Monday, April 20, 2015

Boingo - Building a S.M.A.R.T.er Network

Derek Peterson, CTO of Boingo Networks, discussed his company's evolution to a S.M.A.R.T. infrastructure powered by NFV.  The acronym stands for Secure, Multiplatform, Analytics-driven, Responsive and Tiered.

Underlying the network is deep packet inspection technology that enables Boingo to deliver an enhanced experience for its users.

The video is presented by Procera Networks.

See video:  https://youtu.be/7uJzgEcrpGo

Broadcom Optimizes Trident-II+ Switching Silicon for 10GbE Virtualized Data Centers

Broadcom has begun sampling the next-generation of its StrataXGS Trident Ethernet switching silicon, which has been optimized to meet the bandwidth, scalability and efficiency demands of 10GbE virtualized data centers.  The new silicon offers 1.28 terabit per second (Tbps) switching performance, 30 percent lower power and double the performance for data center virtualization overlays, such as VXLAN.

The 28 nanometer (nm) Trident-II+ Series, which provides a drop-in power and efficiency improvement over the previous version, brings a number of features for network virtualization, including single-pass VXLAN routing that doubles gateway performance in all network topologies, as well as support for pre-standard GENEVE overlays.

As a complement to Broadcom's latest StrataXGS Tomahawk and StrataDNX switch SoCs, the Trident II+ Series provides 100GbE connections to the spine layer and between racks, while supporting 10GbE connections to the servers in enterprise and private cloud deployments.

StrataXGS Trident-II+ (BCM56860) Series Key Features

  • Standards-compliant high-density 10GbE/40GbE/100GbE switch SoC
  • Single-pass routing in/out of tunnels (RIOT) at 1.28 Tbps
  • High-performance tunneling support for VXLAN, NVGRE, MPLS, SPB, and pre-standard Geneve
  • 128 low-power optimized 10Gbps serial interfaces with up to 8 ports of 100GbE
  • Broadview instrumentation featuring buffer statistics tracking (BST) and flex counters
  • Enhanced ContentAware engines with 4x larger ACL rule databases versus previous generation devices
  • OpenFlow 1.3.1+ support scaling to several 10,000's of flows using OF-DPA and third-party controllers
  • Configurable SmartTable technology to maximize L2 MAC,L3 Host, LPM forwarding database capacities
  • Full IPv4 and IPv6 unicast and multicast routing support
  • Integrated SmartBuffer for optimal burst absorption, dynamic thresholding and lossless service
  • SmartHash flexible engine featuring highly scalable ECMP load balancing and network resiliency
  • FlexPort technology enables dynamically configurable ports/MACs
  • Ethernet Port Multiplier technology supports fine-grained channelization over Ethernet and enterprise fabrics

"Over the past five years, multiple StrataXGS Trident generations have helped drive the adoption of 10GbE in cloud and mega scale data centers with standard, cost-efficient, merchant silicon based platforms," said Ram Velaga, Broadcom Senior Vice President & General Manager, Network Switch. "Our latest Trident-II+ series offers the economics, performance and virtualization capabilities required to lead a similar transition across enterprise data centers worldwide."

"The collaboration between Broadcom and VMware to define and build robust underlay-overlay technologies allows customers today to deploy fully virtualized networks for greater operational efficiency," said Hatem Naguib, vice president, Networking and Security at VMware. "Mainstream enterprises using our VMware NSX™ network virtualization platform on top of a StrataXGS Trident-II+ based physical network get first-class VXLAN support as well as future support for Geneve - enabling efficient, secure and agile data center networks."

http://www.broadcom.com/press/release.php?id=s907324

Gigamon Automates Network Traffic Visibility for Rapid Response to Security Threats

Gigamon outlined its framework for leveraging software-defined intelligent traffic visibility to automatically detect threats and then programmatically adapt security policies.

“Software Defined Visibility is a first of its kind breakthrough. It enables security tools, such as IPSs, WAFs, Secure Web Gateways, Sandboxes and other in-line or out-of-band security appliances to program the Gigamon Visibility Fabric to automatically update traffic Flow Maps and GigaSMART operations based on real-time conditions,” said Shehzad Merchant, chief technology officer at Gigamon.  “By enabling the programmability of our Visibility Fabric, customers gain the ability to dynamically adjust and enhance their visibility posture thereby improving security, while reducing costs and network complexities.”

