Application Visibility & Troubleshooting ... - APAC | VMware · ©2019 VMware, Inc. 20 SD-WAN...

©2019 VMware, Inc.Confidential │ ©2019 VMware, Inc.

Arup DebSenior Specialist Solution Engineer, Networking & Security, Asia Pacific & Japan, VMware

Application Visibility & Troubleshooting the Virtual Cloud Network and NSX

©2019 VMware, Inc.

Agenda

2

Virtual Cloud Network – Apps and Network everywhere

Visibility into VCN with vRealize Network Insight

Discover and Curate Applications

Friend of NetOps – Help troubleshoot an app

3©2019 VMware, Inc.

Virtual Cloud NetworkWhere is the App? What is the Network?

©2019 VMware, Inc. 4

vSphere

BRANCH

BRANCH

EDGE/IOT

TELCO/NFV

BRANCH

BRANCH

DCDC

DC

BRANCH

Virtual Cloud Network (VCN)

Tied Together—Everywhere.

vRealize Network Insight

END-TO-END VISIBILITY

NSX Intelligence

DEEP INSIGHT


Networking

• End-to-End Troubleshooting, Traffic and Path Analytics

• Application Latency and Network Performance

App-Centric Network and Security OperationsEnd-to-End Visibility for Private, Hybrid and Multi-Cloud

Public Clouds(VMC, AWS, Azure …)

Containers(K8s, PKS, OpenShift)

Virtual(SDDC/NSX)

Physical (Network & Firewalls)

Branch and Edge(VeloCloud)

vRealize Network Insight

Security

• Traffic Visibility and Application Modeling

• Operations, Change/Audit and Compliance

Applications

Discovery, Curation and Operations


vRealize Network Insight and vRealize Network Insight Cloud*Discover, Optimize and Troubleshoot App Security and Networking: DC to Cloud to Branch

6

Optimize and Troubleshoot Virtual and Physical Networks

• Reduce MTTR for application-connectivity issues

• Optimize application performance by eliminating network bottlenecks

• Manage and Operate and NSX at scale

Gain Network Visibility

• Visibility for multi/hybrid clouds (NSX, VMC, AWS, Azure) and SD-WAN

• Discover connectivity between the overlay and underlay networks

• Analyze Traffic and Apps across the hybrid and public clouds

Plan, Secure and Migrate Applications

• Discover Apps (VMs, Containers, Clouds), Identify traffic patterns

• Secure, audit and ensure compliance

• Plan app migration across hybrid / multi-cloud

* Formerly Network Insight SaaS


Cisco APIC

Panorama

All Virtual (on-premises or SaaS), Agent-less, Multi-Vendor Solution

vRealize Network Insight: Overlay + Underlay Visibility

AutomationIT AUTOMATING IT | DEVELOPER CLOUD

MULTI-TENANT CLOUD

SecurityMICRO-SEGMENTATION | SECURE END USER DMZ

ANYWHERE

Virtualoverlay

Physicalunderlay

Spine

Leaf

P+V Discovery

and Monitoring

App Visibility and

Troubleshooting

vRNI Flow Visibility Apps

Path: Overlay + Underlay

vCenter, NSX, VeloCloud APIs

Flows

vRNI supports a rich set of underlay vendors:

- Switches: Dell, Cisco (ACI, Nexus), Arista, Juniper …

- Firewalls: Palo Alto, Checkpoint, Cisco ASA, Fortinet …

- Load Balancers: F5 …

- Flows: NetFlow, IPFIX, sFlow

3rd Party Managers

(Cisco APIC, Panorama etc.)

SDWAN


App-Centric Network VisibilityDiscover, Curate, Operate


Application awareness is core to our network and security operations strategy

App-Aware Discovery and Operations

NamesTags

(VMs, EC2)

Flows(IPFIX,

Flow Logs) Kubernetes(PKS, K8s, OpenShift)

L4-L7(NSX,

SD-WAN)

CMDB(SNOW)

• Use Names, Tags, K8s, CMDB

• Connectivity, Troubleshooting

• Top Flows, Latencies, Anomalies

• Track changes, ensure compliance

• Include Non-VMware end-points(From underlay NetFlow/sFlow)

