170 likes | 278 Views
Virtualizing the Network. there is no spoon. there is no spoon. Peninsula Users Group October 25 rd , 2007. About Untangle. Open Source Network Gateway GPLv2 12 Open Source Applications Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more Designed for Small Business
E N D
Virtualizing the Network there is no spoon there is no spoon Peninsula Users Group October 25rd, 2007
About Untangle • Open Source Network Gateway • GPLv2 • 12 Open Source Applications • Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more • Designed for Small Business • Easy to install & manage w/ GUI, logging & reporting • Untangle sells… • Live phone support • An extra application (clientless VPN) • Download on SourceForge • http://sourceforge.net/projects/untangle • ISO Image • VMWare Image
whoiam Untangle Founder & CTO • Career highlights • Major projects • High Bandwidth Transparent Vectoring for proxy firewall engines • Java-based distributed monitor and intrusion detection systems. • Survivability simulations in support of fault tolerant systems • Work History • CERT/CC (Computer Emergency Response Team) • Akheron Technologies, Chief Architect. • VerticalNet and H.L.L.C. Consulting • Education • Carnegie Mellon University , Bachelor's degree in Computer Science with a minor in Mathematics Read Dirk’s blog - http://blog.untangle.com/ 3 3
The Simpler Way to Protect, Control and Monitor your network SMB network – the HARD way! SMB Adoption • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup high high high New Threats & Apps high • Phishing • SSL VPN • VOIP • NAC • Future Threats/Apps? medium low medium low low low low low OR SMB network – the SIMPLE way! virtual 19” rack • Firewall • Email Server • File Server • Anti-Virus • Anti-Spam • Anti-Spyware • VPN • Web Filtering • Intrusion Prevention • Reporting • IM/P2P/QoS • Archiving/Backup online library New Threats & Apps • Phishing • SSL VPN • VOIP PBX • NAC • Future Threats/Apps? a
Untangle Implementation Behind the firewall & router As the firewall & router Untangle Untangle
What is a Virtual Network? wikipedia definition: A virtual network provides the functionality, or application programming interface (API), of links between nodes, as in a computer network. The implementation of these virtual links may or may not correspond to physical connections between nodes. what its not: physical transport medium
Background 2002 • Instant Messaging • P2P blocking • Anti-virus • IPS (snort) • etc trends • Consolidation • Software (vs ASIC)
Attempt #1 – the “VMWare” approach kernel advantages disadvantages • fairly simple for applications • terrible resource contention - latency • high overhead of virtualization • no sharing data
Attempt #2 – the “proxy chaining” approach kernel proxy 1 proxy 2 proxy 3 proxy 4 advantages disadvantages • less overhead • bad resource contention - latency • more complicated 9
Proxy Chaining(latency issue) Context Switches: =4 Data from the network Buffer Copies: =5 Application Proxy Moderate Load Light Load Thread / Process Proxy Chain Run Queue CPU
Attempt #3 – the “pipelining” approach kernel node 1 node 2 node 3 node 4 advantages disadvantages • less resource contention • app’s need to be ported to threading model 12
Virtual Pipelining Context Switches: =1 Data from the network Buffer Copies: =2 Application Module Moderate Load Light Load Thread / Process Virtual Pipeline >8x improvement CPU Run Queue
Virtual Network tricks virtual networks are different than physical networks • dynamic reconfiguration (per session) • object passing & data sharing • share common resources (reports, alerts, management, etc) • backup and restore of entire network
Redefining the Network • Benefits • Significantly cheaper • Allow for quick application adoption and management • Enhanced applications our goal: run your entire network in one machine