List of PANTHEON.tech CNF's

Services that function in the cloud are characterized by an unlimited presence – they are accessed from anywhere, with a functional connection and are located on remote servers. This can curb costs, as you do not have to create and maintain your servers in a dedicated, physical space.

BGP | DHCP-Proxy | DHCP | DNS | Firewall | IDS | VPN | IPSec | NAT64 | NAT464 | Network Flow Explorer | Port Mirror | Radius | Rate Limiter Router | Switch | Traffic Analyzer | Transit Tunnel |

BGP

The Border Gateway Protocol (BGP) CNF provides routing & reachability functionality. BGP-CNF is based on GoBGP - an open-source BGP implementation and Ligato control/management plane.

DHCP Proxy

VPP-based CNF that forwards Dynamic Host Configuration Protocol (DHCP) requests received on a CNF interface to a remote DHCP server and proxies the DHCP replies back to clients. It supports multiple backend DHCP servers and allows to configure multiple VRFs (L3 partitioning).

DHCP

Dynamic Host Configuration Protocol (DHCP) Server as a CNF, based on ISC Kea DHCP server and Ligato management plane.

DNS

Containerized Domain Name System (DNS) Server based on BIND 9 and Ligato management plane.

Firewall

Access Control List (ACL)-based firewall between CNF interfaces with FD.io VPP dataplane and Ligato management plane.

IDS

Snort-based Intrusion Prevention/Detection System CNF with Ligato management plane. It allows to detect/prevent latest threats in communication between CNF interfaces.

VPN

A Virtual Private Network (VPN) provides a convenient and secure way to access protected services from your private network, from anywhere in the world.

IPSec

Forwards traffic to/from a remote IPsec peer (another CNF / IPsec client / external router).

NAT44

Network Address Translation for IPv4 networks based on FD.io VPP dataplane and Ligato management plane. Additionally, it integrates MiniUPnP daemon to offer NAT traversal services based on UPnP protocols, such as NAT-PMP and PCP.

NAT64

VPP based CNF that allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP using Network Address Translation defined in RFC6146.

NAT464

VPP based CNF that provides a limited IPv4 connectivity across an IPv6-only network using a technique combining stateful and stateless address translation known as 464XLATe

Network Flow Explorer

Exports information about network flows passing between two interfaces of the CNF to pre-configured IPFIX collectors.

Port Mirror

Uses SPAN (Switched Port Analyzer) feature of FD.io VPP dataplane to mirror traffic passing between two CNF interfaces into a third interface which is typically connected to a Traffic Analyzer CNF.

Radius

Remote Authentication Dial-In User Service (RADIUS) as a CNF, providing Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

Rate Limiter

Uses FD.io VPP dataplane with an additional plugin to rate-limit traffic passing between two interfaces of the CNF.

Router

L3 routing between multiple CNF interfaces based on dynamic routing protocols.

Switch

L2 forwarding between multiple CNF interfaces inside FD.io VPP data plane. Some of the provided features are: Static FIB / MAC learning, proxy ARP, ARP termination, VLAN support.

Traffic Analyzer

Integrates ntopng with Ligato management plane to provide analysis and Web-based visualization of all traffic coming to the CNF (e.g. mirrored by the Port Mirror CNF), or network flows exported by networking devices or Network Flow Exporter CNF.

Transit Tunnel

Uses FD.io VPP data plane to forward traffic to/from a remote GRE/VXLAN tunnel endpoint (another CNF or an external router).