The blind spot in virtual servers - seeing with network analysis
-
Upload
wildpackets -
Category
Technology
-
view
380 -
download
0
description
Transcript of The blind spot in virtual servers - seeing with network analysis
www.wildpackets.com © WildPackets, Inc.
Show us your tweets! Use today’s webinar hashtag:
#wp_virtualblindspot with any questions, comments, or feedback.
Follow us @wildpackets
Jay Botelho
Director of Product Management
WildPackets
Follow me @jaybotelho
The Blind Spot in Virtual Servers:
Seeing with Network Analysis
© WildPackets, Inc. #wp_virtualblindspot
Administration
• All callers are on mute ‒ If you have problems, please let us know via the Chat window
• There will be Q&A at the end ‒ Feel free to type a question at any time
• Slides and recording will be available ‒ Notification within 48 hours via a follow-up email
2
© WildPackets, Inc. #wp_virtualblindspot
Agenda
• Current Trends in Virtualization
• What Causes Virtual Network Blind Spots?
• Configuring Virtual Networks for Analysis
• Establishing Goals for Network Analysis in Virtual
Environments
• Defining the Requirements
• WildPackets Corporate Overview
• WildPackets Product Line Overview
3
www.wildpackets.com © WildPackets, Inc.
Current Trends in Virtualization
© WildPackets, Inc. #wp_virtualblindspot
Current State of Virtualization
• 75% of large companies have implemented some form of
virtualization1
• Percentage of servers actually virtualized remains small at
approximately 10 – 15% in these companies1
• Virtual systems are a tempting target for security breaches
‒ Compromising only one layer provides access to many2
• Storage virtualization – 45% adoption; 5th most effective IT
strategy3,7
‒ Deduplication
‒ Thin provisioning
‒ Tiering
© WildPackets, Inc. #wp_virtualblindspot
Adoption Drivers in Virtualization
• Bundling virtualization with servers1
• SMBs get into the action4, 5
• Automation on the rise5, 6
• Better backup, recovery and live migration tools5, 6
• I/O and network virtualization 6
• SDN (Software Defined Networks)
• Desktop Virtualization5, 6, 8 ‒ Benefits depend on vertical industry
‒ Mobile access devices (eg. iPads) driving adoption
6
www.wildpackets.com © WildPackets, Inc.
What Causes Virtual Network Blind
Spots?
© WildPackets, Inc. #wp_virtualblindspot
Virtualization
11000110101 11000110101
11000110101 ?
www.wildpackets.com © WildPackets, Inc.
Configuring the Virtual Network for
Analysis
© WildPackets, Inc. #wp_virtualblindspot
Categories of Virtualization
• Standalone
• Coordinated/Distributed
• Cloud
10
© WildPackets, Inc. #wp_virtualblindspot
Terminology
• VM Host
‒ Physical hardware running the hypervisor
‒ “Server” or “VM Server”
• VM Guest
‒ Virtual machine running as an image inside the server
‒ “VM”
• Networking
‒ vNIC: Virtual NIC
‒ vSwitch: Virtual Switch
‒ pNIC: Physical NIC
11
© WildPackets, Inc. #wp_virtualblindspot
Standalone VM Networking
• Multiple guests, single host
‒ One or more vNICs per guest
‒ One or more physical NICs on
host
• Switch interfaces
‒ Guest vNICs
‒ Host physical NICs (pNICs)
‒ Possible network separation
via multiple L2 vSwitches
• Logically behaves like a TOR
or workgroup switch
‒ No transit traffic, leaf network
‒ Usually no L3 (Routing)
between VLANs/vSwitches
12
© WildPackets, Inc. #wp_virtualblindspot
The Blind Spots
13
© WildPackets, Inc. #wp_virtualblindspot
Eliminating the Blind Spots
11000110101 ?
