Data Center

Flow Optimizer Adds Scale, Actions and Platforms in 2.1 Release

by asardell ‎10-13-2017 02:26 PM - edited ‎10-16-2017 07:26 AM (1,908 Views)

Platform is Suitable for Deployment in Large Scale IP Fabric Deployments

 

The 2.1 release of the Flow Optimizer (user guide here) is now available. In this release, we added new actions and platforms, and also enhanced the scale supported by the system.

 

The main strength of Flow Optimizer is the tight integration with network infrastructure. Whether you are deploying an IP Fabric or another data center network topology, Flow Optimizer policies can be applied to the entire network-wide “highway” of packets. Flow Optimizer provides both the visibility and the automation to apply these policies.

 

Flow Optimizer 2.1 introduces support for many new features including: 

 

  • Increased scale 
  • IP next hop with Policy Based Routing 
  • Threat Management support on SLX 9140 and 9240
  • Ability to drop flows on SLX 9140 and 9240 through Workflow Composer 
  • sFlow optimization for Layer 2 and Layer 2 deployments 
  • Selective sFlow collection and unique flow handing 
  • Support for VCS fabrics 

Some of these features are detailed in the Overview section below. 

 

Strategy and Integration

 

The strategy of Flow Optimizer is to support our customers with strong integration with networking platforms and network visibility protocols. Threat management and flow optimization remain our key use case categories (Figure 1), and with each new release we continue to support them at higher volume and scale. 

 

Flow Opt Threat Man 1.png

Figure 1: Keyed to Flow Optimization and Threat Management

 

We are integrating these use cases using application visibility platforms (such as, for example, SLX Insight) and Automation capabilities (such as Workflow Composer). We can work with a native OpenDaylight (ODL) controller or with the SDN controller from Lumina Networks.

 

Flow Optimizer supports all of our data center platforms – VDX, SLX, MLX and third party platforms through NETCONF. In addition to the integrations above, we work with Bro, Palo Alto Networks, Arbor Networks, and others.  

 

Quick Overview of New Features

 

We focused heavily on scale in the 2.1 release of Flow Optimizer, and we have optimized the platform for “graceful” (selective) sFlow handling for any Layer 2/Layer 3 deployment. As with each new release, we add visibility and actions for new platforms.

 

Accordingly, we now support drop actions (for instance, due to threats) on SLX 9140 and SLX 9240 (leaf and spine switches) and on MLX we added the ability to change the BGP next hop with Policy-Based Routing. You can redirect a flow across the network.

 

The reliability and availability of the system is enhanced by our support of CentOS, which is added to our earlier Ubuntu support.

More information on new features can be found in the user guide or (for integration with other tools) the Rest API guide.

 

Flow Optimizer Deployment with IP Fabric

 

Thanks to the increases in scale, and the support for the SLX family, Flow Optimizer is now suitable for deployment in large-scale IP Fabric environments (Figure 2).

 

 

 

Flow Opt with IP Fabric1.png 

Figure 2: Flow Optimizer with an IP Fabric

 

This offers threat management capability to the IP Fabric. These remediated threats may come in through the Internet, as Flow Optimizer listens to sFlow in the following locations:

 

  1. At the border leaf (which is at the edge of a PoD and may connect to a data center core or a WAN edge), or
  2. At a border router (this has been supported since Flow Optimizer Release 2.0)

The border leaf router may be a VDX 6940, an SLX 9540, or an SLX 9140. If it’s an SLX switch, the drop actions may be through the Network Essentials automation suite via NETCONF. The ODL controller can perform the drop action on the VDX switch or the SLX 9540. As before, IP blacklist can also be supported with any of these platforms.

 

The border router can be an existing MLXe or a SLX 9850. The ODL Controller can perform drop actions on the border router.

 

Scale Enhancements

 

We have increased the bandwidth we support by 50% and we expect this scale to go much higher in the future; similarly, we also increased our flow capacity to >100K flows. With our graceful sFlow handling, we can slow down the “listening” so that the policy engine can continue to function when flows are being reported too quickly.

 

We are also now allowing users to configure Flow Optimizer for a specific Layer 2 or Layer 3 network deployment.   This allows you to concentrate on only the most “meaningful” (from a control perspective) flows in the network.

 

For example, in a Layer 3 deployment, you may not care about Layer 2 components (such as the MAC address per hop). Layer 2 flows may therefore be superfluous.

 

Options for selective flow listening include:

 

  • Layer 2
  • Layer 3
  • Layer 2 plus VXLAN
  • Layer 3 plus MPLS

Call to Action

 

Download Flow Optimizer 2.1 today. Use the “FREE Trial” option on the Flow Optimizer product page to access the latest version of software.

 

Contact your account representative for additional information. For instance, you can ask your Systems Engineering representative to give you a live demo.

 

Related Links

 

Blogs