momius - Fotolia
Dell EMC code contributions restructure OpenSwitch architecture
In this blog roundup, networking bloggers discuss changes in OpenSwitch architecture, SD-WAN's advantages and disadvantages, and the latest container security project.
Fresh from the SDN blogging world: One networking expert analyzes survey results about software-defined WAN pros and cons, while another discusses a new open source container security project and upcoming changes to OpenSwitch architecture, thanks to contributions from Dell EMC and SnapRoute.
OpenSwitch architecture changes due to new code contributions
Packet Pushers' blogger and IT expert Drew Conry-Murray wrote about the latest changes to OpenSwitch architecture. According to Conry-Murray, Dell EMC and SnapRoute -- an open source software startup based in Palo Alto, Calif. -- contributed code that will be an essential element to the OpenSwitch architecture.
Hewlett Packard Enterprise originated the OpenSwitch project with the intent to develop an open source network operating system. Now, much of the original code will be substituted with code from Dell EMC and SnapRoute, Conry-Murray wrote. Dell EMC's Operating System 10 Open Edition software will act as the base layer for the operating system, providing the file system and management.
SnapRoute contributed its modular software, which offers features such as Border Gateway Protocol, MPLS and support for IPv4 and IPv6. According to Conry-Murray, SnapRoute's software allows both manual management with a command-line interface and automated management with tools like Chef and Puppet.
Read Conry-Murray's complete thoughts on the developments to OpenSwitch architecture.
SD-WAN advantages and disadvantages
Over the past year, SD-WAN has become an increasingly popular technology. This awareness brings discussions about SD-WAN's potential advantages and disadvantages. In a recent blog post on The Elastic Network, Jim Metzler, vice president of Ashton, Metzler & Associates, based in Sanibel, Fla., discussed survey results that showcased SD-WAN's increasing familiarity and the resulting contemplation about its pros and cons.
According to Metzler, 33% of the 110 network professionals surveyed said they were either very or extremely familiar with SD-WAN, an 18% increase in the number of respondents who provided the same answer in a 2015 survey. Metzler said this familiarity could, in part, be due to the growing amount of informational articles and webinars about SD-WAN.
Respondents appeared to be less certain, however, of SD-WAN's benefits and drawbacks. To illustrate how SD-WAN is perceived in the enterprise, Metzler used three forces -- security, cost management and support of real-time applications, like voice and video -- that most affect traditional enterprise WANs.
Respondents, he wrote, were split regarding whether SD-WANs would improve security. But he said many believed SD-WAN would significantly reduce Opex, and although the survey didn't specifically mention voice or video, respondents tended to say they expected SD-WAN tools to increase application performance.
To learn what Metzler wrote about the survey, read his complete post.
Trireme container security a work in progress
As Containers became more common in networking, an important security consideration emerged: Should multiple containers be allowed to communicate with each other? Aporeto, a cloud security startup based in San Jose, Calif., approached this challenge with its latest open source project, Trireme. In another Packet Pushers blog post, Drew Conry-Murray discussed this latest venture.
According to Aporeto's site, Trireme uses authentication and authorization to attach security to the specific application running on a container. Or, as Conry-Murray said, Trireme identifies attributes assigned to each container upon creation and authorizes communication among containers, based on established policies -- it essentially acts like a TCP proxy server.
First, Trireme identifies the container label and signs it using elliptic curve cryptography. Then, "a second Trireme agent validates the signature, checks the label and attributes of the container, and then checks its policies to confirm whether the sending container is authorized to communicate with the recipient," Conry-Murray wrote. Once the identity is confirmed, Trireme moves out of the way and permits the network connection.
Trireme's approach is relatively simple, utilizing the unique attributes and functions of each container. Conry-Murray said it was a sensible approach. However, he also noted Trireme needs to prove itself in live production, especially at scale, and how well it integrates with management and orchestration systems.
View Conry-Murray's post for more on Aporeto's Trireme container security project.