One of the great strengths of VNS3 has always been the ease with which you can look at your network traffic, a necessity for troubleshooting connectivity issues or attesting to correct packet flow. With our release of VNS3 5.0 we have added some big functional improvements that make our network sniffer even better.
A look under the hood: VNS3 networking devices
As you’ll remember from networking foundations (4 things everyone should know about network layers), routers, switches, firewalls, and port filtering all happen between layers 4-7 of the OSI layer model.
Quick, here’s a short video on what devices work at each layer:
One thing we like to brag about with VNS3 is that it is a layer 4-7 networking device. What does that mean? How can that be? VNS3 is software, and acts as 6 devices in 1:
- SSL/IPSec VPN concentrator,
- protocol distributor,
- scriptable network function virtualization
VNS3 is a network appliance – or virtual, remember it’s software. With a software-based networking devices you can build those function on top of cloud-provider devices, like AWS security groups or Azure network security groups. Remember that defense in depth !
How does it work? What’s it made out of??
VNS3 builds on core VPN concepts but allows more customer control with an “overlay network.” An overlay network is a computer network built on top of another network. Nodes in an overlay can be virtual or logical links. VNS3 adds control over topologies, network addressing, encrypted communications, and network protocols.
Unlike other VPNs, VNS3 also acts like a virtual router, switch, firewall, VPN concentrator, protocol redistributor, and NFV container. VNS3 allows many, many networking use cases including:
- application layer firewall with custom rules and hashings
- connecting both NAT-T and Native IPsec endpoints on the same endpoint
- Layer 2 Bridging over GRE as well as GRE tunneling over IPsec
- customizable, flexible networks with Docker containerized network services
- Trend Micro Deep Security central management agent
VNS3 Controllers are virtual machines (VMs) that act as a VPN gateway for the other virtual machines in the same cloud infrastructure. VNS3 synchronize between each other using RabbitMQ ( a little thing we put together a while ago ). VNS3 has a web-based UI and traditional Linux system command line interface (CLI). The VNS3 API uses a Ruby script and Ruby language binding. Everything else is a secret. Seriously, we’ve got a patent.
Put it all together: VNS3 devices