With more organizations exploring or implementing Cisco ACI, some users question the need for packet capture. However, there are several use cases where it is critical to leverage packet data and packet-based analytics, especially for larger enterprise and data centers.

Application centric infrastructure, or ACI is used to more efficiently and effectively roll out and manage applications in a hybrid environment. It automates the application deployment cycle using a common policy, management, and operational framework across siloed IT teams.

In simpler terms, ACI is Cisco’s propriety software-defined network (SDN) technology. For organizations with significant investment in Cisco higher-end Nexus 7000 and 9000 switches, migrating to ACI makes sense to consider.

What is Tetration?

Cisco Tetration is described as real-time analytics that provide performance visibility to everything that happens in the data center. It does this via machine learning and provides the security team with a “zero trust model.” It captures “telemetry” data – aka metadata – at line rate. Full packet capture is not done with Tetration.

Simply stated, it is like enhanced NetFlow metrics for ACI environments. To get the full value of Tetration, the organization must have the talent and time to instrument byte-level code. This is a newer technology and engineers with depth of knowledge are limited. In addition to knowledge, agents are required to gain Layer 7 (of the OSI Model) application visibility. To achieve this presumes the network team has access and permission to deploy agents on critical servers across the network. This analysis is primarily for east-west traffic within a virtualized ACI network.

What type of organizations are considering or deploying ACI?

The organizations looking at ACI are invested in expanding their virtualization capabilities and have the need and purchasing power to make significant financial investment in Tetration and the Cisco Nexus 9000 line of switches.

How much does ACI or Tetration cost?

Investments in ACI and Tetration typically range between six to seven figures, although depending on scale and scope, they have versions that cost less based on smaller installations.

What are the limits of Tetration?

The limits of Tetration are that it does not capture the actual packet data but creates metadata about the packets. This metadata is described as “telemetry,” and lacks the granularity of VIAVI Observer with GigaStor for analyzing end-user experience or security forensics given the ability of Observer to generate metadata that is backed by high-fidelity packet capture.

Tetration visibility is largely limited to the ACI deployment. As applications traverse distributed networks with legacy and VMware or other vendor infrastructure, performance visibility is limited. There are also questions customers must answer regarding the use of high-end Nexus switches for traffic monitoring and management. In the network core with critical applications, is this the best use of switching resources? Additionally, do network teams have the resources and permissions to deploy agents and instrument solutions with byte-level code? These are both important considerations.

Observer provides out-of-the-box visibility and performance management workflows for immediate and granular problem resolution across all IT environments.

Why do customers still need packet data?

To fully assess end-user experience and application performance issues, support security forensics investigations, and understand where issues are occurring an organization must have that full packet capture. Essentially Tetration provides high-level indication of potential performance issues. Packets complement this by providing granular understanding of the user’s experience and service delivery.

Observer for ACI environments

Observer extends the value of full visibility and performance management from traditional to ACI and hybrid environments. Additionally, with SightOps infrastructure monitoring, you can not only manage network and application performance, you can additionally ensure performance of your ACI and cloud environment.

Observer brings visibility for the total environment under a single solution for network and applications combined with the added peace of mind that security forensics data provides.

About The Author

Close