Ten-gig networking has become mainstream a lot faster than anyone thought it would, largely driven by the tumbling cost of 10-gig ports. One of the communities that’s been caught napping in this price storm is the monitoring vendor community. Sure, every one of them has launched at least one ‘ten-gig capable’ system, but there are some serious questions as to whether they can really perform at 10Gbps. You only have to look at last quarter’s NSS labs results to see there’s a serious problem with scalability here.
While 10 gig has taken off, the macro-economic climate has changed dramatically, and as IT budgets have tightened organisations have quite legitimately started to look for ways to save money and delay spending on what they perceive to be ‘non-essential’ items. One such ‘pop strategy’ is to attempt to extend the life of existing gigabit network monitoring tools. To help facilitate this need a market for intelligent layer 1 matrix switches has sprung up out of seemingly nowhere. Amongst a wide range of claims, the switches that this community is marketing promise to ‘extend the life of 1Gbps tools by allowing them to be leveraged in 10 gig environments through ‘sophisticated filtering, disaggregation and load-balancing’. Prima facie the logic is sound – spend $50K now and delay an investment of $250k for a year or so, then redeploy the $50K hardware elsewhere and you’re laughing. But is it really that straightforward?
The answer is of course ‘no’ – but to understand why, you need to first accept three incontestable facts about 10 gigabit networking.
- A 10Gbps network WILL burst up to 10Gbps some of the time, regardless of it’s ambient traffic level
- Network monitoring tools typically deliver the vast majority of their value in times of high network stress
- The output of any network monitoring tool is only as good as the quality of it’s input. If it’s only seeing half the input….
If you accept those things then for every 10 Gigbabit link that you want to monitor you’re going to need to have 10 uncontested Gigabit monitoring ports available all of the time to cope with the bursts. And of course that’s where the problems start because no one does, because the economics simply don’t work. Organisations provide maybe 5 gigbabit ports for every 10 gigabit link, but that completely misses the point.
So what happens in practice? Well – the infrastructure team become instant heroes because they’ve successfully delayed a significant capital investment by applying a sticking plaster to an ugly problem. And then there’s a serious network performance issue in the core that netops need to investigate. So they log into the network monitoring tool and begin the process of trouble shooting only to find, surprise surprise, that half they’ve only got half the story. And reality bites.
The truth is that trying to sweat gigabit tools in a 10 gig environment – particularly critical environments where down time and outages cost real money – is a false economy. It might look good on the balance sheet, but in practice it will cost far more than it saves as operational management costs escalate and network performance becomes less and less predictable.
Where the network is critical there is no substitute for true 10 gigabit infrastructure. And when we say true 10 gigabit infrastructure we mean infrastructure that is truly capable of handling line rate 10 Gigabit traffic without dropping a single packet along the way. In exactly the same way that you trying to extend the life of one gigabit tools is a false economy, buying ten gigabit visibility tools that can’t really do 10 gigabit is an equally false economy for all the same reasons.
It’s time for the vendor community to wake up before 100 Gig bits them in the rear….