© WildPackets, Inc. #wp_virtualblindspot
Eliminating the Blind Spots
• The Good:
‒ Visibility of intra-host
traffic
‒ Built into infrastructure
• The Bad:
‒ Capturing on local VM
increases demand on
VM resources
‒ Still have to know
which host for specific
VM guest
‒ May violate separation
of customer traffic
15
© WildPackets, Inc. #wp_virtualblindspot
Configuration Details
• Create a VM for
OmniVirtual
• Allocate resources
based on goals
• Install OmniVirtual
• Connect to
OmniVirtual using
OmniPeek
© WildPackets, Inc. #wp_virtualblindspot
Configuration Details (cont.)
• Log into the VMware
Infrastructure Client
• Choose the Configuration
tab in Networking
• Put the virtual switch into
promiscuous mode – Switch
Properties -> Edit ->
Security tab – set
promiscuous mode to
“accept”
• Similar to spanning a switch
in a “real” environment
• Start a capture
© WildPackets, Inc. #wp_virtualblindspot
Coordinated VM Networking • Single switch among multiple
VM hosts
‒ Each vSwitch per host like a
blade switch
‒ Physical network like a
backplane, but usually no L3
• Maintains single forwarding
table
‒ Inter-VM traffic between hosts
sent encapsulated to target host
‒ No need to “learn” VM MAC
addresses
• Port profiles per guest
‒ If VM moves, profile moves too
‒ vSwitch forwarding tables
automatically updated
‒ Physical switches must learn new
host for VM 18
Distributed vSwitch (shared across VM hosts)
© WildPackets, Inc. #wp_virtualblindspot
The Blind Spots
19
Distributed vSwitch (shared across VM hosts)
© WildPackets, Inc. #wp_virtualblindspot
Eliminating the Blind Spots - Virtual Taps
• The Good: ‒ Reduced effort, increased
visibility
‒ Should auto-filter for
customer traffic separation
• The Bad: ‒ May be VM vendor
specific, e.g. only VMware
• Examples: NetOptics,
Gigamon, BigSwitch
20
Distributed vSwitch (shared across VM hosts)
Virtual Tap
© WildPackets, Inc. #wp_virtualblindspot
Cloud
• Private Cloud (In-house)
• Public Cloud (3rd Party) ‒ Software-as-a-Service (SaaS)
‒ Infrastructure-as-a-Service (IaaS)
‒ Hosted services
21
© WildPackets, Inc. #wp_virtualblindspot
Network Analysis in the Cloud
• Private Cloud (In-house)
‒ Under your control -
functionally similar to
distributed VM
‒ If you control the network,
you can sniff “anywhere”
• Public Cloud (3rd Party)
‒ IaaS VMs can likely sniff their
own traffic
‒ SaaS and Hosted Services -
unlikely that you can
negotiate network sniffing
rights
22
www.wildpackets.com © WildPackets, Inc.
Establishing Goals for Network
Analysis in Virtual Environments
© WildPackets, Inc. #wp_virtualblindspot
What’s The Difference?
• All the same goals apply ‒ Monitoring/alarms
‒ Real-time analysis
‒ Post-capture analysis
‒ Network performance/application performance/VoIP
• Only the implementation is different
Traditional NA – Virtual NA = 0
© WildPackets, Inc. #wp_virtualblindspot
Analyze The Essentials
• Monitor
‒ Statistics only
‒ Alerts/alarms
‒ Perfect for conserving resources
• Real-time analysis
‒ Disable what you don’t need to
increase performance
• Post-capture analysis
‒ Turn off ALL analysis options
‒ Significantly increase overall
performance
© WildPackets, Inc. #wp_virtualblindspot
Best Practices
• Be specific (regarding your analysis requirements)
• Understand your virtual environment and network
• Analyze the essentials
• Know your resource limits
• Anticipate hardware resource needs
• Be reasonable (monitor the number of analysts
accessing data)
www.wildpackets.com © WildPackets, Inc.
Defining the Requirements
© WildPackets, Inc. #wp_virtualblindspot
Anticipate Hardware Resource Needs
• Real-time analysis ‒ Keep buffer size, file size and saved files within reasonable limits
‒ Use the minimum number of captures possible to accomplish
your objective
• Post-capture analysis - hard disk and RAM ‒ Assuming steady-state traffic of 1Gbps:
7.68 GB/min
460 GB/hr
11 TB/day
‒ Forensics searches are CPU and RAM intensive
‒ Pre-compute the maximum RAM your search could use
‒ Disable unneeded analysis options
‒ Experiment: search for just packets and then add several
analysis options and note the difference
www.wildpackets.com © WildPackets, Inc.
