Professional Documents
Culture Documents
Versa FlexVNF
Product Description
Highly flexible Versa FlexVNF WAN edge software utilizing advances in the latest processors and
allows customers to deploy a broad spectrum of virtualized infrastructure, Versa FlexVNF radically
software-defined solutions from SD-Routing, SD- reduces capital purchases and expensive upgrades/
Security, Secure SD-WAN and SD-Branch. Regardless refreshes that are common with legacy network
of where FlexVNF is deployed (on-premises or in hardware devices.
the cloud), all network and security capabilities are
Versa FlexVNF supports the widest set of
provisioned and managed centrally through the
deployment options in the industry, and can be
Versa Director single-pane-of-management platform.
deployed in both legacy networks, cloud and new
Versa FlexVNF is a cloud-native, multi-tenant and SDN environments. It can run bare metal on white
multi-service software platform with a full set box appliances, hypervisor VMs (VMware ESXi,
of networking capabilities, including SD-WAN, KVM, Xen and Microsoft Hyper-V), IaaS platforms
to a wide range of basic and advanced security (Amazon, Google and Microsoft). FlexVNF takes
functions – making it possible to seamlessly design full advantage of multi-core processors and Intel
rich managed services and enterprise architectures DPDK support for maximum use of the underlying
software-defining the enterprise branch with agility. compute resources, resulting in high performance
and throughput.
Versa FlexVNF is purpose-built with many carrier-
grade operational capabilities, including a distributed Versa FlexVNF is operations-ready and supports
control and data plane fabric with built-in elasticity standard protocols and log formats, including Syslog,
and capacity on-demand. Powerful service chaining IPFIX, SNMP and Netconf, making it compatible
for both native Versa and third party services, with existing network management, monitoring, and
including appliances, enables providers and reporting systems.
enterprises to easily integrate multiple network and
The result is a multi-tenant cloud-native IP software
security functions into complex managed services
services platform with integrated networking and
and enterprise architectures.
security services that can scale out and in on-
Another key Versa capability for improving demand, while maintaining service continuity and
operational efficiency and service agility, as well delivery of both Versa and third party network and
as lowering total costs, is multi-tenancy. Versa security functions – all with significantly reduced
FlexVNF has built-in multi-tenancy that enables hardware costs and better service agility.
service for thousands of customers, segments
and organizations providing
deployment flexibility, security 3rd party 3rd party
Product Features
Platform
Form Factor Bare metal (ISO), Virtual Appliance (OVA, QCOW2), Amazon AMI (Amazon Machine Image), Azure VHD
uCPE Versa host OS with embedded KVM, Support for 3rd party VNFs (contact Versa for full list of certified VNFs)
(Universal CPE)
Quick Assist Native QAT support, Rangeley, Denverton Intel processor family support, ColetoCreek support (contact Versa
certified white-box vendors for specific limitations and support)
802.11 Wireless AP 2.4 and 5 Ghz support, Multiple SSIDs per AP, MU-MIMO support (Wi-Fi module dependent),
Support MRC support (Wi-Fi module dependent)
4G/LTE Support CAT-6, NA/EMEA/APAC Coverage support, Firmware driven modem (internal LTE modem),
USB attached LTE Modem support (optional), Dynamic probing support
Ethernet Virtual Wire support, 802.1Q (VLAN Tagging), 802.3ad Link Aggregation (LACP) – Active or Standby,
802.1ag CFM (Connectivity and Fault Management), 802.3af (POE) and 802.3at (POE+) support (hardware device
dependent)
Resiliency HA: Active-Standby, Multiple controller per FlexVNF, CPE fallback using Out-of-Band IPsec,
Inter-VNF High Availability (Control and Data Plane replication)
Operations and APIs CLI, Telnet/SSH, Syslog, NetFlow, IPFIX, Flow mirroring, NTP v4/6, SNMPv1, SNMPv2, SNMPv3, Netconf/Yang,
Packet capture utility
Static routing, BFD, VRRP, VRF/Multi-VRF, RIP v1/2, OSPF, BGP, MP-BGP+ (MPLS and IPv6 extensions), ECMP, Route
Routing IPv4 & IPv6
redistribution, BGP Route-aggregation
PIM SM, PIM SM with neighbor support on both LAN and WAN interfaces, PIM SSM, PIM SM Bootstrap RP, •
Multicast
PIM Rendezvous-Point, IGMP v2/v3
Source Address, Source Zone, Source Region, Destination Address, Destination Zone,
Match
Policy Based Destination region, Application of stream, Schedule, IP version, IP-Flags, DSCP, IEEE 802.1P,
Conditions
Forwarding (L3-L7) MOS support
Whitelist/Blacklist on any L2-L4 field, Tenant level policing, Control plane protection, Traffic Classification & Profiles,
QoS
DSCP/802.1P Marking, Rate-Limiting, Scheduling, Queuing, Shaping, HQoS: PIR & CIR
Static NAT, Dynamic NAT, NAPT, Destination NAT, Static NAT with Port Translation, Inter-Tenant NAT, ALG support:
