• Amir Kossover

Pure software packet brokers - visibility in the virtual world

Updated: May 13, 2020

For many years the network visibility market has relied on the silicon chip features (Switch chips, FPGAs etc.) to define the feature capabilities which were offered to customers. Tools that are developed by the hardware vendors are bound to the innovation of these chips manufacturers. This resulted in solutions that are expensive to purchase and limited in the features and capacity they can supply. Due to the nature of hardware development cycles, network visibility features cannot catch up fast enough with the requirements of customers for more complicated requirements and use cases like searching and extracting data from network flows in the pace that network technologies and speed is progressing. Another challenge for tool vendors is the complexity of integration with the ever-growing deployment of virtual environments. This created a gap not easily bridged between the existing solutions that are hardware based and the virtual which is software based.

Last, during the past few years there is also a shift from dedicated custom-built hardware for monitoring and security tools (like firewalls, IDPs, IDS, NPM etc.) to the virtual world, disaggregating software and hardware.

These trends and shifts caused the network visibility market to trail behind, as software is still strongly tied to the hardware capabilities, which limits the integration between the tools and the visibility infrastructure. In order to bridge the gap between the hardware-based solution and the virtual solution, halfway strategies were put in place. One common method to establish communication between the virtual tools and the visibility infrastructure is using tunneling/lan extension protocol (GRE, vNTAG etc.), however, this adds management overhead and has a negative impact on performance. It requires management of tunnels between the tools installed in the cloud and the physical packet brokers. The more tools and packet sources you have in the cloud (VTAPs, vSPAN ports, diagnostic tools etc.), the more tunnels you have to maintain. Both ends of the tunnels might not be managed and orchestrated in the same console. Of course, this kind of solution takes traffic that would reside entirely in the cloud, outside of it into the physical network, adding more traffic and adding to the load of the physical network.

On top of that, the challenge of overloaded tools remains the same. Overwhelming amounts of data floods analysis and security tools, hindering their performance and causing users to frequently upgrade their hardware and increase spending on software licenses. As networks increase in speed and capacity, the tools integrated into them need to be upgraded as well. a 10G network processing tool (be it security or analysis) cannot work fast enough to process the capacity of a 40G or 100G network, which will require additional spending in upgrading these tools or adding more of them, which is painful to the network administrator as topology changes might be required. The desirable solution is a unified and optimized platform, which includes both the visibility infrastructure that filters, eliminates blind spots, reduces data overloads, and the tool that analyzes the required network traffic.

In order to do all this magic: Simplifying, reducing traffic, optimizing tool capacity, maintaining full visibility of into the virtual with less overhead, CGS created this unique solution that leverages the container technology, allowing monitoring and security tools like open source BRO to coexist with a pure software packet broker. All that is necessary runs in a single scalable box with easy to use resource allocation to optimize performance and simplify management, including advanced filtering methods.

The integrated platform's Packet Broker layer aggregates, filters and load balances traffic and feeds it to the tool "workers'' running in containers. Examples of tools that can run in such an environment are BRO/ZEEK and NGNIX, as well as any tool that supports a container environment.

The Innovative CGS solution provides the advantage of disaggregating hardware and software, integrating visibility in today's modern virtual infrastructure. Our pure software solution is the most advanced in the industry. It optimizes the data delivery to your tools, performing layer 2-7 filtering, header stripping, load balancing (between containers and multiple instances in the same container), data delivery sampling and much more, while reducing cost and complexity.

151 views0 comments

ยฉ 2020 CGS Tower Networks