Aruba Partners With Pensando For The First Distributed Network Switch

The network arm of Hewlett Packard Enterprise, Aruba, has revealed that it has partnered with startup Pensando, backed by John Chambers, for a new switch. The Aruba CX 10000 Series Switch aims to reinvent conventional data center switching by creating a distributed service fabric in which network, security, and Layer 4-7 services become ubiquitous on the network. The heart of the new Aruba Switch is the Pensando Elba Data Processing Unit (DPU).

Traditional networks were designed for data centers where the majority of traffic moved in a “north-south” direction. That is, it would enter the data center, traverse three or more levels, pass through a core, and then come back “paperclip” (ie by a roundabout path causing latency). This made the placement of infrastructure, such as load balancers and security appliances, relatively straightforward as they could all be deployed in the kernel.

Data centers are moving towards distributed architectures

As data centers evolved into a disaggregated infrastructure, the volume of east-west traffic exploded, creating performance issues. This gave birth to spine-life architectures that used a much flatter network design. Today, the data center is in the midst of yet another transition – to a cloud architecture, where containers and microservices are driving the need for security and Layer 4-7 services everywhere. The current leaf / backbone design would have firewalls, application delivery controllers, and other infrastructure deployed centrally, meaning that every container that needs to be secured would have to go through a handful of switches. leaf and spine – to tools and back – creating an east-western “paperclip” problem.

One solution would be to deploy firewalls, NAT (network address translation), intrusion prevention systems, encryption tools, and other infrastructure at every network junction point, but this would be costly and unmanageable. . The Aruba-Pensando solution integrates these capabilities into the switch through the DPU. Vendors have tried to do this in software before and let the central processor handle the processing, but the network silicon from vendors like Broadcom was designed for Layer 2-3 network traffic and not for security and application layer. The Aruba Switch is able to offload all processing for these services to the DPU so that network performance is not affected.

Pensando DPU offloads heavy loads from network switches

The Pensando DPU includes a wide range of services including firewall, NAT, DDoS, encryption, load balancing, and telemetry. The concept of DPU is easy to understand when looking at different markets. For example, processors do not handle high levels of graphics well, so computer manufacturers use graphics processing units (GPUs). Likewise, network security vendor Fortinet provides its own security processing unit (SPU) to optimize the performance of its products. The Pensando DPU manages those data center services that crush the processor.

Aruba customers are expected to see a significant increase in performance for many data center services. For example, a typical traditional switch can handle approximately 8,000 ACLs before performance is affected. An access list (ACL) is a set of rules defined to control network traffic and reduce network attacks. ACLs are used to filter traffic based on the set of rules defined for entering or exiting the network. The Aruba CX 10000 can handle around 1 million. Likewise, traditional switches can be configured for around 10,000 IPSec tunnels, while the new Aruba enclosure can handle around 200,000. Aruba can bring new capabilities as well. Standard switches cannot be used as a firewall, but the Aruba product can provide approximately 1 million rules.

One of Aruba’s great benefits is ease of management as a network, and security engineers can administer switches using Aruba’s widely deployed Fabric Composer. All network and security policies can be managed through the product. One of the more progressive attributes of Fabric Composer is that it is designed for organizations where security and network teams have been brought together, but it also provides configuration options if the organization has split SecOps groups. and NetOps.

Interoperability: base attribute for Aruba

As with all Aruba products, the CX 10000 has been designed with interoperability in mind so that third-party ecosystem partners can access data in different ways. The box itself provides real-time streaming telemetry. Additionally, Fabric Composer has an exportable syslog that can be used. Other vendors will choose to integrate using the available APIs. At launch, the company announced a wide range of partners, including Fortinet, Palo Alto, Crowdstrike, Splunk, Netscout, Tufin and Guardicore, to name a few.

For Aruba, the partnership with Pensando should pay significant dividends. While former Cisco Systems CEO John Chambers is an investor and chairman, the startup’s engineering team is about as good as it gets. The company was founded by the successful “MPLS” quartet (Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani), which has built several billion dollar products at Cisco, including its ACI (Application Centric Infrastructure) current, which was done via the Insieme “spin-in”.

Historically, changes in calculation have always led to the evolution of the network. Computing is moving from a centralized cloud model to a highly distributed design based on cloud native technologies, which requires network modification. The new Aruba CX 10000 is ideally suited for modernized data centers where performance is essential but cannot come at the expense of agility.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *