DOCSLIB.ORG

Brocade Vyatta Network OS Data Sheet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

DATA SHEET Brocade Vyatta Network OS HIGHLIGHTS A Network Operating System for the Way Forward • Offers a proven, modern network The Brocade® Vyatta® Network OS lays the foundation for a flexible, easy- operating system that accelerates the adoption of next-generation to-use, and high-performance network services architecture capable of architectures meeting current and future network demands. The operating system was • Creates an open, programmable built from the ground up to deliver robust network functionality that can environment to enhance be deployed virtually or as an appliance, and in concert with solutions differentiation, service quality, and from a large ecosystem of vendors, to address various Software-Defined competitiveness Networking (SDN) and Network Functions Virtualization (NFV) use cases. • Supports a broad ecosystem for With the Brocade Vyatta Network OS, organizations can bridge the gap optimal customization and service between traditional and new architectures, as well as leverage existing monetization investments and maximize operational efficiencies. Moreover, they can • Simplifies and automates network compose and deploy unique, new services that will drive differentiation functions to improve time to service, increase operational efficiency, and and strengthen competitiveness. reduce costs • Delivers breakthrough performance flexibility, performance, and operational and scale to meet the needs of any A Proven, Modern Operating efficiency, helping organizations create deployment System The Brocade Vyatta Network OS new service offerings and value. Since • Provides flexible deployment options separates the control and data planes in 2012, the benefits of this operating to support a wide variety of use cases software to fit seamlessly within modern system have been proven by the Brocade SDN and NFV environments. While vRouter via deployments in public cloud, purpose-built to enable the networks cloud-based customer edge services, and of the future, the operating system is data centers worldwide. grounded in a rich heritage of networking A Vital Bridge innovation. For more than a decade, Moving to a new programmable the world’s leading brands have relied network does not happen overnight. on Brocade to deliver network services The Brocade Vyatta Network OS across multitenant, multivendor virtual provides the vital bridge between new environments. These capabilities were built and existing protocols, interfaces, and into the modern Brocade Vyatta Network tools to ensure that the network operates OS to ensure it provides the utmost in as it should. It ties all the network and Yang Data Model NETCONF REST CLI Scripting API Figure 1: Brocade Vyatta Network OS common data model for all-API access. virtualization capabilities of the operating Fig(NETCONF)ure 1 and REST—regardless of system enables the control plane to system into a simple and common data which interface is used, so anyone can communicate with both the network’s model that “translates” all requirements deploy or make changes to accelerate the VNFs and applications (northbound), and and commands, so that they can be operationalization of the network. the packet-forwarding plane (southbound), understood by the network and service as shown in Figure 1. This approach orchestration components. This approach An Open Platform, a Broad allows the Brocade Vyatta Network OS to helps streamline deployments, speed time Ecosystem seamlessly support a robust ecosystem to service, and ensure ongoing availability. To ensure interoperability across network of best-of-breed solutions and help environments and simplify integrations organizations reduce the costs associated The operating system not only caters to with third-party Virtual Network Functions with adopting services. Organizations can the network components, but also the (VNFs), the Brocade Vyatta Network then confidently roll out new services to skill sets of the operators responsible OS uses standard protocols such as maximize the value of their networks. for managing them. The Brocade Vyatta NETCONF; supports open source Network OS enables operators to interact platforms, including OpenDaylight; A Programmable, Extensible with network elements in a way that is provides plugin support for OpenStack; Operating System familiar to them. Operators accustomed and offers published APIs. As a result, The building-block style of the Brocade to working with traditional routers and there is no vendor lock-in—organizations Vyatta Network OS enables organizations switches can use a standard CLI interface, can freely choose the VNFs they want to quickly and easily deploy new, value- while operators more comfortable with from a broad ecosystem of solutions. added services. Organizations