Parinita noBGP
The Identity-Routing Overlay That Replaces BGP Inside Your Fabric
Zero BGP east-west. Identity-driven path selection. Sub-50ms failover.
noBGP is Parinita's identity-routing overlay for east-west traffic across the 101-POP fabric. Where legacy BGP is route-table-driven, slow to converge, and vulnerable to hijacking, noBGP is identity-driven, real-time, cryptographically secured, and natively multi-tenant.
BGP Was Never Built for AI Fabric
Enterprise AI infrastructure requires routing that understands workload identity — not just AS paths.
BGP takes 30 seconds to 15 minutes to converge on a failure, has no concept of tenant isolation, and carries no cryptographic defense against route hijacking.
-
BGP Convergence Is Too Slow
Legacy BGP takes 30 seconds to 15 minutes to reroute traffic after a failure — unacceptable for GPU-to-GPU inference workloads.
-
BGP Has No Identity Awareness
BGP routes on AS path, not workload identity. Two tenants can share an overlay path with no cryptographic separation.
-
BGP Is Hijack-Vulnerable
BGP route hijacking is a well-documented attack vector. There is no cryptographic defense in the protocol itself.
Identity-aware overlay routing that BGP was never designed to provide.
noBGP sits above Crucible's per-packet identity enforcement to make identity-aware path decisions — without reconfiguring the underlying BGP edge routers.
Path selection uses workload identity and Chrysalis VRC policy — not AS path — so two tenants' overlay paths never share a VRF or routing decision.
-
Identity-Driven Routing
Path selection uses workload identity and Chrysalis VRC policy — not AS path. Two tenants' overlay paths never share a VRF.
-
Sub-50ms Failover
Centralized P8 AmpereOne controller pushes overlay updates instantly via API — vs BGP's 30 seconds to 15 minutes.
-
Per-Flow Class of Service
RoCEv2 GPU traffic on CoS 3 lossless, NVMe-oF on CoS 4 lossless, control plane on CoS 2 with ECN, management on CoS 1, best-effort on CoS 0.
-
Cisco and Arista API Integration
Signals Cisco Crosswork for North-South Fabric 1 and Arista CloudVision for East-West Fabric 2. noBGP decides; the switches enforce.
-
Cross-Tenant Path Isolation
Cross-tenant Nexus collaboration, multi-agent Chorus workflows, and Atma twin-to-twin negotiation all run on a single physical fabric without any shared overlay path.
-
3-Second Policy Reflection
A VRC smart-contract policy change reflects on the overlay within one block confirmation (~3 seconds). Insider-threat isolation executes in 30-60s.
-
Automated Incident Response
When Secure signals an incident, noBGP isolates the relevant overlay path within 30 seconds — no manual intervention required.
-
Native Multi-Tenancy
Every tenant's traffic operates in its own VRF. No shared paths, no shared routing decisions, enforced at the NIC by Crucible.
-
Chrysalis Policy Enforcement
VRC smart-contract policy changes anchor on-chain and reflect on the overlay within one block — tamper-proof by architecture.
The Plane Model
Orchestra introduces "planes" — logical groupings of hardware optimized for a specific workload class. Unlike Kubernetes node pools, planes represent fundamentally different hardware architectures with different drivers, network requirements, and scheduling semantics.
The plane model is what makes Orchestra different from every other orchestration tool. Kubernetes sees nodes. Orchestra sees purpose-built hardware tiers and routes workloads accordingly.
Eight identity factors. Sub-50ms decisions.
noBGP's overlay path decisions account for workload identity, tenant VRF, class of service, DSCP marking, policy authorization, geographic affinity, threat posture, and failover path — encoded per flow.
- 01Workload identityCryptographic identity of the originating workload and tenant, enforced by Crucible at the NIC via Ed25519 keypairs.
- 02Tenant VRFEach tenant operates in an isolated virtual routing and forwarding domain — overlay paths never cross between tenants.
