Más contenido relacionado La actualidad más candente (20) Similar a Real Packets from Virtual Servers (20) Real Packets from Virtual Servers1. Real Packets from Virtual Servers
Jim MacLeod
Show us your tweets!
Use today’s webinar hashtag:
Product Manager
WildPackets #wp_virtualnet
jmacleod@wildpackets.com with any questions, comments, or feedback.
Follow me @shewfig Follow us @wildpackets
© WildPackets, Inc. www.wildpackets.com
2. Administrivia
• All callers are on mute
‒ If you have problems, please let us know via the Chat window
• There will be Q&A at the end
‒ Feel free to type a question at any time
• Slides and recording will be available:
‒ Via a follow-up email
#wp_virtualnet © WildPackets, Inc. 2
3. Agenda
• Virtualization Overview
• VM Networking
• Challenges in Monitoring VM Networking
• Pulling Packets
• About WildPackets
#wp_virtualnet © WildPackets, Inc. 3
5. Terminology
• VM Host:
‒ the physical hardware running the hypervisor
‒ “Server” or “VM Server”
• VM Guest:
‒ the virtual machine running as an image inside the server
‒ “VM”
• Networking:
‒ vNIC: Virtual NIC
‒ vSwitch: Virtual Switch
#wp_virtualnet © WildPackets, Inc. 5
7. Standalone VM Host
• Multiple VM Guests in a single Host
• “Simple” VM architecture
• Possible VM network separation
‒ Multiple VLANs supported, L2 only
‒ Basic policies, e.g. bandwidth
#wp_virtualnet © WildPackets, Inc. 7
8. Coordinated VM Hosts
• Multiple Hosts, single point of management
‒ Simplified deployment
‒ “Which Host has room for more Guests?”
• Features like VM migration between Hosts
• Optional distributed virtual switching
‒ Shared switch fabric among all Hosts
‒ VMware VDS, Open vSwitch, Cisco Nexus 1000v, etc.
#wp_virtualnet © WildPackets, Inc. 8
9. Cloud
• Orchestration
‒ VM infrastructure
• Large-scale automation
• Portal / API to allow customer self-provisioning
‒ Network orchestration
• Auto-assignment of addressing and routing
• Multi-tenant separation
• Management focus on VMs per customer
‒ Limited network visibility other than bandwidth usage
‒ Bandwidth usually monitored only for billing purposes
• Rapidly evolving
#wp_virtualnet © WildPackets, Inc. 9
10. Cloud (cont)
• Deployment models
‒ Public Cloud
• Hosted by a 3rd party, multiple customers
• Shared VM servers, shared infrastructure
• Stats on VMs, not necessarily on network
‒ Private Cloud
• In-house or 3rd party
• Dedicated VM Hosts per-customer, maybe virtual L2 network
• Outsourced may not have network visibility
• Resource models
‒ IaaS, PaaS, SaaS, etc
‒ Only IaaS gives access to full VM
#wp_virtualnet © WildPackets, Inc. 10
12. Switching in the VM world
• Standalone
• Distributed
• Cloud
#wp_virtualnet © WildPackets, Inc. 12
13. Standalone VM Networking
• Multiple Guests, Single host
‒ One or more vNICs per Guest
‒ One or more physical NICs on Host
• Switch interfaces:
‒ Guest vNICs
‒ Host physical NICs (pNICs)
‒ Possible network separation via multiple L2 vSwitches
• Logically behaves like a TOR or workgroup switch
‒ No transit traffic, leaf network
