Current State of Virtualizing Network Monitoring

This presentation will look at the viability of virtualizing and containerizing network security monitoring devices such as IDS/IPS systems, full packet capture, netflow, etc. There are a number of challenges in a virtual environment with managing system load. We have been looking at how to best virtualize open-source network monitoring solutions in both large and small environments and will detail some of the information we have learned during this adventure. We will detail a project on a single inexpensive host providing network monitoring and event collection built entirely on Open Source software. Finally, we will discuss and demo high-speed (10G+) virtualized monitoring solutions with newer technologies such as SR-IOV and DPDK-enabled OpenVSwitch.

Presented by