Network Functions | by StoneWork

Network Functions as StoneWork Modules.

StoneWork’s modular architecture dynamically integrates all network functions from our portfolio.

Customers are given the choice of their own StoneWork module configuration. No matter how many network functions you choose, you will always have a feature-rich control plane capabilities by preserving a single, high-performance data plane.

Essentials

The BGP (Border Gateway Protocol) network function provides routing & reachability functionality. Based on GoBGP and Ligato control/management plane.

VPP based NAT64 network function that allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP using Network Address Translation defined in RFC6146.

VPP based NAT464 network function provides a limited IPv4 connectivity across an IPv6-only network using a combination of stateful & stateless address translation – 464XLATe

Transit Tunnel uses VPP data plane to forward traffic to/from a remote GRE/VXLAN tunnel endpoint (another network function/external router).

Rate Limiter uses the FD.io VPP dataplane with an additional plugin to rate-limit traffic, passing between two interfaces of the network function

Router provides L3 routing between multiple network function interfaces, based on dynamic routing protocols.

Our Switch as a network function, provides L2 forwarding between multiple network function interfaces inside FD.io VPP data plane. Some provided features are: Static FIB / MAC learning, proxy ARP, ARP termination, VLAN support.

Security

ACL-based (Access Control List) Firewall between network function interfaces with FD.io VPP data plane and Ligato management plane.

Snort-based IDS (Intrusion Prevention/Detection System) network function with Ligato management plane. Allows to detect/prevent latest threats in communication between interfaces.

A VPN (Virtual Private Network) provides a convenient and secure way to access protected services from your private network, from anywhere in the world.

Advanced Tip: We also offer a standalone VPN called EntGuard, aimed at enterprise deployments.

Our IPSec network function forwards traffic to/from a remote IPSec peer (another network function / IPsec client / external router) to the desired destination.

Used in most VPNs. Have you read about EntGuard, our enterprise VPN solution?

Services

A must-have in network functions. A DHCP Server (Dynamic Host Configuration Protocol) as a network function. Automatically assigns IP addresses and other specifics to devices in the network.

This solution is based on ISC Kea DHCP server and Ligato management plane.

A VPP-based DHCP-Proxy network function that forwards DHCP (Dynamic Host Configuration Protocol) requests – received on a network function interface – to a remote DHCP server and proxies the DHCP replies to clients.

Supports multiple backend DHCP servers and allows configuring multiple VRFs (L3 partitioning).

DNS Server (Domain Name System) network function. An elementary part of your network, which helps recognize network destinations. This solution is based on BIND 9 and Ligato management plane.

RADIUS as a network function (Remote Authentication Dial-In User Service) provides Authentication, Authorization & Accounting (AAA) user management, when connecting and using a network service.

Monitoring

IPFIX (IP Flow Information Export) exports information about network flows passing between two interfaces of the network function, to pre-configured IPFIX collectors. Used to collect & analyze flow data.

Port Mirror uses the SPAN (Switched Port Analyzer) feature of FD.io VPP dataplane to mirror traffic passing between two network function interfaces, into a third interface, which is typically connected to a Traffic Analyzer.

Traffic Analyzer integrates ntopng with Ligato to provide an analysis and web-based visualization of all traffic coming to the network function (e.g. mirrored by the Port Mirror network function), network flows exported by networking devices or Network Flow Exporter.