‒ Usually no L3 (Routing) between VLANs/vSwitches
#wp_virtualnet © WildPackets, Inc. 13
15. Distributed VM Networking
• Single switch among multiple VM Hosts
‒ Each vSwitch per Host like a blade switch
‒ Physical network like a backplane, but usually no L3
• Maintains single forwarding table
‒ Inter-VM traffic between Hosts sent encapsulated to target Host
‒ No need to “learn” or “flood” VM MAC addresses
• Port profiles per guest
‒ If VM moves, profile moves too
‒ vSwitch forwarding tables automatically updated
‒ Physical switches must learn new Host for VM
#wp_virtualnet © WildPackets, Inc. 15
17. Cloud
• Software-allocated networking
‒ Network configuration de-coupled from networking hardware
‒ A basic form of SDN
• Focus on connectivity
‒ Get servers up and running
‒ Keep traffic hidden between customers
• Self-service paradox
‒ Cloud allows customers to provision and monitor VMs
‒ Security requires traffic to be hidden between customers
‒ Therefore customers can’t monitor the network
#wp_virtualnet © WildPackets, Inc. 17
20. New Traffic Pattern
• Traditional: North-South
‒ All traffic between server and clients
‒ Very little internal traffic
‒ Primay design goals:
• Provide connection from internal nodes to external network
• Separate internal nodes from each other
• Interconnected internal nodes physically placed on same TOR
• Emerging: East-West
‒ Traffic between servers
‒ Extreme case: inter-VM in same VM Host
‒ Driven by multi-tier apps, often deployed cloud-style
• Deployment based on available server space
• Network path often requires transit of multiple tiers
#wp_virtualnet © WildPackets, Inc. 20
22. Standalone VM
• Inter-VM single-Host traffic
‒ Traffic between VMs in a single host
• Why you don’t need to worry
‒ Not needed for network hardware troubleshooting
‒ Typically low latency inside Host
• Why you might need to monitor
‒ Network-based APM
‒ Security auditing
‒ Connectivity problems between different internal VLANs
• Must interconnect via external L3 device, e.g. router
#wp_virtualnet © WildPackets, Inc. 22
23. Distributed VM
• Inter-VM multi-Host traffic
‒ Encapsulated between hosts (Overlay)
• Most common: VXLAN and NVGRE
• Previous: MAC-in-MAC (L2 over L2)
• Future: SDN, OpenFlow, etc.
‒ Traverses physical network (Underlay)
• Management control points
‒ Overlay is controlled by VM infrastructure
‒ Underlay is “real” network
• Which layer(s) to monitor?
‒ Underlay: move packets quickly
‒ Overlay: connect applications efficiently
#wp_virtualnet © WildPackets, Inc. 23
24. Overlay vs Underlay
Distributed vSwitch (shared across VM hosts)
#wp_virtualnet © WildPackets, Inc. 24
25. Cloud
• Driven by dynamic server deployment
• Network management is deliberately simple
‒ Primary goal: connectivity
‒ Secondary goal: separation of traffic in multi-tenant
‒ Optimized network paths rarely a goal
• Tools created by server people, for server people
‒ Network monitoring only for bandwidth measurement
• Bits and bytes for billing
‒ Need advanced networking? Overlay!
