Category Archives: Virtual Networks

The Challenges of Virtualization in Higher Speed Networks

The proliferation of virtualization coupled with the increase in 10G, 40G, and 100G networks has created blind spots in network and application monitoring. While virtualization has been widely adopted as a means of cutting costs and increasing efficiencies, allowing organizations to respond faster to changing business demands, the lack of network visibility increases the challenges in diagnosing and analyzing performance issues, both network and application Air Blower.

Preventing performance issues and outages in such environments is critical to maintaining the pace of business, and as networks grow, monitoring and managing network performance becomes increasingly complex and expensive. Therefore, IT administrators must work to ensure their company’s networks can rapidly scale and deliver computing resources efficiently.

The issue is further highlighted by the results of our recent survey, The State of Faster Networks, which found that 43 percent of respondents reported limited or no network visibility as their biggest challenge in their transition to 10G+ networks. To combat these challenges, respondents stated they need more real-time statistics and faster forensic search times, two capabilities that become even more important in virtual environments.

Virtual servers remain a very tempting target for security breaches. An attacker only has to compromise one layer in order to gain access to many different layers. And with the introduction of blind spots in virtual systems, the potential for an organization to remain in the dark about security vulnerabilities is even higher.

So, what causes these virtual network blind spots? In traditional network analysis, physical LANs and physical Ethernet adapters connect directly to a physical appliance. However, in the case of virtualization, applications may be communicating with each other without ever accessing a physical network port. This traffic never leaves the virtual machine, and there is no practical way to monitor or manage this internal virtual network traffic.

Solutions for eliminating the blind spots vary, depending on the complexity of the virtual environment. For stand-alone virtual servers, a software probe that runs as one of the virtualized applications is often enough to capture and analyze the traffic across the entire virtual server, offering a cost-effective solution to eliminate blind spots within the server. For more complex systems consisting of multiple servers or blades across a virtual backbone, a dedicated network analysis appliance is the best solution for gaining visibility into the entire virtual system. If the system being used offers the capability to span virtual switch ports, enabling this feature will allow the network analysis appliance to directly connect to the virtual network traffic. If not, third-party virtual taps can be used to tap the virtual traffic and make it available to external network analysis appliances.

If you are working in a virtual environment and encounter problems capturing data, view our webcast, “The Blind Spot in Virtual Servers: Seeing with Network Analysis.” With the tips you’ll learn, you’ll be on your way to a more efficient and reliable network analysis solution in no time.

What Types of Virtualization Are Most Vulnerable to Network Blind Spots

Virtualization helps companies to streamline application deployment, simplify IT operations, and allow IT organizations to respond faster to changing business demands. However, there is a downside when it comes to network analysis. Virtualization introduces network blind spots – areas of application traffic that never cross a physical network interface – which is the typical connection point for network analysis systems.

There are ways to make these network blind spots visible, but to get the right prescription you need to first determine the type of virtualization that needs to be addressed.

Standalone VM Systems
Standalone VM systems have multiple VM guests, but a single VM host. The host is the physical hardware, while the guests refer to the virtual machines running inside of the physical server that can be used to run various applications which share the overall hardware platform. Standalone VM systems are how virtualization got started, and this is probably still the most common type of virtualization in the market. In standalone VM systems you may have one or more virtual network interfaces (vNICs) per guest and one or more physical network interfaces (pNICs) per VM host, creating a complex flow of both virtualized traffic and physical traffic.

A blind spot will occur in standalone VM systems when processes are communicating between different guests inside the same overall physical system. To remedy this, you’ll want to run additional software, like OmniVirtual, as a part of the virtual system to gain access to the traffic crossing the virtual NICs. This will capture inter-VM traffic and provide you with the visibility necessary to properly analyze both your network and application performance.

Coordinated/Distributed Virtualization
In the case of coordinated or distributed virtualization, the system consists of multiple VM hosts connected via a virtual distribution layer, making both inter-VM guest and inter-VM host traffic invisible to traditional network analysis techniques.

To address this more complex situation, a virtual tap is necessary. This is software that acts like a traditional hardware network tap, running at the level of the hypervisor. It allows users to tap into the vNICs and virtual switches that are connecting the various hosts, and gain access to the packet streams of interest for detailed network analysis. Since the virtual tap runs in the VM layer itself, it is typically vendor-specific so keep that in mind when researching virtual taps. Once a virtual tap is in place, network recorders like WildPackets TimeLine or Omnipliance Core can be connected to the virtual tap and capture network and application traffic as if physically connected to the virtual layer.

