DANZ Monitoring Fabric Verified Scale
This document describes the DANZ Monitoring Fabric multi-dimension scale test performed with DMF controllers.
Overview
Network visibility is a growing concern in data centers due to increasing virtualization, service-oriented architecture, and cloud-based IT. However, visibility into network traffic with traditional monitoring infrastructure could be improved. Expensive monitoring infrastructure, including application performance monitoring tools, Intrusion Detection Systems (IDS), and forensic tools, could be more efficiently utilized due to a lack of management of monitored traffic.
DANZ Monitoring Fabric (DMF) is an advanced network monitoring solution that alleviates this problem dramatically. DMF leverages high-performance bare metal Ethernet switches to provide the most scalable, flexible, and cost-effective monitoring fabric. Using an SDN-centric architecture, DMF enables tapping traffic everywhere in the network and delivers it to any troubleshooting, network monitoring, application performance monitoring, or security tool.
At its core is the centralized DMF Controller software that converts user-defined policies into highly optimized flows programmed into the forwarding ASICs of bare metal Ethernet switches running the production-grade Switch Light™ Operating System from Arista Networks Confidential. DMF delivers unprecedented network visibility with bare-metal economics, getting the right traffic to the right tool at the right time. With its open and published Application Programming Interfaces (APIs), the DMF Controller allows customers to deploy integrated network monitoring solutions along with the DMF.
DMF Verified Scale Values
TCAM Rule Limits
The following tables contain the data for the scalability limits tested and verified for the DANZ Monitoring Fabric.
Broadcom Switch Series | Broadcom Chipset | Switch Name |
---|---|---|
Jericho Series | Jericho | Arista DCS-7280SR-48C6 |
Jericho Plus | Arista DCS-7280SR2-48YC6 | |
Jericho 2 | Arista DCS-7280CR3-32P4 | |
Jericho 2C | Arista DCS-7280SR3-48YC8 |
Match Mode | Broadcom Jericho Switches | Broadcom Jericho Plus Switches | Broadcom Jericho 2 Switches | Broadcom Jericho 2C Switches | |
---|---|---|---|---|---|
IPv4 TCAM rules per switch (Verified Limit/Max Limit) | Full | 6140/6144 | 6140/6144 | 6140/6144 | 6140/6144 |
L3-L4 | 6140/6144 | 6140/6144 | 6140/6144 | 6140/6144 | |
Offset | Not Supported | Not Supported | Not Supported | Not Supported | |
IPv6 TCAM rules per switch (Verified Limit/Max Limit) | Full | 6140/6144 | 6140/6144 | 6140/6144 | 6140/6140 |
L3-L4 | 6140/6144 | 6140/6144 | 6140/6144 | 6140/6140 | |
Offset | Not Supported | Not Supported | Not Supported | Not Supported | |
Match conditions per policy | Full IPv4/IPv6 | 6140/6140 | 6140/6140 | 6140/6140 | 6140/6140 |
L3-L4 IPv4/IPv6 | 6140/6140 | 6140/6140 | 6140/6140 | 6140/6140 | |
L3-L4
Offset IPv4/IPv6 |
Not Supported | Not Supported | Not Supported | Not Supported |
Broadcom Switch Series | Broadcom Chipset | Switch Name |
---|---|---|
Trident Series | Trident 2 | Dell S4048F-ON, Dell S6000F-ON |
Trident 2 Plus | Dell S4048-48T, Dell S6010F-ON | |
Trident 3 | Arista DCS-7050CX3-32S, Arista DCS-7050SX3-48YC8, Arista DCS-7050SX3-48YC12, Dell S5248F-ON, Dell S5232F-ON, Arista DCS-7050SX3-96YC8 |
Match Mode | Broadcom Trident 2 Switches | Broadcom Trident 2 Plus Switches | Broadcom Trident 3 Switches | |
---|---|---|---|---|
