Versa FlexVNF Product Description The networking industry is undergoing a major center or central office, or public cloud. Regardless of transformation. Where the delivery of networking the packaging and location, all network and security and security services was the exclusive domain of components are provisioned and managed centrally fixed, proprietary hardware appliances, now software through the Versa Director management platform. combined with major advances in standard processor architectures (e.g. Intel) and virtualization have ushered in a new era in networking. Virtualized network functions (VNF) software and common off-the-shelf (COTS) hardware platforms and virtual machines (VM) are bringing a software-defined approach to networking. Such solutions can provide L3, L4 and L7 network and security services to enable feature-rich and high-performance WAN and security deployments. Using a fully software-based approach, Versa Networks allow service providers and large enterprises to transform the WAN and branch network to achieve unprecedented business advantages. Versa FlexVNF software provides unmatched agility, cost savings and flexibility vs. traditional network hardware. For service providers, Versa enables next-generation managed Versa FlexVNF includes the broadest set of VNFs in the industry – from a full set of networking capabilities, including market-leading SD-WAN functions, to a wide range of basic and advanced security functions – making it possible to design rich managed services and enterprise architectures, and deliver them with agility to work seamlessly together. Versa FlexVNF is purpose-built with many carriergrade capabilities, including a distributed control and data plane fabric with built-in elasticity and capacity on-demand. Powerful service chaining for both Versa and third party services, including appliances, enables providers and large enterprises to easily integrate multiple network and security functions into complex managed services and enterprise architectures. services for software-defined WAN (SD-WAN), Another key Versa capability for improving operational software-defined security (SD-Security) and virtual efficiency and service agility, as well as lowering total customer premises equipment (vCPE). For enterprises, costs, is multi-tenancy. Versa FlexVNF, as well as Versa enables highly scalable and secure SD-WAN projects. Versa FlexVNF software covers all the networking and security needs of the branch office, hub site and data center edge node, including full routing, WAN connectivity, SD-WAN and network security. Purpose-built Versa FlexVNF software provides network operators significant flexibility in how they can deploy FlexVNF – onto bare metal, VM and container environments – as well where – in the branch office, data Versa Director, Versa Analytics and Versa Controller, are built from the ground up with full multi-tenancy across all routing, SD-WAN and security features. Versa’s comprehensive multi-tenancy allows network operators to share and better leverage underlying resources such as Versa FlexVNF and hardware infrastructure across many customers or internal organizations, providing more service agility, economy of scale and optimal cost structure for large deployments. Versa FlexVNF is operations-ready and supports standard protocols and log formats, including Syslog, IPFIX and SNMP, making it compatible with existing network management, monitoring, and reporting systems. The result is carrier-grade VNF-based services and architectures that can scale out / in, on-demand, while maintaining service continuity and delivery of both Versa and third party network and security functions – all with significantly reduced hardware costs and better service agility. Versa FlexVNF Packaging Options The Versa FlexVNF solution is fundamentally different than proprietary network hardware. Deployed as software on low-cost Intel-based servers and appliances, and utilizing advances in the latest processors and virtualization, Versa FlexVNF radically reduces capital expenses and the costly upgrades/refreshes that are common with legacy network hardware devices. Versa FlexVNF supports a wide set of deployment options and can be installed in both legacy network and new SDN environments. Deployment choices include bare metal servers, white box appliances, hypervisor VMs (VMware ESXi & KVM) and Linux containers. It takes full advantage of multi-socket and multi-core processors and Intel DPDK support for maximum use of underlying hardware resources, resulting in excellent performance and throughput. For running in bare metal format, Versa has established a vendor ecosystem with pre-defined device models and specifications that white box vendors are tested and validated for, ensuring the right configuration at different price and performance points. Versa-specified appliance models are directly orderable from approved white box vendor partners and distributors, and come with a Versa FlexVNF image and encryption certificate pre-loaded from the factory. Versa works with selected distributors to provide these platforms globally with return-to-factory, next-businessday advanced replacement, same-business-day advanced replacement and other service options. While Versa is a software company, it has established innovative business and partnership models and a unified support process to cover all pre-sales and post-sales needs. Product Features Platform Form Factor Bare metal (ISO), Virtual Appliance (OVA, QCOW2) Hypervisor VMware ESXi 5.1 & above, KVM Ethernet 802.1Q(VLAN Tagging), Aggregated Ethernet (LACP), CFM (Connectivity and Fault Management) Resiliency High Availability with Active-Standby Operations CLI, Syslog, IPFIX, SNMPv1, SNMPv2, SNMPv3, Packet capture utility Network & Security Functions DHCP Routing QoS CG-NAT Stateful Firewall Application Visibility Client, Relay and Server Static routing, Bidirectional Forwarding Detection (BFD), VRRP, Routing Instances (VRF), OSPF, BGP, ECMP, PolicyBased Forwarding Classification, Marking, Rate-Limiting, Scheduling, Queuing, Shaping Static