• Auto-Baseline Apps


Application centric network operationsDiscover – Names, Tags, CMDB

o Discover Apps

o Names, Tags, CMDB, K8s

o Curate/Approve: Include other end points, Save

o Operate

o Troubleshooting: App and N/W Topology

o Analytics: Top Flows, Latencies, Anomalies

o Security: Traffic Analysis, Planning, Audit


Application centric network operationsCurate

o Discover Apps



o Operate





Application centric network operationsOperate

o Discover Apps



o Operate





Optimize and Troubleshoot ApplicationsAcross NSX (VMs, K8s), SD-WAN


Mean Time to Innocence: Blame Someone Else


Discover, Troubleshoot, Correlate, Analyze, Recommend

DiscoverApplication

Network

Flows/Path

TroubleshootApp Performance

Is it Network or App?

CorrelateApp slowness with network bottleneck

AnalyzeImpact within App Impact across App

(with APM)

RecommendNetwork Mitigation

App Mitigation


Reduce MTTI with vRealize Network InsightUse Case

NSX/Infra Admin

DC/Network Admin

App Owner

3rd Party Manager

• Deploys apps on virtual infra

• Monitors App/API Health, SLA

• Discover Virtual & Physical Infra

• Auto-Group Apps

• Secure, Micro-Segment Apps

• Provision / Manage Underlay

• Monitor health, Plan Capacity

• Stream Network Telemetry (port health, drops, congestion)

Day 0Day 2

(App Degraded)

• App Health Good

• Virtual Infra issues? Ticket!

• App Hotspots Latency Spike

• Check VM –VM Path

• Trace Underlay Issues

• Move chatty VMs to other Leafs

• Check/Fix SFP Errors

• Add LAG/ECMP Members

Physicalunderlay


Virtual Cloud Network (VCN) TroubleshootingRound Trip Time, Latency and Analytics

.

Sender Receiver

Request

Reply

RTT

Why is my app slow?

• Identify latency (RTT) of flows in app tiers

• Latency in accessing the app?

Is there latency in my virtual or physical infrastructure?

• Is it in the Host? (vNIC to vNIC, vNIC to pNIC)

• Is it in the path? (VTEP to VTEP)

Congestion / Packet drops in the underlay?


Flow RTT: NSX IPFIX reports, vRNI computes abnormal flows

Flow Round Trip Time (RTT) and Virtual Infra Latency

Latency Metrics: NSX reports vNIC pNIC latencies, vRNI aggregates/analyzes per pNIC


Apps: Branch to Cloud / DCSD-WAN Visibility and Troubleshooting


SD-WAN Visibility and Troubleshooting With VeloCloud integration

Branch Visibility

o Who is talking to whom

o Flows and usage by clients, LOB, edge and app

Edge-to-Data Center Connectivity

o Network topology, end-to-end path visibility

o Troubleshoot Edge to DC, VPN, Gateway, Hub

Analytics and Reporting

o Flow visibility with app info, top talkers

o Data center application usage by branch

o Multi-path metrics

o Business policy violations (wrong link used)


Site Analytics

• Site Visibility

• Apps, VMs, Links, Metrics

• Path & connectivity to other sites, gateway, data center

• Stitching the flows/path from Velo to NSX

• Hybrid WAN visibility (legacy + SD-WAN)

Virtual, Physical, Data center


End-to-End Path Visibility Across DC/WAN/Cloud

Shows all virtual and physical components

End-to-end path from VM → WAN → VM across sites

Path from VM → WAN → SaaS App

©2019 VMware, Inc.

vCenterNSX Manager

NSX Firewall Flows

Physical Infra Config & Metrics

Amazon Web Services VPC Flow Logs

Physical Infra Flows

Virtual Infra Flows

360Networking and Security

Visibility

Most Comprehensive Network & Security Visibility SolutionVisibility Across Virtual, Physical & Multi-Cloud!


How to get started

Resources

LEARN TRY

nsx.techzone.vmware.com

CONNECT

TRY

@VMwareNSX#runNSX

Learn ConnectTry

Design Guides Demos

Take a Hands-on Lab

Join VMUG, VMware Communities (VMTN)

Application Visibility & Troubleshooting ... - APAC | VMware · ©2019 VMware, Inc. 20 SD-WAN...

Documents

Transcript of Application Visibility & Troubleshooting ... - APAC | VMware · ©2019 VMware, Inc. 20 SD-WAN...