Fabric Visibility

Full visibility into Application Flows and Packets without TAPs/Mirrors

Pluribus has full visibility into application flows and packets without TAPs/Mirrors. This is manifested in our Insight Analytics™ solution for network performance monitoring and analytics. However, this section will discuss the underlying technology, which we call Fabric Visibility, which is built upon the three concepts of Telemetry for application flow, vFlow and vPort.

Telemetry for Application Flow

Pluribus’ application flow Telemetry is the unique ability of Netvisor to inspect every individual TCP connection and client-server aggregated connection statistics in the fabric. The unique architecture of Netvisor running on a Pluribus switch hardware opens up unmatched visibility to all connections that traverse the entire data center fabric. With Netvisor Telemetry, both virtualized as well as bare-metal workloads are now fully visible, end-to-end.

Telemetry - Visibility - Analytics
Blog: Network Telemetry Just Makes Sense

This functionality is much more powerful than sFlow and is more ubiquitous than Netflow. Application flow telemetry is not a single device hardware concept. It does not depend on dedicated hardware and is a fabric-wide software process that reads data directly from the switching chip (ASIC). Since this functionality is scalable in software by design, there is virtually no limit to how many devices can report data in the fabric.

This application-flow-centric data is unique to Pluribus Netvisor and provides the capability to quickly examine specific hosts or endpoints and instantly obtain a snapshot of current or historical traffic patterns. This enables not only application performance analysis, but also deep security visibility across all devices and endpoints throughout the entire Netvisor fabric.

vFlow

vFlow is the Pluribus Networks name for the ability to filter fabric-wide data center switching traffic on a granular flow level, and apply security/QoS (Quality of Service) actions or forwarding decision on each defined flow. Using vFlow, Pluribus Netvisor provides flow-level visibility, filtering and statistics reporting. At this level, it is possible to classify traffic for prioritization using QoS, but additionally, this data can be used for reporting and accounting purposes. Data center flows can now be grouped and classified by application VLAN, source or destination IP, physical port, or numerous other Layer 1 – 4 traffic descriptors.

Troubleshooting, reporting, monitoring or analyzing specific application flows now take seconds when utilizing Pluribus Netvisor vFlows. This can be taken further and implemented into a fabric-wide filter that can be used to redirect or drop matching traffic. Regardless of traffic protocol, TCP or UDP, vFlows can be used to analyze, filter and redirect traffic. This powerful mechanism enables users control and visibility into data center network workloads like never before.

vFlow commands and use

vFlows can be used for stateless firewalling, traffic bandwidth limiting/guaranteeing and several other actions. Below, the Netvisor CLI offers the following options for actions when creating a vFlow:

vFlow Commands
vFlow Commands

vPort: for VMs, Containers and IoT

vPort is the Pluribus Networks name for the functionality of tracking endpoints/VMs/Containers/Mobile-devices on a global, fabric-wide endpoint table. vPort data is stored in software, a superset of the information stored in a traditional switch L2 (Layer 2) hardware table. vPort is more than a simple L2 table, it is a mechanism for tracking endpoint identity, mobility and location information anywhere within a Netvisor fabric from any Netvisor switch.

In addition to L2 table information, the vPort table stores:

  • switch ID and location
  • host IP address
  • host MAC address
  • VLAN
  • associated ports
  • hostname
  • host CPU details – memory, CPUs, disk and OS when provided by hypervisor management
  • migration count

vCenter or KVM APIs can be used to populate the vPort information within ONVL. Since the vPort table is shared globally across all fabric nodes, it is now possible to create a broadcast-free network fabric. Both bare-metal and virtualized workloads can be pinpointed with a single API or CLI command. This feature can be used to locate a single host or to provide a snapshot of the current state of every device communicating across the data-center networking fabric. This valuable information is available not only in real time, but it can also be provided for any prior logged point in time, with the same information available.

For example, when a VM migrates from one server to another, vports makes sure the fabric is aware of the migration:

vPorts - migration

vPort and Software-Defined Infrastructure

  • VPORT is the other end of VNIC
  • Unique combination of {mac, vxlan} or {mac, vlan}
  • Fabric wide VPORT – Independent from Physical switches/ports
  • Deals with VM migration and VM policy independent from the Central Controllers without needing ARP or MCAST
  • FABRIC Programs the local switch MAC table or tunnel rules in H/W based on destination in micro-seconds
  • Uses H/W tables as caches – can support 10M Fabric wide VPORTs to deal with VM, Containers, IOT devices