1 / 23

Virtualizing the Network

Virtualizing the Network. …there is no spoon. November 7th, 2007. there is no spoon. Next Meeting: Nov 20 th – 6:30pm “ACCRC+Linux: Saving Computers from Landfills” Location: Four Seas Restaurant 731 Grant Ave San Francisco, CA. 2008 Speaker Lineup Jan – Eric S. Raymond

ailish
Download Presentation

Virtualizing the Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtualizing the Network …there is no spoon November 7th, 2007 there is no spoon

  2. Next Meeting: Nov 20th – 6:30pm “ACCRC+Linux: Saving Computers from Landfills” Location: Four Seas Restaurant 731 Grant Ave San Francisco, CA 2008 Speaker Lineup Jan – Eric S. Raymond Feb – Bruce Perens March – TBD April – Eric Allman May – Jeremy Allison June – Andrew Morton BALUG is Back! …for a Blockbuster 2008

  3. About Untangle • Open Source Network Gateway • GPLv2 • 12 Open Source Applications • Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more • Designed for Small Business • Easy to install & manage w/ GUI, logging & reporting • Untangle sells… • Live phone support • An extra application (clientless VPN) • Download on SourceForge • http://sourceforge.net/projects/untangle • ISO Image • VMWare Image

  4. whoiam Untangle Founder & CTO • Career highlights • Major projects • High Bandwidth Transparent Vectoring for proxy firewall engines • Java-based distributed monitor and intrusion detection systems. • Survivability simulations in support of fault tolerant systems • Work History • CERT/CC (Computer Emergency Response Team) • Akheron Technologies, Chief Architect. • VerticalNet and H.L.L.C. Consulting • Education • Carnegie Mellon University , Bachelor's degree in Computer Science with a minor in Mathematics Read Dirk’s blog - http://blog.untangle.com/ 4 4

  5. The Simpler Way to Protect, Control and Monitor your network SMB network – the HARD way! SMB Adoption • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup high high high New Threats & Apps high • Phishing • SSL VPN • VOIP • NAC • Future Threats/Apps? medium low medium low low low low low OR SMB network – the SIMPLE way! virtual 19” rack • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup online library New Threats & Apps • Phishing • SSL VPN • VOIP PBX • NAC • Future Threats/Apps? a

  6. Untangle Implementation Behind the firewall & router As the firewall & router Untangle Untangle

  7. What is a Virtual Network? A virtual network provides the functionality, or application programming interface (API), of links between nodes, as in a computer network. The implementation of these virtual links may or may not correspond to physical connections between nodes. -Wikipedia

  8. Old School: The Mainframe in a Box 8

  9. New School: The Network Rack in a Box 9

  10. What Can’t be Virtualized • Physical Transport Mediums • Wires & Cables • Etc.

  11. How the Idea Was Born Back in 2002… • Instant Messaging • P2P blocking • Anti-virus • IPS (snort) • etc trends • Consolidation • Software (vs ASIC)

  12. Attempt #1 – the “VMWare” approach kernel Pros Cons • fairly simple for applications • terrible resource contention - latency • high overhead of virtualization • no sharing data

  13. Attempt #2 – the “proxy chaining” approach kernel proxy 1 proxy 2 proxy 3 proxy 4 Pros Cons • less overhead • bad resource contention - latency • more complicated 13

  14. Proxy Chaining(latency issue) Context Switches: =4 Data from the network Buffer Copies: =5 Application Proxy Light Load Moderate Load Thread / Process Proxy Chain Run Queue CPU

  15. Proxy chaining and VMWare latency behavior Actual Latency User Noticeable Latency

  16. Attempt #3 – the “pipelining” approach kernel node 1 node 2 node 3 node 4 advantages disadvantages • less resource contention • app’s need to be ported to threading model 16

  17. Virtual Pipelining Context Switches: =1 Data from the network Buffer Copies: =2 Application Module Moderate Load Light Load Thread / Process Virtual Pipeline >8x improvement CPU Run Queue

  18. Latency vs previous approaches – problem solved Proxy/VMware Latency User Noticeable Latency Untangle Latency

  19. Virtual Network tricks virtual networks are different than physical networks • dynamic reconfiguration (per session) • object passing & data sharing • share common resources (reports, alerts, management, etc) • backup and restore of entire network

  20. Redefining the Network • Benefits • Significantly cheaper • Allow for quick application adoption and management • Enhanced applications our goal: run your entire network in one machine

  21. Live Demo

  22. Q&A What The F*ck is That?

  23. Untangle is Hiring! Sr. QA Test Engineer • 6+ years testing experience • Experience testing GNU/Linux • Experience with Network testing Linux SysAdmin & Support • 5+ years testing experience • VOIP experience a big plus About Untangle • Small tight-knit company ~ 30 people • Located in San Mateo, CA • Great salary, benefits & startup options • Get to ride in the Pinzgauer!

More Related