• Abstract network, just like abstracted server hardware
• Complexity is specialized
‒ Storage network team, underlay network team
#wp_virtualnet © WildPackets, Inc. 25
27. Where to Capture
• On the Network
• On the vSwitch
• On a Virtual Tap
• On the VM Guest
#wp_virtualnet © WildPackets, Inc. 27
28. On the Network
• Classical switch SPAN port or tap
‒ View traffic in/out of a Host
• The Good:
‒ Familiar configuration and process
‒ “Easy” if you control the network
• The Bad:
‒ Misses intra-host traffic
#wp_virtualnet © WildPackets, Inc. 28
30. On the vSwitch
• Span port from virtual switch / hypervisor
‒ Dedicated VM guest to receive packets
‒ Potentially external capture
• Use pNIC as target for SPAN
• Also RSPAN/ERSPAN
• The Good:
‒ Visibility of intra-host traffic
‒ Built-in to infrastructure
• The Bad:
‒ Capturing on local VM increases IO of net & disk
‒ Still have to know which Host for specific VM guest
‒ May violate separation of customer traffic
#wp_virtualnet © WildPackets, Inc. 30
32. With a Virtual Tap
• Tap to manage SPAN on distributed vSwitches
• Integrates with VM control system
‒ Reads orchestration info to find which Host for VM guest
‒ Auto-configures capture source
• The Good:
‒ Reduced effort, increased visibility
‒ Should auto-filter for customer traffic separation
• The Bad:
‒ May be VM vendor specific, e.g. only VMware
• Examples: NetOptics, Gigamon, BigSwitch
#wp_virtualnet © WildPackets, Inc. 32
34. Capturing Packets in Cloud
• Private Cloud (In-house)
‒ Under your control
• Functionally similar to distributed VM
‒ If you control the network, you can sniff “anywhere”
• Legal concerns for customer-owned Guest VMs
• Public Cloud / Private Cloud (3rd Party)
‒ Unlikely that you can negotiate net sniffing rights
‒ IaaS VMs can likely sniff their own traffic
• Non-promiscuous sniffing
• Restore visibility on per-VM basis
• You’ll have to re-aggregate traffic among VMs
#wp_virtualnet © WildPackets, Inc. 34
36. Summary
• Virtualization is
‒ Great for servers
‒ Hard for network visibility
• If it’s your network
‒ You can sniff
‒ But it may not be your data
• You can sniff using
‒ Physical switches & taps
‒ Virtual switches & virtual taps
• Sniffing is sometimes possible in cloud
‒ IaaS on a per-VM basis
#wp_virtualnet © WildPackets, Inc. 36
37. Q&A
Show us your tweets!
Use today’s webinar hashtag: Follow us on SlideShare!
Check out today’s slides on SlideShare
#wp_virtualnet www.slideshare.net/wildpackets
with any questions, comments, or feedback.
Follow us @wildpackets
© WildPackets, Inc. www.wildpackets.com
39. Corporate Background
• Experts in network monitoring, analysis, and troubleshooting
‒ Founded: 1990 / Headquarters: Walnut Creek, CA
‒ Offices throughout the US, EMEA, and APAC
• Customers spanning leading edge organizations
‒ Mid-market and enterprise lines of business
‒ Financial, manufacturing, ISPs, major federal agencies,
state and local governments, universities
‒ Over 7,000 customers / 60+ countries / 80% of Fortune 1,000
• Award-winning solutions that improve network performance
‒ Internet Telephony, Network Magazine, Network Computing awards
‒ United States Patent 5,787,253 issued July 28, 1998
• “Apparatus and Method of Analyzing Internet Activity”
#wp_virtualnet © WildPackets, Inc.
40. Why Our Customers Need Us
• VoIP, video, cloud, virtualization, and key business
applications are saturating critical network services
• Evolving network technologies create discontinuities
‒ 1 Gig 10 Gig 40 Gig 100 Gig networks
‒ Wireless, BYOD initiatives
• Users and business can not tolerate network
problems for mission critical services
Increasing demand for better real-time network visibility,
network analytics, network forensics, and DPI
#wp_virtualnet © WildPackets, Inc.
41. How We Create Value
We provide innovative, industry-leading, real-time
network performance management solutions
‒ Easy-to-use, easy-to-learn user interface
‒ Uniquely extensible solutions
‒ Wireless network leadership
‒ Detailed analytics related to network applications
‒ Fastest network traffic capture appliance in its class
‒ Technical superiority at competitive price point
WildPackets has continually advanced its solution to meet the needs of its
customers
#wp_virtualnet © WildPackets, Inc.
42. Unprecedented Network Visibility
NETWORK HEALTH
GLOBAL WatchPoint can manage and report on key
device performance and availability across
the entire network, from anywhere on the network.
UNDERSTAND END-USER PERFORMANCE
TimeLine and Omnipliance network recorders monitor
DISTRIBUTED and analyze performance across critical network
segments, virtual environments, and remote sites.
