Tech Guide

How to Buy Inquiry

Another Approach to ADC Virtualization: PAS-K nDomain

2025-10-24
게시물 보기

Introduction to PIOLINK ADC PAS-K's nDomain

 

What is nDomain?

It is a function that logically separates a network. To put it simply, it is a technology that creates multiple independent 'virtual network' spaces within a single physical device. It enables Multi-tenancy and Network Segmentation to operate multiple independent network environments simultaneously on one device. It is primarily used for purposes such as service isolation, logical separation per customer, and allowing the overlapping use of identical IP addresses. 

 

Understanding Virtualization Technology

Technologies for virtualizing an ADC can be broadly divided into technology that separates hardware resources to create independent virtual instances (Virtual Instance-based PAS-KV virtualization) and virtualization technology through logical network separation like nDomain. The differences and pros/cons of each are shown in the table below. 

 

[Table 1] Conceptual Differences in Virtualization Technologies

 

Item nDomain Virtual Instance
Isolation Level Logical network separation Hardware resource and Operating System level separation
Operational Scope Operates on a single OS instance of PAS-K Independent OS and operation per Instance
Virtualization Scale Can configure hundreds of Domains on a single device Can create tens of Virtual Instances depending on hardware capacity
Resource Allocation Shared CPU, RAM, etc. (Provides only logical network separation) Allocation and isolation of physical resources like CPU, RAM
Purpose of Use Logical multi-tenancy environments such as routing per customer/service, IP separation Completely isolated environments between customers/services
Complexity/Overhead Relatively low Relatively high

 

 

Environment & Situation (Scenario) Suitable Technology
Want to separate more services or customer traffic within the same PAS-K. nDomain
Need an environment completely isolated by resource units. (When security and satisfying customer SLAs are critical) Virtual Instance
Need to solve IP overlap issues. nDomain
Need separate policies, management rights, certificates, and patch management for each customer. Virtual Instance

 

 

 

[Figure 1] nDomain vs. Virtual Instance

 

Technical Understanding of nDomain

 

Network namespace

Network Namespace is a feature that separates the network stack at the kernel level, making a single system act as if it were separate systems with multiple independent network environments. Using network namespaces allows you to independently configure network interfaces, IP addresses, routing tables, firewall rules, etc., on the same physical host. 

 

  ■ Independent Network Stack

Network components within a network namespace (network interfaces, IP addresses, routing tables, etc.) are completely isolated from other namespaces. This allows multiple network configurations to operate simultaneously on one system. For example, even if the same IP address is used across namespaces, they do not interfere with each other.

 

  ■ Isolation Between Namespaces

Since isolation occurs between network namespaces, it is advantageous in terms of security and testing. Network communication or configuration changes made within a namespace do not affect other namespaces.

 

Service Configuration Diagram

 

 

[Figure 2] Example of Independent Network Stack Configuration with nDomain

 

Since the Network namespace supports an independent network stack, identical IPs can be set for each nDomain within PAS-K.

 

 

[Figure 3] Example of nDomain Service Chain 

 

Traffic delivery between nDomains can be transmitted externally via VLAN. 

 

Summary

 

  ■ Network Logical Isolation

• When using nDomain, routing is not performed between each domain by default.
• Therefore, Customer A's traffic and Customer B's traffic are completely isolated.

 

  ■ Overlapping IP Support

• Since each nDomain is independent, different domains can use the same IP address range.
• Flexibility and usability regarding IP resources are greatly increased.
•Example:
- Domain 10 → Uses 192.168.1.0/24
- Domain 20 → Uses 192.168.1.0/24
→ No IP Conflict 

 

  ■ L3 Isolation + Multi-tenancy Support

• When using nDomain, routing is not performed between each domain by default.
• Therefore, Customer A's traffic and Customer B's traffic are completely isolated.

 

The nDomain feature is available in PAS-K PLOS v2.2.7.6.0 or higher.

Share this page