Tag Archives: Arista

Arista CloudVision gets multi-cloud, NSX security features

Arista Networks has added to its CloudVision management console the ability to apply security policies across virtualized switching fabrics running on Amazon Web Services, Google Cloud and Microsoft Azure.

Arista also introduced this week an integration between Arista CloudVision and NSX, VMware’s software for provisioning virtualized networks. The combination lets engineers take security policies created in NSX and apply them to Arista switches running in the data center.

The latest features come about a year after Arista introduced a virtualized version of its network operating system, called vEOS, for AWS, Google and Azure. At the time, Arista added some vEOS controls to CloudVision, which competes with Cisco CloudCenter.

The new multi-cloud feature within Arista CloudVision lets engineers modify the access control lists (ACLs) in vEOS switches, said Jeff Raymond, vice president of EOS product management. The capability, which the vendor calls Zone Segmentation Security, eliminates having to worry about the unique security mechanisms in each of the three public clouds.

Companies often create virtual networks in the public clouds to deliver security, load balancing and other services to applications. Amazon and Google call the networks Virtual Private Clouds (VPCs) while Microsoft refers to them as virtual networks (VNet).

Arista has integrated its Zone Segmentation feature with Zscaler’s cloud-based web gateway. The integration lets companies use Zscaler to apply security policies for traffic heading from a campus network or remote office to the cloud provider. Arista CloudVision applies policies to traffic flowing between and within virtual networks.

Overall, Arista is using CloudVision to address a trend toward more collaboration between corporate networking and security teams, said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo. A recent EMA survey found that 91% of security and network infrastructure teams were working together using shared or integrated tools.

The latest Arista offerings also show the vendor recognizes its customers need security that stretches from the private data center to the public cloud, said Bob Laliberte, an analyst at Enterprise Strategy Group, based in Milford, Mass. “Building out a strong security ecosystem will be critical, and delivering a capable management platform for hybrid cloud environments will be important for its customers to effectively manage those hybrid environments.”

VMware NSX integration with Arista CloudVision

The NSX integration bridges the gap between VMware virtual networks and Arista physical switches in the data center. With CloudVision, engineers will be able to take security policies created for NSX environments and apply them to workloads running on the hardware.

NSX policies define the network resources accessible to groups of workloads and applications running on the virtual network. CloudVision applies those policies to an Arista fabric by converting them into a format that can become a part of the switch’s ACL.

As a result, engineers can save time by using just NSX for creating security policies, according to Raymond.

New hardware-based encryption in Arista routers

Finally, Arista plans to release four routers with built-in support for encryption standards. For the enterprise WAN, Arista embedded hardware-based IPSec in the 7020SRG for site-to-site virtual private networks. The router is a 10 GbE platform.

For the data center interconnect, Arista will provide MACsec encryption in the new 7280CR2M and the 7280SRAM. Both routers offer wire-speed encryption with 10 GbE and 100 GbE for up to 100 kilometers. For MACsec encryption up to 2,500 km, Arista introduced the 7280SRM, which has 200 GbE Coherent interfaces for metro and long-haul links.

Arista plans to release all the new technology by the end of September.

Arista sells its products primarily to tier-one and tier-two service providers, financial institutions and high-tech companies, including Microsoft, Amazon and Facebook.

Recently, however, the company has aimed some new hardware at enterprises with more mainstream data centers. In May, for example, the company introduced switches for the campus LAN.

Mist Systems gives VMware NSX SD-WAN a boost

Arista Networks and VMware, both recent entrants in campus and branch office networking, have made significant moves to add cloud-based Wi-Fi management and analytics to their respective software portfolios.

VMware launched this week interoperability between its NSX SD-WAN and Mist Systems’ machine learning engine for maintaining Wi-Fi performance. Meanwhile, Arista acquired Mojo Networks for the startup’s analytics, which it calls Cognitive WiFi.

Arista’s purchase of Mojo shows the former vendor taking control over its Wi-Fi offering, rather than depend solely on its current deal to offer Aruba wireless products from Hewlett Packard Enterprise, said Bill Menezes, an analyst at Gartner. “[They’re] going to have much more input and control over the pace of tech development.”

The VMware-Mist collaboration, on the other hand, reflects an industry trend of connecting the wireless access layer in remote offices to an SD-WAN product, Menezes said.

“That’s something that most of the major vendors are looking at in one way or another,” he said. “Some of them, like Cisco and Aruba, are developing that capability in-house.”

Mist is providing interoperability between its products and NSX SD-WAN through open APIs. As a result, the combined products deliver to IT administrators “end-to-end visibility and insight into users, application and network performance for LAN and WAN,” the companies said in a statement. Other features include trend detection and recommendations to avoid problems, and event correlation and anomaly detection for fault isolation and remediation.

Mist combines big data and machine learning to track user behavior on Wi-Fi and ensure network performance. The company’s machine learning engine will help NSX SD-WAN analytics by gathering more than 100 different user states from access points (APs).

Metrics gathered by Mist technology include the time it takes an AP to connect to devices and the number of failed attempts. The system can also collect roaming data, such as when a mobile device switches APs to take advantage of a stronger signal or leaves an AP that’s dropping too much data.

Mist will also add to NSX SD-WAN anomaly detection for APs, mobile devices, operating systems and applications connecting to Wi-Fi. Mist and VMware will sell their products separately through joint channel partners.

In 2017, VMware entered the market for branch-office networking with the acquisition of software-defined WAN vendor VeloCloud. In May, VMware extended its virtual networking software, NSX, to remote offices through integration with VeloCloud, which the company renamed NSX SD-WAN. Combining the technologies made it possible for VMware customers to use NSX for policy-based network management across the data center and branch.

Arista acquires Mojo

The VMware-Mist collaboration came nearly a week after Arista said it would acquire Mojo for its cloud-based software focused on network analytics and management. The acquisition, which Arista expects to close by the end of September, is the company’s first. Arista did not release financial details.

Arista announced the Mojo acquisition roughly three months after introducing its first switches for the campus LAN. Available in the fall, the 7300X3 and 7050X3 spline switches are 10/25/40/50/100 Gigabit Ethernet gear equipped with telemetry and monitoring features designed to help network operators  diagnose performance problems.

Arista acquired Mojo for its machine learning and big data platform. The Cognitive WiFi system tracks more than 300 key performance indicators, Gartner said in its latest Magic Quadrant for the Wired and Wireless LAN Access Infrastructure. The research firm listed Mist and Mojo in the visionary quadrant of the report.

As a campus network supplier, Arista needed more than just technology for the wired LAN, Arista CEO Jayshree Ullal told financial analysts during a recent conference call. That’s because a growing number of Arista customers are turning to Wi-Fi as it approaches multigigabit speeds.

“What we bought Mojo for was their Wi-Fi, their Cognitive WiFi, and the software capabilities associated with the access points [Mojo provides],” Ullal told analysts, according to a transcript on the financial site Seeking Alpha.

Arista plans to  merge Mojo technology with its CloudVision network management software that combines cloud computing, big data and machine learning. The product collects and archives network state and runs a suite of applications against the data to provide visibility, automate the deployment of network components, and analyze and report on incidents.

New Arista switches use Barefoot Tofino programmable chip

Arista has launched a family of switches that companies can program to perform tasks typically handled by network appliances and routers. The company claims the consolidation capabilities of the new 7170 series reduces costs and network complexity.

The programmability of the 7170 family stems from the Barefoot Networks Tofino packet processor found in the hardware. Engineers program the silicon using P4, an open source language.

Barefoot markets Tofino as an alternative to fixed-function application-specific integrated circuits. Large enterprises, cloud and communication service providers are typical users of the high-speed Barefoot Tofino chip, which processes packets at 6.5 Tbps.

Arista, which uses Broadcom and Cavium packet processors in other switches, wants to broaden the potential customer base for the Barefoot Tofino chip by coupling it with the vendor’s EOS network operating system for leaf-spine architectures. To make programming on Barefoot Tofino silicon easier, Arista provides packaged profiles that contain data plane and control plane features for specific applications. Network managers can customize the patterns using P4 and deploy them on EOS.

“We’ll have to see what sort of benefits customers derive from using the [7170] technology in real-world production environments,” said Brad Casemore, an analyst at IDC. “In theory, it certainly has the potential to handle some tasks typically addressed by routers and middleboxes.” 

Arista application profiles

Examples of the applications defined in the Arista profiles include network overlays and virtualization to offload network functions, such as traffic segmentation or tunnel encapsulation from virtual servers.

