Problem
One of the greatest problems in running a network today is traffic visibility. Traffic visibility has a number of very effective uses: security, application performance, troubleshooting, etc., In all of these major use cases, the biggest challenge is getting the traffic to the appropriate collection and analysis tools in a timely manner. In large data centers where 10G links are aggregated to create port channels and where 40G is increasingly becoming the norm and aggregate data each day measure in the exabytes, it becomes increasing difficult to SPAN the traffic to any device that would have the full measure of compute power to process and store this data. No traditional matrix (Figure 1) can possibly capture all the data required all the time. It's too much and requires too much compute power. As a result, capturing and analyzing this data must be selective and intelligent.
The challenge is coming up with a solution that can provide the selective intelligence needed to put the data where it is needed at the right moment, whether it is for security, performance monitoring, or troubleshooting. I submit that you can do all three.
One of the greatest problems in running a network today is traffic visibility. Traffic visibility has a number of very effective uses: security, application performance, troubleshooting, etc., In all of these major use cases, the biggest challenge is getting the traffic to the appropriate collection and analysis tools in a timely manner. In large data centers where 10G links are aggregated to create port channels and where 40G is increasingly becoming the norm and aggregate data each day measure in the exabytes, it becomes increasing difficult to SPAN the traffic to any device that would have the full measure of compute power to process and store this data. No traditional matrix (Figure 1) can possibly capture all the data required all the time. It's too much and requires too much compute power. As a result, capturing and analyzing this data must be selective and intelligent.
Figure 1. Traditional Matrix Configuration
Solution
The Cisco XNC with Monitor Manager Application leverages the advances in SDN technology to do just this. In the traditional method, you need to know where the traffic is coming from and where it's going. You need to know the volume of traffic so you can right size the matrix to do the job. Based on the above, you also need to put the capture devices at the right place in the network to capture the data. With the Cisco XNC and Monitor Manager Application, you can put the taps anywhere in the network and direct it to the appropriate place in the network for analysis and collection. Cisco XNC and Monitor Manager application will intelligently monitor the traffic and when traffic rules are triggered, action can be taken to redirect a copy of the traffic to the appropriate analyzer and/or collector without affecting the production environment. This aggregation network is similar to the way many operations team build a separate management network. Figure 2 below shows a notional architecture of this concept.
Figure 2. Traffic Aggregation Network
Benefits
The benefits of such an architecture is that it allows the business to collect and analyze any data flow it wants and save money by not expending significant capital funds to effect this capability. Added application visibility for less money. What business would not want that?
Summary
I realize that this is a very high level view of the business requirements and the technical solution. However, this should give you an idea of one of the many possible uses of SDN in an operational network.
Resources