PINPOINT NETWORK ISSUES ANYWHERE
Omnipliance Portable can rapidly identify and troubleshoot
PORTABLE issues before they become major problems—wired or
wireless—down the hall or across the globe.
ROOT-CAUSE ANALYSIS
OmniPeek network analyzer performs deep packet inspection
DPI and can reconstruct all network activity, including e-mail and
IM, as well as analyze VoIP and video traffic quality.
#wp_virtualnet © WildPackets, Inc.
43. A History of Innovation
2001 2005 2009 2011
• First 802.11 Combined distributed Innovative dashboard • Total visibility with
wireless analyzer network and VoIP with drill-down for VoIP zero packet loss
• First network network analysis and video • First wireless
analyzer with network analyzer to
automated expert support capture and
analysis analysis of 802.11n
3-stream wireless
2003 2008 2010 2012
Distributed real-time Enterprise-wide First to achieve 11 Gbps • Capture, record, and
troubleshooting Monitoring and Reporting sustained capture-to-disk analyze from 40G
network segments
• First wireless network
analyzer to support
801.11ac, k, r, u, v, w
#wp_virtualnet © WildPackets, Inc.
45. Omni Distributed Analysis Platform
OmniPeek
Enterprise Packet Capture, Decode and Analysis
• Ethernet,1/10 Gigabit, 802.11, and voice and video over IP
• Portable capture and OmniEngine console
• Aggregate analysis data across multiple capture points
Omnipliance / TimeLine
Distributed Enterprise Network Forensics
• High-performance packet capture and real-time analysis
• Stream-to-disk for forensics analysis
• Integrated OmniAdapter network analysis cards up to 40G
WatchPoint
Centralized Enterprise Network Monitoring Appliance
• Aggregation and graphical display of network data
• WildPackets OmniEngines
• NetFlow and sFlow
#wp_virtualnet © WildPackets, Inc.
46. Omni Distributed Analysis Platform
Software and Turnkey Solutions
• Enterprise monitoring and reporting
‒ WatchPoint Server
‒ OmniFlow, NetFlow, and sFlow Collectors
• Software probes and network recorders
‒ Omnipliance network recorders – Edge, Core
‒ TimeLine network recorders
‒ OmniAdapter analysis cards
• Distributed analysis software
‒ OmniPeek – Enterprise, Professional, Basic, Connect
‒ OmniEngine – Enterprise, Desktop, OmniVirtual
• Portable solutions
‒ OmniPeek network analyzer
‒ Omnipliance Portable
#wp_virtualnet © WildPackets, Inc.
47. Key New Features in v7
• 40G network support
• Analyze issues from end to end:
Multi-Segment Analysis (MSA)
• Collect data from non-technical end users:
OmniPeek Remote Assistant (ORA)
• Single, interactive dashboard for
utilization, top talkers, top protocols,
latency, Experts, flows, and wireless
signal strength
• New wireless specifications
‒ 802.11ac 802.11k
‒ 802.11r 802.11u
‒ 802.11v 802.11w
#wp_virtualnet © WildPackets, Inc.
48. OmniPeek Network Analyzer
• Distributed analysis manager
– Connect to and configure distributed OmniEngines, Omnipliances,
and TimeLines
• Comprehensive dashboards present network traffic in real-time
– Vital statistics and graphs display trends on network and application
performance
– Visual peer-map shows conversations and protocols
– Intuitive drill-down for root-cause analysis of performance bottlenecks
• Visual Expert diagnosis speeds problem resolution
– Packet and payload visualizers provide business-centric views
• Automated analytics and problem detection 24/7
– Easily create filters, triggers, scripting, advanced alarms, and alerts
#wp_virtualnet © WildPackets, Inc.
