Blog

Optimizing Flows in Large Scale IP Fabrics

Alan Sardella Published 17 Jan 2018

Platform is Suitable for Deployment in Large Scale IP Fabric Deployments

Extreme’s Flow Optimizer is an easily deployable visibility and automation platform that detects (through sFlow) and manages large Layer 2 through Layer 4 traffic flows in enterprise networks. Using Flow Optimizer, you can define policies for proactive management of large traffic flows, and then use these policies to optimize traffic and mitigate threats. 

Flow Optimizer is tightly integrated with network infrastructure. Whether you are deploying an IP Fabric or another data center network topology, Flow Optimizer policies can be applied to the entire network-wide “highway” of packets. Flow Optimizer provides both the visibility and the automation to apply these policies.

In every new release of Flow Optimizer (the current release is 2.1), we add new actions and platforms; we now support all of the Extreme data center platforms.

Strategy and Integration

The strategy of Flow Optimizer is to support our customers with strong integration with networking platforms and network visibility protocols. Threat management and flow optimization remain our key use case categories (Figure 1), and with each new release we continue to support them at higher volume and scale. 

 

Figure 1: Keyed to Flow Optimization and Threat Management

We are integrating these use cases using application visibility platforms (such as, for example, SLX Insight) and Automation capabilities (such as Workflow Composer). We can also work with a native OpenDaylight (ODL) controller or with the SDN controller from Lumina Networks.

Flow Optimizer supports all of our data center platforms – VDX and SLX (and third party platforms) through NETCONF, as well as MLX through either NETCONF or OpenFlow. In addition to the integrations above, we work with Bro, Palo Alto Networks, Arbor Networks, and others.  

Quick Overview of Recent (Release 2.1) Features

We focused heavily on scale in the 2.1 release of Flow Optimizer, and we have optimized the platform for “graceful” (selective) sFlow handling for any Layer 2/Layer 3 deployment. As with each new release, we add visibility and actions for new platforms.

Accordingly, we now support drop actions (for instance, due to threats) on SLX 9140 and SLX 9240 (leaf and spine switches) and on MLX we added the ability to change the BGP next hop with Policy-Based Routing. You can redirect a flow across the network.

The reliability and availability of the system is enhanced by our support of CentOS, which is added to our earlier Ubuntu support.

Flow Optimizer Deployment with IP Fabric

Thanks to the increases in scale, and the support for the SLX family, Flow Optimizer is now suitable for deployment in large-scale IP Fabric environments (Figure 2).

 

Figure 2: Flow Optimizer with an IP Fabric

This offers threat management capability to the IP Fabric. These remediated threats may come in through the Internet, as Flow Optimizer listens to sFlow in the following locations:

  1.       At the border leaf (which is at the edge of a PoD and may connect to a data center core or a WAN edge), or
  2.       At a border router (this has been supported since Flow Optimizer Release 2.0)

The border leaf router may be a VDX 6940, an SLX 9540, or an SLX 9140. If it’s an SLX switch, the drop actions may be through the Network Essentials automation suite via NETCONF. The ODL controller can perform the drop action on the VDX switch or the SLX 9540. As before, IP blacklist can also be supported with any of these platforms.

The border router can be an existing MLXe or a SLX 9850. The ODL Controller can perform drop actions on the border router.

Scale Enhancements

We have recently increased the bandwidth we support by 50% and we expect this scale to go much higher in the future; similarly, we also increased our flow capacity to >100K flows. With our graceful sFlow handling, we can slow down the “listening” so that the policy engine can continue to function when flows are being reported too quickly

We are also now allowing users to configure Flow Optimizer for a specific Layer 2 or Layer 3 network deployment.   This allows you to concentrate on only the most “meaningful” (from a control perspective) flows in the network.

For example, in a Layer 3 deployment, you may not care about Layer 2 components (such as the MAC address per hop). Layer 2 flows may therefore be superfluous.

Options for selective flow listening include:

  • Layer 2
  • Layer 3
  • Layer 2 plus VXLAN
  • Layer 3 plus MPLS

If you’re interested, download Flow Optimizer 2.1 today! Use the “FREE Trial” option on the Flow Optimizer product page to access the latest version of software.

Contact your account representative for additional information. For instance, you can ask your Systems Engineering representative to give you a live demo.

Related N/A Stories