IPv4 TCAM rules per switch (Verified Limit /Max Limit) | Full | 2040/2044 | 8100/8188 | 3055/3068 |
L3-L4 | 4088/4092 | 8100/8188 | 3055/3068 | |
Offset | 2040/2044 | 8100/8188 | 3055/3068 | |
IPv6 TCAM rules per switch (Verified Limit /Max Limit) | Full | 1535/2044 | 6100/8188 | 2300/3068 |
L3-L4 | 1535/4092 | 6100/8188 | 2300/3068 | |
Offset | 1535/2044 | 6100/8188 | 2300/3068 | |
Match conditions per policy | Full-IPv4/v6 | 2040/1535 | 8100/6100 | 3055/2300 |
L3-L4IPv4/v6 | 4088/1535 | 8100/6100 | 3055/2300 | |
L3-L4
Offset-IPv4/v6 |
2040/1535 | 8100/6100 | 3055/2300 |
Broadcom Switch Series | Broadcom Chipset | Switch Name |
---|---|---|
Tomahawk Series | Tomahawk | Dell Z9100F-ON, Dell S6100F-ON |
Tomahawk Plus | Dell S5048F-ON | |
Tomahawk 2 | Arista DCS-7260CX3-64E
Dell Z9264F-ON |
Match Mode | Broadcom Tomahawk | Broadcom Tomahawk Plus | Broadcom Tomahawk 2 | |
---|---|---|---|---|
IPv4 TCAM rules per switch (Verified Limit /Max Limit) | Full | 1015/1020 | 1015/1020 | 1015/1020 |
L3-L4 | 1015/1020 | 1015/1020 | 1015/1020 | |
Offset | 1015/1020 | 1015/1020 | 1015/1020 | |
IPv6 TCAM rules per switch (Verified Limit /Max Limit) | Full | 760/1020 | 760/1020 | 760/1020 |
L3-L4 | 760/1020 | 760/1020 | 760/1020 | |
Offset | 760/1020 | 760/1020 | 760/1020 | |
Match conditions per policy | Full-IPv4/v6 | 1015/760 | 1015/760 | 1015/760 |
L3-L4IPv4/v6 | 1015/760 | 1015/760 | 1015/760 | |
L3-L4
Offset-IPv4/v6 |
1015/760 | 1015/760 | 1015/760 |
Broadcom Switch Series | Broadcom Chipset | Switch Name |
---|---|---|
Maverick Series | Maverick | Dell S4112F-ON |
Match Mode | Broadcom Maverick Switches | |
---|---|---|
IPv4 TCAM rules per switch (Verified Limit /Max Limit) | Full | 4088/4092 |
L3-L4 | 8100/8188 | |
Offset | 4088/4092 | |
IPv6 TCAM rules per switch (Verified Limit /Max Limit) | Full | 3060/4092 |
L3-L4 | 3060/8188 | |
Offset | 3060/4092 | |
Match conditions per policy | Full-IPv4/v6 | 4088/3060 |
L3-L4IPv4/v6 | 8100/3060 | |
L3-L4
Offset-IPv4/v6 |
4088/3060 |
The DMF 8.5 release supports the following EOS switches using the Broadcom Qumran chipset.
Broadcom Switch Series | Broadcom Chipset | Switch Name |
---|---|---|
Qumran-based Series
|
QumranAX | DCS-7020SR-24C2 |
Qumran2C | DCS-7280CR3K-36S | |
Qumran2A | DCS-7280SR3-40YC6 |
Match Mode | Broadcom QumranAX Switches | Broadcom Qumran2C Switches | Broadcom Qumran2A Switches | |
---|---|---|---|---|
IPv4 TCAM Rules per Switch (Verified Limit /Max Limit)
|
Full
|
4084/4088
|
6140/6144
|
6140/6144
|
L3-L4
|
4084/4088
|
6140/6144
|
6140/6144
|
|
Offset
|
Not Supported
|
Not Supported
|
Not Supported
|
|
IPv6 TCAM Rules per Switch (Verified Limit /Max Limit)
|
Full
|
4084/4088
|
6140/6144
|
6140/6144
|
L3-L4
|
4084/4088
|
6140/6144
|
6140/6144
|
|
Offset
|
Not Supported
|
Not Supported
|
Not Supported
|
|
Match Conditions per Policy
|
Full IPv4/IPv6
|
4084/4084
|
6140/6140
|
6140/6140
|
L3-L4 IPv4/IPv6
|
4084/4084
|
6140/6140
|
6140/6140
|
|
L3-L4 Offset IPv4/IPv6
|
Not Supported
|
Not Supported
|
Not Supported
|
Port Channel Interface Limits
Maximum Hardware/Software |
Verified Limits | |
---|---|---|
Number of Port Channel Interfaces Per Switch | 64 | 10 |
Number of Port Channel Member Interfaces | 32 | 32 |
Maximum Hardware/Software |
Verified Limits | |
---|---|---|
Number of Port Channel Interfaces Per Switch | 1024 | 16 |
Number of Port Channel Member Interfaces | 32 | 32 |
Tunnel Interface Limits
Maximum Hardware/Software Limit |
Verified Limits | |