Software Defined Visibility is a framework that allows customers, security and network equipment vendors, as well as managed service providers, to control and program Gigamon’s Visibility Fabric via REST-based Application Program Interfaces (APIs).  By writing programs that utilize Gigamon’s APIs, critical functions previously requiring manual intervention can be automated to improve responsiveness, enhance analysis and increase protection of key resources and information assets. Potential use case examples include:

  • Improve Security Efficiencies – Security administrators can develop applications to improve network detection, reaction and response by automating NetFlow generation and SSL decryption so that current security appliances are not overtaxed when performing deep packet inspection. For example, administrators can use the APIs that program the Visibility Fabric to dynamically change the traffic forwarding policies in response to threats or anomalous network traffic changes. 
  • Automate Policy Management – As new virtual machines are spun up, administrators can write policy management programs that utilize Gigamon’s APIs to automatically follow new changes within virtual and physical networks.
  • Simplify Provisioning and Ticketing – For many organizations, IT Operations Management (ITOM) groups are burdened to manually perform common tasks, such as provisioning and ticketing of network port configurations, monitoring of new IP subnets and VLANs, and upgrading software images. With Software Defined Visibility, ITOM groups can develop programs to automate these processes.

The new capabilities are enabled in GigaVUE-FM 3.0 Fabric Manager, which delivers a single pane-of-glass view of physical and virtual nodes across the Visibility Fabric.  A single instance of GigaVUE-FM can manage hundreds of visibility nodes across multiple locations, containing more than a quarter of a million physical ports in addition to managing virtual infrastructures.

Flow Mapping technology helps reduce traffic and improve analyzer performance. Flow Mapping is a patented technology at the heart of Gigamon’s GigaVUE Visibility Fabric nodes that takes line-rate traffic at 1Gb, 10Gb, 40Gb or 100Gb from a network TAP or a SPAN/mirror port (physical or virtual) and then optimizes flows based on individual traffic profiles of the tools and applications that secure, monitor, and analyze the network infrastructure.

http://www.gigamon.com

Japan Internet Exchange Deploys Infinera Cloud Xpress

Japan Internet Exchange (JPIX) has deployed the Infinera Cloud Xpress to help accommodate bandwidth growth in its network in the metropolitan Tokyo area in Japan.

Infinera's Cloud Xpress isa compact, high-density, optical system optimized for interconnecting multiple data centers within a metro area. It leverages existing Infinera technologies, including its Photonic Integrated Circuit (PICs) and super-channel aggregation, to provide massive bandwidth in a form factor that data center operators can rack-n-stack.

JPIX is Japan's first commercial IX provider, established in 1997, offering a set of neutral locations that allows telecom, Cloud and wholesale service providers to exchange traffic as well as interconnect with enterprise users. The JPIX IX service is a significant exchange point for major service and content providers in Japan and plays an important role in powering the Japanese Internet backbone. With the IX service delivered by JPIX, Internet service providers (ISPs) and content providers are able to respond to continuous increases in Internet traffic as demand increases from their customers.

Infinera said JPIX chose its Cloud Xpress for its small form factor, low power consumption and its ability to easily scale bandwidth in 100 Gbps increments without any changes in hardware. The Cloud Xpress provides JPIX up to one terabit per second (Tbps) of input and output capacity in just two rack units. Further, the Cloud Xpress simplifies operations with a single fiber to deliver a 500 Gb/s super-channel of line-side capacity, a highly-reliable photonic integrated circuit, the flexibility of 10 gigabit Ethernet (GbE) and 40 GbE today, and 100 GbE client side interfaces with Cloud Xpress product family in the future.

"The tremendous demand for bandwidth globally puts immense pressure on the Cloud," said Stu Elby, senior vice president of Cloud network strategy and technology at Infinera. "JPIX's deployment of Cloud Xpress further underscores the need for simple, highly scalable interconnect solutions across a variety of markets."

http://www.infinera.com

Ericsson and Intel Security Target Managed Security for Telcos

Ericsson and Intel Security (formerly McAfee) are working together to make managed security solutions available for telecom operators to bundle with the existing services they provide to enterprises.

The alliance combines Ericsson's managed services expertise, global delivery capability and network security expertise with Intel Security's broad portfolio of consumer and enterprise security solutions will enable enterprises to strengthen their security posture.

