Flow Optimizer
Contact UsContact UsContact Us

Policy-Based, Intelligent Flow Management

As organizations continue their digital transformation, the underlying network becomes increasingly critical for supporting end user applications and services. With this increasing reliance on network infrastructure to support growth of complex and dynamic IT workloads, network traffic management, service complexity, and security become more taxing. Network managers face network performance and reliability challenges, including security-related attacks and breaches, resulting in service disruptions that can occur at any moment.

Organizations can use Flow Optimizer to proactively help increase network efficiency, improve resource utilization, mitigate network attacks, and significantly reduce network congestion. The Flow Optimizer is an easily deployable open Software-Defined Networking (SDN) application that detects and manages large Layer 2 through Layer 4 traffic flows in service provider and enterprise networks. By defining policies for proactive monitoring and automated management of large traffic flows and programming those policies into Flow Optimizer to optimize their network infrastructure, organizations can perform the following:

Threat Management – Detect and mitigate threats in the network quickly and efficiently with:

  • Real-time programmability of the network
  • Support for BGP Remote TriggeredBlack Hole (RTBH) and solutions with BGP Flowspec to manage threats with as much granularity as possible
  • Integration with third-party security and analytics platforms, such as Palo Alto Networks firewall

Flow Optimization – Monitor, tune, and map network flows for intelligent Service Level Agreement (SLA) management with profile granularity and enhanced flow reporting:

  • OpenFlow statistics
  • Logical Port/MPLS LSP and IPsec tunnel selection
  • Ease of manageability and visualization via GUI
  • Ease of upgradability across Flow Optimizer versions

The Flow Optimizer application is supported by the Extreme Networks MLX® Routers and Extreme Networks SLX® Routers, as well as the Extreme Networks VDX® Switches. The application comes with a Web-based Graphical User Interface (GUI) that provides simple profile configurations and a detailed view of the dashboard and associated settings. Additionally, REST APIs facilitate customized integration into existing network environments and cloud orchestration systems.

Flow Monitoring and Reporting

  • Parse IPsec headers from the sFlow samples
  • Parse extended VXLAN headers on SLX devices for VLAN-VXLAN flexibility
  • Parse MPLS headers (monitoring) and flow bandwidth estimation
  • View OpenFlow statistics
  • Tag (flow naming) Learned Flows and User-defined Flows
  • Support manual user-defined actions

Flow Aggregation and Regeneration

  • Ingress port (in-port) for DROP and REDIRECT actions
  • OpenFlow Logical Interface
  • Ether type as a Layer 2 match criteria
  • MAC address mask for Layer 2 source and destination
  • VLAN modify and VLAN POP for redirect action
  • Wild cards in network attributes of profile
  • Wire tapping; local flow mirroring
  • SDN-based Flow TAP; configure multi-flows/multi-actions

Security and Profiles

  • Profiles of well-known network threats: NTP Reflection, UDP Flooding, DNS Reflection, ICMP Ping Flooding, Simple Service Delivery Protocol (SSDP), Character General (CharGEN), and Quote of the Day. Support up to 50 user-defined profiles
  • IP blacklisting for addresses to be mitigated immediately on detection
  • Layer 7 integration with Bro and Palo Alto Networks firewall
  • Support for IPv6 arbitrary bitmasks
  • sFlow registration and device management


  • HTTPS communication between Flow Optimizer and the Extreme Networks SDN Controller
  • Advanced historical charts and graphs
  • Application infrastructure (Logging, Help, Support Save)
  • E-mail notifications
  • REST API support for third-party integration

Network Attack Mitigation

Flow Optimizer detects large Layer 2 through Layer 4 traffic flows and proactively mitigates against unknown and well-known DDoS attacks. This addresses a critical concern for organizations subscribing to Layer 2 and Layer 3 VPN services who want to ensure that large traffic flows are not high-volume network attacks that could impact and shut down the overall network.

In addition to stopping the DDoS attack at the ingress to the network, Flow Optimizer also supports BGP Remote Triggered Black Hole (RTBH) and can work with external BGP stacks such as ExaBGP to mark and send BGP Flowspec based on sFlow threats in local network. This well-known standards-based Internet operation enables Flow Optimizer to trigger the upstream router to drop offending traffic or redirect it to a cleaning site if the upstream link is congested above 50 percent by a DDoS attack. This automation via BGP reduces mitigation time for an attack to a matter of minutes, as opposed to hours.

