Flow Optimizer Adds Scale, Actions and Platforms in 2.1 Release
byasardell10-13-201702:26 PM - edited 10-16-201707:26 AM
Platform is Suitable for Deployment in Large Scale IP Fabric Deployments
The 2.1 release of the Flow Optimizer (user guide here) is now available. In this release, we added new actions and platforms, and also enhanced the scale supported by the system.
The main strength of Flow Optimizer is the tight integration with network infrastructure. Whether you are deploying an IP Fabric or another data center network topology, Flow Optimizer policies can be applied to the entire network-wide “highway” of packets. Flow Optimizer provides both the visibility and the automation to apply these policies.
Ability to drop flows on SLX 9140 and 9240 through Workflow Composer
sFlow optimization for Layer 2 and Layer 2 deployments
Selective sFlow collection and unique flow handing
Support for VCS fabrics
Some of these features are detailed in the Overview section below.
Strategy and Integration
The strategy of Flow Optimizer is to support our customers with strong integration with networking platforms and network visibility protocols. Threat management and flow optimization remain our key use case categories (Figure 1), and with each new release we continue to support them at higher volume and scale.
Figure 1: Keyed to Flow Optimization and Threat Management
We focused heavily on scale in the 2.1 release of Flow Optimizer, and we have optimized the platform for “graceful” (selective) sFlow handling for any Layer 2/Layer 3 deployment. As with each new release, we add visibility and actions for new platforms.
Accordingly, we now support drop actions (for instance, due to threats) on SLX 9140 and SLX 9240 (leaf and spine switches) and on MLX we added the ability to change the BGP next hop with Policy-Based Routing. You can redirect a flow across the network.
The reliability and availability of the system is enhanced by our support of CentOS, which is added to our earlier Ubuntu support.
More information on new features can be found in the user guide or (for integration with other tools) the Rest API guide.
Flow Optimizer Deployment with IP Fabric
Thanks to the increases in scale, and the support for the SLX family, Flow Optimizer is now suitable for deployment in large-scale IP Fabric environments (Figure 2).
Figure 2: Flow Optimizer with an IP Fabric
This offers threat management capability to the IP Fabric. These remediated threats may come in through the Internet, as Flow Optimizer listens to sFlow in the following locations:
At the border leaf (which is at the edge of a PoD and may connect to a data center core or a WAN edge), or
At a border router (this has been supported since Flow Optimizer Release 2.0)
The border leaf router may be a VDX 6940, an SLX 9540, or an SLX 9140. If it’s an SLX switch, the drop actions may be through the Network Essentials automation suite via NETCONF. The ODL controller can perform the drop action on the VDX switch or the SLX 9540. As before, IP blacklist can also be supported with any of these platforms.
The border router can be an existing MLXe or a SLX 9850. The ODL Controller can perform drop actions on the border router.
We have increased the bandwidth we support by 50% and we expect this scale to go much higher in the future; similarly, we also increased our flow capacity to >100K flows. With our graceful sFlow handling, we can slow down the “listening” so that the policy engine can continue to function when flows are being reported too quickly.
We are also now allowing users to configure Flow Optimizer for a specific Layer 2 or Layer 3 network deployment. This allows you to concentrate on only the most “meaningful” (from a control perspective) flows in the network.
For example, in a Layer 3 deployment, you may not care about Layer 2 components (such as the MAC address per hop). Layer 2 flows may therefore be superfluous.