Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtualizing the Network there is no spoon Peninsula Users Group October 25 rd, 2007.

Published byWarren Clarke Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtualizing the Network there is no spoon Peninsula Users Group October 25 rd, 2007."— Presentation transcript:

1 Virtualizing the Network there is no spoon Peninsula Users Group October 25 rd, 2007

2 About Untangle Open Source Network Gateway  GPLv2 12 Open Source Applications  Firewall, VPN, IPS, Spam, Spyware, AV, web filter & more Designed for Small Business  Easy to install & manage w/ GUI, logging & reporting Untangle sells…  Live phone support  An extra application (clientless VPN) Download on SourceForge  http://sourceforge.net/projects/untangle  ISO Image  VMWare Image

3 33 whoiam Untangle Founder & CTO Career highlights Major projects High Bandwidth Transparent Vectoring for proxy firewall engines Java-based distributed monitor and intrusion detection systems. Survivability simulations in support of fault tolerant systems Work History CERT/CC (Computer Emergency Response Team) Akheron Technologies, Chief Architect. VerticalNet and H.L.L.C. Consulting Education Carnegie Mellon University, Bachelor's degree in Computer Science with a minor in Mathematics Read Dirk’s blog - http://blog.untangle.com/

4 a The Simpler Way to Protect, Control and Monitor your network low  Firewall  Email Server  File Server  Anti-Virus  Anti-Spam  Anti-Spyware  VPN  Web Filtering  Intrusion Prevention  Reporting  IM/P2P/QoS  Archiving/Backup SMB network – the HARD way!  Firewall  Email Server  File Server  Anti-Virus  Anti-Spam  Anti-Spyware  VPN  Web Filtering  Intrusion Prevention  Reporting  IM/P2P/QoS  Archiving/Backup SMB network – the SIMPLE way! high medium low  Phishing  SSL VPN  VOIP  NAC  Future Threats/Apps? New Threats & Apps online library  Phishing  SSL VPN  VOIP PBX  NAC  Future Threats/Apps? New Threats & Apps OR virtual 19” rack SMB Adoption

5 Untangle Implementation Behind the firewall & router As the firewall & router Untangle

6 What is a Virtual Network? 6 A virtual network provides the functionality, or application programming interface (API), of links between nodes, as in a computer network. The implementation of these virtual links may or may not correspond to physical connections between nodes.application programming interfacenodescomputer network wikipedia definition: what its not: physical transport medium

7 Background 7 Consolidation 2002 Instant Messaging P2P blocking Anti-virus IPS (snort) etc trends Software (vs ASIC)

8 Attempt #1 – the “VMWare” approach 8 terrible resource contention - latency high overhead of virtualization no sharing data advantages disadvantages fairly simple for applications kernel

9 Attempt #2 – the “proxy chaining” approach 99 bad resource contention - latency more complicated advantages disadvantages less overhead proxy 1 proxy 2 proxy 3 proxy 4 kernel

10 Proxy Chaining (latency issue) Buffer Copies: Proxy Chain Data from the network Context Switches: Application Proxy CPU Thread / Process Run Queue =4 =5 Avg Run Queue Wait20 msec Context Switches4 Latency Overhead80+ msec Avg Run Queue Wait20 msec60 msec Context Switches44 Latency Overhead80+ msec240+ msec Light Load Moderate Load

11 Proxy chaining and VMWare latency behavior

12 Attempt #3 – the “pipelining” approach 12 app’s need to be ported to threading model advantages disadvantages less resource contention node 1 node 2 node 3 node 4 kernel

13 Virtual Pipelining Buffer Copies: Virtual Pipeline Data from the network Context Switches: Application Module CPU Thread / Process Run Queue =1 =2 Avg Run Queue Wait10 msec30 msec Context Switches11 Latency Overhead10 msec30 msec Light Load Moderate Load >8x improvement

14 Latency vs previous approaches – problem solved

15 Virtual Network tricks dynamic reconfiguration (per session) object passing & data sharing share common resources (reports, alerts, management, etc) backup and restore of entire network virtual networks are different than physical networks

16 Redefining the Network Benefits Significantly cheaper Allow for quick application adoption and management Enhanced applications our goal: run your entire network in one machine

Download ppt "Virtualizing the Network there is no spoon Peninsula Users Group October 25 rd, 2007."

Similar presentations

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Web Content Control Application Providing Secure & Reliable Internet Access December 2010.

Web Content Control Application Providing Secure & Reliable Internet Access December 2010.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Virtualizing the Network …there is no spoon there is no spoon November 7th, 2007.

Virtualizing the Network …there is no spoon there is no spoon November 7th, 2007.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
P2P Network is good or bad? Sang-Hyun Park. P2P Network is good or bad? - Definition of P2P - History of P2P - Economic Impact - Benefits of P2P - Legal.

P2P Network is good or bad? Sang-Hyun Park. P2P Network is good or bad? - Definition of P2P - History of P2P - Economic Impact - Benefits of P2P - Legal.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Operating Systems: Principles and Practice

Operating Systems: Principles and Practice
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.

Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager

Similar presentations

Ads by Google