Big Switch unveils advanced network telemetry for pervasive security and deeper visibility


Big Mon Recorder and Analytics Nodes enable traffic capture and app-aware analytics for cloud-native network defence & rapid remediation at scale

Big Switch Networks has unveiled new innovations for Big Monitoring Fabric (Big Mon) that enable network and security operations teams to capture cloud-native data centre network traffic at scale, and provide deep application-level analytics. Big Mon Recorder Node allows high-performance packet recording, querying and replay functions, and Big Mon Analytics Node provides unprecedented network visibility to monitor, discover and troubleshoot network and application performance issues as well as accelerate root cause of security breach discovery.

With Big Mon Recorder and Analytics Nodes, customers can now achieve deep network telemetry for both cloud-based and traditional data centre environments and have the ability to replay past conversations across users and applications with a single-click. Architecture flexibility allows Big Mon to easily extend to multi-cloud environments, including hybrid cloud and public cloud deployments.

“Big Switch has pioneered the use of cloud-native networking architectures to achieve pervasive network visibility and enhanced network security,” said Prashant Gandhi, Chief Product Officer, Big Switch Networks. “With the launch of Analytics Node and Recorder Node, Big Switch further distances itself from legacy box-based solutions, offering unmatched network telemetry to achieve root cause analysis, breach mitigation, and faster mean time to resolution.”

It is estimated that nearly 8.5 billion devices are connected to the Internet today. In order to support the digital economy, cloud-native applications are being developed and deployed at increasing rates to collect and optimise the vast amounts of data being generated. The nature of cloud-native applications generates a significant increase in East-West network traffic, providing new attack vectors beyond the hardened DMZ-protected North-South traffic. Unfortunately, the volume, velocity and sophistication of cyber attacks are also intensifying, resulting in the need for pervasive network security and visibility solutions. To mitigate against cyber attacks, network packet brokers (NPBs) are required as part of a holistic network security strategy. Traditional box-based, hardware-centric NPBs are architecturally constrained to meet emerging security and visibility demands of cloud-native data centres.

The University of Oklahoma deployed Big Monitoring Fabric nearly two years ago. Initially the University made the decision to replace an incumbent legacy NPB solution with Big Mon, due to its ease-of-use, and the versatility of the product appealed to its innovative IT team. Additionally, the University has achieved twice the visibility at nearly 50% CAPEX savings. The University has since deployed both Big Mon Analytics Node and Recorder Node in order to address the following challenges: Unauthorised Application and Device Sprawl, Capacity Planning and Threat Mitigation. The University already used multiple security tools, Analytics Node is being leveraged to optimise tool usage and make them more efficient. According to the University, when it gets a phish, they try to find out how many users replied or visited the website in the email or submitted their credentials to a website. Given BRO doesn’t capture the POST data by default, the University relies on Big Mon Recorder Node, to enable a full packet capture device to match users to IP’s on its network in order to easily determine who submitted credentials. While phished user passwords are immediately reset, the University leverages Big Mon to determine if credentials were used for malicious activity, and to monitor accounts for possible login from external IP’s.

“As a leading public University, which serves a very large number of users, Analytics Node and Recorder Node have provided us with an efficient, cost-effective and scalable way to address multiple challenges that we faced due to having an open network,” said Aaron Baillio, Managing Director, Security Operations and Architecture, University of Oklahoma. “Analytics Node together with the packet capture capability of the Recorder Node has allowed us to reinforce security posture by rapid impact analysis and mitigation of compromised user credentials.”

Inspired by the design principles of hyperscale operators, Big Switch’s Big Mon leverages SDN controls, a fabric architecture based on open networking (britebox/whitebox) switches and DPDK-powered x86 servers to deploy highly scalable, agile, flexible and cost-effective network visibility and security solutions. This next-generation NPB architecture is highly flexible, with fabric switches providing L2-L4 filtering at line rate, while DPDK-based x86 nodes provide high-speed packet-level and flow-level services with Big Mon Service Node, recording and playback with Big Mon Recorder Node and deep application-level visibility with Big Mon Analytics Node. All of the components are fully controlled and managed by the Big Mon Controller, thus enabling organisations to deploy large scale monitoring fabrics within existing OpEx budget. Big Mon architecture is also inherently scale-out, allowing customers to start with a single monitoring switch, and grow the fabric on an as-needed basis. Big Mon Service Node, Recorder Node and Analytics Node can be deployed in clusters to enable independent scale-out.

