Net admins: the white box world HASN'T forgotten you

Big Switch upgrades monitoring, turns on bigger Big Tap


Pervasive security and deeper monitoring: that's what Big Switch Networks is pitching as the centrepiece of the next iteration of its Big Tap Monitoring Fabric, version 4.5.

This system is designed to fit in the network packet broker (NPB) space – the out-of-band sniffer network that raises alerts admins if something's going wrong.

Big Switch is hoping that network admins who have already put white box switches (such as those from partner Dell) in their data centre will like the idea of using Big Tap as a white-box replacement for proprietary NBPs.

CMO Gregg Holzrichter told The Register's networking desk that to compete with incumbents like Gigamon (a leader in the network packet broker – NPB – space), the company had to develop Big Tap towards feature parity.

With the exception of “a couple of specialised features like time stamping and packet slicing”, the company reckons it's achieved that, while keeping the white-box pricing advantage in place.

Where the features of a Gigamon or VSS are required, he said, smaller deployments can be maintained: “for the small percentage of the traffic that needs those features, you can flow the traffic through them.”

Because its NPB is lower-cost, Holzrichter reckons with the top-of-rack kit already in place, “you can tap every rack” using Big Tap. “That gets us in the door in a brownfields environment,” he added.

The company has also worked on making Big Tap useful in the demilitarized zone (DMZ), home of kit like firewalls, web load balancers, DPI and the like, by letting those systems get out of the way except when they're needed.

Veep Prashant Gandhi, who's in charge of the company's SDN suite, explained that kit in the DMZ usually intercepts all the traffic passing through.

That means the systems have to be scaled to cope with all the traffic, rather than only traffic of interest to them.

Putting a Big Tap controller in line, Gandhi said, means “we can intelligently route traffic to these different tools, because not every tool needs to see all of the traffic.”

Features of Big Tap 4.5 include:

  • Either out-of-band (data centre monitoring) or in-line (DMZ) deployment modes;
  • Service chaining in in-line mode – this allows multiple tools to be processed in a service chain, under user policy control;
  • sFlow generation;
  • DNS and DHCP tracking, for better security visibility;
  • MPLS header stripping provides service provider WAN monitoring; and
  • Granular control of load balancing between tools in the DMZ.

Explaining the use-case for service chaining, Gandhi said the Big Tap in the DMZ can decide which target systems should receive traffic: “all traffic goes to the firewall, but only suspect traffic gets passed to the intrusion prevention system, and only Web traffic goes to the Web proxy”.

With Big Tap handling these functions as an SDN service chaining function, something like the Web proxy can be scaled for the traffic it's expected to handle, rather than receiving all traffic, and processing it to decide what it handles.

This capability is undergoing interoperability testing with a number of partners, including A10 and BlueCoat. ®

Sponsored: Becoming a Pragmatic Security Leader

Biting the hand that feeds IT © 1998–2019