Q&A
Show us your tweets! Use today’s webinar hashtag:
#wp_virtualblindspot with any questions, comments, or feedback.
Follow us @wildpackets
Follow us on SlideShare! Check out today’s slides on SlideShare
www.slideshare.net/wildpackets
www.wildpackets.com © WildPackets, Inc.
WildPackets Corporate Overview
Optimizing Network and Application Performance
© WildPackets, Inc. #wp_virtualblindspot
Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Customers spanning leading edge organizations
‒ Mid-market and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing awards
‒ United States Patent 5,787,253 issued July 28, 1998 • “Apparatus and Method of Analyzing Internet Activity”
© WildPackets, Inc. #wp_virtualblindspot
Why Our Customers Need Us
• VoIP, video, cloud, virtualization, and key business
applications are saturating critical network services
• Evolving network technologies create discontinuities ‒ 1 Gig 10 Gig 40 Gig 100 Gig networks
‒ Wireless, BYOD initiatives
• Users and business can not tolerate network
problems for mission critical services
Increasing demand for better real-time network visibility,
network analytics, network forensics, and DPI
© WildPackets, Inc. #wp_virtualblindspot
How We Create Value
We provide innovative, industry-leading, real-time
network performance management solutions
‒ Easy-to-use, easy-to-learn user interface
‒ Uniquely extensible solutions
‒ Wireless network leadership
‒ Detailed analytics related to network applications
‒ Fastest network traffic capture appliance in its class
‒ Technical superiority at competitive price point
WildPackets has continually advanced its solution to meet the needs of its
customers
© WildPackets, Inc. #wp_virtualblindspot
Unprecedented Network Visibility
ROOT-CAUSE ANALYSIS
OmniPeek network analyzer performs deep packet inspection
and can reconstruct all network activity, including e-mail and
IM, as well as analyze VoIP and video traffic quality.
PINPOINT NETWORK ISSUES ANYWHERE
Omnipliance Portable can rapidly identify and troubleshoot
issues before they become major problems—wired or
wireless—down the hall or across the globe.
UNDERSTAND END-USER PERFORMANCE TimeLine and Omnipliance network recorders monitor
and analyze performance across critical network
segments, virtual environments, and remote sites.
NETWORK HEALTH
WatchPoint can manage and report on key
device performance and availability across
the entire network, from anywhere on the network.
GLOBAL
DISTRIBUTED
PORTABLE
DPI
© WildPackets, Inc. #wp_virtualblindspot
A History of Innovation
2003 Distributed real-time
troubleshooting
2001 • First 802.11
wireless analyzer
• First network
analyzer with
automated expert
analysis
2005 Combined distributed
network and VoIP
network analysis
2008 Enterprise-wide
Monitoring and Reporting
2009 Innovative dashboard
with drill-down for VoIP
and video
2012 • Capture, record, and
analyze from 40G
network segments
• First wireless network
analyzer to support
801.11ac, k, r, u, v, w
2011 • Total visibility with
zero packet loss
• First wireless
network analyzer to
support capture and
analysis of 802.11n
3-stream wireless
2010 First to achieve 11 Gbps
sustained capture-to-disk
www.wildpackets.com © WildPackets, Inc.
