Monday, May 21, 2018

Crack that egg – Limitations of traditional networking solutions

Last week I had the opportunity to be at Interface Atlanta. This is a networking conference, so I heard a lot about software defined networking and network functions virtualization. There is a big push within large organizations for products such as VMWare NSX and Cisco ACI.

Traditional IT is becoming more and more cumbersome for large organizations to maintain and manage. Traditional IT is like an egg. You can see the shell, but you can’t see what’s going on within it.

The egg shell represents the network edges or what we call the North-south traffic. However, in the last few years as more and more applications and servers have become virtualized, its gets hard to manage the yolk and the egg-white which basically represents the East-West traffic.

Software defined networking and solutions such as VMWare NSX provide valuable benefits to enterprise customers.


  1. Makes provisioning flexible and fast – Setting up a network in NSX is as easy as creating VM’s in vCenter. 
  2. Granular security – SDN has the ability to provide fine grained security when dealing with logical firewalls and micro-segmentations.
  3. Reduce costs – There is a lower hardware cost and improved efficiency in the management of the network.


Most attendees I spoke to at Interface made decisions on moving towards SDN solutions such as NSX, however, they did not have a strategy for monitoring their new gen networks. They still believed they could use traditional monitoring solutions to help monitor this new wave in Networking.

Most traditional monitoring solutions provide visibility to the network edges without giving the networking team the visibility into traffic flow within their virtual environment. There are many disadvantages that come along with this – 
  1. Security – North-South traffic firewalls are not invincible. Sometimes Malwares can break through the firewall and start infecting the VM’s. This is where East-West traffic visibility comes handy. 
  2. Virtual packet drops – Virtual packet drops cannot be detected by traditional monitoring solutions. I was talking to a customer recently who had recently migrated to a newer “more efficient” datacenter. They experienced slowness after the migration and the networking team using their traditional monitoring tools were unable to discover this issue. After bringing in a consultant and installing a east-west monitoring solution, they were quickly able to identify their issue as virtual packet drop issue. 
  3. Micro-segmentation – Traditional monitoring tools cannot identify the different micro-segmented “islands” and relationships between different VM’s. Moreover, creating micro-segmentation rules is not a one-off process. It requires continuous iterations through monitoring.  

With next gen software defined networking solutions such as VMWare NSX, it’s important to use next solutions geared towards giving you that East-west traffic visibility. It’s time to crack open that egg!



No comments:

Post a Comment

VMware NSX vs Cisco ACI and the need for Visibility

Over the past few years Cisco ACI and VMware NSX have been pitted against one another in the matchup for dominance within ...