How Arista Brings Enhanced Observability to Switching Platforms

eWEEK NETWORKING ANALYSIS: Combination of Big Switch Monitoring Fabric and DANZ leads to “client to cloud” monitoring and analytics.

Arista.Big.Switch

Arista Networks on Dec. 8 announced its DANZ (Data ANalyZer) Monitoring Fabric (DMF) available on its switching fabrics. In February, Arista acquired Big Switch Networks, which brought network packet broker (NPB) capabilities.

While there are plenty of NPBs available, such as the ones available from Gigamon and NetScout, Big Switch had one distinction in that it worked as a fabric instead of a discrete element. This made it easy to scale packet broker capabilities as it required simply adding more modes to the fabric. 

Arista has a history in network visibility 

Prior to the acquisition, Arista had developed its DANZ capabilities, which could be thought of as packet broker light capabilities. This gave Arista multiple monitoring and visibility solutions. The DANZ capabilities integrated into its switches were developed in house. The second was the Big Switch packet broker, which could be used across Arista’s cloud titan and enterprise customer base in both public and private cloud environments. Big Switch also offers a Big Cloud Fabric used in private clouds and interoperated with VMware VxRail, Nutanix and other vendors. 

One of the things people liked about the Big Switch solution is that it runs on open hardware, and that’s not changing. To give Arista customers another option, the company is integrating the BMF onto the Arista switching platforms and combining it with the DMF. As part of the release, BMF will be renamed to DANZ Monitoring Fabric (DMF), which makes sense from a consistency standpoint as DANZ is part of the switching feature set. 

The historical DANZ solution will still be available as DANZ EOS giving customers a choice of either. Also, Big Cloud Fabric will be renamed to Converged Cloud Fabric (CCF) making it more indicative of the market it serves. 

As mentioned, the new DMF solution is based on the Arista switching platforms with a number of options nodes, which include: 

  • Service Node software for packet processing, optimization and flow generation;
  • Analytics Node software for deep context-aware traffic analysis and machine learning; and
  • Recorder Node software for full packet capture, query and replay with built-in application identification

Arista shifts from visibility to observability 

The integration of Big Switch and Arista enables it to evolve the fabric from basic visibility to a network observability product, where IT pros can use the data to solve critical problems that cause business interrupting issues. Monitoring is important but incomplete. Observability takes the data from monitoring and creates the ability to understand why networks are slow, what the source of anomalies are and if a user is compliant or not. 

Legacy packet brokers do not scale at cloud speed 

Legacy packet brokers can’t do this because they capture primarily north-south traffic, making the data incomplete. It’s possible to try and scale out legacy packet brokers for east-west traffic, but the design is so overly complex that it’s cost-prohibitive and frankly still inaccurate. Because Arista’s DMF is a fabric, it’s optimized for both north-south and eastwest traffic flows, making it ideal for pervasive observability. Arista designed the architecture using cloud-networking principals using a scale-out, leaf-spine clustering architecture with programmable APIs. The DMF management console provides zero-touch workflows to streamline and simplify deployment. 

Also, because the DMF is designed for cloud scale, it's multi-tenant, so it can be used by NetOps, SecOps and DevOps simultaneously, without each group interfering with each other’s domain. Ideally, IT organizations would have brought these teams together, but that’s not always the case, because change is hard. The DMF’s observability characteristics is ideally suited for businesses where the teams are integrated, but if not, at least they are working with a single source of truth for the data. 

Network Time Machine shows unique insights 

One of the more interesting capabilities of the solution is the Network Time Machine, which provides recording, rewinding and replaying capabilities. The DMF Recorder Node provides traffic replay capabilities with a single click. This data can be used to quickly find the source of a problem or to detect a threat. 

Most legacy solutions have no ability to look back in time, making it very difficult to find the root cause of problems or breaches. This is why 90% of the time taken to solve a problem is in the identification phase. Often, when a problem occurs, the network team is notified after the issue has gone away causing the engineers to be constantly chasing the problem. Network time machine takes care of that issue through the DMF Analytic Node’s advanced machine learning capabilities. It auto-baselines the network and then can spot even the smallest of anomalies. 

Arista’s DMF supports its flagship 7280R3 platform with deep buffering and 25 and 100 Gig interfaces, ensuring that reliability observability works, even in the most mission-critical environments. The DMF is able to send all security tools relevant network traffic to detect and find threats. The solution also integrates with Arista’s Awake Security’s network and detection response capabilities for zero-trust capabilities. 

The Arista DMF software is available as a subscription license on the following products: 

  • DMF for 7050X3 (25 and 100 Gig) is shipping now; 
  • DMF Service Node (40, 160 and 320 Gig) with scale out clustering support is shipping now; 
  • Network Time Machine with DMF Analytics Node and DMF Recorder Node is shipping now; 
  • DMF software for 7280R3 (10, 25 and 100G) shipping in first quarter 2021; and 
  • DMF support for open networking is shipping now. 

Packet brokers have existed for years, but legacy solutions haven’t evolved at all in the cloud era. Their rigid nature makes them difficult to scale out quickly and even more challenging to perform rapid data analytics across the different silos.

Arista’s DMF brings network observability to the end-to-end network, making it easier to solve problems and find the source of breaches. As we move into a world that is hyperconnected, this capability will be critical in ensuring the network performance and reliability is there to keep the business running. 

Zeus Kerravala is an eWEEK regular contributor and the founder and principal analyst with ZK Research. He spent 10 years at Yankee Group and prior to that held a number of corporate IT positions.