Sean  Flack,    Arista  Networks  

Peter  Draper,  ExtraHop  Networks  

ARISTA  NETWORK  SOLUTIONS:    COST-­‐EFFECTIVE  NETWORK  DATA  ANALYSIS  

ExtraHop  Integra.on  with  Arista  DANZ  for  Real-­‐Time  Opera.onal  Intelligence    Absolute  visibility  and  insight  all  the  2me  in  real  2me  

10/40/100GbE  Networks  for  the  Virtualized  Cloud  &  Data  Center    

«  Established  in  2004  in  Santa  Clara,  CA  «  >  1  Million+  10GbE  Ports  Shipped  «  >  2000  Customers  Worldwide  «  >  600    Employees    Profitable,  self-­‐funded,  pre-­‐IPO  network  infrastructure  leader    EOS  Network  OperaXng  System  for  the  soZware  defined  data  center  

ABOUT  ARISTA  NETWORKS  

2  

ARISTA  NETWORKS  PORTFOLIO  

Extensible  OperaXng  Syste

m  

7048  T    

48-­‐port  Data  Center  Class  Gigabit  Ethernet  

 Full  Arista  EOS  

7500E    

Lossless,  Modular,  High  Density  Cloud,  Switching  

Systems    

1152x  10G,  288x  40G,    96x  100G,  SDN+NPB  

 Fully  Programmable  

Data  Plane  +  Control  Plane  

7050  S/Q      

16  Port  40G  or  64/52  Port  10G  SDN  Enabled  

Dense  VirtualizaXon    (10G  /  40G  Uplinks)  

 Programmable  Control  Plane  

7150  Series    

Ultra  Low  Latency  Next  GeneraXon  

 24,  52,  &  64-­‐ports  10G-­‐40G,  SDN+NPB  

 Fully  Programmable  

Data  Plane  +  Control  Plane  

7050  T    

Dense  36-­‐64  Port  SDN  Enabled  10GBASE-­‐T  

(10/40G  Uplinks)    

Programmable  Control  Plane  

 

3  

« Headquartered  in  Seable,  founded  in  2007  « DisrupXve  soluXon  for  IT  Ops  Management  

« Technology  leadership  in  real-­‐Xme,  applicaXon-­‐fluent  analysis  of  network  traffic  

EXTRAHOP  NETWORKS  

“The  ExtraHop  team's  F5  BIG-­‐IP  engineering  heritage  has  allowed  them  to  build  a  highly  scalable  monitoring  and  real-­‐Xme  analyXc  plajorm  for  deep  protocol  understanding  and  decoding.”              

-­‐  APM  Innovators:  Driving  APM  Technology  and  Delivery  EvoluTon  

Industry  Recogni.on  Select  Customers  

Technology  Partners  

4  

EXTRAHOP  CURRENT  PLATFORMS  

EH3000  •   1U  appliance    •   1-­‐3Gbps  • 300-­‐1000  devices  

EH6000    •   2U  appliance  •   3-­‐10Gbps  • 1000-­‐3000  devices    

EH1000v    •   Virtual  appliance  • 1Gbps  • 50-­‐250  devices  

EH2000v  •   Virtual  appliance    •   3Gbps  • 300-­‐1000  devices  

Discovery  Edi.on  •   Virtual  appliance    •   1Gbps  •   Simplified  UI  

Discovery  Edi.on  Virtual  Appliances  run  on    VMware  or  MicrosoS  

Physical  appliances  required  for:    •  SSL  Decryp.on    •  Precision  Packet  Capture  

Flexible  Pricing  Op.ons:  •  Perpetual  •  Subscrip.on  •  Hybrid  

EH8000    •   2U  appliance  •   20Gbps  L2-­‐L7  analysis  •   3000+  devices  

5  

A  BRAVE  NEW  WORLD  OF  IT  SERVICE  DELIVERY?  •  Data  center  consolidaXon,  automaXon  and  cloud  acceleraXng  •  VirtualizaXon  and  volume    =    huge  scale    and    big  data  volumes  •  Fast  10G,  40G  and  100G  networking  has  now  become  economical  •  Non-­‐intrusive  monitoring  infrastructures  have  become  essenXal  

 …new  approaches  to  be[er  visibility,    

but  at  what  cost?  