can further software can use Linux commands, differentiate their offerings, enhance including all embedded scripting The open interfaces of the Brocade Vyatta their competitiveness, and improve the functions, libraries (Python, Ruby), and Network OS facilitate communication with monetization of their services. shells. The operating system can expose all the components of the network. Using any function along any supported a common data model, based on standard API—such as network configuration protocols and open APIs, the operating 2 Data Center Control Plane Hosted VNFs Control Plane Control Integrated Hypervisor and Plane vSwitch Data Plane Data Plane Data Plane Data Plane Location 1 Location 2 VNF VNF Platform Distributed Services Platform Deployment Deployment Deployment Figure 2: Brocade Vyatta Network OS deployment package options. A Wide Variety of • Mobile Edge Computing (MEC) Breakthrough Performance Deployment Methods and • Secure cloud access Leveraging innovations from Brocade and the Intel Data Plane Development Use Cases • Virtual security functions The Brocade Vyatta Network OS can Kit (DPDK), the Brocade Vyatta Network be deployed across a wide variety of • Virtual IoT Gateway OS enables carrier-class performance hardware platforms to support various • Virtual Security Gateway and reliability in software. By separating use cases (see Figure 2). For example, the control and data planes, and utilizing • Virtual Top-of-Rack (vToR) it can be deployed as a VNF, a VNF the Intel DPDK, the operating system platform, or a distributed service platform • Virtual Route Reflector (vRR) allows multiple Intel CPU cores (x86) to integrate into cloud, virtual, physical, or to be allocated to each forwarding on-premises environments. It also can be Automation and plane to maximize performance, while deployed as a co-resident on the hardware Orchestration eliminating resource contention (see housing the data planes, or centralized The Brocade Vyatta Network OS has Figure 3). Although performance scales to manage a number of distributed data deep integrations with existing key independently within the control and data planes, depending on an organization’s orchestration platforms and management planes, the operating system’s overall requirements. suppliers, enabling organizations to performance scales with the associated automate services. This reduces the hardware resources. The Brocade Vyatta Network OS can risks associated with rolling out new In addition, the separation of the control be easily deployed to meet the functions, by avoiding human error, cutting and data planes reduces the amount requirements of: time to implementation, and lessening of compute memory and storage • Virtual Customer Edge (vCE) equipment the learning curve. Enabling service required, helping to minimize the overall automation is just one more way that the • Virtual Customer Premise Equipment footprint of the operating system. As a Brocade Vyatta Network OS helps to (vCPE) result, with the Brocade Vyatta Network accelerate the operationalization of the OS, organizations can improve packet • Software-Defined WAN (SD-WAN) environment. processing efficiency—across both silicon 3 vCPU Brocade Global Services Brocade Global Services has the Control Plane expertise to help organizations build scalable, efficient cloud infrastructures. Leveraging 20 years of expertise in storage, networking, and virtualization, Brocade Global Services delivers world- Data Plane class professional services, technical support, and education services, vCPU enabling organizations to maximize their Interface Brocade investments, accelerate new technology deployments, and optimize the Figure 3: Brocade Vyatta Network OS general vCPU architecture. performance of networking infrastructures. Acquisition Options That Match Balance Sheet and general compute architectures— Objectives to ensure maximum utilization of the KEY FEATURES OF THE BROCADE Successful network deployments drive underlying hardware infrastructure, and VYATTA NETWORK OS business forward, providing technical consolidate resources to significantly • The foundation for a decomposable and financial agility. Brocade offers reduce capital and operating costs. services architecture the broadest financing models, from • Purpose-built for NFV and SDN traditional leasing to Brocade Network Advanced Network Functions deployments The Brocade Vyatta Network OS delivers Subscription. Network-as-a-Service • A bridge between legacy and future allows organizations to subscribe to all the advanced networking functions network architectures that organizations expect from a modern network assets today then upgrade on • A simple common data model that demand, scale up or down, or return them network operating system: enables disparate
Recommended publications
  • Fortinet and Vyatta Fortinet and Vyatta

    Fortinet and Vyatta Fortinet and Vyatta

    DEPLOYMENT GUIDE Fortinet and Vyatta Fortinet and Vyatta Overview . 3 Deployment Prerequisites . 3 Architecture Overview . 3 Figure 1: Topology.......................................... 3 Partner Configuration....................................... 4 Hardware Installation . 4 Figure 2: Vyatta Dashboard .................................. 4 Figure 3: Vyatta Virtualization ................................ 5 Fortinet Configuration . 5 Figure 4: Vyatta Virtualization Console Access .................. 5 Summary . 6 Access to Vyatta Demo . 6 How To Get Help........................................... 6 2 DEPLOYMENT GUIDE | Fortinet and Vyatta Overview The Brocade 5600 vRouter (formerly Vyatta 5600 vRouter) provides a solution Deployment Prerequisites for network functions virtualization (NFV). It offers easy scalability, a broad set of capabilities, and reliability. The Fortinet and Brocade Vyatta deployment requires the following: In addition, it utilizes Intel Data Plane Development Kit (DPDK) to deliver higher performance, and it can be installed on hypervisors and any x86-based system. 1. Vyatta OS Together, Fortinet and Brocade deliver an industry-leading security and network 2. Supermicro x86-Based Hardware solution. FortiGate virtual firewall products enable customers to deploy branch office 3. FortiGate KVM Firewall services. Customers can deploy virtual CPE (vCPE) combined with industry-leading FortiGate security. The Brocade Vyatta Network OS with Fortinet network security appliances and subscription services provides broad, integrated,
  • Ngenius Collector Appliance Scalable, High-Capacity Appliance for Collection of Cisco Netflow and Other Flow Data

    Ngenius Collector Appliance Scalable, High-Capacity Appliance for Collection of Cisco Netflow and Other Flow Data

    l DATA SHEET l nGenius Collector Appliance Scalable, High-Capacity Appliance for Collection of Cisco NetFlow and Other Flow Data Product Overview HIGHLIGHTS Deployed at key traffic aggregation locations, nGenius® Collectors extend the reach of the nGeniusONE® Service Assurance solution and are used primarily to generate flow‑based • Measure service responsiveness across statistics (metadata) in memory for specific traffic types. This NETSCOUT data source collects the network with up to 500 Cisco IP SLA metadata on IP SLA and IPPING protocols, flow data from NetFlow routers, link‑level statistics, synthetic transaction tests and utilization data from MIB‑II routers. • Scalable collection of up to 2 million Cisco NetFlow, IPFIX, Juniper J-Flow, Huawei® Listening passively on an Ethernet wire, nGenius Collectors examine specific traffic collected NetStream and sFlow flows per minute from flow‑enabled routers and switches (e.g., Cisco® NetFlow, Juniper® J-Flow, sFlow®, ® • Captures and stores Flow datagrams for NetStream ) and from IP SLA test results to generate a variety of statistics. In addition, Collectors historical deep-dive analysis can be configured to capture datagrams from Flow‑enabled routers and analyze them via datagram capture, which allows users to perform in‑depth capture and filtering. • Collects Flow data from up to 5,000 flow‑enabled router or switch interfaces Metrics from nGenius Collectors are retrieved through a managing nGenius for Flows Server per appliance for analysis, enabling display of utilization metrics, quality of service (QoS) breakdowns, and • Supports both IPv4 and IPv6 environments application breakdowns in nGenius for Flows and other tools in the nGeniusONE Service • Purpose-built hardware and virtual Assurance Solution.
  • Netflow Traffic Analyzer Real-Time Network Utilization and Bandwidth Monitoring

