multicloud multistack sdn

open-source, cloud-grade networking and security

One To Rule Them All

Solve your tooling complexity and overload with the simplicity of only one networking and security tool. Save time and swivel-chair fatigue from context switches as you consolidate:

  • Connecting multiple orchestration stacks like Kubernetes, Mesos/SMACK, OpenShift, OpenStack and VMware
  • Choosing an SDN plug-in for CNI, Neutron, or vSphere
  • Networking and security across legacy, virtualized and containerized applications
  • Multistack and across-stack policy control, visibility and analytics

All-Terrain Capable and Consistent

Do multicloud without boundaries. TF will work on any public or private cloud IaaS for your cloud-native stack, and it works inside your own IaaS stacks and underlay data-center fabrics too.

  • Overlay secure virtual networking atop any IP network for simpler separation of concerns from the underlay context
  • Portable network and security constructs and policies are consistent across your hybrid multicloud environments as well as dev/test, staging and production DevOps pipeline

All That You Need, Only When You Need It

Developed since 2012, TF offers a wide range of features. It’s deployed in diverse situations, connecting millions of endpoints across the globe. You might start simple (even keep it invisible to devs), but count on additional features when you need them.

  • Networking: overlay networks, IPAM, DHCP, DNS, floating IPs, EVPN fabric control, ECMP, stateful and L7 load balancing, virtual and physical service chaining, BGPaaS, virtual routing gateways, IPv6, and more…
  • Security: application policies, tag-based arbitrary endpoint grouping, flow visualization, alerting on denials and rejection, L7 NG-firewall offloading, IPsec encryption
  • Management: multi-tenancy, carrier-grade BGP federation between multiple controllers and routers, big data analytics and query engine, troubleshooting packet sniffers and mirroring, underlay-overlay correlation view, web GUI, everything accessible by REST API

“ Tungsten Fabric’s versatility and at-scale operation, on any IP network infrastructure and any cloud IaaS, has made it very popular in many use cases. As a new Linux Foundation project, we’re one step closer to making it the gold standard of SDN for cloud builders and cloud-native platform engineers. Juniper Networks has a long-standing commitment to the open-source ecosystem, and we look forward to the wider scope of innovation and collaboration under the Linux Foundation.”

-Randy Bias, VP Technology and Strategy, Software, Juniper Network

Superalloy Performance Under Pressure

Speed, scale, reliability: choose three! By modelling the virtual networking of a proven at-scale system—the Internet—TF stands up to the most demanding conditions.

  • Unlike many virtual switches or the default Linux kernel networking and IPTABLES, TF’s control and data plane doesn’t melt under the pressures of scale, features, and lots of dynamic changes
  • Blazingly fast BPS and PPS through the real-router-like packet pipelines of the TF vRouter, offered in Linux kernel module, DPDK, and compatible SmartNIC options
  • Scale-out analytics, configuration, and control plane routing to support tens of thousand of cluster nodes with hundreds of thousands of virtual networks

Keep Your Borders and Options Open

In this changing technology landscape, keeping an evolvable architecture requires open standards, open source, and an actively open-minded community.

  • Networks have borders that need crossing. Speaking the same language of proven open protocol standards in the control and data plane is TF’s specialty, so that your domain is never an island.
  • Open source keeps innovation flowing from many directions, and provides the flexibility to shape the outcomes you need, or turn to vendors you trust.
  • The option to use TF with overlays on any IP network, keeps your decision of hardware network or public cloud underlay, yours to judge for yourself.

Plug n’ Play and More

TF is a plugin integration overachiever, never implementing the bare minimum. Here is a sample of what it can do that most other SDN plugins can’t.

Kubernetes and OpenShift CNI features:

  • Option to run TF in Kubernetes with or without Helm
  • Replace kube-proxy with faster vRouter and add Service type LoadBalancer and Ingress on any infrastructure, any cloud
  • Implements NetworkPolicy and option of layered security or same security policies without developers writing Kubernetes NetworkPolicy objects, providing simpler DevOps and better infosec control and audit
  • Option of Namespace isolation and per-microservice microsegmentation with choice of TF tenants, networks or security rules
  • Additional IPAM, overlapping IP pools, floating IPs, and containers with multiple network interfaces
  • Run Kubernetes or OpenShift on OpenStack with a single—not a nested—TF control and data plane

OpenStack Neutron features:

  • Heat template automation for TF features
  • Implements LBaaS
  • Implements service chaining with VM lifecycle management and scaling
  • Neutron ML2 option