SOLUTIONS BRIEF www.brocade.com BROCADE VIRTUAL ADX AND BROCADE ROUTER

NETWORK FUNCTIONS Network Functions Virtualization VIRTUALIZATION with the Brocade Virtual ADX and the Brocade Vyatta vRouter

INTRODUCTION CHALLENGES AND OPPORTUNITIES The war is over; virtualization has won. IT organizations are being asked to deliver Today, data centers around the globe rely new services and functions at ever- on server virtualization to provide services increasing speeds – and at ever-decreasing faster and more efficiently than ever costs. Software Defined Networking (SDN) before. Now virtualization is conquering is predicated on building networks that can new territory. This time, the aim is not to adjust dynamically to changing application virtualize applications, but to virtualize and business needs. However, while the network services. The idea, called Network reality of SDN is still in the early stage, the Functions Virtualization (NFV), is being pressure to deliver more efficient and more advanced by a consortium of some of agile networks continues to build. Software- the world’s largest carriers and Telco’s. based networking can realize many of the However, the concept of Network Functions core benefits of SDN today while laying Virtualization resonates far beyond carrier the groundwork toward future networks data centers. Enterprises and service built around Software Defined Networking. providers of all sizes are looking at The goal is to help organizations build deploying networking functions in networks that are both more agile and software to increase agility and to more cost-effective. reduce networking costs. Agility Many core networking services including Competition between service providers has switching, , , load balancing never been fiercer. One dimension of that and VPN can now be performed by software competition is the speed at which carriers either running directly on x86-64 servers or are expected to deliver new services. running as virtual . The movement Carriers and service providers are struggling towards software-based networking is being to support new services in rapidly evolving driven by the same economic imperative markets. Network Functions Virtualization that continues to drive server virtualization. offers a solution. This brief will look at Network Functions Virtualization, the factors driving the NFV Software-based networking can movement and some of the ways that the be deployed, configured, even removed with Brocade solution can be used to virtualize the click of a mouse. In fact, deployment network functions. fully configured load balancers, routers, The goal of those promoting Network can now choose between the virtual and the firewalls and the like can automated and Functions Virtualization is nothing less than physical Brocade ADX platforms to meet the integrated into a service delivery process— to change the economics of networking by different deployment needs. without requiring on-site service. offering to replace proprietary hardware To assist cloud administrators in the control with Common-Off-The-Shelf (COTS) of their virtual applications, the Brocade Cost servers, by consolidating functions, ADX switch enables the automation, Today’s networks are dominated by an ever and by allowing automated deployment, migration, and scalability of cloud-based growing variety of proprietary hardware configuration and orchestration. applications while increasing visibility appliances—each providing specialized across the application delivery tier. For function or service. These specialized BROCADE FOR NETWORK FUNCTIONS environments that already facilitate networking devices serve as dedicated VIRTUALIZATION virtual network service orchestration, resources for processor intensive tasks Brocade offers two powerful solutions for individual Brocade ADX switch components and business critical services, and in most software-based networking; the Brocade® (e.g. VIPs, contexts, full devices) can be cases, as underlying foundation for a Vyatta vRouter and the Brocade Virtual managed via XML/SOAP API or plug in to reliable and scalable network. However, the ADX. The Brocade Vyatta vRouter includes third-party vendor offerings and standard plethora of hardware uses valuable space advanced routing, stateful/zone-based frameworks (e.g. OpenStack for large-scale and energy, requires on-site deployment and firewall and VPN for site-to-site and remote enterprises and VMware vCloud Director for removals, and leaves the network owners . The Brocade Virtual ADX SMB). These tools can be combined with dependent on various vendors for hardware, provides Layer 4 to 7 server load balancing Application Resource Broker for continued spares and accessories. services and extends the reach of the advancement in resource provisioning, advanced Application Delivery Controller monitoring, and intelligent management of (ADC) services closer to the application Traffic volume network resources and capacity. Network cost infrastructure. The Brocade Vyatta vRouter and the Brocade Virtual ADX together form THE BROCADE VYATTA VROUTER Network costs a comprehensive suite of software-based outstrip revenue The Brocade Vyatta vRouter delivers network services that will allow you to build Revenue advanced routing for physical, virtual fast, effective and secure networks in highly and cloud networking environments. The virtualized environments. Brocade Vyatta vRouter includes , Policy-Based Routing (PBR), stateful THE BROCADE VIRTUAL ADX firewall, VPN support, traffic management Brocade Virtual ADX leverages the same Time and more in a package that is optimized system architecture and operating Now to perform in virtualized environments. system as its award winning Brocade ADX Dominated by voice Dominated by data All features are configured through the Application Delivery Switch. The Brocade vRouter’s familiar, networking-centric CLI, Virtual ADX has a dedicated, logical Figure 1. Web-based GUI or third party management management processor and multiple Comparison of the network economics of systems using the Vyatta’s RESTful API. mobile networks. logical application cores to intelligently load balance traffic. The solutions’ management The Brocade Vyatta vRouter supports all processor performs management tasks major hypervisors or it can be installed on More worrying still, the operational costs and monitors the health of servers, while any standard x86 based system or in public of managing data centers and networks the application core takes user traffic clouds. The newly announced Brocade has skyrocketed—even as margins have and performs server load balancing. This Vyatta 5600 line of vRouters will employ been cut ever finer. The result is a financial distributed architecture enables increased Brocade-patented vPlane™ technology, squeeze that has service providers performance as more virtual CPU cores are allowing the software router to meet or scrambling for solutions. John Mazur of ESG added to the virtual . exceed the performance of many proprietary Research wrote, “Telecoms’ modest revenue hardware based solutions. By separating The Brocade Virtual ADX offers robust Layer growth just can’t keep up with the projected the from the data plane and 4 to 7 services with high availability and infrastructure investment needed for taking advantage of the latest in processor comprehensive management. It provides rapidly accelerating data traffic growth advances, the 5600 vRouter will offer advanced load-balancing methods to with their current scaling model (see exceptional s performance—making it ideal choose the best server in both virtual and Figure 1).” Indeed, Nav Chander of IDC for the 10Gb/s servers increasing deployed physical infrastructure. It can monitor server Research agrees, “IDC believes that the in modern data centers. rapid global growth of data and video connection load, server resources such as CPU, memory, and application response traffic across all networks, the increasing BROCADE ENABLES NFV USE CASES use of public and private cloud services, time in order to deliver the best application Service providers, especially carriers are and the desire from consumers and performance and reliability. It also utilizes facing some of the highest volume of enterprises for faster, more agile service a flexible application scripting engine for customers and the most diverse network and application delivery are driving the real-time application services. Through the infrastructure on the planet. NFV’s telecom markets toward an inevitable comprehensive portfolio of Brocade ADX hallmark for service providers is to bring era of network virtualization.” application delivery switches, customers APPLICATIONS WEB DATABASE allows the installation of routing and firewall within and between public clouds such as Amazon AWS and Rackspace, allowing you

