric with a visibility fabric. Below image shows the transformation if you use the CCS.
The Cubro Cloud switch provides switching functions in layer 2 to 7 and at the same time Visibility. This is possible because the packet forwarding is done in HW, the switch infrastructure knows where the micro service is running, and can copy the relevant traffic and send it over the switch infrastructure to the probing system (virtual/real).
The solution is the Sonic-based cloud switch design in high-performance hardware from Cubro. The Cubro Cloud Fabric offers secure and scalable network visibility solution which can simplify the work of network engineer.
Read the earlier blogs: