The developers behind this subsystem have released a comprehensive changelog. Here are the standout features in the fbsubnet+l+new iteration:
As with any emerging standard, myths abound. Let's debunk them.
Myth 1: "It's just VXLAN with a new name." Reality: VXLAN encapsulates Layer 2 over Layer 3. Fbsubnet+l+new encapsulates flows and dynamically generates the subnet mask, which VXLAN cannot do. fbsubnet+l+new
Myth 2: "It requires all new hardware." Reality: It runs entirely in software via eBPF and smart NIC offloads. Your existing 1GbE switches work fine.
Myth 3: "It's not secure because subnets change too fast." Reality: The "+L" agent logs every subnet creation to a immutable ledger. Frequent changes actually reduce the attack surface for static IP scanning. The developers behind this subsystem have released a
We conducted a controlled test using a 10GbE network with 500 simultaneous subnet crossings.
| Metric | Legacy fbsubnet+l | fbsubnet+l+new | Improvement | | :--- | :--- | :--- | :--- | | Avg. Latency (P99) | 342 µs | 118 µs | 65% faster | | CPU Utilization | 23% | 8% | 3x reduction | | Packet Drops (10k pps) | 134 pkts | 2 pkts | 99% reduction | | Memory Footprint | 112 MB | 44 MB | 61% lower | Ready to deploy fbsubnet+l+new in your lab or
The new version clearly outperforms its predecessor, particularly under burst traffic, thanks to the zero-copy ring buffers.
Deploy the fbsubnet-controller as a Docker container or systemd service.
docker run -d --name fbsubnet-ctrl \
-e MODE="L-NEW" \
-p 8080:8080 \
fbsubnet/l-controller:latest
Ready to deploy fbsubnet+l+new in your lab or production environment? Follow this roadmap.