Posted on by admin

Selection of Virtual Machine Traffic Capturing Mode in Cloud Environment

Selection of Virtual Machine Traffic Capturing Mode in Cloud Environment

The virtual machine traffic capture in cloud environment needs to deploy the collection probe to the computing node. According to the location of the collection point that can be deployed on the computing node, the virtual machine traffic capturing mode in cloud environment can be divided into three modes: Agent Mode, Virtual Machine Mode and Host Mode.

Virtual Machine Mode: a unified capturing virtual machine is installed on each physical host in the cloud environment, and a capturing soft probe is deployed on the capturing virtual machine. The traffic of the host is mirrored to the capturing virtual machine by mirroring the virtual network card traffic on the virtual switch, and then the capturing virtual machine is transmitted to the traditional physical traffic capture platform through a dedicated network card. And then distributed to each monitoring and analysis platform. The advantage is that softswitch bypass mirroring, which has no intrusion on the existing business network card and virtual machine, can also realize the perception of virtual machine changes and automatic migration of policies through certain means. The disadvantage is that it is impossible to achieve overload protection mechanism by capturing virtual machine passively receiving traffic, and the size of traffic that can be mirrored is determined by the performance of virtual switch, which has a certain impact on the stability of virtual switch.

Agent Mode: Install the capturing soft probe (Agent Agent) on each virtual machine that needs to capture traffic in the cloud environment, and extract the east and west traffic of the cloud environment through the Agent agent software, and distribute it to each analysis platform. The advantages are that it is independent of the virtualization platform, does not affect the performance of the virtual switch, can migrate with the virtual machine, and can perform traffic filtering. The disadvantages are that too many agents need to be managed, and the influence of the Agent itself cannot be excluded when the fault occurs.

Host Mode: by deploying an independent collection soft probe on each physical host in the cloud environment, it works in process mode on the host, and transmits the captured traffic to the traditional physical traffic capturing platform. The advantages are complete bypass mechanism, no intrusion to virtual machine, business network card and virtual machine switch, simple capturing method, convenient management, no need to maintain independent virtual machine, lightweight and soft probe acquisition can achieve overload protection. As a host process, it can monitor the host and virtual machine resources and performance to guide the deployment of mirror strategy. The disadvantages are that it needs to consume a certain amount of host resources, and the performance impact needs to be paid attention to.

From the current situation of the industry, the virtual machine mode has applications in the public cloud, and the Agent Mode and Host Mode have some users in the private cloud.

network monitoring software

Media Contact
Company Name: Transworld (Hong Kong) Co., Limited.
Email: Send Email
Country: China
Website: https://www.mylinking.com/