Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad.
Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,
4. PacketPushers.Net
4
Internet Not where servers are
Security
Thingies
Wotsits
"THE LAN"
Servers
Active Directory File
SQLMailProvisioning
MAGIC STUFF Friendly)Gnomes
Dark Spirits
Server Admins See...
6. PacketPushers.Net
Networking is in my way
â˘The Network is SINGLE SYSTEM
â˘every element is interconnected to
another in the LAN or WAN or both
â˘Rebooting a device might/could take
down the whole network
â˘If rebooting or reconfiguring a
server could cause the entire DC to
fail, what would your job look like ?
6
7. PacketPushers.Net
Data Centres != Universe
⢠Iâd like to remind VMware executives that network is bigger than
VMware .......
⢠âvCDNI means that you never have to talk to the network guy ever
againâ VMworld 2010 (faceless butthead)
⢠âMeanwhile, through all of the advances in server virtualization
and cloud computing, networking has remained stuck in the
past.â - Hatem Naguib, Vice President, Networking & Security -
Mar 13, 2013
⢠Servers connect to Clients
⢠Network is a platform.
⢠VMware is just one ânetwork appâ.
⢠take some time to look down the service chain instead of up
your own arse
7
8. PacketPushers.Net
Data Centres != Universe
8
Internet
Campus
LAN
Remote Access
The
WAN
Wireless
Data Centre
Firewalls
Servers
storage
DC NETWORK
Cabling
VMware
Network Security
IP Voice
This is you
11. PacketPushers.Net
Networking is in my way
â˘Because networks are good enough, the budget gets
there last.
â˘Wasted investments like patching, virus scan &
updates. Networking doesn't have those problems at
the same scale.
â˘Servers were so far behind.
â˘Custom silicon takes 3-5 years from concept to delivery.
â˘Too expensive - 5 years depreciation cycle
11
14. PacketPushers.Net
Virtual Networking is OLD
⢠Virtual LANs in 1996
⢠Virtual Routing in 2002/3 (MPLS)
⢠Virtual Network Appliances (firewalls,
load balancers) in 2007/8
⢠âLets do it againâ say bitter, cynical
networking voices of experience
⢠Virtual Networking is OLD networking
14
15. PacketPushers.Net
15
Virtual Problems
â˘Four problems of Virtual Networking
⣠CapEx for all physical appliances
⣠Single points of redundant failure -
software in coherent system
⣠No API / poor configurability
⣠Individual autonomous elements ( no
vCenter, SCVMM/SCOM equivalent)
16. PacketPushers.Net
Virtual Networking 1 - CapEx
16
⢠Initial Large CapEx for Data Centre Network
⢠Sporadic Upgrades (usually in response to problems)
Time
CapitalExpenditure
Network Install
Port Capacity
Network
Upgrade
Server Upgrades
Server Upgrades
Server Upgrades
CapEx Waste
17. PacketPushers.Net
SVR
WAN
RTR
Internet
RTR
FWL FWL
SVR SVR
SVR SVR
SVRSVR
Stateful HA
Active/Standby
WANInternet
LoadBal LoadBal
Stateful HA
Virtual Networking 2 -
Failure Modes
â˘Single points of Complex failure
â˘Why have only one pair of firewalls
⣠routing, cost, power users
⣠Only one or two critical services
need HA
â˘HA systems are inherently risky &
shared fate systems.
⣠Active/Standby firewall
â˘HA in vertical scale system = $$$$$âs
17
18. PacketPushers.Net
Virtual Networking 3 - Configuration
⢠Manual Configuration
⢠All devices are configured using
âpower toolsâ
⢠Every engineer is a âpower userâ
⢠Why have an API ? Substandard &
lack vendor commitment
⢠Restricts number of devices
(requires power users)
⢠A serious networking problem.....
18
19. PacketPushers.Net
Virtual Networking 4 - Autonomy
â˘Individual autonomous elements
â˘Central control neither desirable or
relevant ie vCenter, SCVMM/SCOPs is
risky system.
â˘Resilient & Distributed Systems like
the Internet work well.
â˘Data Centres are NOT distributed.
19
21. PacketPushers.Net
Many
Moving Parts
21
Cisco UCS B-Series Blade/ C-Series Rack Server
vPC
Passthrough Switching (PTS)
Operating System - vSphere
Ethernet
dNIC
FEX2100 FEX2100
Ethernet
dNIC
FC
dHBA
FC
dHBA
FI6100 FI 6100
Palo/VIC Software
CNA
Software
pNIC
Software
pNIC
Software
pHBA
Software
pHBA
Ethernet
dNIC
Ethernet
dNIC
FC
dHBA
FC
dHBA
Nexus
Switch
Nexus
Switch
Fabric Sync
vPC Link
Connection
Pinning
Connection
Pinning
Connection
Pinning
Ethernet
dNIC
FC
dHBAmore
Could be
PortChannel
â˘Takes a long time to
understand this complexity.
â˘Automation / Software
solves the problem
22. PacketPushers.Net
22
Virtual Networking - Strengths
â˘performance, scale
â˘no centralised points of control
(failure domain)
â˘distributed, self healing, eventual
consistency
â˘20 year proven system, widespread
knowledge & expertise
23. PacketPushers.Net
Define Cloud Networking
Cloud Networking is:
â˘Network Devices as Software
â˘Donât buy hardware. Install software.
â˘Deploy many small instances
(horizontal) instead of one big one
(vertical)
23
24. PacketPushers.Net
Cloud Networking
⢠Build Network Services with
Applications
⢠Instead of a firewall deploy a Web
Service.
⢠Instead of A Load balancer install the
âSharepoint Load Balancerâ.
⢠One network per service is a huge
change in network practice
24
25. PacketPushers.Net
Cloud Pro & Conâs
⢠Use 20 small network devices than
instead of 1 pair of physical devices
⢠Distribute complexity, reduce failure
⢠simpler configuration -> easier operation
-> better fault tracing
⢠More complex network design
⢠You MUST deploy / build automation &
monitoring to manage many devices.
25
32. PacketPushers.Net
Cloud Networking Gotchas
⢠network is subject to hugely bursty
traffic and loads
⢠No one knows what sort of load /
bandwidth / packet per second /
concurrent flows the application needs.
⢠Hypervisor VMs are SLOW and LATENT
compared to custom silicon
⢠Cascading failure in congestion events
32
33. PacketPushers.Net
Gotchas - Hardware
Huggers
â˘networking is âaddictedâ on hardware
( network hugging has a practical
basis e.g. cabling, WAN, path
analysis )
â˘hardware is needed but software
more important.
â˘merchant silicon will change
networking, especially in low end,
but unlikely to commoditise in same
way as servers
33
34. PacketPushers.Net
Gotchas - Vendors
⢠vendors commit hundreds of millions to design
and manufacture of silicon on multi-year cycles
⢠Software undermines existing vendor strategies
⢠Firewalls: Palo Alto PanOS, Cisco ASA , Juniper
SRX. Load Balancers: F5 TMOS, Citrix
NetScaler. (consider Riverbed Stingray)
⢠Pricing is not aligned to requirement
⣠i.e. software pricing equivalent to hardware price
⣠assumes one for one replacement
34
35. PacketPushers.Net
Gotchas - HA
â˘You still need TWO appliances for HA
⣠but most applications are not HA
â˘LBâs, Firewalls, Routers are always HA
because they are critical
⣠are they critical because one big unit in a
single location
35
36. PacketPushers.Net
Gotchas - Server Teams
⢠distributed software devices means
spreading load and configuration.
⢠Also mean more complexity.
⢠You must control âapplication
sprawlâ to maintain network
integrity in switching & routing
⢠Server / VM teams MUST learn
some Cloud Networking / Network
teams MUST learn some Cloud
Server
36
MPLS/WAN
RTR
Internet
FWL FWL
SVR SVR
RTR
FWL FWL FWL FWL
RTR RTRRTR
SVR SVR
FWL FWL
SVR SVRSVR SVR
SVR
Physical Network Services
37. PacketPushers.Net
And so to SDN
â˘Devices like vCNS Shield, Edge and
App are (relatively) feature simple.
â˘But might be Good Enoughâ˘
â˘If you follow the previous points you
will realise that you need much better
networking ....
37
40. PacketPushers.Net
Any Changes ?
â˘Networking in still Networking
â˘Servers are still Servers
â˘SDN moves most networking into the
âvSwitchâ
â˘The Network Guy will control it
â˘You will need networking skills to SDN
40
47. Controller Networking
47
East West LAN
Switches
Network SDN
Controller
OpenFlow
Quantum/OpenStack
ConďŹguration Controller
Orchestration
Controller
Northbound SDN
Northbound SDN
Southbound SDN
North/South LA
48. PacketPushers.Net
SDCC
48
⢠Cannot âsoftwareâ a physical network but you
can program a âsoftwareâ network
⢠Network Agents move complexity to the
edge
⢠Ubiquitous Network Services increases the
overall network usefulness
⢠Vastly improved security
⢠Options for networking multiple clouds and
bare metal servers
49. PacketPushers.Net
SDN Vendors
â˘Real Products
⣠BigSwitch Networks
⣠NEC
⣠Midokura
⣠VMware/Nicira
â˘âShippingâ
⣠Nuage Networks
(Alcatel/Lucent)
⣠Contrail (Juniper)
⣠VMware/Nicira
â˘Still Working on It
⣠Cisco (multi-product,
multi-strategy)
49
50. PacketPushers.Net
My views on VMware NSX
⢠NSX delivers SDN strategy
⢠Works for Enterprise AND Service
Providers
⢠NSX is solution for KVM. Hyper-V &
bare metal future.
⢠NSX appears âsoftware onlyâ - expect
network vendors to offer integrated
solutions
50
51. PacketPushers.Net
SDN Reality
⢠Unproven. Beta - 2013. Major Release 2014.
⢠Enterprise will find it hard to value (ITIL / ITSM
disconnect)
⢠vSphere vs vCloud = Virtual vs Cloud Networking
⢠Server / Networking duty merge
⢠Rewiring of team & technical disciplines
⢠ITIL & ITSM Change management overhaul
51
52. PacketPushers.Net
SDN Closeout
â˘SDN delivers business outcomes
â˘SDN means MORE networking not
less
â˘Servers <-> Networks will be tightly
integrated as a technology and team
structure will reflect that - âIaaTâ
â˘
52
53. PacketPushers.Net
About Me
â˘Host of Packet Pushers Podcast
PacketPushers.net
â˘âCloud Plumberâ at Canopy
Cloud Cloud Network Architect, Office of CTO
( Division of Atos )
â˘Blog - EtherealMind.com
â˘NetworkComputing.com (http://
networkcomputing.com/blogs/author/Greg-Ferro)
53