Arista Networks, the brainchild of serial entrepreneur Andy Bechtolsheim, is chasing a new market by reversing the polarity on its Ethernet switches, turning them into packet sniffers that feed into network analyzer equipment instead of packet shufflers.
As is the case with most hardware these days, the trick is all in the software, not in the ASIC or other physical aspects of the device. In fact, Arista has come up with a way to turn its 7150 Series Ethernet switch into a tap aggregation platform, and thus replace devices from companies that provide these specialized pieces of hardware.
The market Arista is going after includes those who are deeply concerned with network performance and who want to route traffic to network analyzers to sift through it for messed-up bits.
Arista marketing veep Doug Gourlay says that we have come a long way since having to walk around the data center to plug a sniffer into the network to sort out a problem. But even if you buy special TAP aggregation gear and backhaul all of the tapping functions to the network sniffers, the pseudo-switches that do this work – which are available from NetScout, Gigamon, VSS Monitoring, and a few others – are very expensive.
The good news is that networking giant Cisco Systems has left the tap aggregation business – which is worth somewhere between $200m and $400m a year – alone, because it is not big enough for Big John to play in. But that turns out to be a plenty big enough market for Arista to take on with its software engineers.
To that end, Arista is taking the 24-port 7150 Series 10 Gigabit Ethernet switch and allocating 20 ports to the network taps and four of them to the network probes, while using the Extensible Operating System (EOS) variant of Linux at the heart of the switch to run a stack of network analysis software that collectively is called DANZ. (That's short for "data analysis" in the way that only makes sense in Marketing World.)
This DANZ software module costs $3,000, and the switch itself costs on the order of $350 to $400 per 10GE port. If that doesn't sound cheap, though, consider that the tap aggregation platforms from the vendors listed above can cost $2,000 to $4,000 per port.
That's a pretty hefty chunk of change, says Gourlay. "And Cisco has no product in this space, and from a strategic perspective, I like that a lot," he adds.
"We have done well in markets where the market leader is not playing," Gourlay says – like in networks for high-frequency trading, for instance, where Arista has carved out a niche next to Mellanox Technologies.
By converting the 7150 Series switch into a tap aggregation platform, Arista says it can boost the performance compared to hard-coded aggregators by a factor of three, and do so at a factor of ten reduction in price per port, for a factor of 30 improvement in price performance.
That kind of change in bang-for-the-buck could probably expand the market from the niche uses it has among telecom carriers, service providers, and financial services companies that are paranoid about network performance, all the way to cloudy data centers. The companies selling the probes, says Gourlay, are egging Arista on, saying they hope to sell more analyzers if the tap aggregator costs can be brought down.
Of course, Cisco does have its own Network Analysis Module for Nexus and Catalyst switches, which many companies use in lieu of the more sophisticated tap aggregation and probe setups common at HFT and other sites. And Cisco will no doubt pull a similar move and put tap aggregation into its ONE software-defined network, just as Big Switch Networks is doing with its Big Tap network monitoring module for its SDN stack.
Block diagram of the Arista DANZ software stack
There are a lot of difference elements to the DANZ software stack, and most of it is all new and complimentary to the tap analyzer software functions. The latency analyzer, or LANZ, software has been running on top of EOS for a while and is updated with this software release. All of the other bits are new, including a JSON-enabled RESTful API stack that exposes the DANZ functions to third parties.
This latter bit is key, says Gourlay, because Arista is counting on partners to embrace these APIs as they link their tools for network analysis into the DANZ tap aggregation code. This includes wares from established vendors such as Corvil, TS-Associates, Endace, and relative newcomers such as ExtraHop Networks and Splunk that basically act like a shrink for your network.
The DANZ stack runs on EOS 4.11 and higher and will be rolled out for other Arista switches eventually. ®
Sponsored: Webcast: Ransomware has gone nuclear