---|---|---|
VXLAN Rx Tunnels per Switch | 2000 | 2000 |
VXLAN Bidirectional / Tx Tunnels per Switch | Depends on available ports on switch. | 60 |
Maximum Hardware/Software Limit |
Verified Limits | |
---|---|---|
L2GRE Rx Tunnels per Switch | 2000 | 2000 |
L2GRE Bidirectional / Tx Tunnels per Switch | Depends on available ports on switch. | 60 |
Functional Limits
Functionality | Verified Limits |
---|---|
Filter Interfaces per switch | 128 |
Delivery interfaces per switch | 128 |
Services Chained in a Policy | 4 |
User created policies per fabric (Disable overlap to create more than 200 user policies) | 200 |
Max number of policies which can overlap | 10 (Default is 4) |
Max number of policies per fabric (user + dynamic policies) | 4000 |
Switches per Fabric | 150 |
Filter interfaces per Fabric | 1500 |
Delivery interfaces per Fabric | 1000 |
Managed Services Per Fabric | 40 |
Managed Services Per Switch | 40 |
No of Service Nodes Per Fabric | 5 |
Filter interfaces per policy per Fabric | 1000 |
Connected devices per fabric | 100 |
IPv4 address groups | 170 |
IPv4 addresses per group | 20000 |
IPv6 address groups | 50 |
IPv6 addresses per group | 100 |
Maximum RTT between active and standby controller, between switch and controllers | 300 ms |
Maximum Users | 500 |
Maximum Groups | 500 |
Unmanaged Service interfaces per switch | 44 |
Unmanaged Service per switch | 22 |
Unmanaged Service interfaces per Fabric | 100 |
Unmanaged Service per switch | 50 |
Naming Conventions
Minimum Length |
Maximum Length |
Allowed Pattern | |
---|---|---|---|
Username | 1 | 255 | [a-zA-Z][-0-9a-zA-Z_]* |
Password | 1 | 255 | [0-9a-zA-Z,./;[]<>?:{}|❵~!@#$%^&*()_+-=] |
Group Name | 1 | 255 | [a-zA-Z][-0-9a-zA-Z_]* |
Filter Interface Name | 1 | 255 | [a-zA-Z][-.:0-9a-zA-Z_]* |
Delivery Interface Name | 1 | 255 | [a-zA-Z][-.:0-9a-zA-Z_]* |
Service Interface Name | 1 | 255 | [a-zA-Z][-.:0-9a-zA-Z_]* |
Service Name | 1 | 255 | [a-zA-Z][-.:0-9a-zA-Z_]* |
DMF Service Node Verified Scale Values
NetFlow Scale Values
DMF Service Node: Netflow | Verified Limits |
---|---|
Service Node Throughput per port |
(DCA-DM-SC, DCA-DM-SDL)
(DCA-DM-SEL)
|
Max Packets processed per port |
(DCA-DM-SC)
|
Expected Netflow Traffic out of per service node port | 300Mbps |
Max Number of Flows supported | 1 million per port of supported managed-appliances.
16 million per 16 ports of supported managed-appliances. |
IPFIX Scale Values
IPV4 Template | IPV6 Template |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DMF Service Node: IPFIX | IPv4 Verified Limits | IPv6 Verified Limits |
---|---|---|
Service Node Throughput per port. |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
Max Packets processed per port. |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DC-DM-SEL)
|
Expected IPFIX Traffic out of per service node port. |
300 Mbps. | 500 Mbps. |
Max Number of Flows tested per port. |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
Deduplication Verified Scale Values
Managed Service | One Service Node Port | 4 Service Node Ports | 16 Service Node Ports |
---|---|---|---|
Deduplication Maximum Packet Rate Processed |
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SDL)
(DCA-DM-SEL)
|
Deduplication Maximum Bandwidth by Service Node Port |
(DCA-DM-SC) 10 Gbps for IMIX traffic.
(DCA-DM-SEL) 20Gbps for IMIX traffic.
|
(DCA-DM-SC) 40 Gbps for IMIX traffic.
(DCA-DM-SEL) 40Gbps for IMIX traffic.
|
(DCA-DM-SC) 160 Gbps for IMIX traffic.
