Programmable Traffic Capture
Software-defined capture points and filter rules managed centrally without physical installation projects.
Network Visibility
Pervasive Traffic Visibility for Security and Performance
Arista DANZ Monitoring Fabric (DMF) delivers comprehensive network packet brokering and security visibility across your data center and campus environments.
Get complete, filtered, deduplicated traffic feeds to your security and network analysis tools — without SPAN performance impact or physical TAP installation at every capture point.
Software-defined monitoring fabric that scales to 100GbE environments with centralized management.
Network Packet Broker
Software-defined monitoring fabric for comprehensive traffic visibility
Modern enterprise networks have outgrown traditional visibility mechanisms. SPAN ports have limited capacity and degrade switch performance. TAPs require physical installation at every point of interest. Legacy packet brokers don't scale to 100GbE fabrics with encrypted east-west traffic.
The Visibility Gap
Security and network operations teams work with incomplete traffic feeds, limiting their ability to detect threats, investigate incidents, and troubleshoot performance issues.
SPAN oversubscription and performance impact on production switches
Physical TAPs only provide visibility at fixed installation points
Security tools receiving partial, unfiltered traffic streams
Network troubleshooting limited to monitored segments
Compliance traffic capture requirements difficult to meet consistently
DANZ Monitoring Fabric Approach
DMF deploys a dedicated, software-defined monitoring fabric that delivers traffic from any point in your network to any analysis tool — filtered, deduplicated, and load-balanced.
Intelligent Traffic Delivery
Filtered, deduplicated traffic flows delivered to the right analysis tools at appropriate scale.
Comprehensive Tool Integration
Native integration with IDS, NDR, forensics, DLP, and network performance analysis platforms.
Implementation Process
Structured approach from visibility requirements to operational monitoring fabric.
1
Visibility Requirements Assessment
Workshop with security, network, and compliance teams to document traffic visibility needs and analysis tool requirements.
2
DMF Architecture Design
Design service node topology, integration with production Arista switches, and traffic delivery policies for all use cases.
3
DMF Deployment & Integration
Deploy service nodes, configure DMF controller, and integrate with production switching infrastructure.
4
Tool Integration & Aegis Onboarding
Configure traffic delivery to analysis tools, validate flows, and onboard DMF into Aegis PM for ongoing monitoring.
What You Get
Complete monitoring fabric deployment with operational documentation and ongoing management.
Deployed DMF Infrastructure
Service nodes, controller, and integration with production Arista switching infrastructure.
Analysis Tool Integration
Configured traffic delivery to IDS, NDR, forensics, DLP, and network performance tools with validated flows.
Operational Documentation
Filter rule catalog, tool integration map, troubleshooting procedures, and Aegis PM monitoring configuration.
Operational Outcomes
- Comprehensive traffic visibility without SPAN performance impact
- Security analysis tools receiving complete, filtered traffic feeds
- Network troubleshooting capabilities enhanced through packet-level visibility
- Compliance traffic capture requirements addressed through documented architecture
- Ability to add new analysis tools without recabling or redesigning infrastructure
Ideal Fit
- Organizations with Arista switching in data center environments
- Security teams with IDS, NDR, or forensics tools receiving incomplete traffic feeds
- Environments where limited traffic visibility has slowed incident investigation
- Organizations with compliance requirements for traffic capture and retention
Use Cases
DMF addresses multiple visibility requirements through a single monitoring fabric
Recommendation: keep to one or two short sentences.
Security Operations
Comprehensive traffic feeds for IDS, NDR, forensics, and DLP tools without SPAN limitations.
Best Fit
Organizations with security analysis tools receiving incomplete or unreliable traffic streams.
Network Operations
Packet-level visibility for application performance troubleshooting and latency analysis.
Best Fit
NetOps teams needing comprehensive traffic visibility for performance investigation.
Compliance
Documented traffic capture and retention architecture meeting regulatory requirements.
Best Fit
Organizations with PCI DSS, HIPAA, or other compliance obligations for traffic monitoring.
Incident Response
Complete traffic evidence available for forensic analysis and root cause identification.
Best Fit
Security teams where limited visibility has slowed incident investigation and response.
Why IVI
Observability practice spanning both NetOps and SecOps use cases
Unified NetOps and SecOps Approach
We design DMF deployments that serve both network operations and security operations teams from a single monitoring fabric.
Cross-Functional Design
Our visibility requirements workshops include both security and network teams to ensure DMF serves all operational use cases.
Tool Integration Experience
Extensive experience integrating DMF with NDR, IDS, forensic platforms, and network performance tools.
Production-Critical Operations
We operate DMF through Aegis as production-critical visibility infrastructure with continuous health monitoring.
Aegis Integration
DMF infrastructure health monitored alongside production network infrastructure through Aegis PM.
Operational Excellence
Comprehensive documentation, filter rule catalogs, and troubleshooting procedures for ongoing operations.
Related Resources
Related Resources
Review related solution pages, supporting materials, and additional resources that help explain where this solution fits and how it can be applied.
FAQs
Frequently Asked Questions
Common questions about DANZ Monitoring Fabric implementation and operations.
How is DANZ DMF different from traditional network TAPs?
Physical TAPs provide passive capture at a fixed point in the network with no software-defined filtering or ability to aggregate traffic from multiple points. DMF provides a programmable monitoring fabric where capture points, filter rules, and tool delivery policies are all software-defined and centrally managed. Adding a new capture point or analysis tool is a configuration change, not a physical installation project.
Does DMF require additional hardware beyond Arista production switches?
Yes, DMF uses dedicated service nodes separate from production switches that function as the packet broker and filtering layer. Traffic access points are configured on production Arista switches using mirror sessions or other traffic replication methods that EOS provides natively, with traffic forwarded to the monitoring fabric over dedicated uplinks.
Can DMF scale to 100GbE data center environments?
Yes, DMF is purpose-built for modern high-speed data center environments, including 100GbE spine-leaf fabrics. Service node capacity planning is part of the architecture design — we size the monitoring fabric to handle the traffic volumes at your specific capture points without dropping packets at the analysis tool delivery layer.
We already have an NDR platform. Can DMF improve what it's seeing?
Almost certainly. NDR platforms operating on SPAN feeds commonly receive incomplete traffic due to SPAN oversubscription, asymmetric routing, and missing east-west flows. DMF provides the NDR platform with a properly filtered, deduplicated, and complete traffic feed that significantly improves detection coverage and effectiveness.
How does DMF integrate with Arista CloudVision?
DMF operates alongside CloudVision — DMF has its own controller for monitoring fabric management, while CloudVision manages the production Arista switching infrastructure. The two platforms are complementary and their event and health data feed into Aegis PM together as part of unified Arista operations.
What analysis tools can DMF integrate with?
DMF integrates with a wide range of security and network analysis tools including intrusion detection systems (Suricata, Zeek, commercial IDS), NDR platforms (Darktrace, ExtraHop, Corelight), forensic packet capture systems (Arkime, commercial PCAP platforms), data loss prevention sensors, and network performance monitoring tools. We configure delivery policies to ensure each tool receives the appropriate traffic at the right volume.