Asterfusion NX versatility switches can be used to build secured, reliable, flexible and streamlined high-throughput egress WAN connections for high-end campuses and/or data centers.
Asterfusion NX Versatility Switches for Security Service Chaining
A pair of NX versatility switches used as the switching devices for scheduling and forwarding egress WAN data traffic are interconnected through a pair MC-LAG connections and operate in either active-active or active-standby configuration to ensure high availability of egress WAN connections for campuses and/or data centers.
Connect all the security service appliances (including FW, WAF, IPS, NAT, etc.) on egress WAN connections to NX versatility switches at either 1 Gigabit or 10 Gigabit link speed depending on the throughput of each individual security service appliance. With this configuration, the throughput of the egress WAN links will no longer be handicapped by low throughput of security service appliances.
A pair of AFCs acting as the SDN controllers for the NX switches and security service appliances will separate network control plane from data plane and greatly simplify traffic route planning and security policy deployment. At the same time, these two SDN controllers will perform primary and backup redundancy to ensure high availability of egress WAN connections.
Each ingress or egress traffic flow on the egress WAN connections requires different security policy. Asterfusion Security Service Chaining solution would enable different traffic flows to pass through different security service(s) in the security resource pool based on their specific security policy requirements while still asserting the flexibility in security policy control on the egress WAN connections and at the same time, improving security service appliances’ overall utilization rate.