Data Center

New Platforms and Use Cases with Flow Optimizer 2.0

by asardell on ‎07-28-2017 09:00 AM (2,779 Views)

Using sFlow data, Flow Optimizer supports detailed traffic visibility and many actions (such as drop, meter, redirect or remark) on selected traffic flows for Brocade platforms.  As we’ve discussed before, the Flow Optimizer 2.0 release supports many new platforms and use cases.

 

To assist customers in using Flow Optimizer effectively, we release validated designs and use case documents with each new release.  The newly published Flow Optimizer 2.0 Use Cases document details the following the following major use cases:

 

  • VDX Visibility and Actions
  • SLX (9850, 9540, 9240 and 9140) Visibility and Actions
  • IP Blacklist

 

Note: The document also discusses scale enhancements in 2.0, and methods for handling large numbers of flows.

 

VDX Visibility and Actions  

 

Using StackStorm, Flow Optimizer 2.0 supports flow visibility and drop actions on VDX platforms.  StackStorm performs these drop actions by executing workflow-based access lists from the Network Essentials automation suite on VDX (Figure 1).

 

VDX Integration with Network Essentials.png

 

 

Figure 1: VDX Visibility and Actions with Flow Optimizer 2.0

 

Sampled flows are sent to Flow Optimizer (1), and user-defined flows (2) are directed to StackStorm, which takes the specified actions (3) through a Netconf interface (4). Currently, VDX 6940 and VDX 6740 platforms are supported, and Flow Optimizer can listen to VDX-based IP or VCS fabrics.

 

New Support on SLX Routers and Switches    

 

Flow Optimizer 2.0 supports visibility and the ability to rearrange and optimize flows on SLX 9850 and 9540.  Profiles can be set at Layers 2-4.  

 

Flow Optimizer on SLX devices also supports extended VXLAN headers, allowing users to fully understand and control traffic through VXLAN tunnels across data centers (Figure 2).

 

vxlan.png

 

 

Figure 2: VXLAN Tunnel

 

For any L2/L3 traffic passing through a VXLAN tunnel, extended egress headers are added to the sFlow sample for Layer 2, IPv4, the VXLAN network identifier (VNI). There is also an extended decapsulate egress header to indicate the end of a tunnel. Being able to interrogate and act on these headers allows for more flexible isolation of flows to be acted upon.

Finally, there is now visibility and monitoring support on SLX 9240 and 9140.

 

IP Blacklist

 

IP address blacklisting lets you specify a list of source IP addresses that are mitigated by Flow Optimizer immediately upon detection, regardless of profile matching. Blacklisting is supported on MLX and SLX platforms through the OpenDaylight SDN controller and on the VDX platform through Workflow Composer automation suites (Figure 3).

 

blacklist.png

Figure 3: IP Blacklisting Overview 

 

The blacklist can be configured by providing a predefined set of IP addresses. You can provide an IPv6 address with an arbitrary bitmask in the source and destination fields of Layer 3 network attributes.

 

Flows are received (1) and matched against the specified list (2). If there is a match, it is mitigated (3) with changes made through OpenFlow (4) or via an access list specified in StackStorm (4).

 

When a flow with the blacklisted source IP address is detected, Flow Optimizer immediately creates a DROP OpenFlow rule to block the matching traffic.   

 

Details on configuring and using the blacklisting feature are available in the use case document.

 

Call to Action

 

Download Flow Optimizer 2.0 today. Use the “FREE Trial” option on the Flow Optimizer product page to access the latest version of software.

 

Contact your Brocade representative for additional information. For instance, you can ask your Systems Engineering representative to give you a live demo.

 

Related Links

 

 

Blogs