Executive Viewpoint 2013 Prediction: Ixia Network Visibility Solutions

Kate Brew (Profile)
Monday, January 21st 2013

In 2013 we will see more organizations realize the importance of network visibility in virtualized environments.

Virtualization is unquestionably one of the biggest trends in computing in the last decade, and it will only become more commonplace in 2013. However, the fact that many VMs could be handling traffic on a single server has a powerful downside – traffic visibility. The very “many in” notions that VMs are built upon become problematic when trying to trace a packet, or to analyze packet flow in order to understand how a network is performing at any given time.

In many deployments, the lack of visibility into virtual data center security and performance may not become apparent until it’s too late – for example, when a major performance problem occurs with a mission-critical, revenue-driving application.

While virtualization has numerous operational efficiency benefits, the blind spots it creates in networks will become increasingly problematic and spur more organizations to revamp their network architectures. By taking the right steps, administrators can both achieve the business benefits of virtualization and meet the demand for packet-level visibility.

The Growing Problem

In the near future, nearly all networks will move toward the model of incorporating both virtual and physical elements, with physical packets going virtual and virtual packets going physical. In virtualized environments, however, the traffic passes from the virtual adapter to the virtual switch and back out again, without providing a place to be captured and analyzed.

This will become increasingly problematic as more of the network goes virtual. Suddenly, for example, security teams will realize they can no longer see the traffic they need to investigate a security incident because it now involves VM-to-VM traffic within the same physical host.  In a sense, a virtualized model should be monitored more closely than physical infrastructure, since the design premise is to run the underlying hardware as close to capacity as possible.

Evolving Solutions

The new year will see more companies recognizing this problem and taking the needed steps to gain visibility into inter- and intra-host VM traffic. While the market has seen the introduction of virtual network taps and the like, these are unlikely to catch on as more virtualization players follow VMware’s lead in providing the ability to mirror encrypted virtual traffic to the physical world and decrypt it, with the traffic from this switch appearing exactly as if it came from a physical switch. This makes it viable to use existing, mature monitoring technologies that can see both the physical and virtual infrastructure.   There are evolving virtual-only monitoring tools, but many companies have invested heavily in physical monitoring tools, and certain physical appliances such as IDS are thought to perform better than completely virtualized technologies.

In addition, gaining access to packet-level data is only half the battle. For end-to-end visibility into both the physical and virtual infrastructure, the traffic must be filtered, de-duplicated, trimmed of sensitive payload data, analyzed and broadcasted using a network monitoring switch – so a company’s full suite of performance security monitoring tools gets exactly the packet flow they need to do their job, at the right time.