There are three different cloud scenarios, two of which have similar blind spot remedies to our previously mentioned ones in the sections above: in-house and third party. For an in-house cloud server, this is similar to distributed virtualization in that you’ll have physical access to your systems and can add technologies like virtual taps. For a third-party cloud solution, or Infrastructure as a Service (IaaS), you can install your own software – like OmniVirtual – to perform network analysis on remote VM hosts.

The only time when it is truly difficult to perform network analysis in the Cloud is in the case of Software-as-a-Service (SaaS), or hosted services. Here, you are essentially at the mercy of the service provider, as you will not have access to virtual servers to install software of your own.

Regardless of your network virtualization type, there is almost always a solution to gain full visibility into your network. Just follow the steps above or watch our ondemand webcast for further details.

Scale Your Network Visibility with WildPackets

Scalability is an issue that’s coming up more and more frequently as 10G and 40G networks grow in popularity. As networks grow in size, the ability of network analysis solutions to either handle the growing amount of data or to accommodate the growth is telling of its scalability.

Network growth results in more network analysis through increased analytical throughput, scope, data storage, and distributed analysis. As your network grows and you encounter these issues, there are ways to scale your visibility so that you’re not looking for a needle in a 10G haystack.

Architect for Visibility
As always, knowing your network is key. Know what traffic is important to your company. Is it mission critical business applications, like order entry, financials, and CRM? Or is it web-based traffic that’s driving your online retail business? Once you decide what, and how much, of this traffic requires ongoing monitoring and analysis, you’ll know where to look to specifically identify the traffic that you’ll want to capture. Building visibility into your network infrastructure can help both of these practices. Through strategic placement of analysis points, you’ll be able to get instant information to fix problems faster.

Visibility includes both summary level monitoring data and detailed network metrics, including visibility into network packet traffic and even specific packet decodes. Only a packet-based network analysis system, like the Omni Distributed Analysis Platform, provides the complete range of visibility required to monitor and troubleshoot today’s high-speed networks, keeping networks running smoothly and guaranteeing the very best end-user experience.

Backbone Visibility
Though often the fastest link in your infrastructure, the network backbone – the aggregation of all your distribution layer networks – can be an excellent point for monitoring network traffic and capturing network data for more detailed analysis. Depending on your overall network architecture, the network backbone may be a roll-up of just about all of your critical network traffic, especially if traffic is driven through a centralized network operations center (NOC), or if your company is a heavy user of cloud-based or other third party SaaS applications that drive network traffic through your WAN link. Using high speed network monitoring appliances on the network backbone can centralize your network monitoring and analysis, and save money by consolidating network analysis into a single appliance.
The aggregated traffic on the network backbone will typically be high speed, with more and more enterprises migrating to 10G backbones. Packet-based network analysis on the backbone means you’ll be interested in all of the packets, so you will likely need an appliance like WildPackets’ TimeLine network recorder, which captures at rates up to 12Gbps with zero packet loss. Timeline network recorder allows you to store all your data for forensic analysis while continuously capturing network traffic. And if you’re already migrating your backbone to 40G, you can simply add an aggregation tap and a few more TimeLine appliances for a complete 40G solution.

Adding Visibility to Virtual “Blind Spots”
Traditionally, north-south traffic was the most important in network monitoring. However, with the explosive growth virtualization, east-west traffic is becoming more and more important in enterprise networks, and poses a new challenge in network and application performance monitoring. East-west traffic is typically traffic moving within a virtual host or a distributed virtual system. Since much of this traffic resides solely within the virtual environment, and therefore never hits a physical network interface, traditional network monitoring and analysis that is done by tapping into the physical network does not capture this east-west traffic. For example, let’s say the order entry system and the inventory database reside on separate VMs within the same host or distributed system. Communications between the order entry application and the database are east-west traffic. Application performance issues between these systems are “hidden” within the VM. To add visibility, you can either install WildPackets OmniVirtual on one of the VMs to gain visibility into the entire host, or, in the case of larger, distributed virtual systems, the use of a virtual tap is recommended. Virtual taps are sold by many tap vendors, and they provide a physical link that traditional network monitoring appliances can access to expose east-west traffic within the virtual system.

For more information about how WildPackets can help scale your networks, check out our ondemand webcast.