(DCA-DM-SEL) 320 Gbps for IMIX traffic.
|
Header Stripping Verified Scale Values
Managed Service | One Service Node Port | 4 Service Node Port | 16 Service Node Port |
---|---|---|---|
Header Stripping Maximum Packet Rate Processed |
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SDL)
(DCA-DM-SEL)
|
Header Stripping Maximum Bandwidth by Service Node Port |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
It handles 20 Gbps traffic per port with average packet size > 70 bytes. |
(DCA-DM-SC)
(DCA-DM-SEL)
|
Managed Service | One Service Node Port | 4 Service Node Port | 16 Service Node Port |
---|---|---|---|
Header Stripping Maximum Packet Rate Processed |
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SDL)
(DCA-DM-SEL)
|
Header Stripping Maximum Bandwidth by Service Node Port |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
Slicing, Masking and Pattern Matching Verified Scale Values
- Slicing
- Masking
- Pattern Matching
Processing rate and supported bandwidth |
One Service Node Port |
4 Service Node Ports |
16 Service Node Ports |
---|---|---|---|
Maximum Packet Rate Processed |
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SDL)
(DCA-DM-SEL)
|
(DCA-DM-SDL)
(DCA-DM-SEL)
|
Maximum Bandwidth by Service Node |
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
|
(DCA-DM-SC)
(DCA-DM-SEL)
.
|
Processing rate/bandwidth supported | One Service Node Port | 4 Service Node Ports | 16 Service Node Ports |
---|---|---|---|
Maximum Packet Rate Processed | Depending on regex pattern
DCA-DM-SC supports 40% of 10 Gbps traffic or more per port. DCA-DM-SEL supports 31% of 20 Gbps traffic or more per port. |
||
Maximum Bandwidth by Service Node Port | Depending on regex pattern
One Service Node port handles about 40% of 10 Gbps traffic or more. To get 10 Gbps performance, use LAG with 2 or more Service Node ports. |
Processing rate/bandwidth supported | One Service Node Port | 4 Service Node Ports | 16 Service Node Ports |
---|---|---|---|
Maximum Packet Rate Processed | Depending on regex pattern
One Service Node port handles about 50% of 10 Gbps traffic or more. DCA-DM-SEL supports 36% of 20 Gbps traffic or more per port. |
||
Maximum Bandwidth by Service Node Port | Depending on regex pattern
One Service Node port handles about 50% of 10 Gbps traffic or more. To get 10 Gbps performance, use LAG with 2 or more Service Node ports. |
Analytics Node Verified Scale Values
This section displays the tested scalability values for the Analytics Node.
Single Node Cluster | Three Node Cluster | Five Node Cluster | |
---|---|---|---|
ARP | 20,000 pkts/sec | 60,000 pkts/sec | 100,000 pkts/sec |
DHCP | 15,000 pkts/sec | 30,000 pkts/sec | 60,000 pkts/sec |
ICMP | 15,000 pkts/sec | 40,000 pkts/sec | 80,000 pkts/sec |
DNS | 8,000 pkts/sec | 20,000 pkts/sec | 32,000 pkts/sec |
TCPFlow | 6,000 flows/ | 18,000 flows/sec | 30,000 flows/sec |
sFLOW | 12,000 flows/sec | 30,000 flows/sec | 70,000 flows/sec |
Netflow v5 without Optimization | 12,000 flows/sec | 32,000 flows/sec | 60,000 flows/sec |
IPFIX without Optimization | 9,000 flows/sec | 27,000 flows/sec | 45,000 flows/sec |
Netflow v9 without Optimization | 9,000 flows/sec | 27,000 flows/sec | 45,000 flows/sec |
All the Above Cases Combined: | ARP: 800 pkts/sec
DHCP: 500 pkts/sec ICMP: 300 pkts/sec DNS: 3,000 pkts/sec TCPFlow: 300 flows/sec sFLOW: 3,000 flows/sec Netflow ver 5: 5,000 flows/sec |
ARP: 1,800 pkts/sec
DHCP: 900 pkts/sec ICMP: 1,200 pkts/sec DNS: 6,000 pkts/sec TCPFlow: 400 flows/sec sFLOW: 6,000 flows/sec Netflow ver 5: 10,000 flows/sec |
ARP: 2,000 pkts/sec
DHCP: 1,200 pkts/sec ICMP: 2,000 pkts/sec DNS: 8,000 pkts/sec TCPFlow: 500 flows/sec sFLOW: 8,000 flows/sec Netflow ver 5: 13,000 flows/sec |
Recorder Node Verified Scale Values
This section displays the tested performance numbers for the Recorder Node with no-drop packet capture characteristics.
Packet Size (Bytes) | Packets per second | Maximum Bandwidth (Gbps) |
---|---|---|
1500 Bytes or greater | ~1.98 million | 24 Gbps |
512 Bytes or greater | ~4.7 million | 20 Gbps |
IMIX | ~6.3 million | 19 Gbps |
256 Bytes or greater | ~8.6 million | 19 Gbps |