    Netflow Traffic Analyzer Real-Time Network Utilization and Bandwidth Monitoring

    DATASHEET NetFlow Traffic Analyzer Real-Time Network Utilization and Bandwidth Monitoring An add-on to Network Performance Monitor (NPM), SolarWinds® NetFlow DOWNLOAD FREE TRIAL Traffic Analyzer (NTA) is a multi-vendor flow analysis tool designed to proactively reduce network downtime. NTA delivers actionable insights Fully Functional to help IT pros troubleshoot and optimize spend on bandwidth by better for 30 Days understanding the who, what, and where of traffic consumption. Solve practical operational infrastructure problems with actionable insights and save money with informed network investments. WHY CHOOSE NETFLOW TRAFFIC ANALYZER? • NTA collects and analyzes flow data from multiple vendors, including NetFlow v5 and v9, Juniper® J-Flow™, sFlow®, Huawei® NetStream™, and IPFIX. • NTA alerts you to changes in application traffic or if a device stops sending flow data. • NTA supports advanced application recognition with Cisco® NBAR2. • NTA shows pre- and post-policy CBQoS class maps, so you can optimize your CBQoS policies. • NTA can help you identify malicious or malformed traffic with port 0 monitoring. • NTA includes WLC network traffic analysis so you can see what’s using your wireless bandwidth. • NTA supplements Network Performance Monitor by helping to identify the cause of high bandwidth. Built on the Orion® Platform, NTA provides the ability to purchase and fully integrate with additional network monitoring modules (config management, WAN management, VoIP, device tracking, IP address management), as well as systems, storage, and virtualization management in a single web console. page 1 DATASHEET: NETFLOW TRAFFIC ANALYZER FEATURES New! VMware vSphere Distributed Switch (VDS) Support Comprehensive support for the VMware VDS, providing visibility within the switch fabric to your east-west VM traffic to help IT pros avoid service impacts when moving workloads.
  • Mist Teleworker ME

    Mist Teleworker ME

    MIST TELEWORKER GUIDE ​ ​ ​ ​ ​ Experience the corporate network @ home DOCUMENT OWNERS: ​ ​ ​ ​ Robert Young – [email protected] ​ Slava Dementyev – [email protected] ​ Jan Van de Laer – [email protected] ​ 1 Table of Contents Solution Overview 3 How it works 5 Configuration Steps 6 Setup Mist Edge 6 Configure and prepare the SSID 15 Enable Wired client connection via ETH1 / Module port of the AP 16 Enable Split Tunneling for the Corp SSID 17 Create a Site for Remote Office Workers 18 Claim an AP and ship it to Employee’s location 18 Troubleshooting 20 Packet Captures on the Mist Edge 23 2 Solution Overview Mist Teleworker solution leverages Mist Edge for extending a corporate network to remote office workers using an IPSEC secured L2TPv3 tunnel from a remote Mist AP. In addition, MistEdge provides an additional RadSec service to securely proxy authentication requests from remote APs to provide the same user experience as inside the office. WIth Mist Teleworker solution customers can extend their corporate WLAN to employee homes whenever they need to work remotely, providing the same level of security and access to corporate resources, while extending visibility into user network experience and streamlining IT operations even when employees are not in the office. What are the benefits of the Mist Teleworker solution with Mist Edge compared to all the other alternatives? Agility: ● Zero Touch Provisioning - no AP pre-staging required, support for flexible all home coverage with secure Mesh ● Exceptional support with minimal support - leverage Mist SLEs and Marvis Actions Security: ● Traffic Isolation - same level of traffic control as in the office.
  • Netflow Optimizer™

    Netflow Optimizer™

    NetFlow Optimizer™ Installation and Administration Guide Version 2.4.7 (Build 2.4.7.0.23) January 2017 © Copyright 2013-2017 NetFlow Logic Corporation. All rights reserved. Patents both issued and pending. Contents Overview ....................................................................................................................................................................... 3 How NetFlow Optimizer Works .................................................................................................................................. 3 How NFO Updater Works .......................................................................................................................................... 3 NetFlow Optimizer Installation Guide ......................................................................................................................... 4 Before You Install NFO ................................................................................................................................................ 4 Pre-Installation Checklist ........................................................................................................................................... 4 Minimum Requirements ............................................................................................................................................. 4 Supported Platforms .............................................................................................................................................. 4 Virtual Hardware
  • Spirent Testcenter™

