SDN management battle: TAPs vs. network packet brokers

30.03.2015
Network management is a sticky issue when it comes to implementing software-defined networks and network virtualization.

Lack of visibility into the underlying infrastructure has been cited by vendors and consultants as an inhibitor of SDN adoption. Traditional tools were designed for legacy networks, not the software overlay abstraction that SDN critics say shields operators from network behavior and anomalies.

But with the release of more SDN controllers and applications comes the emergence of tools to manage the virtualized network. Two of the more popular SDN management tools are TAP monitoring applications and network packet brokers (NPB), which negotiate network traffic from multiple SPAN ports and manipulate it to allow more efficient use of monitoring devices like TAPs.

+ MORE ON NETWORK WORLD:Best open source monitoring tools | Saisei brings visibility and control to software-defined networks +

There's a debate underway, however, on which tools are best for SDN management: TAPs or NPBs. TAP proponents say NPBs are more costly and overly complicated for the task, while NPB backers say TAPs are too functionally limited and incomplete for SDN management.

Analysts say the approaches complement each other now but that won't last.

Vendors of the different approaches "clearly are [looking at] preventing each other from eating into any more of their market," says Shamus McGillicuddy, senior analyst for network management at Enterprise Management Associates.

SDN pioneer Big Switch Networks makes a monitoring and management application called Big Tap which is attaining more NPB functionality with each subsequent release. In literature describing the capabilities of Big Tap 4.0, which is currently shipping, Big Switch suggests that customers cap their investments in NPBs and essentially move them out of the way in favor of a TAP fabric:

"Traditional approach based on proprietary Network Packet Brokers (NPBs) has proven to be expensive and operationally complex, and hence most organizations have been reluctant to deploy NPBs for data center wide monitoring. With Big Tap's scale-out architecture, simplified operations and bare metal economics (at least 60% CapEx saving over NPBs), it is rapidly becoming an attractive alternative to NPBs.

"Big Tap 4.0 has significantly narrowed the gap with Network Packet Brokers, while providing superior scale, operational simplicity and CapEx economics. Customers are capping their NPB purchases and investing in Big Tap's modern hyperscale-style' SDN architecture for Tap Every Rack' and now Tap Every Location' use cases. So what should customers do with their existing Network Packet Brokers Big Tap enables re-purposing of these expensive NPBs as service nodes, attached to the Big Tap Monitoring Fabric, for niche services (such as de-duplication and packet manipulations) occasionally required for limited amount of network traffic."

Big Switch says Big Tap 4.5, which will be released within the next 12 months, will include 90% of the functionality of an NPB.

"We want to look at this in a new way," says Prashant Gandhi, vice president of product management and strategy at Big Switch. "We will copy traffic to monitoring tools using SDN software and off-the-shelf switches. With the same budget you can monitor 3x, 4x the traffic."

Customers should "move NPBs to the sideline" as a service node where 20% of the network's traffic will be routed for service chaining before it goes to a monitoring tool, Gandhi says.

"Those few features where you need NPBs you can always attach it to the side," he says.

Python scripts can also be created to program copies of flows to other devices network-wide vs. configuring each NPB through a command line interface, Gandhi says. Such manual configuration "adds another level of complexity to making the environment provisionable," he says.

If Big Tap 4.5 emerges in six months, it'll be six months behind in functionality compared to NPBs, says Andrew Harding, vice president of products at NPB maker VSS Monitoring.

"Tomorrow they'll claim what a broker did yesterday," Harding says. "[Big Switch] is an SDN start-up trying to do something new because they couldn't do the first thing they tried. If you need a packet broker, look to a packet broker vendor."

VSS says that an open source application for managing SDNs like Big Tap or the Open Network Foundation's OpenFlow-based SampleTap -- is OK for simple use cases, such as experimentation in educational and lab deployments. In this role, it can serve as a starting point for software and network engineers learning about networking and SDNs, or as a cost-effective low- to mid-performance SDN monitoring system.

But SDN applications alone fail to provide the visibility and security required for large scale networks, VSS claims.

"Today, an SDN system can't do what a packet broker can do," Harding says. "They can't provide you with physical taps, or tap into an SDN other than their own. Use OpenFlow for the lab but a network packet broker for your production network."

Nonetheless, VSS Monitoring has partnered with IBM to offer an OpenFlow-based monitoring fabric for SDNs employing IBM's 5000V virtual switch. Harding says VSS Monitoring NPBs can also instrument virtual switches from Cisco and VMware through a combination of the IBM virtual distributed switch and VSS Monitoring's Optimizer 2400 hardware.

Both Cisco and VMware virtual switches provide access to their virtual mirror or SPAN ports. The IBM vSwitch in the host server directs traffic from the virtual SPAN port to the physical monitoring infrastructure, thereby providing both physical and virtual network visibility in an out-of-band unified visibility plane, Harding says.

NPBs can be also be meshed and load balanced into a networkwide fabric. This is in contrast to a "stack of a bunch of commodity switches, each with a power supply that can fail" serving as an SDN TAP, Harding says.

But NPBs also rely on TAPs as a data source, Harding says. In that respect, they'll remain complementary despite each device attempting to leapfrog the other in functionality.

"One of the biggest value propositions of [TAP] is the affordability of deploying a broad fabric at low cost on bare metal switches," says EMA's McGillicuddy. "That's something you're starting to see the network packet broker vendors co-opt. Network packet brokers are basically turning OpenFlow switches into TAPs. So TAPs rely on network packet brokers for advanced features; network packet brokers rely on TAPs for bare metal."

(www.networkworld.com)

Jim Duffy