Chris Young, Senior Vice President and GM of Intel Security, says: "Telecommunications networks are a critical component of the economic and social infrastructures that we rely upon. Together, Intel Security and Ericsson are working to keep the well over three billion people across the globe that use these systems safe and secure."

Jean-Claude Geha, Vice President and Head of Managed Services at Ericsson, says: "Intel Security has an exceptional, end-to-end consumer and enterprise security product portfolio. Ericsson is the leader in telecom managed services with the scale, skills and people required to make Intel's security solutions available to telecom operators around the world. Together, we will be able to provide exceptional managed security solutions to telecom operators."

http://www.ericsson.com
http://www.intelsecurity.com/

CenturyLink Acquires Orchestrate - a Managed Database Service Company

CenturyLink has acquired Orchestrate, a company that offers a fully managed database service. Financial terms were not disclosed.

CenturyLink said the acquisition brings a new Database-as-a-Service (DBaaS) to its Cloud platform.  Earlier this year, Orchestrate's service became deployable via CenturyLink Cloud.

"CenturyLink's customers, like most enterprises, are expressing interest in solutions that help them meet the performance, scalability and agile development needs of large-scale big data analytics," said Glen F. Post, III, chief executive officer and president of CenturyLink. "The Orchestrate database service's ease of use and ability to support multiple database technologies have emerged as key differentiators that we are eager to offer our customers through the CenturyLink Cloud platform."

Orchestrate co-founders Antony Falco, chief executive officer, and Ian Plosker, chief technology officer, as well as Dave Smith, vice president of engineering, are among those joining CenturyLink.

http://www.centurylink.com


  • CenturyLink's other recent big data analytics moves include the acquisition of Cognilytics, a leading provider of advanced predictive analytics and big data solutions; the launch of Hyperscale high-performance cloud server instances designed for web-scale workloads, big data and cloud-native applications; and the availability of automated cloud-based Hadoop solutions. Other recent additions to the CenturyLink Cloud ecosystem include the acquisition of DataGardens for disaster recovery services. 


Korea-Japan Cable Upgrades to 100G with Ciena

The Korea-Japan Cable Network (KJCN) has selected Ciena's GeoMesh submarine solution for a 100G network upgrade.  KJCN has deployed Ciena’s 6500 Packet-Optical Platform, powered by WaveLogic coherent optics. The network will utilize high-powered Raman amplification to enable very high capacity transmission over long unrepeatered cable spans to increase the ultimate capacity of the system.

The KJCN network is owned by the global consortium of communications companies, including KT (Korea Telecom), SoftBank Mobile, QTNet (Kyushu Telecommunication Network) and others. KJCN is comprised of two 250 km repeater-less submarine cables with diverse routes connecting Korea and Japan. The KJCN network is used by traditional carrier customers, as well as web-scale operators and content delivery providers to transfer of a plethora of on-demand service and applications between Japan and South Korea.

http://www.ciena.com/about/newsroom/press-releases/KJCN-Turns-to-Ciena-for-Submarine-Network-Upgrade.html

Catbird Intros Discovery Tool for Virtual Fabrics

Catbird, a start-up based in Scotts Valley, California, introduced a software tool to help organizations discover, organize and analyze their virtual fabric to reduce security risks.

Catbird Insight works by first automatically discovering all assets within an organization’s virtual fabric.  It then allows grouping of these virtual assets into logical Catbird TrustZones (micro-segments) that can be monitored and analyzed for appropriate interactions, relationships and/or compliance based on network flow data. For example, all e-commerce applications might be grouped into one Catbird TrustZone so that security and compliance teams can validate whether the security policies associated within that Catbird TrustZone work effectively based on visualizing actual traffic flows.  From there, the solution provides visibility into all flows in and out of Catbird TrustZones with customized detailed reporting of traffic.

“Companies today want to adopt micro-segmentation to improve their security posture, yet find themselves lacking a good understanding of all the assets within their virtual fabric and missing insight into the baseline connectivity of those assets,” said David Keasey, CEO of Catbird. “With Catbird Insight, we easily and quickly eliminate these issues by providing a perfect inventory of assets and real-time network traffic and visualization, so organizations can easily define micro-segments and the fine-grained application-centric security policies protecting them.”

http://www.catbird.com/

See also