FTP, TFTP, PPTP, SIP, ICMP, IKE, Endpoint Independent Mapping (EIM) support, Endpoint Independent Filtering
CG-NAT
(EIF) support, Port Parity, Port Block Allocation (PBA) support, Random Port Allocation (RPA) support, Syslog and
IPIX logging
Zone-based, Address Objects, Address Groups, Rules, Policies, DDoS (TCP/UDP/ICMP Flood), Syn-Cookies, Port
Stateful Firewall
Scans, Host Scans, ALG support: SIP, FTP, PPTP, TFTP, ICMP
Identify more than 3600+ applications and protocols, Application group support, Application filter support,
Application Visibility
Application visibility and log support, 150+ codecs
Policy Match Triggers: Applications, App filters, App Groups, URL Categories, Geo Location, Application Identity
Next-Generation (AppID) based policy rules, Application Groups and Filters, Packet capture on AppID, IP Blacklisting, Whitelisting,
Firewall Customer App-ID signatures, SSL Certificate-based protection, Expired certificates, Untrusted CAs, Unsupported
cyphers and key lengths
Network/flow based protection with auto-signature updates. HTTP, FTP, SMTP, POP3, IMAP, MAPI support, 35+
Anti-Virus file types supported (exe, dll, office, pdf & flash file types), Decompression support, Storage profile support, Auto
signature updates
URL categories & reputation, including customer-defined, Cloud-based lookups, Policy trigger based on URL
URL Categorization
category, URL profile (blacklist, whitelist, category reputation), Captive portal response including customer defined,
& Filtering
Actions include block, inform, ask, justify, and override
Default & customer defined signatures & profiles, Versa & Snort rule formats, L7 DDoS, Layer 7 Anomaly
NG-IPS detection, Lateral movement detection and prevention, Support for JavaScript attacks, Security package with
incremental updates
D ATA S H E E T Versa FlexVNF
Packet Striping for best throughout across bundle of low speed interfaces, Packet Cloning / De-cloning for
replicating, important flows to ensure best performance and availability, Forward Error Correction to restore traffic
Advanced SD-WAN
in lossy and over-congested links, MOS Based Traffic Steering to measure VoIP flows quality and to steer VoIP flows
Features
to achieve best voice session qualities, Cloud Provider DIA Traffic Optimizations; Probe based, as well as Inline
Traffic Measurements and more
Site-to-site, route/policy-based VPN, IKEv1, IKEv2, DPD, PFS, ESP and ESP-HMAC support, Symmetric Cipher
IPsec VPN support (IKE/ESP): AES-128 and AES-256 modes: CBC, CNTR, XCBC, GCM, Pre-shared and PKI authentication with
RSA certificates, Diffie-Hellman key exchange (Group 1,2,5), Per-tenant and VRF aware, MD5 and SHA1 based HMAC
Virtual Server support, Load Balancing algorithms: RR, WRR, Src. IP, Dest. IP, IP Hash, Least connections, Layer 4
Load Balancing load balancing, monitoring, persistence (Src, Dst, Src-Dest, Mac), Deployment modes: Transparent, Routed and
Direct Server Return
SSL Inspection HTTPS proxy (forward & reverse), SSL v3, TLS 1.2 proxy, Captive Portal for HTTPS requests
User & Group Level Support for Active Directory, LDAP, Radius, Kerberos, SAML, Captive Portal Form for LDAP
Authentication
Service Function Encapsulation and tagging types: VLAN, VXLAN, MPLS, MPLS over GRE, NSH, SFC
Chaining (SFC)
System Requirements
VMware vSphere 5.5 & 6.0, KVM – RHEL/CentOS 6.4, Ubuntu 12.04, 14.04, Xen, Hyper-V
Hypervisor Supported
KVM – RHEL/CentOS 6.4, Ubuntu 12.04, 14.04
Cloud Platform Images Amazon Machine Image (AMI), Google Compute Engine (qcow2), Microsoft Azure VHD(VHD)
vCPU 2 4 6 8
Memory 4 GB 8 GB 8 GB 16 GB
Expected Performance (IMIX) 100 Mbps 400 Mbps 800 Mbps 1 Gbps
** Listed performance figures are with SR-IOV configured for the Versa FlexVNF Virtual Machine.
66 45 45 594 2 2
78 8 8 1368 16 16
218 8 8 1418 21 21
**Please refer to the latest Versa FlexVNF release and product documentation for the latest information on product supported features, limitations, performance and best practices.
D ATA S H E E T Versa FlexVNF
Family Model V100 Series V200 Series V800 Series V1000 Series
Memory 4/8/16 GB ECC DRAM 4/8/16 GB ECC DRAM 32/64 GB ECC DRAM 64 GB ECC DRAM
NIC Module Add-on N/A N/A 2x slots, Max 16 ports 2x slots, Max 16 ports
SD-WAN, NGFW: All SD-WAN, NGFW: All SD-WAN, NGFW: All SD-WAN, NGFW: All
Use Cases per model UTM: v110, v120 UTM: v210, v220 UTM: All UTM: All
uCPE: v120 uCPE: v220 uCPE: all uCPE: all
**Note: Please contact Versa or Versa-approved whitebox appliance vendors for more details of the approved appliances, associated modules, performance and deployment-options.
Versa Networks, Inc, 6001 America Center Dr, 4th floor, Suite 400, San Jose, CA 95002 | Tel: +1 408.385.7660 | Email: info@versa-networks.com | www.versa-networks.com
© 2019 Versa Networks, Inc. All rights reserved. Portions of Versa products are protected under Versa patents, as well as patents pending. Versa Networks and FlexVNF are
trademarks or registered trademarks of Versa Networks, Inc. All other trademarks used or mentioned herein belong to their respective owners. Part# FLEXVNFDS-01.5