Trending / November 28, 2016

Automatic Target Selection

Traffic monitoring in a virtualized environment relies on the use of logical tap devices to capture packets flowing through the network interfaces of virtual machines. These taps are generally based on the port mirroring primitives offered by the infrastructure layer (e.g. vNetwork Distributed Switch port mirroring in VMware vCenter and Tap-as-a-Service in OpenStack). When native port mirroring is not available – an all-too-common situation in public clouds – platform agnostic solutions such as the Gigamon G-vTAP can be employed, where the mirroring operation is implemented inside the virtual machines being monitored.

Although logical taps provide the means to capture packets, the issue of identifying which targets should be observed still remains. A target in this context is a virtual machine, or to be more accurate a specific interface belonging to a virtual machine. Existing workflows simply assign the target identification task to the end-user, who is also expected to define filters for eliminating unwanted packets/flows and specify the actions to be performed on the captured traffic. These filters are expressed as rules and may be split across one or more traffic maps. The actions can be broadly divided into two categories: optimization actions (slicing, masking, de-duplication, etc.) and forwarding actions (tunnel to one or more destinations).

On the surface it may appear that letting the user identify each and every target that needs to be monitored is a good thing. After all, he or she has complete control over the selection process. However, this is a huge responsibility and can become a daunting endeavor for even the most experienced operator. Manual selection is a slow, tedious and error prone process, especially when considering the scale involved. Even a moderately sized datacenter will have several hundred potential targets to consider; in larger environments this number can grow to staggering proportions. Furthermore, having to repeat this process for each monitoring session can quickly become annoying.

Automatic Target Selection (ATS), a new capability in the Gigamon GigaVUE-FM Fabric Manager, is our answer to this problem. It is based on patent-pending technology that can correctly infer the set of targets to be monitored from the traffic maps provided by the user. The overall workflow is greatly simplified because the most painstaking part has been eliminated. ATS can handle the arrival of new targets and changes to the properties of existing targets without needing any human intervention. This makes it possible to create monitoring sessions in anticipation of virtual machines that do not exist at the moment but may appear sometime in the future. Without ATS, new targets are not monitored until an operator becomes aware of them and then explicitly associates them with a monitoring session. Also, when the user is expected to both identify the targets and provide the traffic maps, incompatibility issues may arise that can result in less than the desired amount of traffic reaching the analysis tools. Such accidental misconfigurations are now a thing of the past.


Basic ATS, as described above, resembles the autofocus functionality found in mid-range cameras. Both are fast, accurate and reliable. However, they also share a common shortcoming. They are fully automatic! Just like any other fully automatic offering they satisfy the most common needs but may not be suitable for specialized applications. Camera manufacturers have recognized the needs of discerning photographers and offer more sophisticated autofocus systems in their high-end models, which can be adjusted to perform well even in the most demanding situations. In the same vein we have enhanced the ATS algorithm to accept inclusion and exclusion maps. Inclusion maps specify only those targets that are eligible for selection and are typically used when there is a need to contain the search space to a known boundary. Exclusion maps, on the other hand, specify targets that should never be considered. Inclusion and exclusion maps may be used in conjunction with the traffic maps or separately, providing the user with a high degree of control over the selection process.

We are excited to debut ATS in GigaVUE-FM 3.5 for monitoring AWS workloads. It is our sincere hope and belief that the newfound freedom acquired by not having to manually identify the targets will empower users of the Gigamon Visibility Platform to direct their attention toward more pertinent matters such as securing their infrastructure and gaining insight into workload behavior and performance.


Back to top