Arkin Overview–VMware NSX visibility

A few weeks back, VMware announced the acquisition of Arkin, with their platform (Arkin Visibility and Operations Platform) Arkin has out-of-box integrations with virtualization (ex: VMware vCenter, VMware NSX, Palo Alto Virtual Firewall) as well as physical infrastructure components (physical chassis, switches and routers), providing end to end visibility and analytics into the network.

Even though VMware has alot of built-in feature in NSX, visibility of the networking combining the usage of VXLAN, VLANs, Hardware vTeps, Distributed firewall rules and so on makes it hard to troubleshoot in case of packet drops, firewall rules not configured properly, and seeing the direct traffic flow. Because even if NSX bring alot of good features to the table it makes networking alot more complex, especially those which are used to an old fashion networking stack.

So will Arkin make this alot simpler? I decided to take a closer look at the product. (Since it wasen’t simple to get a demo license, I decided to try the online trial that they offer, which simulates a “real enviroment” which mixes VXLAN, VLANs and different switches (Cisco, Arista) and some dFW rules in the mix.

image

So at first login, you get a “Google” like search engine which allows us to query for different objects and get information, and I can also choose different objects which I can dig into. For instance if I search after “Arista” since I know there are multiple Arista switches in the demo enviroment, I automatically get a list of all Arista switches

image

Same if I search after VXLAN, I get of all VXLAN’s definined from the NSX controllers.

image

So if I click on a specific VXLAN I get a detailed overview of the VXLAN, which ESXi hosts have the VXLAN mapped, which dFW rules are in place, and in the middle I see which core switches act as the upload for each dwSwitch.

image

I can also see which objects have been changed, and see the L2 metrics for the specific VXLAN. I can also see alerts for differnt objects within the topology.

The most awesome feature is VM path topology, being able to see how the traffic flows from a specific virtual machine to another. In this case we can see that a virtual machine has to go a dVRF, go to an edge router and the to the VM on another host. Also in the mix you can see that we have some Palo Alto extensions setup has which are presented in the topology as well.

image

Now Arkin provides the full visibility into the networking segment, I think the issue is how VMware is going to license this as a product! I’ve seen rumours that It costs about 750$ per socket on hypervisor level (and integrating into the physical network is no additional cost) and with NSX costing about (standard 2000$, Advanced 4500$ and enterprise 7000$) I’m guessing this is going to be only part of the enterprise license, but I hope that this does not afffect the pricing level as well. Since it gives NSX a much needed visibility boost which vRealize haven’t given us so far.