Dynamic Service Chains
Define your services and let Corsa direct traffic at line-rate
Network Service Chaining, also known as Service Function Chaining (SFC) is a capability to create service chains of connected network services (such as L4-7 like firewalls, network address translation [NAT], intrusion protection) and connect them in a virtual chain. This capability of setting up dynamic service chains can be used by network operators to set up suites or catalogs of connected services that enable the use of a single network connection for many services, with different characteristics.
To date, this has meant cumbersome architectures and complicated service chain management tools. Service Function Chaining has made progress but scale, programmability and automation are sticking points.
Red Armor NSE7000 is being used as a foundation layer in SFC architectures primarily acting as a Service Classifier.
NSE7000 provides automated network service chaining capability that allows operators to control every individual user session without requiring human intervention. NSE7000 also helps ensure that specific applications are getting the proper network resources or characteristics (bandwidth, encryption, quality-of-service [QoS]).
Transparent to the network, with full line-rate performance, and ultra-precise traffic control, NSE7000 provides the ability to automatically redirect desired traffic to designated network service chains using REST, CLI or BGP control interfaces. Besides redirection, NSE7000 supplies a wide choice of remediation actions like accept, drop, remark and rate-limit that also play a critical role in network service chaining resource control and function offloading.
Dynamic Service Chain Example
The figure below shows the Corsa Red Armor NSE7000 deployed in-line, passing traffic unimpeded to the next hop. The service provider has a few service functions available to offer customers: Fortinet VMs for firewall services, Suricata for Intrusion Detection, and a generic service NFV. These services are out-of-line and can be dynamically created as required.
When a customer requests services (Customer A (Red) firewall and Customer B (Green) IDS and NFV), the service provider isolates only flows associated with those two customers and they are classified (sometimes called redirected) to the services (or service chains), treated by each service accordingly, and then recombined with traffic on the link to continue their journey.
Corsa Red Armor NSE7000 can be programmed with hundreds of thousands of rules to redirect traffic with traffic throughput and performance that is always line-rate regardless of the number of rules.