2. The Cloud is a Digital Supply Chain
• SaaS, PaaS, IaaS are major
suppliers for your users
• Enterprises are offering more
cloud-based services
• Mobile apps
• E-commerce
• Which function and depend on
Web APIs
• Maps, Search, Ads, etc.
• The Internet is the global freight
routing system
• Must be high performing
3. Cloud-Aware Net Mgmt:Strategic Considerations
• Assures delivery of performance and user experience
• Deals with reality of Internet security
• Particularly DDoS because it is as much an operational
availability issue as a security challenge
• Leverages redundancy via multi-homing and CDN
infrastructure
4. Cloud-Aware Net Mgmt:Tactics
• Collect detailed traffic flow
information
• Instrument key nexus servers with
performance metrics collection
• Utilize advanced analytics
• Deploy synthetic testing to
understand availability
• Limited reliance on traditional
deep packet capture techniques,
which are cumbersome for cloud
networking
5. Elements of Cloud NetworkManagement
• NetFlow, sFlow, IPFIX traffic
flow data export
• Sampled flows are fine
• Passive BGP peering
• Cost-effective server-side
network instrumentation
• Granular, tune-able alerts for
anomalies & attacks
• Deep analytical visibility
• Automated remediation
6. MonitoringConsiderations
• Global visibility
• Top-down visibility
• Full details for drill-downs
• More than just summaries
• Not siloed
• Integrate with other tools,
dashboards, etc.
• Data/views easily shared with many
functional teams
• Supports fully hybrid environments
7. Alerting Considerations
• Network-wide
• Scalable with detail
• Host-level capable
• Dynamic anomaly detection
(self-learning what is normal
behavior)
• Flexible integration with your
choice of notification as well as
automated remediation
• E.g. DDoS scrubbers, load
balancers, network orchestration
• Alerting & detection needs to be
complemented by deep analytics
8. Reality of NetworkBig Data
• Network data is big data
• Commonplace to generate hundreds
of millions of data records per day
• Traditional approaches very limited
• Only produced roll-up summaries
• Okay for top-level views
• Useless for real action
• Compute/storage scale means big data
analytics are now relevant
• Recent announcement by Cisco on
Tetration Analytics is major signal
• Key is to go past BI and have
operational speed
9. Big Data Challenges for NetworkAnalytics
• Ingest speed
• Latency to query
• Time to query response
• Pre-computed cubes
• On the fly
10. Advanced (Big Data) NetworkAnalytics
• Need to enable engineers to leverage
their technical and institutional
knowledge effectively
• Ad-hoc queries across massive datasets
in a timely manner
• Multi-dimensional analytics
• Combine and visualize multiple fields
• Like a massive pivot table
• Complemented by automated analyses
that reveal complex relationships
• Practically speaking, turning insightful
ad-hoc queries into dashboards
22. Case Example: Summary
- Unusual traffic patterns from suspect Geo
- Turned out to be DNS Amplification targeting a specific dest IP
- But main attack was hiding other attacks/exploits
- Data harvested for mitigation
- Time required to complete this analysis: 3 minutes!