List of CNF's

Services that function in the cloud are characterized by an unlimited presence – they are accessed from anywhere, with a functional connection and are located on remote servers. This can curb costs, as you do not have to create and maintain your servers in a dedicated, physical space.




BGP | NAT64 | NAT464 | Transit Tunnel | Rate Limiter | Router | Switch


Firewall | IDS | VPN | IPSec


DHCP-Proxy | DHCP | DNS | Radius


Network Flow Explorer | Port Mirror | Traffic Analyzer


The Border Gateway Protocol (BGP) CNF provides routing & reachability functionality. BGP-CNF is based on GoBGP - an open-source BGP implementation and Ligato control/management plane.

DHCP Proxy

VPP-based CNF that forwards Dynamic Host Configuration Protocol (DHCP) requests received on a CNF interface to a remote DHCP server and proxies the DHCP replies back to clients. It supports multiple backend DHCP servers and allows to configure multiple VRFs (L3 partitioning).


Dynamic Host Configuration Protocol (DHCP) Server as a CNF, based on ISC Kea DHCP server and Ligato management plane.


Containerized Domain Name System (DNS) Server based on BIND 9 and Ligato management plane.


Access Control List (ACL)-based firewall between CNF interfaces with VPP dataplane and Ligato management plane.


Snort-based Intrusion Prevention/Detection System CNF with Ligato management plane. It allows to detect/prevent latest threats in communication between CNF interfaces.


A Virtual Private Network (VPN) provides a convenient and secure way to access protected services from your private network, from anywhere in the world.


Forwards traffic to/from a remote IPsec peer (another CNF / IPsec client / external router).


Network Address Translation for IPv4 networks based on VPP dataplane and Ligato management plane. Additionally, it integrates MiniUPnP daemon to offer NAT traversal services based on UPnP protocols, such as NAT-PMP and PCP.


VPP based CNF that allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP using Network Address Translation defined in RFC6146.


VPP based CNF that provides a limited IPv4 connectivity across an IPv6-only network using a technique combining stateful and stateless address translation known as 464XLATe

Network Flow Explorer

Exports information about network flows passing between two interfaces of the CNF to pre-configured IPFIX collectors.

Port Mirror

Uses SPAN (Switched Port Analyzer) feature of VPP dataplane to mirror traffic passing between two CNF interfaces into a third interface which is typically connected to a Traffic Analyzer CNF.


Remote Authentication Dial-In User Service (RADIUS) as a CNF, providing Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

Rate Limiter

Uses VPP dataplane with an additional plugin to rate-limit traffic passing between two interfaces of the CNF.


L3 routing between multiple CNF interfaces based on dynamic routing protocols.


L2 forwarding between multiple CNF interfaces inside VPP data plane. Some of the provided features are: Static FIB / MAC learning, proxy ARP, ARP termination, VLAN support.

Traffic Analyzer

Integrates ntopng with Ligato management plane to provide analysis and Web-based visualization of all traffic coming to the CNF (e.g. mirrored by the Port Mirror CNF), or network flows exported by networking devices or Network Flow Exporter CNF.

Transit Tunnel

Uses VPP data plane to forward traffic to/from a remote GRE/VXLAN tunnel endpoint (another CNF or an external router).

Didn't find what you were looking for? We can create a custom CNF, suited for your requirements. Contact us!