Gigamon has integrated its network visibility infrastructure into VMware NSX to provide consistent visibility across physical and virtual networks. The company demonstrated the NSX network virtualization monitoring at VMworld 2014 this week.
Network overlays like NSX encapsulate packets to tunnel traffic over the physical network, which obfuscates packets from most monitoring tools.
"When you tunnel traffic, you get into a situation where you get virtual networks being created that are designed to be abstracted away from the physical network details," said Jim Frey, vice president of research for Enterprise Management Associates Inc. "So there is an inherent loss of visibility. Now there is a whole bunch of traffic traveling over the network that you don't understand unless you can get visibility inside."
Gigamon's GigaVue network packet brokers and network taps were already integrated into vCenter for visibility into VMware's hypervisor workloads. The company has expanded that integration into NSX to provide deeper network virtualization monitoring, which can give management and security tools better visibility across both virtual and physical networks.
"The tools to monitor, secure and manage networks don't work in [the network overlay] world," said Shehzad Merchant, chief strategy officer for Gigamon. "They don't understand encapsulation. They don't understand multi-tenant networks."
Gigamon has retooled its products to work with VXLAN, the encapsulation protocol used by NSX. It can de-encapsulate VXLAN packets so that monitoring tools attached to the Gigamon products can have visibility into them. Gigamon also added the ability to filter traffic on a per-tenant basis so that network engineers can set up tenant-based monitoring policies.
Gigamon's existing integration into vSphere helps to automate this NSX integration, Merchant said. vCenter notifies GigaVUE of any changes in the hypervisor environment. "We can automatically move our monitoring policies with that [with a virtual machine move]," he said.
Gigamon's integration with NSX was prompted by a contingent of customers who are looking at NSX for network virtualization, said Brad Casemore, research director for IDC. "[Those customers] wanted to make sure they could bring that Gigamon functionality along for the ride."
Gigamon plans to extend this integration to other network overlay products, Shehzad said.
Integration with the encapsulation protocols used by other vendors, such as NVGRE or variations on VXLAN, should be trivial, Frey said. Integration further up the stack will be more important and potentially more challenging, he said. Today, Gigamon relies on its vCenter integration as a trigger for adapting to changes in the network overlay. It will have to find comparable integration points with other vendors.