Posts Tagged 'Vlan'

July 16, 2014

Vyatta Gateway Appliance vs Vyatta Network OS

I hear this question almost daily: “What’s the difference between the Vyatta Network OS offered by SoftLayer and the SoftLayer Vyatta Gateway Appliance?” The honest answer is, from a software perspective, nothing. However from a deployment perspective, there are a couple fundamental differences.

Vyatta Network OS on the SoftLayer Platform

SoftLayer offers customers the ability to spin up different bare metal or virtual server configurations, and choose either the community or subscription edition of the Vyatta Network operating system. The server is deployed like any other host on the SoftLayer platform with a public and private interface placed in the VLANs selected while ordering. Once online, you can route traffic through the Vyatta Network server by changing the default gateway on your hosts to use the Vyatta Network server IP rather than the default gateway. You have the option to configure ingress and egress ACLs for your bare metal or virtual servers that route through the Vyatta Network server. The Vyatta Network server can also be configured as a VPN end point to terminate Internet Protocol Security (IPSEC), Generic Routing Encapsulation (GRE), or OpenSSL VPN connections, and securely connect to the SoftLayer Private Network. Sounds great right?

So, how is a Vyatta Network OS server different from a SoftLayer Vyatta Gateway Appliance?

A True Gateway

While it’s true that the Vyatta Gateway Appliance has the same functionality as a server running the Vyatta Network operating system, one of the primary differences is that the Vyatta Gateway Appliance is delivered as a true gateway. You may be asking yourself what that means. It means that the Vyatta Gateway Appliance is the only entry and exit point for traffic on VLANs you associate with it. When you place an order for the Vyatta Gateway Appliance and select your public and private VLANs, the Vyatta Gateway Appliance comes online with its native VLAN for its public and private interfaces in a transit VLAN. The VLANs you selected are trunked to the gateway appliance’s public and private interfaces via an 802.1q trunk setup on the server’s interface switch ports. These VLANs will show up in the customer portal as associated VLANs for the Vyatta Gateway Appliance.

This configuration allows SoftLayer to create an outside, unprotected interface (in the transit VLAN) and an inside, protected interface (on your bare metal server or virtual server VLAN). As part of the configuration, we set up SoftLayer routers to static route all IP space that belongs to the associated VLANs to the Vyatta Gateway Appliance transit VLAN IP address. The servers you have in a VLAN associated with gateway appliance can no longer use the SoftLayer default gateway to route in and out of the VLAN. All traffic must be filtered through the Gateway Appliance, making it a true gateway.

This differs from a server deployed with the Vyatta Network OS because hosts behind the Vyatta Network OS server can route around it by simply changing their default gateway back to the SoftLayer default gateway.

N-Tier Architecture

Another difference is that the gateway appliance gives customers the option to route multiple public and private VLANs in the same pod (delineated by an FCR/BCR pair) through the device. This allows you to use the gateway appliance to create granular segmentation between different VLANs within your environment, and set up a traditional tiered infrastructure environment with ingress and egress rules between the tiers.

A server running Vyatta Network OS cannot be configured this way. The Vyatta Network OS server is placed in a single public and private VLAN, and there is no option to associate different VLANs with the server.

I hope this helps clear up the confusion around Vyatta on the SoftLayer platform. As always, if you have any questions or concerns about any of SoftLayer’s products or services, the sales and sales engineering teams are happy to help.

-Kelly

January 10, 2014

Platform Improvements: VLAN Management

As director of product development, I'm tasked with providing SoftLayer customers greater usability and self-service tools on our platform. Often, that challenge involves finding, testing, and introducing new products, but a significant amount of my attention focuses on internal projects to tweak and improve our existing products and services. To give you an idea of what that kind of "behind the scenes" project looks like, I'll fill you in on a few of the updates we recently rolled out to improve the way customers interact with and manage their Virtual LANs (VLANs).

VLANs play a significant role in SoftLayer's platform. In the most basic sense, VLANs fool servers into thinking they're behind the same network switch. If you have multiple servers in the same data center and behind the same router, you could have them all on the same VLAN, and all traffic between the servers would be handled at the layer-2 network level. For customers with multi-tier applications, zones can be created to isolate specific servers into separate VLANs — database servers, app servers, and Web servers can all be isolated in their own security partitions to meet specific security and/or compliance requirements.

In the past, VLANs were all issued distinct numbers so that we could logically and consistently differentiate them from each other. That utilitarian approach has proven to be functional, but we noticed an opportunity to make the naming and management of VLANs more customer-friendly without losing that functionality. Because many of our customers operate large environments with multiple VLANs, they've had the challenge of remembering which servers live behind which VLAN number, and the process of organizing all of that information was pretty daunting. Imagine an old telephone switchboard with criss-crossing wires connecting several numbered jacks (and not connecting others). This is where our new improvements come in.

Customers now have the ability to name their VLANs, and we've made updates that increase visibility into the resources (servers, firewalls, gateways, and subnets) that reside inside specific VLANs. In practice, that means you can name your VLAN that houses database servers "DB" or label it to pinpoint a specific department inside your organization. When you need to find one of those VLANs, you can easily search for it by name and make changes to it easily.

VLAN List View

VLAN Naming

VLAN Detail Page

VLAN Naming

While these little improvements may seem simple, they make life much easier for IT departments and sysadmins with large, complex environments. If you don't need this kind of functionality, we don't throw it in your face, but if you do need it, we make it clear and easily accessible.

If you ever come across quirks in the portal that you'd like us to address, please let us know. We love making big waves by announcing new products and services, but we get as much (or more) joy from finding subtle ways to streamline and improve the way our customers interact with our platform.

-Bryce

Subscribe to vlan