Tip

VXLAN monitoring: How to gain virtual network overlay visibility

With VMware pushing Software Defined Datacenter, and with a host of network vendors developing technology around

    Requires Free Membership to View

VXLAN network overlays, it's likely the network virtualization standard will work its way out of the test labs and into production environments. Now network managers must find a way to monitor and troubleshoot VXLANs, but VXLAN monitoring and visibility tools don't really exist yet. So in the meantime, network pros will have to adapt existing strategies for VXLAN environments.

Virtual Extensible LAN (VXLAN), which was introduced last year by Cisco and VMware at VMworld (along with support from Arista, Brocade and Broadcom), is a Layer 3 encapsulation protocol that overcomes the limitations of virtual LANs (VLANS) in virtual environments and in multi-tenant networks. With VXLAN, engineers can spin up thousands more virtual networks that can stretch longer distances across data centers.

This year, VXLAN  gained the spotlight at VMWorld, with vendors launching a slew of third-party services such as load balancing and traffic QoS for virtual networks, but very little of this technology addressed the need for VXLAN monitoring and visibility.

The VXLAN visibility challenge

VXLAN introduces the same visibility challenges as most encapsulation methods. Essentially, end-to-end traffic is hidden inside the tunnel, so you must be able to strip away the encapsulation for sustained monitoring and troubleshooting. This is crucial for viewing traffic traversing the backbone, or between data centers where VXLAN will most likely show up.

VXLAN monitoring tools: What's available?

Most network management vendors have yet to implement specific support for VXLAN, but there are a few options out there that can help today:

Flow analysis. Riverbed's Cascade team announced it would support the IPFIX records produced by VMware's vSphere Distributed Virtual Switch (VDS), which provide intra-VXLAN flow details. This is the first flow-analysis vendor to step up to support VXLAN. Others may follow but will lag in availability. Also, we have yet to see other infrastructure vendors add support for the new IPFIX templates that will be important for checking VXLAN traffic outside of the virtual distributed switch. Additionally, in theory, sFlow supports VXLAN today, though vendors will need to build or extend an sFlow analysis tool to reveal the details therein.

Wireshark and deep troubleshooting. Wireshark already had VXLAN decodes in place, which were added in November 2011 and have been part of the mainline code since version 1.8.0.  Other packet analysis tools can still be used but may not have a formalized decode yet. Check with your favorite vendor to find out for sure.

More on VXLAN and virtual network management

VXLAN primer: Extended VLANs and long-distance VM migration

Integrate physical and virtual network services with VXLAN gateways

Cisco Nexus 1000v: A different tack on VXLAN

In wake of tepid adoption, Cisco sweetens Nexus 1000v deal

Packet-based monitoring. Looks like we are all out of luck here until the packet-inspection monitoring vendors add this.  The good news is that it won't be difficult for them, because they already support looking inside other tunnelling protocols such as Generic Routing Encapsulation (GRE) and GPRS Tunneling Protocol (GTP); this is just an adaption. Make sure you make a point of asking your tools vendor for this feature -- they commonly prioritize enhancements based on customer requests.

Network monitoring switches. Some of these monitoring access devices can strip VLAN headers so that monitoring can proceed based on actual packet contents. Being able to strip both VXLAN and VLAN headers would be especially useful for preconditioning traffic for analysis. None of the network monitoring switch providers has added VXLAN stripping yet, though several have told me that this is on their roadmaps.

NCCM needed for VXLAN environments

Network managers will also need Network Change and Configuration Management (NCCM) to manage multivendor configuration of VXLANs. Today, this can only be defined or configured on an element-by-element basis outside of vSphere. While many NCCM vendors have stated plans to support VXLAN in the future, none currently offers much more than backup and restore services for device configurations that have already been set up using element management tools.

If VMware's bets pay off and VXLAN becomes commonplace, you can bet that more support will be forthcoming among network management vendors. In the meantime, make the best of what you have and keep pressing your vendors to add VXLAN support if they don't offer it today.

This was first published in October 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

Are you seeking VXLAN monitoring tools?

Jim Frey, Contributor
What's your opinion?
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.