Visibility  Fabrics    

Network  Packet  Brokers  

Centralized  Monitoring  

$$$$$$$$$$$  

6  

NPB  MONITORING  FABRICS  CAN  MULTIPLY  COST  

•  Network  Monitoring  “Data  Access  Layer”  

•  Doubles  infrastructure  costs  •  Increases  complexity  

•  Proprietary  short  lived  technologies  

•  Doesn’t  scale  as  speeds  increase  

TradiXonally,  customers  could  only  use  simple  port  mirroring  (SPAN),  passive  TAPs  and  expensive  monitoring  switches  

Monitoring  fabrics  are  very  $$$,    increase  to  management  sprawl  and    

Are  Not  SDN  friendly  

TAP  

7  

OUT  WITH  THE  OLD….  

•  First  generaXon  network  visibility  was  unable  to  scale-­‐out  &  up  •  Modern  proprietary  NPBs  are  proving  to  be  too  expensive  •  Analysis  Tools  can  not  scale  to  10G  much  less  40G  and  100G    

….enter  a  new  generaXon  of  network  visibility,  soZware  simplicity  

Historical  &    Audit  DB’s  

OpTonal    TAPs  

SoSware  Defined  Switches    as  Full  Capability  

Network  Packet  Brokers  

Timestamped  

LANZ  /  AEM  Detec.on  &  Automa.on  

LANZ  

Precision  Visibility  

Mirrored  Port  

Mirrored  Port  

Mirrored  Port  

AEM  

ü Less  Complexity  ü Less  Cost  ü Beber  Visibility  

OpTonal    TAPs  

Filtered  

Reduced  

Mirrored  Port  

TOGETHER  

8  

Aggregator(s)  *  

THE  THREE  COMPONENTS  OF  DATA  ANALYSIS  

Opera.ons  Intelligence  Analyzers  &    Capture  Tools  

Data  Access  Network  Packet  Brokers/  

TAP  AggregaXon  or  Matrix  Switch  

Traffic  Sources  Passive  

Network  Taps  or  SPAN  (mirror)  ports  

*  A.k.a.:  Matrix  Switch,  Network  Packet  Broker,  Data  Access  Switch,  Traffic  Visibility  Network  

9  

Aggregator    

THE  THREE  COMPONENTS  OF  DATA  ANALYSIS  

 

 

Opera.ons  Intelligence  Homegrown  to  ….  Advanced  

analyXc  tools  

Traffic  Sources  TAPs:  <$500  each  

Taps  and  SPAN/Mirror  ports  provide  copies  of  network  

traffic  

Aggregators  combine,  filter,  replicate  and  distribute  

traffic  to  tools  Data  Access  

Network  Packet  Brokers/  TAP  AggregaXon  

or  Matrix  Switch  

Tools  capture,  analyzer,  visualize  and  report  on  captured  data  down  to  

applicaXon  and  flow  level  

10  

Precision  Data  Analysis  Network  

Advanced  MulX-­‐desXnaXon  Mirroring  Ø  Enables  packet  delivery  and  aggregaXon  for  tools  Ø  Integrated  with  10ns  hardware  Xme  stamping  Ø  No  impact  on  forwarding  performance  

Flexible  TAP  AggregaXon  Ø  Aggregates  mirror/SPAN  and  TAP  ports  across  the  infrastructure  

including  all  LEGACY  equipment  Ø  Enables  advanced  filtering  and  traffic  management  above  Ø  Load-­‐balancing  and  load-­‐sharing  (fan-­‐in  /  fan-­‐out)   LANZ  

Ø  Real  Xme  microburst  &  congesXon  monitoring  in  network  Ø  Advanced  capture  of  internal  condiXons  by  traffic  class  Ø  Precisely  idenXfies  cause  of  packet  loss  and  overload  Ø  Live  data  streaming  to  external  receivers  or  SSD  

Packet  Filtering  &  ManipulaXon  Ø  Advanced  L2-­‐4  filtering  and  packet  manipulaXon  Ø  IdenXficaXon  of  applicaXon  sub-­‐class  by  packet  offset  Ø  TruncaXon  or  packet  slicing,  NAT,  etc.  at  wire  speed  

Hardware  Precision  Time-­‐stamping  Ø  Marks  all  mirrored  packets  and  LANZ  monitoring  data  with  

nanosecond  precision  Xme-­‐stamps  Ø  Coordinates  with  third-­‐party  applicaXons  and  devices  

