Data Center

Use Cases and Validated Designs for Recent Flow Optimizer Releases

by asardell on ‎02-02-2017 02:02 PM (1,149 Views)

Running as an application on any OpenDaylight-based platform, such as the Brocade SDN Controller, Brocade Flow Optimizer detects and manages large Layer 2 through Layer 4 traffic flows in service provider and enterprise networks.

 

Brocade Validated Designs (BVD)

 

Brocade publishes validated designs, which are reference architectures for building fabrics, scalable overlays, and security solutions. Brocade validated designs provide a fast track to help customers select and deploy appropriate network solutions for their current and planned needs.

 

We just published one that is valid as of Release 1.3 called Flow Optimization and Threat Management in Enterprise and Service Provider Networks with Brocade Flow Optimizer.  

 

This design focuses on volumetric attack mitigation at Layers 2 through 4 in enterprise and service provider networks. It covers the following key topics:

 

  • Visibility of Flows at Layers 2 and 3 (IPv4 and IPv6) and also MPLS and IPsec tunnels
  • Volumetric Attack Mitigation at Layers 2 through 4 using Remotely Triggered Black Hole (RTBH)
  • Monitoring of Flows including accounting, metering, and mirroring

This information allows network engineers not only to handle DDoS attacks but also to better monitor and manage their flows on an ongoing basis using the Brocade Flow Optimizer and the Brocade SDN Controller.  

 

The labs that are set up in the validated designs are described in great detail. For example in the following campus design (Figure 1), IPsec tunnels are configured from Campus Site1 and Site2 to secure Layer 3 traffic in the campus core. Unsecured traffic is forwarded in the MPLS network.  


BFOBVD1.png

Figure 1: IPsec and IPv4 Flows Across an Enterprise Network

 

Predefined actions to take on matched traffic flows include: redirect, re-mark, meter, or discard. The Brocade Flow Optimizer directs these actions through the Brocade SDN Controller  via OpenFlow or the Brocade Workflow Composer via NETCONF commands to network devices. Note that all these actions occur without any disruption to the forwarding plane.

 

Flow Optimizer Use Cases

 

We also recently published an updated version of the Flow Optimizer Use Cases document. The use cases discussed here include:

 

New in Flow Optimizer 1.4

 

In a recent blog, we showed how Flow Optimizer can mitigate threats via  RTBH. This blog also discussed the new features in Release 1.3, which included integration with Palo Alto Networks firewalls.

 

The following features are new in Flow Optimizer 1.4:

 

  • SLX and VDX support   
  • Port and device awareness in sFlow
  • IP/MPLS and IPSec logical ports and tables
  • Ability to export learned flows to csv format

 

Because Flow Optimizer uses sFlow  (an industry standard for packet export), it has visibility into Layer 2 through Layer 4 information, and can thus parse IPSec, VLAN, VXLAN and MPLS headers. In Flow Optimizer 1.4, user defined policies allow redirection of traffic to MPLS logical LSP or IPSec tunnels.

 

Call to Action

 

You can download Flow Optimizer from our website and the entire Flow Optimizer document library (including a user guide and a REST API guide) is located is located here.