Does Arista Networks' Data Analyzer functionality signal the end of specialized network tap and SPAN port aggregation...
switches from vendors like Gigamon, Anue Systems and VSS Monitoring?
A network tap aggregation switch, also known as a network packet broker or a network monitoring switch, serves as the core of traffic monitoring networks that run in parallel to production networks. They aggregate packet flows from SPAN ports and network taps, filter those flows and feed them to performance and security monitoring tools.
Network monitoring switches are generally expensive, which has limited the market to larger companies that have strict requirements for network performance and security. The products are particularly popular with the financial services industry, for example. The majority of network managers plug their network taps and SPAN ports directly into their network and security monitoring tools, which limits each tool's visibility and also forces those tools to compete for access to SPAN ports and network taps.
In an attempt to change the market, Arista has added a new Data Analyzer (DANZ) software capability to its EOS firmware, available first in its 7150 series and with other models to follow. The move enables its switches to do double duty as network probes and enables customers to convert one or more Arista switches into tap aggregation appliances. DANZ offers packet filtering, precision time-stamping at wire rate and multi-destination port mirroring.
"Precision data analytics deployed in your network with EOS foreshadows the end of bolt-on, proprietary fabrics and makes it a baseline capability that people should expect from any data center network," said Doug Gourlay, vice president of marketing for Santa Clara, Calif.-based Arista. Gourlay pointed out that the price-per-port for specialist network packet brokers ranges from $2,500 to $4,000. In contrast, a typical Arista switch costs about $350 to $400 per 10 Gigabit Ethernet (GbE) port. He said Arista is changing the economics of the tap aggregation market.
Economics, however, isn't the driving force behind the network tap and SPAN port aggregation appliances, according to Jim Frey, research director for Boulder, Colo.-based Enterprise Management Associates.
"I don't think it's going to rock the boat for major network monitoring switch vendors," Frey said. The traditional tap aggregation vendors -- Anue Systems, Gigamon, NetScout, Apcom and VSS Monitoring -- have built strong relationships with the network monitoring tool vendors to which they feed packets. Those relationships ensure that the monitoring tools get the data flows they need from the network monitoring switches, Frey said.
"A lot of the choice of which monitoring switch an enterprise will deploy can be heavily influenced by the monitoring tool vendors," Frey said. "Arista will have to establish credibility and relationships in the market." Frey noted that software-defined networking is also changing the tap aggregation market. Big Switch Networks has unveiled its Big Tap application, which uses the company's OpenFlow controller to create a monitoring network within a production network of OpenFlow switches.
The economics of network packet broker appliances is also more complex than the price-performance profile of a single appliance, Frey said. These tap aggregators, with their ability to filter traffic, can also extend the life of very expensive monitoring tools.
"The growth from one Gb to 10 Gb and now 10 Gb to 40 Gb is a big driver for these network monitoring switches," he said. "Tools for 10 Gb monitoring [are] much more expensive than one Gb, and tools for 40 Gb monitoring are much more expensive than 10 Gb." Network monitoring switches can filter and load balance high bandwidth packet flows to lower bandwidth tools, he said, enabling a company to use legacy Gigabit Ethernet monitoring appliances to handle traffic from a 10 GbE network, for instance.
Arista's ability to offer tap aggregation at a much lower cost may not be a complete replacement for network packet broker specialists, but it will certainly expand the market, said Jason Edelman, senior solutions architect with Lewisville, Texas-based Presidio.
"I don't think they have all the feature sets of the Gigamons, like filtering, but I think it will bring that monitoring and visibility to life for a lot of customers who have shied away from Gigamon because it is so expensive," he said.
The network packet broker vendors appear to be unfazed by Aritsa's entry, too.
"Arista's jumping [into network monitoring switching] is an affirmation of the market space we defined many years ago," said Larry Hart, vice president of strategy for Calabasas, Calif.-based Ixia, which acquired Anue Systems last year.
Hart added that building a "Swiss Army knife" switch that can handle production traffic, and tap and SPAN port aggregation has been tried -- and abandoned -- before. "If you put too many services on a purpose-built device, it can break under the load."
Let us know what you think about the story; email: Shamus McGillicuddy, news director.