230 likes | 473 Views
Virtualizing the Network. …there is no spoon. November 7th, 2007. there is no spoon. Next Meeting: Nov 20 th – 6:30pm “ACCRC+Linux: Saving Computers from Landfills” Location: Four Seas Restaurant 731 Grant Ave San Francisco, CA. 2008 Speaker Lineup Jan – Eric S. Raymond
E N D
Virtualizing the Network …there is no spoon November 7th, 2007 there is no spoon
Next Meeting: Nov 20th – 6:30pm “ACCRC+Linux: Saving Computers from Landfills” Location: Four Seas Restaurant 731 Grant Ave San Francisco, CA 2008 Speaker Lineup Jan – Eric S. Raymond Feb – Bruce Perens March – TBD April – Eric Allman May – Jeremy Allison June – Andrew Morton BALUG is Back! …for a Blockbuster 2008
About Untangle • Open Source Network Gateway • GPLv2 • 12 Open Source Applications • Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more • Designed for Small Business • Easy to install & manage w/ GUI, logging & reporting • Untangle sells… • Live phone support • An extra application (clientless VPN) • Download on SourceForge • http://sourceforge.net/projects/untangle • ISO Image • VMWare Image
whoiam Untangle Founder & CTO • Career highlights • Major projects • High Bandwidth Transparent Vectoring for proxy firewall engines • Java-based distributed monitor and intrusion detection systems. • Survivability simulations in support of fault tolerant systems • Work History • CERT/CC (Computer Emergency Response Team) • Akheron Technologies, Chief Architect. • VerticalNet and H.L.L.C. Consulting • Education • Carnegie Mellon University , Bachelor's degree in Computer Science with a minor in Mathematics Read Dirk’s blog - http://blog.untangle.com/ 4 4
The Simpler Way to Protect, Control and Monitor your network SMB network – the HARD way! SMB Adoption • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup high high high New Threats & Apps high • Phishing • SSL VPN • VOIP • NAC • Future Threats/Apps? medium low medium low low low low low OR SMB network – the SIMPLE way! virtual 19” rack • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup online library New Threats & Apps • Phishing • SSL VPN • VOIP PBX • NAC • Future Threats/Apps? a
Untangle Implementation Behind the firewall & router As the firewall & router Untangle Untangle
What is a Virtual Network? A virtual network provides the functionality, or application programming interface (API), of links between nodes, as in a computer network. The implementation of these virtual links may or may not correspond to physical connections between nodes. -Wikipedia
What Can’t be Virtualized • Physical Transport Mediums • Wires & Cables • Etc.
How the Idea Was Born Back in 2002… • Instant Messaging • P2P blocking • Anti-virus • IPS (snort) • etc trends • Consolidation • Software (vs ASIC)
Attempt #1 – the “VMWare” approach kernel Pros Cons • fairly simple for applications • terrible resource contention - latency • high overhead of virtualization • no sharing data
Attempt #2 – the “proxy chaining” approach kernel proxy 1 proxy 2 proxy 3 proxy 4 Pros Cons • less overhead • bad resource contention - latency • more complicated 13
Proxy Chaining(latency issue) Context Switches: =4 Data from the network Buffer Copies: =5 Application Proxy Light Load Moderate Load Thread / Process Proxy Chain Run Queue CPU
Proxy chaining and VMWare latency behavior Actual Latency User Noticeable Latency
Attempt #3 – the “pipelining” approach kernel node 1 node 2 node 3 node 4 advantages disadvantages • less resource contention • app’s need to be ported to threading model 16
Virtual Pipelining Context Switches: =1 Data from the network Buffer Copies: =2 Application Module Moderate Load Light Load Thread / Process Virtual Pipeline >8x improvement CPU Run Queue
Latency vs previous approaches – problem solved Proxy/VMware Latency User Noticeable Latency Untangle Latency
Virtual Network tricks virtual networks are different than physical networks • dynamic reconfiguration (per session) • object passing & data sharing • share common resources (reports, alerts, management, etc) • backup and restore of entire network
Redefining the Network • Benefits • Significantly cheaper • Allow for quick application adoption and management • Enhanced applications our goal: run your entire network in one machine
Q&A What The F*ck is That?
Untangle is Hiring! Sr. QA Test Engineer • 6+ years testing experience • Experience testing GNU/Linux • Experience with Network testing Linux SysAdmin & Support • 5+ years testing experience • VOIP experience a big plus About Untangle • Small tight-knit company ~ 30 people • Located in San Mateo, CA • Great salary, benefits & startup options • Get to ride in the Pinzgauer!