NAT, Dynamic NAT, NAPT, Destination NAT, Static NAT with Port Translation, Inter-Tenant NAT, ALG support; FTP, TFTP, PPTP, SIP, ICMP, IKE Zone-based, Address Objects, Address groups, Rules, Policies, DDoS (TCP/UDP/ICMP Flood), Syn-cookies, Portscans, ALG support; SIP, FTP, PPTP, TFTP, ICMP Identify more than 2000+ applications and protocols, Application group support, Application filter support, Application visibility and log support Next-generation Application Identity (AppID) based policy rules, IP Blacklisting, Whitelisting, Geo-IP, Customer App-ID signatures, Firewall SSL certificate-based protection, Expired certificates, untrusted CAs, Unsupported cyphers and key lengths Anti-Virus Network/Flow based protection with auto signature updates. HTTP, FTP, SMTP, POP3, IMAP, MAPI support URL Categorization & Filtering IDS/IPS URL categories & reputation, including customer-defined, Cloud-based lookups, Policy trigger based on URL category, URL profile (blacklist, whitelist, category reputation), Captive portal response including customer defined. Actions include block, inform, ask, justify, and override Default & customer defined signatures & profiles. Versa & Snort rule formats, L7 DDoS. Security package with incremental updates. Full, incremental (daily) & real-time threat (every hour) Secure, zero touch branch provisioning, Template-based policies with parameterization, Centralized route, policy SD-WAN enforcement, L7 Application SLA enforcement over network link SLAs with QoS, Intelligent path selection – default and user-defined, load balance across WAN links, providing various overlay, redundant SD-WAN controller, seamless integration with existing WAN optimization devices and branch routers Packet Striping for best throughout across bundle of low speed interfaces; Packet Cloning / Decloning for Advanced SD-WAN Features replicating important flows to ensure best performance and availability; Forward Error Correction to restore traffic in lossy and over-congested links; MOS Based Traffic Steering to measure VoIP flows quality and to steer VoIP flows to achieve best voice session qualities; Cloud Provider DIA Traffic Optimizations; Probe based, as well as Inline Traffic Measurements and more Site-to-Site, Route/Policy based VPN, IKEv2, IKEv1, DPD, PFS Confidentiality algorithms: Tunnel mode ESP with VPN AES-128, AES-256 Modes: CBC, XCBC, GCM Authentication & Integrity: Pre-shared and PKI Authentication with RSA certificates, hashing, Diffie Hellman key exchange Load Balancing Layer 4 load balancing, monitoring, persistence, Deployment modes; Transparent, Routed and Direct Server Return SSL Inspection HTTPS proxy (forward & reverse), SSL v3 & TLS 1.2 proxy, Captive Portal for HTTPS requests DNS Proxy DNS Split Proxy User & Group Level Active Directory integration using LDAP and Kerberos protocols, Captive Portal Form for LDAP Authentication System Requirements VMware vSphere 5.5 & 6.0 Hypervisor Supported KVM – RHEL/CentOS 6.4, Ubuntu 12.04, 14.04 VMware vCloud Director vCloud Director 5.5 & 6.0 Version Support OpenStack Version Support Havana, Icehouse, Juno, Kilo OpenStack Distro Support Red Hat, Canonical Ubuntu, Piston CloudOS Versa-Specified Appliance Configurations Versa-specified appliance configurations provide a wide range of price and performance points starting from 250 Mbps, going all the way up to 100 Gbps+ to cover diverse business needs. Desktop network appliance with Intel Atom 2-Core / 4- Core CPU, 4GB / 8GB ECC memory, 6 GbE Versa-100 / 110 interfaces, integrated Quick Assist, TPM, 64 GB SSD w/ passive or active cooling options, external PS, and with wireless interface options 1RU appliance with Intel Atom 2-Core / 4- Core / 8-Core CPU, 4GB / 8GB / 16 GB ECC memory, 6 GbE Versa-500 / 510 / 520 interfaces, integrated Quick Assist, TPM, 64 GB SSD w/ active cooling, internal PS, with wireless interface options and modularity 1RU network appliance with single Intel Xeon®-D CPU with 6 / 8 CPU cores, 32 GB / 64 GB ECC DRAM, Versa-800 / 810 128 GB / 256 GB SSD, w/10GE SFP+ interfaces at base, modular NIC slots or fixed form factor with built-in Ethernet switch, TPM, optional Encryption Acceleration cards, resilient fans, redundant PSU 1RU network appliance with single Intel Xeon® CPU with 14 cores, 64 GB ECC DRAM, 10GE SFP+ interfaces Versa-1000 at base, modular NIC slots or fixed form factor options, TPM, optional Encryption Acceleration cards, redundant cooling and PSU Versa-2000 / 2100 Interfaces supported 2RU network appliance with dual Intel Xeon® CPUs with 8 / 14 cores each, 128 GB ECC DRAM, 4 or 8 NIC slots, 512 GB SSD, TPM, optional Encryption Acceleration cards, redundant cooling and PSU Copper 10/100/1000 Ethernet and 1/10/40 GE via SFP/SFP+/QSFP modules or built-in fiber Ethernet interface flavors Note: Please contact Versa or Versa-approved whitebox appliance vendors to get more details of the approved appliances and associated modules. About Versa Networks Founded by network industry veterans, Versa Networks is an innovative vendor of software-defined WAN (SD-WAN) and security (SD-Security). Versa provides a unique and carrier-grade SD-WAN and SD-Security solution that is purely software- and NFV-based, and fully multi-tenant. The solution provides a wide range of virtualized networking and security functions that can be used to create highly scalable and high-value managed services that run on lowcost white box and x86 hardware. Versa SD-WAN and SD-Security are deployed by Tier 1 and 2 providers around the world, as well as several large enterprises. The company is backed by premier venture investors Sequoia, Mayfield, and Verizon Ventures. Versa Networks, Inc., 2953 Bunker Hill Ln, Suite 210, Santa Clara, CA 95054 | +1 408.385.7660 | email@example.com | www.versa-networks.com © 2016 Versa Networks, Inc. All rights reserved. Portions of Versa products are protected under Versa patents, as well as patents pending. Versa Networks and FlexVNF are trademarks or registered trademarks of Versa Networks, Inc. All other trademarks used or mentioned herein belong to their respective owners.