This guest blog post is by Abhinav Gupta, Product & Solutions Marketing Director at Ravello. We thank Ravello for being a Packet Pushers sponsor.
Public clouds and Network labs
The public cloud is excellent for running labs – providers such as AWS, Google Cloud, Microsoft Azure offer scale, capacity and consumption based pricing. While public cloud is great for labs in general, it is limiting when it comes to setting up networking & security labs. One doesn’t have access to Layer 2 networking – broadcast and multicast frames are filtered. VLANs, Virtual MACs, Gratuitous ARPs, span ports, port-mirroring are unsupported. Many high-availability solutions (e.g. Cisco VRRP, uCARP, Red Hat Cluster Suite, Veritas Cluster etc.) and auto-discovery solutions (e.g. Apple Bonjour, Zeroconf, EhCache, Hazelcast, Oracle Grid Infrastructure) that rely on multicast/broadcast don’t work out of box.
HVX – virtual infrastructure for the cloud
An overlay network on top of public cloud can help overcome these limitations. It can enable a clean Layer 2 access – allowing multicast, broadcast, VLAN, VMAC, GARP, span ports, port mirroring to work, giving access to all functionality that is available in data centers. Ravello’s Network & Security Smart Lab – virtualizes the connectivity between virtual machines and allows unmodified VMware and KVM virtual appliances to run on the public cloud. Ravello is powered by HVX – its distributed hypervisor that combines software defined overlay network and a nested virtualization engine.
The overlay network implementation comprises of two parts – a control plane and a data plane. Control plane consists of a distributed router, distributed DNS and DHCP server. The data plane features a fully distributed virtual switch and virtual router. Network packets that are sent by a VM on top of HVX are intercepted and injected into the switch. The switch operates very similar to a real network switch. For each virtual network device, the virtual switch creates a virtual port that handles incoming and outgoing packets from the connected virtual NIC device. The virtual port learns MAC addresses of incoming packets and builds a forwarding table based on this. For broadcast frames, the virtual port floods the packet to all other distributed virtual ports in the same broadcast domain. The traffic between ports uses a local transport if the ports are on the same switch, or P2P tunnels over UDP if they aren’t. With these constructs at the core, this virtual network looks exactly like the data center network.
HVX’s nested virtualization engine enables VMware or KVM virtual machines & appliances to run on top of AWS/Google cloud. One can bring their own network elements (e.g. Juniper or Cisco router, F5 or NetScaler load-balancer, Palo Alto Networks or Fortinet firewall, pfSense or Cisco VPN concentrator) to implement a network function. HVX contains implementation of virtual NICs that supports VMXNet3 and other device types that are not natively supported on AWS. HVX also enables console access to the VMs and virtual appliances by creating a VNC session. As a result users can access their VMs just as they would be able to in a data-center. These capabilities help create a real multi-tier, multi-segment, multi-node lab with appliances and real traffic – without provisioning any hardware.
What can I use Network & Security Smart Labs for?
People need labs for a variety of use-cases. Network engineers need labs to design networks, deploy appliances, perform upgrade tests. Sales engineers need environments for sales demos, customer PoCs. QA engineers need labs for testing. Security professionals need labs for malware testing. Trainers need labs to train students. Network & security appliance manufacturers need environments to give potential customers a ‘hands-on experience’. However, setting up staging environments is time-consuming and expensive – one needs hardware, power, rackspace.
Network & Security Smart Lab makes setting up staging environments easy. Smart Lab comes with a very powerful feature – ability to take snapshot ‘blueprint’ of the entire infrastructure complete with virtual machines, network & security appliances and networking interconnect. This opens up new use-cases. One can take blue-print of a working setup, make changes and if things stop working, revert back to the earlier snapshot – version control for lab infrastructure. Onboarding a new-comer to the team becomes easier – one can spin up another instance of lab from the blueprint. Setting up training labs, sales demo environments, customer PoCs, malware sandboxes can be done in minutes – and cloned as needed. Since its service launch, ISV’s have used Ravello’s Network & Security Smart Lab for a variety of use-cases.
Arista Networks uses Smart Lab for repeatable sales demos
Arista Networks wanted to demonstrate 12 node leaf-spine topology with Arista Switches (vEOS) to potential customers in a repeatable manner, and without shipping hardware. They were able to achieve their goal by creating a blueprint of their sales demo environment on Ravello’s Network Smart Lab. Now, every time an Arista Sales Engineer wants to showcase the power of their leaf-spine topology, they spin a copy of this blueprint on AWS or Google cloud closest to the customer – providing a local user-experience from anywhere in the world.
Check Point uses Smart Labs to scale at sales conferences
The elastic and on-demand nature of the public cloud lends itself very well for events where the actual demand is unknown. In fact, Check Point recently used Ravello to host three of their biggest sales conferences in Vienna Austria, Las Vegas USA and Singapore where they ran close to 900 labs concurrently (1800 virtual machines, network appliances, firewalls with sophisticated networking). Time it took to launch 900 labs on AWS using Ravello – less than 30 mins.
Blackfin Security uses Smart Labs for training and threat simulation
Elasticity comes in handy for bursty demands. Blackfin Security uses Ravello Smart Labs to run ‘Capture The Flag’ complex threat simulation environments and to offer self-paced security training at ‘The Hacker Academy’. During a typical ‘Capture The Flag’ event Blackfin Security needs resources to accommodate 1500+ participants – running these events on the cloud using Ravello has helped Blackfin Security offer exceptional service, without having to worry about resources to accommodate peak loads. Using Smart Labs to provision training labs self-paced courses has helped Blackfin in offering better user-experience to students.
Smart Labs – a fresh technology perspective on product development lifecycle
Network & Security Smart Lab opens new opportunities for ISVs – such as network and security appliance manufacturers – and their ecosystem of resellers, technology partners, customers. They all need complete, fully featured environments for demos, PoCs and testing. Smart Labs makes it is possible to accommodate that need on-demand, and in a cost effective manner.
With Juniper Networks, Cisco, Check Point, Palo Alto Networks, F5 Networks, Citrix, Barracuda, Fortinet, Radware appliances running on Ravello’s Smart Lab – the appliance manufacturers can accommodate peak demand for additional test environments ahead of a new software release. Further, once the newer version of the appliance is released, they are able to train their entire eco-system on the new functionality introduced. Smart Lab helps appliance manufacturers in every stage of their product lifecycle.
Ravello’s Network & Security Smart Lab provides an easy and cost-effective way to set up lab environments for sales demo, customer PoCs, training, network design, development testing and upgrade testing on AWS & Google. Interested in trying Network & Security Smart Lab? Sign up for a free trial and check out the “how-to” guides to get your favorite appliance running on AWS or Google Cloud – Juniper, Cisco, Arista Networks, Citrix NetScaler, F5 Big IP, Palo Alto Networks, Fortinet FortiGate, Barracuda, and PfSense.