1 / 16

Virtualizing the Network

Virtualizing the Network. there is no spoon. there is no spoon. Peninsula Users Group October 25 rd , 2007. About Untangle. Open Source Network Gateway GPLv2 12 Open Source Applications Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more Designed for Small Business

beryl
Download Presentation

Virtualizing the Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtualizing the Network there is no spoon there is no spoon Peninsula Users Group October 25rd, 2007

  2. About Untangle • Open Source Network Gateway • GPLv2 • 12 Open Source Applications • Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more • Designed for Small Business • Easy to install & manage w/ GUI, logging & reporting • Untangle sells… • Live phone support • An extra application (clientless VPN) • Download on SourceForge • http://sourceforge.net/projects/untangle • ISO Image • VMWare Image

  3. whoiam Untangle Founder & CTO • Career highlights • Major projects • High Bandwidth Transparent Vectoring for proxy firewall engines • Java-based distributed monitor and intrusion detection systems. • Survivability simulations in support of fault tolerant systems • Work History • CERT/CC (Computer Emergency Response Team) • Akheron Technologies, Chief Architect. • VerticalNet and H.L.L.C. Consulting • Education • Carnegie Mellon University , Bachelor's degree in Computer Science with a minor in Mathematics Read Dirk’s blog - http://blog.untangle.com/ 3 3

  4. The Simpler Way to Protect, Control and Monitor your network SMB network – the HARD way! SMB Adoption • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup high high high New Threats & Apps high • Phishing • SSL VPN • VOIP • NAC • Future Threats/Apps? medium low medium low low low low low OR SMB network – the SIMPLE way! virtual 19” rack • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup online library New Threats & Apps • Phishing • SSL VPN • VOIP PBX • NAC • Future Threats/Apps? a

  5. Untangle Implementation Behind the firewall & router As the firewall & router Untangle Untangle

  6. What is a Virtual Network? wikipedia definition: A virtual network provides the functionality, or application programming interface (API), of links between nodes, as in a computer network. The implementation of these virtual links may or may not correspond to physical connections between nodes. what its not: physical transport medium

  7. Background 2002 • Instant Messaging • P2P blocking • Anti-virus • IPS (snort) • etc trends • Consolidation • Software (vs ASIC)

  8. Attempt #1 – the “VMWare” approach kernel advantages disadvantages • fairly simple for applications • terrible resource contention - latency • high overhead of virtualization • no sharing data

  9. Attempt #2 – the “proxy chaining” approach kernel proxy 1 proxy 2 proxy 3 proxy 4 advantages disadvantages • less overhead • bad resource contention - latency • more complicated 9

  10. Proxy Chaining(latency issue) Context Switches: =4 Data from the network Buffer Copies: =5 Application Proxy Moderate Load Light Load Thread / Process Proxy Chain Run Queue CPU

  11. Proxy chaining and VMWare latency behavior

  12. Attempt #3 – the “pipelining” approach kernel node 1 node 2 node 3 node 4 advantages disadvantages • less resource contention • app’s need to be ported to threading model 12

  13. Virtual Pipelining Context Switches: =1 Data from the network Buffer Copies: =2 Application Module Moderate Load Light Load Thread / Process Virtual Pipeline >8x improvement CPU Run Queue

  14. Latency vs previous approaches – problem solved

  15. Virtual Network tricks virtual networks are different than physical networks • dynamic reconfiguration (per session) • object passing & data sharing • share common resources (reports, alerts, management, etc) • backup and restore of entire network

  16. Redefining the Network • Benefits • Significantly cheaper • Allow for quick application adoption and management • Enhanced applications our goal: run your entire network in one machine

More Related