“Big Switch is bringing cloud-scale analytics and integrated packet flow recording to multi-cloud software-defined infrastructure,” said Stephen Collins, Principal Analyst, ACG Research

Network Visibility and Analytics. “The Analytics Node and Recorder Node offer organisations a simple and more cost-effective solution for rapidly detecting performance anomalies, identifying security issues and conducting forensic analysis.”

Big Mon Recorder Node – next-gen packet recorder

With vast amounts of data traversing the data centre network, traditional packet capture solutions are unable to efficiently and affordably scale. The need for a next-gen packet capture solution for forensic analysis of events and inefficiencies is clear. Recorded data allows network IT teams to replay the specifics of an event and provides them with the necessary context to solve operational and security threats, by retrieving a historical record of the exact moment a service anomaly occurred, in order to derive root cause and predict future trends.

Big Mon Recorder Node is high-performance packet recorder software, deployed on a commodity x86-based server. The Big Mon SDN controller automatically discovers the Recorder Node, ensuring a single point of configuration and device lifecycle management. Multiple Recorder Nodes can be strung together, allowing end-users to store more network traffic for longer periods and retrieve them via the Big Mon Controller or Analytics Node with agility and simplicity.

Big Mon Recorder Node benefits:

  • Feature-rich packet capture, query and replay functions
  • Programmable and scriptable via REST APIs
  • Supports PTP / NTP based timestamping of recorded packets
  • Works on an industry standard x86 server with 160TB storage and 10G NIC
  • Easy-to-use, scale-out, high-performance
  • Integrates with the Big Mon Controller to enable centralised configuration and operational workflows via Big Mon Controller
  • Supports Big Mon Analytics Node-powered event-triggered automated packet capture workflows
  • Integrates with Big Mon Service Node for applying advanced packet functions to filter or massage the traffic, prior to sending it to the recorder: de-duplication, packet slicing, packet masking, header stripping, regular expression matching (DPI) and netflow generation

Big Mon Analytics Node – deeper visibility and alerting

Network visibility is the key to optimising and securing production networks. But as the volume of data flowing through a data centre continues to grow, packet flow becomes increasingly fragmented, making network visibility more opaque. No matter the size of a data centre network, analysis is critical to identify high-bandwidth applications and flows, determine network traffic utilisation trends, find hotspots in the network, identify possible security issues and to perform historical analysis.

Big Mon Analytics Node provides scale-out analytics with configurable, historical time-series based dashboards for performance, hosts and security. It also acts as a collector for Netflow and Sflow packets. The highly intuitive and customisable GUI dashboards support a Google-like search to quickly drill down and focus on the possible issues. It not only provides a variety of reporting and alerting functions, but also allows the user to easily share a custom dashboard view with other team members for collaborative analysis, troubleshooting and remediation.

Analytics Node benefits:

  • Supports various Health / Capacity Planning / Troubleshooting dashboards
  • Supports Performance views like Top Talkers, Top Apps, TCP connection / latency tracking etc
  • Supports Security views displaying Rogue DHCP/ DNS servers, identifies IP / MAC Spoofing etc
  • Support various Host views like New Hosts seen, DHCP OS fingerprinting etc
  • Supports Automatic alerting on exceeding various thresholds like link utilisation etc
  • Supports sFlow/NetFlow collection to provide real-time application level visibility, including tunneled or encapsulated traffic, enable detection of security attacks like DoS/DDoS and support sub-second triggering
  • Easy-to-use, scale-out, high-performance
  • Integrated / centralised configuration and operational workflows via Big Mon Controller
  • Works on an industry standard x86 server with 128G RAM, 2TB SSD storage and 10G NIC

Supporting materials

About Big Switch Networks
Big Switch Networks is the Next-Generation Data Centre Networking Company. We disrupt the status quo of networking by designing intelligent, automated, and flexible networks for our customers around the world. We do so by leveraging the principles of software-defined networking (SDN), coupled with a choice of industry-standard hardware. Big Switch Networks has two solutions: Big Monitoring Fabric, a next-generation network packet broker, which enables pervasive security and monitoring of data centre and cloud traffic for inline or out-of-band deployments and Big Cloud Fabric, the industry’s first next-generation switching fabric that allows for choice of switching hardware for OpenStack, VMware, Container, and Big Data use cases. Big Switch Networks is headquartered in Santa Clara, CA. For additional information, email, visit or follow us on Twitter @bigswitch, LinkedIn and YouTube.


Comments are closed.