49. Omnipliance Network Recorders
• Captures and analyzes all network traffic 24x7
– Runs WildPackets OmniEngine software probe
– Generates vital statistics on network and application performance
– Intuitive root-cause analysis of performance bottlenecks
• Expert analysis speeds problem resolution
– Fault analysis, statistical analysis, and independent notification
• Multiple issue digital forensics
– Real-time and post capture data mining for compliance and troubleshooting
• Intelligent data transport
– Network data analyzed locally
– Detailed analysis passed to OmniPeek on demand
– Summary statistics sent to WatchPoint for long term trending and reporting
– Efficient use of network bandwidth
• User-extensible platform
– Plug-in architecture and SDK
#wp_virtualnet © WildPackets, Inc.
50. TimeLine Network Recorder
• Continuous network recording and comprehensive
real-time statistical display — simultaneously
‒ 12Gbps sustained capture with zero packet loss
‒ Network statistics display in TimeLine visualization format
• Rapid, intuitive forensics search and retrieval
‒ Historical network traffic analysis and quick data rewinding
‒ Several pre-defined forensics search templates making
searches easy and fast
• A natural extension to the WildPackets product line
• Turnkey bundled solution
‒ Appliance + OmniEngine, OmniAdapter, OmniPeek Connect
#wp_virtualnet © WildPackets, Inc.
51. WildPackets Network Recorders
Price/Performance Solutions for Every Application
Portable Edge Core TimeLine
Ruggedized Small Networks Datacenter Workhorse Enterprise, Highly-
Troubleshooting Remote Offices Easily Expandable Utilized Networks
Aluminum chassis / 17” LCD 1U rack mountable chassis 3U rack mountable chassis 3U rack mountable chassis
Dual 2.13 GHz Quad-Core Intel Quad-Core Intel Xeon X3460 Dual Intel Xeon Quad Core Dual Intel Xeon Quad Core
Xeon L5630 "Westmere" 2.80Ghz E5530 2.4GHz X5560 2.8GHz
24GB RAM 4GB RAM 6GB RAM 18GB RAM
2 PCI-E Slots 2 PCI-E Slots 4 PCI-E Slots 4 PCI-E Slots
2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports 2 Built-in Ethernet Ports
6TB SATA storage capacity 1TB SATA storage capacity 8/16TB SATA 8/16/32/48TB SATA
storage capacity storage capacity
4.5Gbps CTD 1.1Gbps CTD 3Gbps CTD 12Gbps CTD
#wp_virtualnet © WildPackets, Inc.
52. WatchPoint
Centralized Monitoring for Distributed Enterprise Networks
• High-level, aggregated
view of all network
segments
– Monitor per campus, per
region, per country
• Wide range of network
data
– NetFlow, sFlow, OmniFlow
• Web-based, customizable
network dashboards
• Flexible detailed reports
• Direct link to detailed,
packet-based analysis
#wp_virtualnet © WildPackets, Inc.
53. Comprehensive Support and Services
Standard Support Premier Support
Maintenance and upgrades 24 x 7 x 365
Telephone and email contacts Dedicated escalation manager
Knowledgebase 2 customer contacts per site
MyPeek Portal Plug-in reconfiguration assistance
WildPackets Training Academy
Public, web-based, and on-site classes
Complete curriculum: technology and product focused
Practical applications and labs covering network analysis,
wireless, VoIP monitoring and advanced troubleshooting
Consulting and Custom Development Services
Deployment, configuration, and assessment engagement
Systems integration and testing
Application integration, driver, decode, interface development
#wp_virtualnet © WildPackets, Inc.
54. WildPackets Key Differentiators
• Visual Expert intelligence with intuitive drill-down
– Let computer do the hard work, and return results, real-time
– Packet /payload visualization is faster than packet-per-packet diagnostics
– Experts and analytics can be memorized and automated
• Automated capture analytics
– Filters, triggers, scripting, and advanced alarming system combine to provide
automated network problem detection 24x7
• Multiple issue network forensics
– Can be tracked by one or more people simultaneously
– Real-time or post capture
• User-extensible platform
– Plug-in architecture and SDK
• Aggregated network views and reporting
– NetFlow, sFlow, and OmniFlow
#wp_virtualnet © WildPackets, Inc.