Technical Insights > Network Visibility + Security

Network Virtualization – Are 3rd party Network Visibility Solutions still relevant?

2020-08-11  |  6 min read 

You may or may not be familiar with network virtualization, so let me give a very high-level definition of what it is. 

Virtualization started with server virtualization, it allows to run multiple virtual machines (VMs) on the same physical server, each VM being independent from the others. The concept was later expanded to network resources, allowing to reproduce a complete network topology in software. This “software layer” became the foundation of the software-defined data center (SDDC), it brings flexibility unachievable with hardware solutions. With network virtualization, the network administrator can quickly change a network topology by provisioning virtual network components to fit user requirements, this can also be automated for dynamic provisioning. Such flexibility and agility are key to tackle the challenges of cloud environments.

So, with such “smart” networks, are 3rd party Network Visibility Solutions still relevant?

I believe they are, traditional visibility solutions that monitor north south traffic between physical appliances may not be as relevant in a virtual environment where 70+% of the traffic goes east west and does not transits on a physical link. Nonetheless, being able to analyze network packets between VMs or containers is still key for advanced troubleshooting, and this requires visibility solutions specifically designed for virtual environments.

Network virtualization, or Software Defined Networking (SDN) solutions are commercially available, Cisco ACI, Juniper Contrail, Nokia Nuage, VMware NSX, Nutanix to name a few. Some offer network visibility features, but may require specific integration, development, or a complete overhaul of the customer visibility architecture. While that may be acceptable “for green field” fully virtualized deployments, this can be a challenge for customers who want to leverage existing monitoring tool investments, and simply expand their time proven visibility solution to their virtual environment. Another important point is trust, can you trust the entity which is managing your infrastructure to tell you that everything is running fine and secure? I heard that concern several times, getting an external view may not be a bad idea.

It is where CloudLens, Keysight visibility solution for virtualized environment becomes the link between the SDN and the global visibility solution.

VMware already occupies a significant market share in enterprise SDDC, and VMware NSX, is a natural choice as their SDN. That’s why Keysight partnered with VMware to expand its CloudLens network visibility solution to offer the integration with NSX, first with NSX for vSphere (NSX-V) and the latest edition for NSX Data Center, previously known as NSX-T. If you need complete, packet-level visibility, CloudLens virtual taps (vTap) will bring additional packet filtering capabilities, metadata (NetFlow) generation and integration with Keysight global network visibility solution for additional packet processing, deep packet inspection, application identification and filtering, threat detection…Allowing customers ensure that their SDDC is fully covered by their visibility solution.

How it works

VMware NSX Data Center is a full virtualized networking and security solution which offers network introspection capabilities. And CloudLens includes a specific integration of its virtual tap (vTap) with this network introspection functionality; to capture and filter network packets and even generate metadata, for individual service chains. This provides additional flexibility when network resource optimization is important.

CloudLens leverages NSX service chain mechanism to insert the CloudLens as a network introspection service, the service then integrates with NSX Security Groups and Policies to become part of the NSX architecture. To simplify the administrator’s tasks, the deployment lifecycle is managed from the NSX Manager. The network administrator can choose between deploying CloudLens virtual taps service virtual machine (SVM), per host or per cluster of hosts.

The NetX API and “Copy Packet” features mirror the East/West traffic of select VMs to CloudLens vTap (traffic capture is based on NSX Security Groups and Policies). CloudLens vTap can then process the received mirrored traffic, apply additional filtering

The representation below gives an overview of how the CloudLens solution provides network visibility of east-west traffic in a VMware NSX Data Center environment.

CloudLens for NSX Data Center

Highlights

CloudLens, Keysight visibility solution for virtualized environments:

  • Extends network visibility into VMware virtual networks NSX for vSphere and NSX Data Center by automating network packet copy functionalities
  • Offers additional filtering and packet processing capabilities
  • Metadata (NetFlow v9 & 10) generation
  • Integration with Keysight network visibility solutions to provide application identification and filtering, threat detection, data masking…

CloudLens also provides network visibility for VMs and containers in multiple virtual environments, VMware, Kubernetes, Microsoft Hyper-V, Nutanix, OpenStack KVM. For more information please see the CloudLens page on the Keysight website, for more info about the integration with Nutanix AHV, see this blog post.