Empowering SDN SOFTWARE-BASED NETWORKING &

SECURITY FROM VYATTA

Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade

Leader in software-based networking Founded in 2006 on the belief that the

future of networking will be in software

Who is Vyatta?

Vyatta is…

VPN

IPSec, SSL

Router

OSPF, BGP

Firewall

Stateful, NAT

Vyatta is…

CLI, A

PI, G

UI

Software-based Networking

Remote Access API • Programmable • RESTful • Full Control

Flexible Deployment

CLI, A

PI, G

UI

Hypervisor

CLI, A

PI, G

UI

x86 Server

OR

Why Vyatta?

Application Developers

Development Cycle Accelerated

Infrastructure Managers

Exploit Cloud Infrastructure

Network and Security Managers

New Network Challenges

With Vyatta: Use Cases

Data Center

Multi-tenancy Traffic Optimization

Cloud

Security Remote access Multi-tenancy

Remote Office

Consolidation Cost Reduction

EMPOWERING SDN

What is SDN?

• Network Programmability – API interaction with network elements

• Separation of Control Plane and Forwarding Plane – Infrastructure Agnostic

– Forwarding Plane can be Software or Hardware

• Network Functions Virtualization

• Integration with higher-order Orchestration platforms – OpenStack, CloudStack, vCloud Director

Traditional Network

Control

Forwarding

Control

Forwarding

Control

Forwarding

Control

Forwarding

Control

Forwarding

Control

Forwarding

Basic SDN

Forwarding

Forwarding

Forwarding

Forwarding

Forwarding

Forwarding

Control

“Data center networks are in my way” --James Hamilton

“By 2014, 80% of networking traffic will be between servers.” –Gartner

Network 1 Network 2 Network 3

Early SDN deployments

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

VM VM

VM

VM VM VM

VM VM VM

VM VM VM VM VM

VM VM VM VM

VM VM

VM

Network 1 Network 2 Network 3

Empowering SDN

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

vSwitch

VM VM

VM

VM VM VM

VM VM VM

VM VM VM VM VM

VM VM VM VM

VM VM

VM

• Software for flexibility

• REST API for programmability

• More to come…

Vyatta Empowers SDN

CLI, A

PI, G

UI

Routing & security to connect Layer 2 segments

Vyatta OS Architecture

Linux Kernel with Multi-Platform Virtualization Drivers

Routing Firewall NAT VPN QoS IPv6

Vyatta Data Model

CLI API GUI

Vyatta Highlights

Routing

Security

VPN

System Management

IP Services

Platforms

High Availability

IPv4, IPv6, Static, PBR, OSPF, RIP, BGP

IPv4, IPv6, Stateful Firewall, NAT

IPSec, SSL, Route-based, L2-bridging

CLI, REST API, GUI

SSH, DHCP, DNS, SNMP

VRRP, Stateful Failover, Config Sync

VMware, Xen, KVM, Hyper-V, x86

Multi-Tenant Cloud Case Study

• Per-Tenant Network Segmentation and Security

• Pair of Vyatta VMs providing Virtual Security Gateway function

• Highlights: • VMware ESXi 5 Hypervisor • Firewall • NAT • OSPF • Stateful Failover • Configuration Sync • IPSec VPN

Cloud Bridging

• Simple and secure VPN services between data centers and cloud providers

• Enables Cloud expansion

• Provides migration strategies for: – Demand Spikes

– Disaster Recovery

– Phased application moves

VM

VM

VM

VM

Per-tenant VPN Services IPSEC or SSL

Vyatta in Amazon Web Services

• Scalable VPN services – Office to AWS VPC

– User to AWS VPC

– AWS VPC to VPC connectivity

• Advanced routing – Full mesh topologies

– High availability architectures

– Traffic management

• IPSEC and SSL

VM

VM

Amazon Virtual

Private Cloud

(VPC)

Amazon Virtual

Private Cloud

(VPC)

Amazon Virtual

Private Cloud

(VPC)

Customer Data Center

Testing Dates: October 10th – 30th 2012 Report Generated: November 1st 2012 Report Author: Steven Noble

Vyatta Subscription Edition 6.5 R1

TEST SYSTEM CONFIGURATION:

HARDWARE: SUPERMICRO X9SAE-V

INTEL I7-3770 / 32G ECC RAM

FOUR INTEL I340-T2 NICS

INTEL 520 SERIES 240GB SSD

COST: ~$1600 US

VM CONFIGURATION: VMWARE 5.1.0 HYPERVISOR

2 OR 4VCPUS, 4GB OF RAM

DIRECT ACCESS TO UPLINK PORTS

VIA VMDIRECTPATH

1900

3620

7552

Throughput (Mbps)

Deployment Scenarios

VM 2vCPU VM 4vCPU Bare Metal

Key Points

Vyatta is able to forward 100%

line-rate IMIX traffic across all Interfaces in our test system Performance degrades gracefully as features are added. Vyatta handles QoS with no

issues, protecting traffic even

when the destination interface is more than 200% oversubscribed.

Vyatta can be run directly on

commodity hardware or in a virtual machine

Link to Full Report

Leader in software-based networking Founded in 2006 on the belief that the

future of networking will be in software

Why Vyatta?

Remember When You Used to Get Excited about Networking?

It’s that time again