search menu icon-carat-right cmu-wordmark

Monitoring Virtual Networks

January 2015 Presentation
George Warnagiris

In this presentation, George Warnagiris describes implementations of three virtualized networks and examines trends in virtual networking.

Publisher:

CERT

Watch

Abstract

The Monitoring Virtual Networks industry is embracing virtualization because it reduces hardware and administration costs, increases scalability, and improves resource allocation. However, hypervisors create naturally isolated systems that can thwart traditional network monitoring techniques. Examining incidents in these systems is difficult without proper considerations since the incident details are abstracted away to the VM-level. To address these drawbacks, we investigated the operational details of, and installed probes onto, three popular virtual network implementations. This presentation summarizes the findings of the investigation and addresses

  • optimizing virtual network design for monitoring
  • hypervisor and sensor integration
  • formalizing the art of building and deploying virtual sensors
  • external versus intra-cluster traffic observations

Considerations for monitoring virtualized networks are also illustrated with data collected during a six-month sensor deployment in a production environment. The discussion concludes with a look at new trends in virtual networking and how they might impact network security monitoring in the future.