- 03Class of serviceCoS 0 (best-effort) through CoS 4 (lossless NVMe-oF) — encoded per flow and enforced end-to-end across the fabric.
- 04DSCP markingPer-flow DSCP marking aligns with CoS assignment for consistent QoS treatment across Cisco and Arista switches.
- 05Policy authorizationChrysalis VRC smart-contract policy determines which overlay paths are authorized for this workload identity.
- 06Geographic affinityPath selection accounts for POP proximity and jurisdictional data residency requirements.
- 07Threat postureActive security events from Secure or Sentry trigger overlay isolation without manual intervention.
- 08Failover pathIf the primary overlay path becomes unavailable, alternate paths activate within 50ms.
import nobgp
client = nobgp.Client(seat_token='your_seat_token')
# List active tenant VRFs
vrfs = client.vrfs.list(tenant_id='your_tenant_id')
for vrf in vrfs:
print(f"VRF: {vrf.name}, CoS: {vrf.cos_class}, Policy: {vrf.policy_hash}")
# Monitor overlay path health
for path in client.paths.active():
print(f"Path: {path.src} -> {path.dst}, Latency: {path.latency_ms}ms") Proven at scale. Not in a lab.
Parinita AI Edge is the production deployment of the Parinita platform and the largest heterogeneous AI infrastructure deployment in the United States.
Parinita AI Edge
The most complex heterogeneous AI infrastructure in the United States. 101 sites, 9 planes, 12,000+ nodes, 4 accelerator vendors, dual network fabrics, four-layer tenant isolation — all through a single sovereign control plane.
Network & Security Infrastructure
- Multi-vendor acceleratorsFour accelerator vendors — Intel Habana, NVIDIA, AMD, Qualcomm — orchestrated through one control plane with unified scheduling, monitoring, and lifecycle management.
- Dual-fabric networkingCisco production fabric and Arista GPU backend fabric operating as a coordinated system, bridged by identity-aware routing.
- Nationwide scale101 sites across 42 U.S. states, each operating autonomously with a local control agent and a sovereign cross-site routing plane.
- Multi-tenant isolationFour-layer defense-in-depth: VXLAN VNIs, identity-routing, Palo Alto firewalls, and Cilium eBPF — validated across every plane and site.
- Compliance readinessFIPS 140-2 at launch, with FedRAMP Moderate, CJIS, and IL4/IL5 certification paths active through Parinita compliance profiles.
- Sub-millisecond routingEvery request classified and dispatched in under 1ms, enabling real-time SLA enforcement without perceptible overhead.
Built for networks that carry identity-aware AI workloads.
noBGP removes BGP from inside your AI fabric without touching your WAN edge routing.
Any organization where two tenants' AI traffic must never share an overlay path — even on the same physical fabric.
-
Multi-Tenant AI Platforms
Run multiple enterprise tenants on one physical fabric without any shared overlay paths or VRFs between them.
-
Regulated AI Workloads
HIPAA, ITAR, and PCI tenants require traffic isolation that BGP cannot provide by design.
-
High-Performance GPU Clusters
RoCEv2 lossless GPU-to-GPU traffic requires class-of-service enforcement that noBGP delivers natively at the per-flow level.
-
Incident Response Automation
Automated overlay isolation within 30 seconds of a Secure incident signal — no human step in the response chain.
-
Cross-POP AI Inference
Identity-aware path selection across 101 POPs ensures inference traffic routes to the right hardware, tenant, and jurisdiction.
Deployment Models
noBGP deploys as part of the Parinita fabric. No separate provisioning step required.
noBGP deploys as part of the Parinita 9-plane fabric. No separate provisioning required — it comes with the platform.
Signals Cisco Crosswork and Arista CloudVision via API. noBGP makes the path decision; the underlying switches enforce it.
BGP continues running at the WAN edge. noBGP takes over east-west. Migrate traffic class by class without disruption.
Talk to Us
Our network engineering team can walk through how noBGP integrates with your existing Cisco and Arista infrastructure.