Flow Optimizer also allows users to define IPv4 and IPv6 Blacklist sources which are well-known daily threats. If flows are detected from blacklisted sources, Flow Optimizer drops the malicious traffic automatically. Users can modify IP blacklist sources on a periodic basis as needed.

If advanced DDoS detection is required, Flow Optimizer also supports integration with third-party devices to assess application flow information through an open application programming interface (API). Flow Optimizer mirrors flows to an analytics or IDS appliance for enhanced detection up to Layer 7. Upon detection, an API from the analytics or IDS appliance to the Flow Optimizer API initiates additional discard actions. Flow Optimizer supports integration with third party devices such as Palo Alto firewalls.

Traffic Flow Optimization

Flow Optimizer can detect traffic flows and proactively remark, redirect, or meter specific flows according to established policies. This helps avoid network congestion, latency and network violations, thus helping ensure customer SLAs.

Network Usage Reports

Flow Optimizer allows network and IT managers to identify and track network usage patterns. These reports can in turn be used to help run the business more efficiently such as to determine appropriate network downtime for planned network upgrades or to monitor end-user usage compared to subscribed service to maximize top line revenue.

Standards-Based, Production-Ready SDN Solution

Flow Optimizer is a modular, open and non-proprietary, fully tested, quality-assured, and commercially supported application running under any Open Daylight-compliant SDN controller. Additionally Flow Optimizer leverages DevOps automation platforms such as StackStorm and Extreme Workflow Composer to program network policies to VDX and SLX platforms.

Organizations can introduce Flow Optimizer into any Extreme network and easily solve immediate problems through the operational benefits of SDN and DevOps automation without the need to develop software or understand SDN protocols.

Additionally, leveraging Extreme Networks hybrid port mode innovation, customers can seamlessly deploy SDN and automation capability alongside existing IP/MPLS services.

Simple and User-Friendly Interface with Real-Time Network Visibility

Access to Flow Optimizer is provided via an easy-to-install and intuitive web-based GUI. An application dashboard provides real-time graphical overviews of various traffic types and flows, showing multiple actions and events simultaneously.

Ease of Integration with Cloud Orchestration Systems

Flow Optimizer supports programmable REST APIs, which allow customers to facilitate configuration, operational and analytical IT DevOps automation, and integration with cloud orchestration systems.

Real-Time Events

Flow Optimizer allows event logging by application and with storage for up to one month. Once this limit is reached, the events are purged to clear space for logging of new events.

Support for Large Data Center and Network Connections

Flow Optimizer handles multiple flows for traffic up to 200 Gbps to support large volumes of data center and network connections.

Flow Optimizer Specifications Features
Ubuntu 14.0.4 (64 Bit), CentOS 7
Server must have in-band connectivity to Extreme MLXe Routers or Extreme ICX Switches to receive sFlow packets
Server CPUIntel Core: Four cores or equivalent
Server memory and storage32GB RAM
1 TB of free hard disk drive space
Extreme SDN ControllerOpenDaylight Controller Boron SR3
DevOps AutomationStackStorm 2.3.3 and NE 1.2
Switch/Router firmwareExtreme Networks MLX NetIron firmware, version NI 6.0, 6.1.0 (IPSEC Logical port and Group table feature need NI 6.1.0)
Extreme Networks VDX 6740, 6940, 8870, NOS 7.1.0
Extreme Networks SLX9850-4 Firmware: slxos16r.1.00
Browser ClientGoogle Chrome
Flow Optimizer Ordering Information
BR-BFO-SMLExtreme Flow Optimizer Application: Perpetual license for up to 20 Gbps traffic flows capability
BR-BFO-LRGExtreme Flow Optimizer Application: Perpetual license for up to 200 Gbps traffic flows capability
BFOSML-SVL-SW-1ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Small SKU: I year
BFOSML-SVL-SW-2ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Small SKU: 2 years
BFOSML-SVL-SW-3ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Small SKU: 3 years
BFOSML-SVL-SW-4ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Small SKU: 4 years
BFOSML-SVL-SW-5ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Small SKU: 5 years
BFOLRG-SVL-SW-1ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Large SKU: 1 year
FOLRG-SVL-SW-2ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Large SKU: 2 years
BFOLRG-SVL-SW-3ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Large SKU: 3 years
BFOLRG-SVL-SW-4ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Large SKU: 4 years
BFOLRG-SVL-SW-5ESSENTIAL APP SUPPORT 24×7, Extreme Flow Optimizer Large SKU: 5 years