PTP  1588  Timing  Services  Ø  Enables  nanosecond  scale  measurement  in  EOS  Ø  Integrated  10ns  Xme  synchronizaXon  &  alignment  Ø  Internal  or  external  clock  stabilizaXon  

AEM  Advanced  Event  Management  Ø  Detects  events  and  state-­‐changes  in  network  Ø  Provides  the  ability  for  visibility  to  follow  v-­‐moXon  Ø  Fully  customizable  and  programmable  

ARISTA  DANZ  INTEGRATES  NETWORK-­‐WIDE  VISIBILITY  

11  

sFLOW  &  LANZ   EOS  Programmability    Traffic  Steering    Packet  Filtering  

ApplicaXons  are  experiencing  issues  in  

data  center  

ü  Cost  Effec.ve  ü  Single  solu.on  with  familiar  CLI  ü  Full  visibility  &  correla.on  ü  Programmability  +  API  ü  SDN  Orchestra.on  ü  Precise  Timing  for  correla.on  

Preserves  CAPEX  for  tool  investments!      

NPBS  &  DATA  ANALYSIS:    USING  ARISTA  DANZ  

12  

ARISTA  AT  THE  DATA  ACCESS  LAYER        

•  Programmable  Data  Center  Switches  with  SoZware  Cloud  Defined  Networking  •  90%  of  NPB  features  with  Cloud  Scale  and  Cloud  Economy  

ü  Data  AggregaXon  with  Traffic  Steering  and  precision  load-­‐balancing  ü  Packet  ManipulaXon  (packet  slicing,  data  reducXon,  header-­‐processing,  etc.)  ü  Precision  Time  Stamping  with  ultra-­‐precise  resoluXon  

•  Support  for  10,  40  and  100  GbE  with  up  to  1152  ports  per  switch  

•  $400    per  10GbE  port    vs.    $4,000    per  10GbE  port      

13  

Risk  Engines  

Dashboard  Displays  

Historical  &    Audit  DB’s  

Exchange  Gateways  

SPAN  Port  

TAP  

ExtraHop  Wire  Data  Analysis  Data  Access  Plalorm    

 Consolidates  and  filters  mulXple  TAP  &  mirrored  ports    into  fewer  connecXons  to  the  applicaXon  

 

VLAN  Traffic  (up  to  

20Gbps  real-­‐

Xme  analysis)  

ü  Total  cross-­‐Xer  visibility  and  insight  ü  Visibility  and  performance  correlaXon  

for  all  applicaXons,  infrastructure,  network,  databases,  storage,  and  user  transacXons  

ü  Full  transacXonal  payload  analysis  ü  No  agents  ü  Scales  to  20  Gbps  per  appliance  ü  Rapid  deployment  ü  Auto-­‐discovery  and  classificaXon  of  all  

applicaXons,  devices,  and  systems  

ARISTA  &  EXTRAHOP:    COMBINED  SOLUTION  DATA  AGGREGATION  FOR  REAL-­‐TIME  OPERATIONAL  INTELLIGENCE  

Real-­‐Xme  IT  operaXonal  intelligence  

“A  tenth  of  the  cost  of  alternaXves  with  5  Xmes  the  funcXonality”  

TAP  

14  

   

TAPPING  NEW  SOURCES  OF  VISIBILITY  

 Driven  by  Big  Data  

Technology    

Wire  Data  

15  

ACCESSING  WIRE  DATA  

•  All  communica.on  on  the  network  from  packets  to  transacXonal  payload  

•  Real-­‐.me  wire  protocol    decoding  

•  Defini.ve  source  of  truth  

•  Data  you  already  have  

16  

Application Operations Business

APM

DB Profilers

Server logs

NPM

EUM

BTM

EXTRAHOP’S  VISION  FOR  IT  OPERATIONS  

•  Developers •  Testers •  Application architects

•  Application owners •  Business stakeholders

•  Network engineers •  System admins •  Storage admins •  Virtualization admins •  DBAs

Remediate problems proactively

Streamline IT processes

Monitor end-user activity

Make informed IT decisions

Track security compliance

Optimize performance

Make IT infrastructure efficient

Answer business questions

Operational Intelligence Platform (Cross-tier visibility and insight)

17  

WIRE  DATA  IS  THE  SOURCE  OF  REAL-­‐TIME  CROSS-­‐TIER  INTELLIGENCE  

Web Tier

App Tier Java/.NET,, Enterprise Apps, custom

apps, middleware

Database Tier Oracle, SQL Server, DB2, Informix,

MySQL, Postgres, Sybase

Storage Tier SAN, NAS

Shared Services Authentication, DNS, FTP

Network Tier Firewalls, load balancers, WAN accelerators, switches, routers

Clients Fat clients, web browsers, mobile

devices, VDI clients

Web Services

Which users and client types are affected? What are users doing on the network?