    Spirent Testcenter™

    DATASHEET Spirent TestCenter™ L2TPv2 / L2TPv3 Base Packages Convergence is creating a new generation of integrated network Layer 2 Tunneling Protocol (L2TP) is used to support Virtual Private Networks (VPNs) devices and services that are or as part of the delivery of services by ISPs. Spirent TestCenter L2TP Base Package much more complex than ever enables Service Providers and network equipment manufacturers to quickly validate before. Service Providers need subscriber scalability. While L2TPv2 is all about PPPoE subscriber sessions being the ability to deploy networks tunneled to domains, L2TPv3 is more about multi-protocol tunneling. L2TPv3 Base quickly that get Quality of Package provides additional security features, improved encapsulation, and the Experience (QoE) right the first ability to carry data links other than simply Point-to-Point Protocol (PPP) over an time. IP network. L2TPv3 is emerging as a core tunneling and VPN technology for next- generation networks. L2TPv3 provides the flexibility and scalability of IP with the Benefits privacy of Frame Relay and ATM. L2TPv3 will allow network services to be delivered over routed IP networks. Stability and performance of L2TP is critical to many Service • L2TP Tunnel capacity testing Providers and data services. • Session per tunnel testing Spirent can help you address this challenge with Spirent TestCenter with its innovative design. Now you can create and execute more complex test cases in less time with the • Data forwarding across all L2TP same resources—and scale tests higher while debugging problems faster. The results: tunnels lower CAPEX and OPEX, faster time to market, greater market share and higher • L2TP Tunnel stability test profitability, the ability to tunnel thousands of subscribers to thousands of tunnels with authentication and verify data forwarding and receive rates per subscriber.
  • Flow-Tools Tutorial

    Flow-Tools Tutorial

    Flow-tools Tutorial SANOG 6 Bhutan Agenda • Network flows • Cisco / Juniper implementation – NetFlow • Cisco / Juniper Configuration • flow-tools programs overview and examples from Abilene and Ohio- Gigapop Network Flows • Packets or frames that have a common attribute. • Creation and expiration policy – what conditions start and stop a flow. • Counters – packets,bytes,time. • Routing information – AS, network mask, interfaces. Network Flows • Unidirectional or bidirectional. • Bidirectional flows can contain other information such as round trip time, TCP behavior. • Application flows look past the headers to classify packets by their contents. • Aggregated flows – flows of flows. Unidirectional Flow with Source/Destination IP Key % telnet 10.0.0.2 10.0.0.1 login: 10.0.0.2 Active Flows Flow Source IP Destination IP 1 10.0.0.1 10.0.0.2 2 10.0.0.2 10.0.0.1 Unidirectional Flow with Source/Destination IP Key % telnet 10.0.0.2 % ping 10.0.0.2 login: 10.0.0.1 10.0.0.2 ICMP echo reply Active Flows Flow Source IP Destination IP 1 10.0.0.1 10.0.0.2 2 10.0.0.2 10.0.0.1 Unidirectional Flow with IP, Port,Protocol Key % telnet 10.0.0.2 % ping 10.0.0.2 login: 10.0.0.1 10.0.0.2 ICMP echo reply Active Flows Flow Source IP Destination IP prot srcPort dstPort 1 10.0.0.1 10.0.0.2 TCP 32000 23 2 10.0.0.2 10.0.0.1 TCP 23 32000 3 10.0.0.1 10.0.0.2 ICMP 0 0 4 10.0.0.2 10.0.0.1 ICMP 0 0 Bidirectional Flow with IP, Port,Protocol Key % telnet 10.0.0.2 % ping 10.0.0.2 login: 10.0.0.1 10.0.0.2 ICMP echo reply Active Flows Flow Source IP Destination IP prot srcPort
  • Introduction to Netflow

