Around four years ago MantisNet’s engineering team set out to answer a question that seemed glaringly obvious, but consistently ignored by others in the visibility space- “How do monitoring solutions need to evolve to handle the changes that 5G bring?”
Getting to the answer of this question has proved to be an interesting journey. After all, the telco monitoring space is a large industry that has done things the same way for quite some time… it has always been all about packets. Capture packets, filter packets, aggregate packets, slice packets, dedupe packets, store packets. Just give me packets. And then give me some more.
Are packets the answer?
Who has time for innovation in a landscape like that? Packets are CLEARLY the answer. Most talk of network monitoring advancement around this time can be summed up as “how can we now capture packets in the cloud?". Unfortunately, this is still the case in many offerings available today. It seems that most conversations around the challenges of monitoring 5G networks have overlooked one key fact: the way 5G networks are built and deployed is fundamentally changing the game.
The move from 4G to 5G is more than an exercise in increased speeds and reduced latency courtesy of Moore. The arrival of distributed computing (AKA cloud-native architectures) represents a complete change in how production environments are deployed, how resources are utilized, what these resources actually look like, and how data moves from end user to the Core and back. When it comes to monitoring these systems, it’s worth noting that figuring out how to better capture packets on a new playing field might not be the answer - serious thought ought to be given to how a successful monitoring solution operates at scale, and what it actually focuses on.
Distributed computing forces you to think differently about visibility
In order to start answering tougher questions than “how can we grab packets from containers?”, the team at MantisNet dug into the specifics of distributed computing systems to help drive a new architecture for a monitoring solution designed to observe cloud-native environments (and specifically 5G SA). Though the list is much longer, here is a look into some of the specifics the team started centering the new approach around…
- Messages are the backbone of distributed computing.
How can this be leveraged? - Size and scale bring valid concerns of replicating all (or some) data.
What is the alternative? - The resource tax: all visibility solutions are now deployed on production resources.
How can we keep our tax as low as possible? - No standardized/central location to grab packets, physical access is limited.
How can we best rethink our data capture strategy? - Distributed computing and industry standards breed multi-vendor environments.
How can we provide a common view across all vendors?
Enter API-centric visibility
It’s through this lens that the team began working on what has now become Tawon CVF (Containerized Visibility Fabric). Tawon is a monitoring/visibility solution that has been built from day 1 to handle the challenges of distributed computing, and more specifically, the challenges found in telco cloud-native environments. It is not a solution that has taken a simple “lift and shift” mentality, moving from bare metal or VMs into the world of containers. It is a solution that has been designed as a true micro-services based offering that delivers message-driven visibility across any containerized resource.
Tawon leverages eBPF to get at the underlying messages that are key to distributed computing systems. Understanding the messaging that occurs between/across APIs is key to our approach with Tawon. This allows us to correlate the relationship between applications (or network functions) AS WELL AS the applications/NFs relationship to the underlying orchestration, container, network, compute, and memory resources.
Make no mistake, Tawon can capture packets from any location, however, it is primarily driven by the generation of detailed metadata that represents activity on the network. The ability to set targeted event hooks to observe messaging within these environments allows Tawon to operate with extremely low resource utilization, while still providing a granular and near-real time view into the network.
In our next blog post, we will discuss the specific differences between a message-based visibility solution (such as Tawon) and more packet-based solutions (such as vendor-specific vTAPs) as noted by one of our large integration partners in the telco space. In the meantime, I would encourage anyone that made it this far in the post to start asking themselves if more packets is really the answer for a successful 5G visibility strategy.