Product Line Overview
© WildPackets, Inc. #wp_virtualblindspot
Omni Distributed Analysis Platform
OmniPeek Enterprise Packet Capture, Decode and Analysis
• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP
• Portable capture and OmniEngine console
• Aggregate analysis data across multiple capture points
Omnipliance / TimeLine Distributed Enterprise Network Forensics
• High-performance packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards up to 40G
WatchPoint Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
© WildPackets, Inc. #wp_virtualblindspot
Omni Distributed Analysis Platform Software and Turnkey Solutions
• Enterprise monitoring and reporting
‒ WatchPoint Server
‒ OmniFlow, NetFlow, and sFlow Collectors
• Software probes and network recorders
‒ Omnipliance network recorders – Edge, Core
‒ TimeLine network recorders
‒ OmniAdapter analysis cards
• Distributed analysis software
‒ OmniPeek – Enterprise, Professional, Basic, Connect
‒ OmniEngine – Enterprise, Desktop, OmniVirtual
• Portable solutions
‒ OmniPeek network analyzer
‒ Omnipliance Portable
© WildPackets, Inc. #wp_virtualblindspot
Key New Features in v7
• 40G network support
• Analyze issues from end to end:
Multi-Segment Analysis (MSA)
• Collect data from non-technical end users:
OmniPeek Remote Assistant (ORA)
• Single, interactive dashboard for
utilization, top talkers, top protocols,
latency, Experts, flows, and wireless
signal strength
• New wireless specifications
‒ 802.11ac 802.11k
‒ 802.11r 802.11u
‒ 802.11v 802.11w
© WildPackets, Inc. #wp_virtualblindspot
OmniPeek Network Analyzer
• Distributed analysis manager
– Connect to and configure distributed OmniEngines, Omnipliances,
and TimeLines
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms, and alerts
© WildPackets, Inc. #wp_virtualblindspot
Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs WildPackets OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple issue digital forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-extensible platform
– Plug-in architecture and SDK
© WildPackets, Inc. #wp_virtualblindspot
TimeLine Network Recorder
• Continuous network recording and comprehensive
real-time statistical display — simultaneously ‒ 12Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval ‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution ‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
© WildPackets, Inc. #wp_virtualblindspot
WildPackets Network Recorders Price/Performance Solutions for Every Application
Portable Edge Core TimeLine
Ruggedized
Troubleshooting
Small Networks
Remote Offices
Datacenter Workhorse
Easily Expandable
Enterprise, Highly-
Utilized Networks
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis
Dual 2.13 GHz Quad-Core Intel
Xeon L5630 "Westmere"
Quad-Core Intel Xeon X3460
2.80Ghz
Dual Intel Xeon Quad Core
E5530 2.4GHz
Dual Intel Xeon Quad Core
X5560 2.8GHz
24GB RAM 4GB RAM 6GB RAM 18GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
6TB SATA storage capacity 1TB SATA storage capacity 8/16TB SATA
storage capacity
8/16/32/48TB SATA
storage capacity
4.5Gbps CTD 1.1Gbps CTD 3Gbps CTD 12Gbps CTD
© WildPackets, Inc. #wp_virtualblindspot
WatchPoint Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Direct link to detailed,
packet-based analysis
© WildPackets, Inc. #wp_virtualblindspot
Comprehensive Support and Services
Standard Support
Maintenance and upgrades
Telephone and email contacts
Knowledgebase
MyPeek Portal
Premier Support
24 x 7 x 365
Dedicated escalation manager
2 customer contacts per site
Plug-in reconfiguration assistance
WildPackets Training Academy
Public, web-based, and on-site classes
Complete curriculum: technology and product focused
Practical applications and labs covering network analysis,
wireless, VoIP monitoring and advanced troubleshooting
Consulting and Custom Development Services
Deployment, configuration, and assessment engagement
Systems integration and testing
Application integration, driver, decode, interface development
© WildPackets, Inc. #wp_virtualblindspot
WildPackets Key Differentiators
• Visual Expert intelligence with intuitive drill-down
– Let computer do the hard work, and return results, real-time
– Packet /payload visualization is faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated capture analytics
– Filters, triggers, scripting, and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple issue network forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-extensible platform
– Plug-in architecture and SDK
• Aggregated network views and reporting
– NetFlow, sFlow, and OmniFlow
© WildPackets, Inc. #wp_virtualblindspot
24x7 Network Monitoring,
Analysis, and Troubleshooting
www.wildpackets.com © WildPackets, Inc.
Thank You!
WildPackets, Inc.
1340 Treat Boulevard, Suite 500
Walnut Creek, CA 94597
(925) 937-3200