    Introduction to Netflow

    Introduction to Netflow Campus Network Design & Operations Workshop These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated 14th December 2018 Agenda • Netflow – What it is and how it works – Uses and applications • Generating and exporting flow records • Nfdump and NfSen – Architecture – Usage • Lab What is a Network Flow • A set of related packets • Packets that belong to the same transport connection. e.g. – TCP, same src IP, src port, dst IP, dst port – UDP, same src IP, src port, dst IP, dst port – Some tools consider "bidirectional flows", i.e. A->B and B->A as part of the same flow http://en.wikipedia.org/wiki/Traffic_flow_(computer_networking) Simple flows = Packet belonging to flow X = Packet belonging to flow Y Cisco IOS Definition of a Flow • Unidirectional sequence of packets sharing: – Source IP address – Destination IP address – Source port for UDP or TCP, 0 for other protocols – Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols – IP protocol – Ingress interface (SNMP ifIndex) – IP Type of Service IOS: which of these six packets are in the same flows? Src IP Dst IP Protocol Src Port Dst Port A 1.2.3.4 5.6.7.8 6 (TCP) 4001 22 B 5.6.7.8 1.2.3.4 6 (TCP) 22 4001 C 1.2.3.4 5.6.7.8 6 (TCP) 4002 80 D 1.2.3.4 5.6.7.8 6 (TCP) 4001 80 E 1.2.3.4 8.8.8.8 17 (UDP) 65432 53 F 8.8.8.8 1.2.3.4 17 (UDP) 53 65432 IOS: which of these six packets are in the same flows? Src IP Dst IP Protocol Src Port Dst Port A 1.2.3.4 5.6.7.8 6 (TCP) 4001 22 B 5.6.7.8 1.2.3.4 6 (TCP) 22 4001 C 1.2.3.4 5.6.7.8 6 (TCP) 4002 80 D 1.2.3.4 5.6.7.8 6 (TCP) 4001 80 E 1.2.3.4 8.8.8.8 17 (UDP) 65432 53 F 8.8.8.8 1.2.3.4 17 (UDP) 53 65432 What about packets “C” and “D”? Flow Accounting • A summary of all the packets seen in a flow (so far): – Flow identification: protocol, src/dst IP/port..
  • Internet Telephony Digital August Issue 2006

    Internet Telephony Digital August Issue 2006

    Where Can You Turn for a Total Solution? As a total solutions provider, NEC understands the complexities today’s converged networks can present to your business. With our proven experience, we know what it takes to help you avoid traveling in the wrong direction. NEC delivers the most choices of IP communications platforms to meet the unique needs of your business. Add to that a strong portfolio of applications and services, and before you know it, your business is traveling in the direction of improved customer experience, enhanced employee productivity, increased revenue generation and maximum return on investment. Why go in different directions when you can focus on a Total Solution? Turn to NEC! www.necunified.com/tmc © 2006 NEC Corporation NEC and the NEC logo are registered trademarks of NEC Corporation. By Greg Galitzine Group Publisher and Editor-In-Chief, Rich Tehrani ([email protected]) EDITORIAL Location, Location, Editorial Director, Greg Galitzine ([email protected]) Associate Editor, Erik Linask ([email protected]) Location TMC LABS Executive Technology Editor/CTO/VP, Tom Keating ([email protected]) Let’s take a trip back to the late 1990s, right ART about the time when every thing connected to Senior Art Director, Lisa D. Morris Art Director, Alan Urkawich telecom was seemingly awash in money, and EXECUTIVE OFFICERS there was WAP, and with WAP there was the Nadji Tehrani, Chairman and CEO Rich Tehrani, President early promise of location-based services. Dave Rodriguez, VP of Publications and Conferences Who remembers this WAP enabled application? You’re walking down the street and, as Kevin J.
  • The Essential Guide to Telecommunications, Sixth Edition

