Virtual SD-Edge (Open Secure Routing)
Introduction
In the ever-present quest to achieve improve agility while reducing costs, enterprises large and small are capitalizing on the compelling benefits of virtualization and the cloud. In response, cloud and managed service providers are leveraging Network Functions Virtualization (NFV) to introduce new services to facilitate cloud migration. IP Infusion’s Virtual SD-Edge is an open, highly secure, virtualized router that ushers in a new generation of cloud connectivity networks and services.
Benefits
Virtualized routers offer a number of advantages over traditional hardware-based routers, which are summarized in Table 1. By exploiting the benefits of virtualization, automation, and software-defined networking, virtualized routers offer significantly improved agility, while driving down both capital and operational expenses.
Table 1: Hardware-based vs. Software- based Routers
Traditional Hardware-Based Router | Virtual Router | Benefits |
Physical form factors expensive to deploy, maintain, and repair | Run in general-purpose hardware | Lower CapEx |
Purchasing cycle is slow and expensive | Deploy and de-commission on-demand | Higher agility and lower TCO |
Functionality limited to embedded capabilities and performance | Scale, reconfigure, or upgrade on-demand | Higher agility and lower OpEx |
Large scale deployments subject to firmware proliferation | Centralized software management | Lower OpEx and higher availability |
Designed for traditional networks | Designed for the Cloud | Higher agility at lower costs |
However, all virtual routers are not interchangeable. Significant expertise and tuning of the software-based forwarding plane is required to achieve performance on par with purpose-built appliances, especially in the virtualized environment. Extensive functionality beyond routing is required to address mission-critical use cases, especially security, address translation, performance optimization to name but a few. And ease of purchasing, deployment, integration, and support is expected in the cloud era.
The Virtual SD-Edge router addresses these issues, and offers a number of advantages summarized in Table 2 below.
Table 2: Virtual SD-Edge Virtualized Router Benefits
Features | Benefits |
Highly optimized forwarding plane (15+ years of tuning) | Compact virtualized footprint Highest performance per price point CapEx reduction |
Built on DANOS- first open source NOS platform | Optimized for disaggregation and easy to integrate/automate |
Pre-integrated virtual router, firewall, VPN, WAN optimization, etc. in a unified software package | Simple to purchase, deploy, and operate Higher value than alternatives |
Per vCPU licensing | Simplified licensing Exploits improvements in hardware at no additional costs |
Full-featured Control Plane | Enables a broad-range of cloud-networking use cases |
Extensive HA features | Achieves carrier-grade availability |
IP Infusion Advanced Network Services | Carrier-grade support |
Optimized for Virtualization Efficiency
Performance in the cloud era is not solely about achieving the highest throughput. The predominant metric is efficiency- achieving targets for network performance, physical space, electrical power, and management with the minimal resources.
This is particularly the case for Virtual Routers, where enterprises and service providers alike must pay direct costs for the cloud resources consumed. For Virtual (or Universal) CPE, NFV Infrastructure (NFVI) is inherently limited, and the challenge is to enable the most functionality in the lowest cost device.
Consequently, the Virtual SD-Edge software data plane has been optimized for efficient use of virtualization resources, whether in the public or private cloud, or NFV Infrastructure, including vCPE/uCPE. Only a single virtual core is required for up to 2 Gbps full-duplex packet processing, as verified by standard benchmark testing in accordance with RFC 2544 with iMIX (RFC 6985) packet size distribution). For 10 Gbps, full line rate throughput, only two virtual cores are required on a mid- to low-end x86 White Box.
The software data plane has been optimized for the virtualized environment over a decade utilizing DPDK and other acceleration techniques. Throughput has been validated to scale linearly with the number of virtual cores.
Target Use Cases
The Virtual SD-Edge virtual router may be hosted in a public, hybrid, or public cloud, extending WAN connectivity into the virtualized domain. The comprehensive control plane, robust management plane, and open architecture may be tailored for a range of use cases for CSP/MSPs, Enterprises, and Cloud Operators.
Cloud Migration use case
Migrating enterprise applications to the cloud requires a means to interconnect the physical and virtual domains. The Virtual SD-edge router offers an ideal set of comprehensive communications functionality and enhanced security in an integrated package.
Business does not pause to enable enterprise applications and data to migrate to the cloud. As applications are incrementally hosted, flexible networking capabilities are required to enable seamless (and of course secure) access to enterprise resources, no matter where they are deployed (see Figure 1).
Once deployed, enterprise data must be isolated from unauthorized access, by customers, partners, etc. but also even within a particular company. Data/resource isolation is provided through routing constraints, policy, and security. Service providers also require multi-tenancy, which is provided at scale for enabling managed services.
Virtual SD-Edge, built upon the IP Infusion Control Plane, and DANOS Vyatta edition Network Operating System platform, offers comprehensive L2-L7 support, advanced network security, and ease of deployment, management, and maintenance, in a compact software package.
Figure 1: Virtual SD-Edge Cloud Migration Use Case
Branch-to-Cloud use case
As enterprise continue to outsource infrastructure (to the cloud) and enhanced services such as SD-WAN, VPN, managed security, WAN Optimization, etc. (to MSPs), effective cloud connectivity becomes essential.
Virtual SD-Edge provides a highly cost effective and efficient means of offering end users in branch offices, secure access to enterprise resources hosted in the public, private, and/or hybrid cloud (see Figure 2). By offering comprehensive IPsec support, secure and ubiquitous VPN tunnels may be seamlessly extended into the cloud.
A built-in stateful firewall offers additional protection without additional charge. A rich set of standard management and orchestration interfaces and APIs are provided, to further reduce TCO.
Figure 2: Virtual SD-Edge Branch to Cloud Use Case
Multi-Site, Multi-Cloud Use Case
For large and multi-national enterprises, enhanced connectivity is required to address the inherent complexity of the organization. Regional headquarters, distributed data centers that provide local access (and regulatory compliance) are the norm.
The ability for multiple sites to access enterprise resources that may be hosted in a range of public and private clouds is essential, as indicated in Figure 3.
Virtual SD-Edge provides a highly flexible communications resource that may be deployed on demand, and hosted in a range of public and private clouds. Extensive routing and communications services that may be tailored to the needs of each region or even the site, along with embedded security and performance services are provided in a common package, that simplifies procurement as well.
Figure 3: Virtual SD-Edge Multi-Site, Multi-Cloud Use Case