Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade
Who is Vyatta? Leader in software-based networking Founded in 2006 on the belief that the future of networking will be in software
Vyatta is Router Firewall VPN OSPF, BGP Stateful, NAT IPSec, SSL
Vyatta is Software-based Networking Remote Access API Programmable RESTful Full Control CLI, API, GUI
Flexible Deployment CLI, API, GUI OR CLI, API, GUI Hypervisor x86 Server
Why Vyatta? Application Developers Infrastructure Managers Network and Security Managers Development Cycle Accelerated Exploit Cloud Infrastructure New Network Challenges
With Vyatta: Use Cases Data Center Cloud Remote Office Multi-tenancy Traffic Optimization Security Remote access Multi-tenancy Consolidation Cost Reduction
EMPOWERING SDN
What is SDN? Network Programmability API interaction with network elements Separation of Control Plane and Forwarding Plane Infrastructure Agnostic Forwarding Plane can be Software or Hardware Network Functions Virtualization Integration with higher-order Orchestration platforms OpenStack, CloudStack, vcloud Director
Traditional Network Control Forwarding Control Forwarding Control Forwarding Control Forwarding Control Forwarding Control Forwarding
Basic SDN Control Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding
Data center networks are in my way --James Hamilton
By 2014, 80% of networking traffic will be between servers. Gartner
Early SDN deployments Network 1 Network 2 Network 3
Empowering SDN Network 1 Network 2 Network 3
Vyatta Empowers SDN Routing & security to connect Layer 2 segments Software for flexibility REST API for programmability More to come CLI, API, GUI
Vyatta OS Architecture CLI API GUI Vyatta Data Model Routing Firewall NAT VPN QoS IPv6 Linux Kernel with Multi-Platform Virtualization Drivers
Vyatta Highlights Routing IPv4, IPv6, Static, PBR, OSPF, RIP, BGP Security IPv4, IPv6, Stateful Firewall, NAT VPN IPSec, SSL, Route-based, L2-bridging System Management CLI, REST API, GUI IP Services SSH, DHCP, DNS, SNMP High Availability VRRP, Stateful Failover, Config Sync Platforms ware, Xen, K, Hyper-V, x86
Multi-Tenant Cloud Case Study Per-Tenant Network Segmentation and Security Pair of Vyatta s providing Virtual Security Gateway function Highlights: ware ESXi 5 Hypervisor Firewall NAT OSPF Stateful Failover Configuration Sync IPSec VPN
Cloud Bridging Simple and secure VPN services between data centers and cloud providers Enables Cloud expansion Provides migration strategies for: Demand Spikes Disaster Recovery Phased application moves V M V M Per-tenant VPN Services IPSEC or SSL V M V M
Vyatta in Amazon Web Services Scalable VPN services Office to AWS VPC User to AWS VPC AWS VPC to VPC connectivity Advanced routing Full mesh topologies High availability architectures Traffic management IPSEC and SSL Amazon Virtual Private Cloud (VPC) Amazon Virtual Private Cloud (VPC) Amazon Virtual Private Cloud (VPC) V M V M Customer Data Center
Vyatta Subscription Edition 6.5 R1 Testing Dates: October 10 th 30 th 2012 Report Generated: November 1 st 2012 Report Author: Steven Noble TEST SYSTEM CONFIGURATION: HARDWARE: SUPERMICRO X9SAE-V INTEL I7-3770 / 32G ECC RAM FOUR INTEL I340-T2 NICS INTEL 520 SERIES 240GB SSD COST: ~$1600 US Key Points Vyatta is able to forward 100% line-rate IMIX traffic across all Interfaces in our test system Performance degrades gracefully as features are added. Vyatta handles QoS with no issues, protecting traffic even when the destination interface is more than 200% oversubscribed. Deployment Scenarios 2vCPU 4vCPU Bare Metal 7552 3620 CONFIGURATION: WARE 5.1.0 HYPERVISOR 2 OR 4VCPUS, 4GB OF RAM DIRECT ACCESS TO UPLINK PORTS VIA DIRECTPATH Vyatta can be run directly on commodity hardware or in a virtual machine 1900 Throughput (Mbps) Link to Full Report
Why Vyatta? Leader in software-based networking Founded in 2006 on the belief that the future of networking will be in software
Remember When You Used to Get Excited about Networking? It s that time again