It turns out that this old adage is even true in the networking business. Tried and true principles of networking are being re-applied for Cloud computing. And judging by some recent networking solutions, even some tried and failed principles are being applied in the context of SDN.
Nonetheless, the debate (if there ever was one) is settled. SDN has arrived, and is here to stay. In fact, the network abstraction and automation provided by SDN will cause a major change (perhaps disruption) in the networking industry. It is SDN that will help enterprises realize the true promise of cloud computing. The promise of bringing IT and IP together. The promise of business agility, the promise of operational simplification, and most of all the promise of rapid deployment of applications.
Indeed, it is the promise of rapid deployment of applications that will help fulfill all other promises. And yet, as the networking vendors (established vendors and start-ups alike) busily work on their solutions, the discussion is all about the implementation details of the engine, protocols and tunnels, rather than the experience. Of course the engine is important, else we are not going anywhere fast and for long.
But the experience is the key, else no one is taking this trip.
At Nuage, we take the delivery of the best engine as a given and are hyper-focused on it. How else can you build a meaningful experience on top? The leap in user experience we relentlessly pursue? SLA backed, rapid and highly automated instantiation of thousands of applications for thousands of tenants. Instantly and securely. Every time, any time, for any cloud.
Since the industry discussion is currently focused on the engines, let’s discuss some of the key characteristics of a cloud networking engine, and then follow it up with the real thing – the rapid deployment of applications.
The fact is that there has been a huge discrepancy between the evolution of enterprise networking and service provider grade deployments in WAN (Wide Area Network) and wireless networks. Sophisticated technologies such as subscriber management systems, MPLS VPNS, and policy based networking are powering networks with 100s of millions of end-points. Indeed, while the WAN has made huge progress, the data center network has stood still for over a decade. Running the same old protocols running on single-tenant, enterprise grade equipment. It desperately needs an overhaul. However, it’s important to take the lessons from the tried, tested and proven technologies and not the failed technologies of the WAN and apply them to the Data Center network. Lets consider some of the key must-have attributes that are being discussed.
- Network virtualization: Overlays are no different from VPNs that have been operational in the WAN in large scale for over a decade. VXLAN-based IP tunnels offer a new tunnel encapsulation that alleviates the need for MPLS tunneling. IP-based tunnels (for e.g. GRE, L2TP) are not new either. At the end of the day, tunnel encapsulation is an implementation detail, while the main requirement is a robust VPN (overlay) technology for the data centers.
- Multi-tenancy: Every router supporting VPN is supporting thousands of VPNs. The converged backbones of large-scale service providers not only run multiple VPNs (tenants) over the same infrastructure, but multiple services as well (VPNs, Mobile, Residential and Internet, they all share the same infrastructure). And this is only achieved through networks designed with robust multi-tenancy.
- Virtual routers for L3 overlays: No! Please. The networking industry did invent and implement virtual routers each running their own control plane protocols back in 1999. There were few start-ups who did just that. They simply did not scale and the industry realized that for high-scale multi-tenanted VPNs the answer had to be something else. WAN Routers have since supported a different solution: IP-VPNs with VRFs and MP-BGP for scale. These IP-VPNs are proven to scale and are operational in some of the largest networks in the world.
- Federation: Why invent a new mechanism when we have solved this successfully when we built the Internet. Internet is the quintessential “network of networks”. Multi-vendor routers federate with each other and exchange reachability information using BGP and MP-BGP for VPNs. MP-BGP is nothing more than pub/sub protocol with common policies. But more importantly, it is proven in the field and it interoperates with today’s vast IP infrastructure.
- Multicast for unknown traffic as layer-2. A dedicated server for multicast is the answer? Really? Anyone remember ATM Broadcast and Unknown Server (BUS) in ATM LAN Emulation? There is no need for such mechanisms when the solution uses robust BGP EVPN solution.
Overlays & Underlays
Lately there has been considerable discussion on this topic but this has been discussed many times before. In fact, we resolved this when we implemented VPNs in the WAN. But we initially started with ATM over IP back in early 90s (MPOA anyone?). Completely separate control planes for both layers with no correlation caused massive issues. Services instantiated on ATM networks were highly unstable. Not to mention separate operational tools had to be developed for both control planes. In the end we abandoned it.
We have solved the problem of overlay and underlay for over a decade now. How? By using a common IP/BGP control-plane for both the overlay and underlay networks we get tight correlation between the two layers. Service providers are offering enterprises Layer-2 (VPLS) and Layer-3 (IP-VPN) overlays for a decade now. For an exhaustive discussion on this topic read Dimitri’s blog here.
While there is a lot of focus on the engine, to make things work, the customer operational teams are shaking their heads. Where are the tools for proper operations and maintenance of these new toys? If the problems are getting (re-)solved, the operational tools for these new solutions have to be developed in a hurry.
The Nuage Engine
At Nuage networks we have taken the learnings of building large scale, multi-domain VPN networks and applied those to help build secure, high-scale multi-tenanted networks that are boundary-less. Indeed, we are bringing one of the most sophisticated networking engines only deployed in service provider networks and making that technology available to the enterprise and data center markets.
To give an engine analogy: Racecar manufacturers introduce the latest technologies in their Formula 1 cars. Once proven out under the most strenuous and adverse conditions, these technologies are made available in commercial cars. (see https://auto.howstuffworks.com/under-the-hood/trends-innovations/top-10-car-tech-from-racing.htm for some examples).
At Nuage we are bringing the most sophisticated network technologies but we do that without the end user getting exposed to any of the complexities rather we provide easy to use tools to manage, deploy, operate and troubleshoot these networks. We remove all constraints for all work-loads in the data centers. All work-loads get connected to the network instantly at L2 and L3, with L4 enforcement, within or across data centers.
- Common IP/MP-BGP control plane for the overlays and underlays
- Standards based federation between controllers running MP-BGP
- No dedicated gateway routers needed to connect to the WAN. Shouldn’t a networking solution by definition have implicit support for connecting to the WAN?
- Multi-encapsulation (VXLAN, NVGRE, GRE) support for all Overlays. Mix and match of encapsulations allowed within an overlay. Imagine that!
- Common policy framework across all DC workloads for security and compliance.
- Rich set of operational tools for assurance complemented with Analytics for show-back, charge-back and reporting.
Best of all it is all automated. Touch-less provisioning for all workloads for all tenants. No configuration required for any application of any tenant!
Yes, the engine is important and yes, networking is not a single-domain problem as it was for compute virtualization. Networking for cloud computing is not about creating islands; rather it is about creating a seamless end-to-end, fully automated, self service network for every application of every tenant in the data center. Every time, anytime, any cloud.
That is the engine that Nuage Networks has built. But from the end user perspective, the promise of cloud is all about the rapid deployment of applications.
Indeed, it’s (all about) the APPLICATION, stupid*.
Stay tuned, we will explore this in more detail in coming blogs.
* Based on the snowclone phrase “It’s the economy, stupid”