Other profiles provide network and application telemetry for flow-level visibility, configurable thresholds and alarms, timestamping and end-to-end latency. Arista also offers patterns supporting some firewall functionality and large-scale network address translation. NAT is a way to manage multiple IP addresses by giving them a solitary public IP address. The methodology improves security and decreases the number of IP addresses an organization needs.

“How readily those profiles are embraced and productively employed could determine the extent to which the 7170 successfully addresses the use cases Arista has identified,” Casemore said.

The 7170 series has two models. The first is a 1RU chassis that supports 32, 64 or 128 ports at 40/100 GbE, 50 GbE and 10/20 GbE, respectively. The second is a 2RU system that supports 64, 128 or 256 interfaces at 40/100 GbE, 50 GbE and 10/25 GbE, respectively. The hardware processes up to 12.8 terabits per second.

Base pricing for a 64-port system is $1,200 per port.

In March, Arista introduced two 25/100 GbE switches for cloud providers, tier-one and tier-two service providers, high-tech companies and financial institutions ready to replace 40/100 GbE switches with more powerful systems.

Arista is targeting the two switches — the 7050X3 and the 7260X3 — at different use cases. The former is an enterprise or carrier top-of-rack switch, while the 7260X3 is for leaf-spine data center networks used in large cloud environments.

Arista CloudVision vs. Cisco CloudCenter in the hybrid cloud

Arista Networks Inc. plans to release in the fourth quarter tools for building a consistent network fabric that spans public and private clouds — an approach that’s significantly different from archrival Cisco’s application-centric strategy to hybrid cloud management.

The new Arista technology includes a virtualized version of its EOS network operating system for Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure and Oracle Cloud, the company said Wednesday. At the same time, the company will launch an upgrade of Arista CloudVision, which will manage the cross-cloud switching fabric.

Companies can deploy the virtualized version of EOS, called vEOS, through the respective marketplaces of the cloud providers. Businesses running EOS in their data centers will be able to use the same set of tools for managing application traffic through vEOS.

The Arista CloudVision upgrade, which Arista will provide at no additional cost, will include a new set of tools, called Cloud Tracer, which delivers availability metrics for connections to public clouds and data centers. Tracer can also provide connection metrics for companies leasing data centers from colocation operator Equinix.

Arista CloudVision won’t be the only option for managing the Arista cloud fabric, said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo. “The Ansible playbooks you’ve built for your EOS-based private cloud will be extensible to the vEOS networks you deploy in AWS, Azure, etc.”

Cisco’s different approach with CloudCenter

Arista’s focus on managing the switching infrastructure below cloud-based applications is very different from Cisco’s focus on the application layer. Cisco’s cloud management software, called CloudCenter, abstracts the cloud platform’s APIs into a single pool of networking resources that companies can deploy through a self-service portal.

Cisco’s strategy is to help businesses move workloads and applications between their private clouds and the platforms of the public cloud providers. This strategy is heavily dependent on Cisco’s Application Centric Infrastructure (ACI) software, which distributes and manages policies that govern network traffic.

Cisco has said it intends to make ACI available in public clouds, but hasn’t said when. That architecture, however, is likely to be less flexible than Arista’s strategy of providing a virtualized version of its OS, McGillicuddy said. “You need to be using ACI to derive value.”

And that value won’t be the same as in Arista, said Cliff Grossner, a senior research director at IHS Markit, based in London. “They’re very different offerings to solve different problems.”

Arista and Cisco have the same goals

Despite their technical differences, both vendors have the same goal, which is to provide a path for the increasing number of customers moving on-premises software to the cloud, said Brad Casemore, an analyst at IDC. For those customers, Arista and Cisco want to provide tools to extend the data center’s operational efficiencies, network automation and policies for security and compliance.

“This is a trend you’re going to see across the industry,” Casemore said. “For these vendors, there’s no ignoring the fact that their customers are going to want to use cloud services.”

Indeed, the latest IDC numbers show the rate at which companies are moving to the cloud. Spending on servers, storage and Ethernet switches in cloud environments will rise 15% this year, while the amount spent on traditional IT infrastructure will decline 5%.

Meanwhile, Arista continues to grab market share from its larger rival. In the second quarter, Arista’s share of the Ethernet switching market grew from 3.9% to 5.5% year over year, while Cisco’s fell from 56.8% to 54.7%, according to IDC.