Application to build secure hybrid cloud architectures. Load Balancing

Stateful Firewall SECURE MULTITENANCY OF NETWORK FUNCTIONS Secure multitenancy is a critical concern for service providers and service oriented

VP organizations alike. One significant challenge involves maintaining compliance Secure VPN Secure VPN to corporate and regulatory standards, while leveraging the shared infrastructure model’s cost benefits and improved operational efficiency. In order to meet this challenge, the network infrastructure must enable Figure 2. security policies to be enforced exactly as Secure Application Delivery© 2013 Brocade with Communications Brocade Sys tems,Virtual Inc. Com ADXpany Pr oprandietary BrocadeInformation. Vyatta vRouter. they are within the enterprise network—that is, each tenant must have their own private, increased provisioning agility in revenue anywhere in your network as well as isolated, and secure virtual network service generating services and reduce the in public and private clouds, it allows infrastructure. Brocade Vyatta vRouter and time, CapEx, and OpEx in bringing those consistency in firewall configuration and Brocade Virtual ADX enable a multitenant services to market. While this promise is policy. network services with dedicated router, ambitious, the applicability of virtualizing • Powerful dynamic and policy-based VPN virtual firewall and VPN (Virtual Private the network functions in the functionality with options for both IPsec Network) as well as advanced server is already occurring in many facets of and SSL-based OpenVPN. load balancing services, enabling tighter industry landscape. control over VM sprawl and making efficient The Brocade Virtual ADX and the Brocade • Translation and DHCP use of physical and virtual infrastructure Vyatta vRouter have leveraged this modern (see Figure 3). Together with the advanced Layer 4-7 technology to enable these deployment services from Brocade Virtual ADX, models below that offer wide range of organizations of all sizes can safely optimize FLEXIBLE HYBRID CLOUD operational and cost benefits for network the delivery of their business critical DEPLOYMENT operators, their partners and customers. services from one locality to another, or The Brocade software-based networking between multitiered application/service solutions offer key capabilities for enabling APPLICATION SECURITY AND environments (see Figure 2). hybrid cloud deployments, including the OPTIMIZATION cloud bursting capabilities of the Brocade Virtualizing your network infrastructure The software-based Brocade network Application Resource Broker (ARB) in does not mean dropping your guard against appliances offer other security advantages, conjunction with the Brocade Virtual ADX the rising tide of application threats, data for example, the Brocade approach allows and secure cloud bridging through the leakages, and security breaches. Brocade the use of a firewall or a secure tunnel Brocade Vyatta vRouter (see Figure 4). Vyatta vRouter offers distinct security between virtual machines, without hair- attributes to safeguard your application pining traffic out of the hypervisor to an delivery and service creation. These include: external, hardware device. Brocade also