    The Essential Guide to Telecommunications, Sixth Edition

    PRAISE FOR THE ESSENTIAL GUIDE TO TELECOMMUNICATIONS, SIXTH EDITION “Dodd’s The Essential Guide to Telecommunications provides the history and context that make a fundamental underpinning of modern business more accessible to technologists and businesspeople alike. This new edition of her primer is an essential reference in the continuously evolving communica- tions landscape.” —Tom Hopcroft, President and CEO, Mass Technology Leadership Council “Annabel Dodd’s book is a clear guide and big-picture view of technologies and industries. It is an up-to-date guide for anyone who wants to be familiar with important innovations and key technologies. This is truly an industry bible for mobile, Internet, and networking services.” —Hiawatha Bray, Technology Reporter, The Boston Globe “Ms. Dodd’s aptly titled The Essential Guide to Telecommunications has been my bible for all things telecom since my days as an AT&T transmission network engineer nearly twenty years ago. Exhaus- tively and meticulously researched, concisely written for lay folks and techs/engineers alike, this book aids me in my current role as an IT Support Technician II when discussing new technology with our telecommunications department. Thank you to Ms. Dodd for keeping us all current!” —Todd Garbarini, IT Support Technician II Commvault Systems, Inc. “The Essential Guide to Telecommunications is probably one of the most useful and well-written books on our telecom bookshelf. Annabel Z. Dodd does a great job of capturing a snapshot of the current telecom industry. Even those with little or no technical training should be able to understand the text. This is the perfect book for salespeople who want to learn more about the products and services they are selling, or for those who just want to keep up to date on the latest in telecom technology.” —William Van Hefner, President, Vantek Communications, Inc.
  • Brocade Vyatta Network OS LAN Interfaces Configuration Guide, 5.2R1

    Brocade Vyatta Network OS LAN Interfaces Configuration Guide, 5.2R1

    CONFIGURATION GUIDE Brocade Vyatta Network OS LAN Interfaces Configuration Guide, 5.2R1 Supporting Brocade 5600 vRouter, VNF Platform, and Distributed Services Platform 53-1004724-01 24 October 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, and MyBrocade are registered trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands, product names, or service names mentioned of Brocade Communications Systems, Inc. are listed at www.brocade.com/en/legal/ brocade-Legal-intellectual-property/brocade-legal-trademarks.html. Other marks may belong to third parties. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
  • Conntrack, Netfilter, Netflow and NAT Under Linux

    Conntrack, Netfilter, Netflow and NAT Under Linux

    Xurble conntrack, Netfilter, NetFlow and NAT under Linux Oliver Gorwits 9th February 2010 Milton Keynes Perl Mongers 1 “Policy Compliance” • We have legal obligations • Avoiding the courts ✔ • Avoiding the newspapers ✔ 2 (alleged) Copyright Violations Subject: File-sharing of unauthorised content owned by Twentieth Century Fox From: [email protected] Dear Oxford University: Twentieth Century Fox Film Corporation, located in Los Angeles, and its affiliated companies (collectively, 'Fox') own intellectual property rights, including exclusive rights protected under copyright laws, in many motion pictures, television programs and other audio-visual works, including the motion picture AVATAR (collectively, the 'Fox Titles'). Fox conducted an online check by scanning public networks and discovered that your Oxford University internet account was used to access and distribute an unauthorised copy of AVATAR. By distributing Fox content without Fox's permission, you infringed Fox's copyright. Here is the information Fox obtained from the online check: Timestamp of report: 07 Feb 2010 23:12:44 GMT Title details: Avatar (2009) PROPER TS XviD-MAXSPEED IP address: 163.1.xxx.yyy Port ID: 30854 Protocol used: BitTorrent - L5 Please respond to Fox and identify what steps you have taken to resolve this matter by contacting Fox at [email protected] 3 The Process • So, given: ○Timestamp with Time Zone ○IP address ○TCP port number • We need: ○User’s identity • Usually via: ○Network log-in logs, and DHCP logs 4 Linux network subsystems Kernel conntrack netfilter iptables pietroizzo 5 Network Address/Port Translation O’Reilly 6 State Tracking User Firewall Internet 1 A ✔ 2 B pre-NAT post-NAT • Traditional loggers run two packet captures and correlate the timestamps.