Monitoring Approaches to Modern Overlay Networks (Part 2)
In the earlier blog, we introduced overlay networks and the transition of data center networks. We briefly described the several visibility options for overlay networks – visibility of the underlay network, specificoverlay network, overlay networks, underlay and overlay at the same time 'full end of end view'.
Before exploring the complexities of overlay networking, it is crucial to understand the difference between network visibility and endpoint visibility. There are some major differences between the two.
- Network visibility shows metrics based on network data whereas endpoint visibility shows metrics based on logs or active clients.
- Network visibility is mostly passive solution whereas endpoint visibility is typically not passive.
- Network visibility is agnostic to devices and software whereas endpoint visibility is not agnostic and usually requires adoption for each device.
- Network visibility involves low operating cost, but endpoint visibility solution has a high operational cost and is unpredictable.
- Network visibility provides end to end view including the transport path. However, endpoint visibility shows end-to-end performance but not the network path or network parameters. The network parameters are an indirect derivation from the end-to-end parameters.
- Network visibility is limited application related but endpoint visibility provides good application-centric metrics.
- Network visibility involves more complex approach in the installation phase due to hardware compared to endpoint visibility solutions which are easy to install in the beginning.
- Network visibility is needed for good troubleshooting whereas endpoint visibility is not enough for troubleshooting
We, at Cubro, provide network visibility.
Complexities of Overlay Networks
The issues are clearly seen in this picture if you tap and monitor at these points:
There are two issues:
Issue 1: The same traffic can be seen several times. All overlay networks are seen at the same time. The reason is that the L2 networks can run the same IP range and it is very complex for the classical monitoring to separate the streams because typical monitoring solution works with IP addresses to determine the different paths in the network.
Typical monitoring tools cannot handle tunnelled traffic. Nearly all monitoring tools are designed to handle traffic only on one port, or on one logical network layer. This tool cannot usually correlate traffic.
This is the common issue; same IP range but different overlay. Normally the standard monitoring devices do not see the outer header. Therefore, the result of the inner IP measurement is often wrong. The overlay information is usually lost and therefore, the result is incorrect!
Issue 2: This issue is even more complex. The overlay network can be distributed over different DC, these different DCs are typically connected over BGP links. In this case, a BGP correlation is needed to produce useful results.
In the last blog of the series, we will highlight the solutions offered by Cubro which offer network visibility and are more cost effective.