• Secure cloud bridging with combination Tenant 1 Tenant 2 of Layer-2 bridging allowing secure communications between physically separate networks. • Enterprise-class SPI (Stateful Packet Inspection) firewall enables providers to define and enforce access control policies and segment networks while isolating multitenant virtual infrastructures. Zone- based deployment is critical to PCI and HIPPAA compliance, enabling network isolation without the need to restructure !"#$%&'( Hypervisor !"#$%&'( IT policy or firewall architecture. Because the Vyatta firewall can be installed Figure 3. Secure Multitenant Deployment Model with Guaranteed Resources. SOLUTIONS BRIEF www.brocade.com

Brocade ARB essentially acts as an ADC demand service through Amazon’s AWS and virtual environments while allowing network resource manager -- enabling organizations Rackspace’s open cloud or can be installed operators to streamline their service to burst their local resource footprint to a as an instance in public or private clouds. development life cycles. Together, the cloud-optimized data center when demand Brocade Virtual ADX and Brocade Vyatta for computing capacity spikes and finally RAPID TESTING AND DEVELOPMENT offer an agile framework for on-demand evoking that burst capacity as demand Development (Dev) and quality assurance network functions independent of hardware. subsides. Through the global scripting (QA) teams have always been early adopters capabilities of Brocade ARB, administrators of innovation, such as NFV. Whether hosting CONCLUSION can customize the particular environments isolated sandbox environments or rapid Network Functions Virtualization promises and actions during the burst cycle, application development, virtualization to enable a new cycle of network expanding the flexibility to leverage the has proven to be effective in increasing innovation and to launch a wave of next- set of third party and/or custom the productivity of these functional groups, generation network-based applications and resources to improve the overall the quality of their work, and the speed services. Brocade has a comprehensive application performance. at which they test and develop codes. portfolio of software-based networking In the same way, NFV enables efficient solutions designed for Network Functions The Brocade Vyatta vRouter provides reusability of network services between QA Virtualization. The Brocade Virtual ADX not only the Dynamic Multipoint VPN and Dev, and also allows a higher density and the Brocade Vyatta vRouter along functionality to automatically and of automated testing, thus accelerating with powerful tools such as the Brocade dynamically build secure tunnels between the time to release or to market new Application Resource Broker allow service data centers and/or cloud environments, services. The Brocade Virtual ADX and providers to dynamically offer and control but also advanced routing and firewalling to Brocade Vyatta vRouter enables Dev and network services. Brocade also provides ensure secure and optimal traffic flows. The QA to replicate physical networks within integration into next generation cloud Vyatta vRouter is also available as an on- orchestration environments such as OpenStack directly and through rich RESTful and XML APIs. Together with the Brocade purpose-built physical networking portfolio, Brocade MLXe Brocade enables service providers and service-oriented organizations to support diverse deployment models and network services at scale. WAN ABOUT BROCADE Brocade networking solutions help organizations transition smoothly to a world where applications and information reside anywhere. Innovative and storage BrBrocadeocao dde ARBAAR Private or Publicublic networking solutions for data center, Vir tual Physical campus, and service provider networks help Cloud Environment On-Premiseem i Dataa ta Center reduce complexity and cost while enabling virtualization and cloud computing to increase business agility. Learn more Figure 4. at www.brocade.com. Hybrid Cloud Service with Brocade Virtual ADX, ARB and Brocade Vyatta vRouter.

Corporate Headquarters European Headquarters Asia Pacific Headquarters San Jose, CA USA Geneva, Switzerland Singapore T: +1-408-333-8000 T: +41-22-799-56-40 T: +65-6538-4700 [email protected] [email protected] [email protected]

© 2013 Brocade Communications Systems, Inc. All Rights Reserved. 10/13 GA-SB-1807-00 ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.