How well are applications using the network? How well is the network delivering

applications?

Which servers are slow? What are the error messages?

Which web services are broken? Which applications are affected?

What is baseline performance? What is the impact of this code update in production?

Is authentication set up correctly on all systems? Is there a DNS misconfiguration?

Which queries are running slow? Which methods are used? How does this schema

change affect performance?

What are file access times? Which users are accessing sensitive files?

For ExtraHop, visibility and correlation of the whole application delivery chain is required for Ops Intel.

18  

PERSISTENT MOBILE VISIBILITY

1.  One or thousands of hypervisors are connected to Arista 7150S. 2.  DANZ advanced-mirroring on 7150 with source-port tagging is enabled. All mirrored traffic sent to ExtraHop; up to

20 Gbps of real-time analysis per appliance. Arista sets the VLAN tag to VMware port before vMotion. 3.  ExtraHop analyzes all mirrored data from Arista, reassembles into wire data for cross-tier visibility. Shows VMware

port before vMotion and the network and application workload performance in ExtraHop GUI. 4.  Move VM from one host to another. Arista changes the VLAN tag to VMware port after vMotion, persists data

stream to ExtraHop. ExtraHop automatically highlights the vMotion event by noting that the VM moved from port 1 to port 2 based on the VLAN tag. No loss of visibility from client performance to back-end storage performance.

5.  ExtraHop can show in real-time any end-user or transactional impact from vMotion event to ensure change had desired effect and if not, the impact.

VMware ESX

OpenStack or VCenter VMtracer

5Seamless and Persistent Visibility

Arista DANZ (Smart Data Aggregation)

Eth1/10 2 3

ExtraHop: Passive Cross-Tier Analytics

Scenario: Network segment (VLAN) is congested. Need to move workload and ensure no impact on end-user or application performance.

Hypervisor

Eth1/1

1

Eth1/2

419  

PERSISTENT  VISIBILITY  FOR  DYNAMIC  EVENTS:  A  VMOTION  MOVE  ACROSS  VLANS  AND  EVEN  DC’S  LEVERAGING  VXLAN  

vMoXon  event  starts  and  then  completes  

Performance  is  not  impacted  and  no  add’l  

DB  errors  occur.  

20  

JOINT  VALUE:      5X    THE  FUNCTIONALITY  AT    1/10TH    THE  COST  

•  Beber  visibility  into  growing  network  traffic,  infrastructure,  virtualizaXon  and  applicaXon  workloads  for  capacity  planning,  rapid  problem  resoluXon,  end-­‐user  experience  assurance  and  business  intelligence.  

•  DramaXc  CAPEX  savings  due  to  consolidaXon  of  producXon  and  monitoring  networks  (soZware  intelligence  replacing  hardware  investment)  

•  Significant  OPEX  savings  due  to  SDN  cloud  automaXon,  event-­‐driven  programmability  in  both  the  data  aggregaXon  (Arista)  and  wire  data  analyXcs  (ExtraHop).  

21  

NEXT  STEPS  

•  Compare  Arista  Networks  DANZ  at  the  Data  Access  Layer  to  any  alternaXve  visibility  soluXon  for  your  network  

•  Contact  :  EMEA  Sales  Team  <emea-­‐sales@aristanetworks.com>  to  discuss  your  network  requirements  

 •  Download  and  read  more  

www.aristanetworks.com/en/products/eos/danz  

For  more  informaXon  on  Arista  Networks  email  us  at:  info@aristanetworks.com  

•  Contact  Michelle  Edwards  <michelle@extrahop.com>  or        David  Green    <green@extrahop.com>  for  a  quick  demo  meeXng  or  proof  of  concept  

 •  Download  and  install  the  free  

ExtraHop  Discovery  EdiXon  Ø  InstallaXon  takes  15  minutes  or  less  Ø  Located  at:    

www.extrahop.com/discovery  

22  

THANK  YOU  

23