Вы находитесь на странице: 1из 30

BUILDING THE INFRASTRUCTURE TO ENABLE THE CHANGING FACE OF IT

APRIL 2013 \ VOL. 4 \ N0. 2

Hybrid Cloud Networking Falls Short, But Not for Long


With SDN and network virtualization, it may finally be possible to network across disparate clouds.

EDITORS DESK

k k

2 3 4

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

After Much Talk, Network Virtualization Finally Becomes Reality


Dynamic virtual network provisioning is finally coming to life.

Almost five years ago, I set out to write a story about network virtualization. I knew almost nothing about the topic, and after a lot of research, I basically ended up understanding it just as little. At the time, Cisco Vice President Marie Hattar sat with me in the basement of the Javits Center in New York City for an hour trying to explain the future of network virtualizationthe intelligent network, the application-aware network, the flexible network. The problem was, the technology wasnt truly in action yet, so I had a hard time comprehending it. I kept asking, How is

this any different than using VLANs? And Hattar finally gave up and offered me the familiar, oh-you-poor-dear look that tech reporters often get when we hit a wall. All these years later, the promise of network virtualization is finally becoming a reality. We are starting to see the use of dynamic, flexible network virtualization platforms that allow virtual network segments to be automated and provisioned on demand along with compute and storage for a whole new approach to data center networking. I wasnt so wrong back then in asking about VLANs. After all, they are virtual

2 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

instances or segments of a network. The problem was, they were just as static as the underlying physical network, and they were limited in number. Thats all beginning to change and thats a big part of network virtualization. Weve figured out protocols, such as VXLAN and NVGRE, to create network tunnels or software overlays that allow for thousands of VLANs to be provisioned dynamically. Using these protocols, there will be multiple paths to network software overlays and virtualization, as we uncover in the feature, Network virtualization and software overlays will play Overlays Enable Virtual a key role in networking hybrid Network Abstractions. clouds for total orches tration. It was the swift uptake of server virtualization that forced network

engineers to create dynamic virtual networks inside the stack in order to route virtual machines. Now its time to connect those virtual networks to physical infrastructure outside the stack. In his feature, Integrating Virtual and Physical Networks, tech journalist David Geers explores multiple methods to bring network virtualization outside of the stack. As engineers learn to bridge physical and virtual networks, network virtualization and software overlays will play a key role in networking hybrid clouds for total orchestration. The cover story, Hybrid Cloud Networking Falls Short, But Not for Long, explains how a combination of softwaredefined networking, network virtualization platforms and orchestration tools will soon enable engineers to manage two disparate clouds as one.

3 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Looking back on my quest all those years ago, if I had been a bit swifter, I probably could have gleaned a lot of this from what Hattar was trying to explain to me. After all, Cisco had much of this in its sights then. And even now, hardware vendors including Cisco, Arista and Juniper have enticing strategies for network programmability

and virtualization, alongside startups like Big Switch and Embrane. It will be interesting to see how they bring these technologies to life and to market in the coming year. n
Rivka Gewirtz Little Executive Editor, Networking Media Group

4 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Hybrid Cloud Networking

Its the networks fault that there isnt total orchestration reaching across hybrid cloud resources. But change is on the horizon.
When it comes to the hybrid cloud, enterprises live in a world of parallel play where some applications live in the public cloud while others reside safely in the on-premises cloud. Yet the two are barely interconnected. This scenario falls far short of the promise of a hybrid cloud where virtual machines (VMs) could be provisioned, migrated and managed as one across multiple sets of data center resources. And in large part, its the network that stands in the way.

Hybrid Cloud Networking Falls Short, But Not for Long


BY SHAMUS MCGILLICUDDY AND RIVKA GEWIRTZ LITTLE

5 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Network connectivity for hybrid cloud infrastructure is still immature and can be expensive.

You can create dynamic network infrastructures within [a hosted cloud] environment, and you can create dynamic internal network infrastructures, but they have to stay within those environments, said Eric Hanselman, chief analyst at 451 Research. Binding a dynamic network in the hosted cloud to the on-premises data center becomes complicated. The problem starts with plain old physicsor the speed of light. Once you break up tiered applications and place the different elements far away from each in dispersed data centers, latency becomes an issue. Requesting more fibre in the ground for capacity is not only costly, but takes too long in a world of dynamic provisioning. In addition, companies struggle to stretch network services, like firewalling and load balancing, across disparate sets of

resources. Then theres the issue of managing two separate sets of IP ranges that would have to be combined to enable automated VM provisioning and migration across clouds. Yet with so many more cloud providers offering hosted virtual private clouds, and enterprises realizing they needed distributed computing, both are seeking answers. These solutions will likely emerge in a combination of software-defined networking (SDN), network virtualization and expanded orchestration tools.

Hybrid Cloud Networking: Connectivity Is Immature Network connectivity for hybrid cloud infrastructure is still immature and can be expensive.

6 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Most enterprises connect into the hosted cloud over Layer 3 using either an IP VPN or MPLS connection, but both require heavy lifting and can be costly. A lot of cloud providers have various VPN technologies, but you need someone to help set that up, said Bob Plankers, a virtualization and cloud architect at the University of Wisconsin at Madison. Providers typically charge an enterprise to establish and maintain the connection, and the enterprise will need engineering resources to maintain its own end of the tunnel. Additionally, VPN-based hybrid cloud networks can also become a bottleneck on a global WAN. If they are public-facing Web systems, a VPN may not be too much of a drawback because [users] are accessing them through

the public cloud, said Jason Edelman, a senior solutions architect at Presidio. But for internal enterprise applications, the VPN can become complex. If you have four or five sites in an enterprise that have access to a system in the public cloud, and that public cloud is building a VPN tunnel to a corporate head-end VPN concentrator, then all four of your other sites have to go through corporate and then through the Internet to the VPN tunnel. So you lose that any-to-any [architecture], Edelman added. An enterprise could avoid the bottlenecks by establishing a full mesh VPN network with the cloud provider, but that arrangement will add complexity to the network, and the enterprise will be paying for multiple VPN connections with its cloud provider, he said.

7 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Some enterprises with deep pockets can bypass VPNs and try direct Layer 3 peering to a provider. I was talking to a large customer last week who was doing a one-off scenario for [high performance computing], Edelman said. Theyre going to peer directly to a cloud provider leveraging BGP.

Extending Services Across Hybrid Cloud Networks Z Gallerie, a Los Angeles-based furniture retail chain, uses a typical example of whats possible with hybrid cloud networking. It hosts its customer-facing website in a Virtual Private Cloud (VPC) on Amazon Web Services while maintaining its enterprise systems in both a traditional private data center and a hosted private cloud.

Z Gallerie wanted to integrate its Amazon VPC into its corporate network to connect its enterprise resource planning (ERP) and point of sale systems with its website. We needed one single, unified network so we could work seamlessly [between those systems], said Howard Kolodny, vice president of IT at Z Gallierie. We wanted to integrate our firewall and VPN concentrator between our public and private clouds to provide a pathway to move data between systems securely and easily. Z Gallerie, however, is a Cisco shop and Amazon does not support Cisco firewalls and routers natively. Kolodny turned to virtual routing and VPN technology from Vyatta, a company recently acquired by Brocade. The Vyatta technology, which is billed as an alternative to a Cisco ASR 1000, is supported natively by Amazon and was

8 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

able to establish the necessary VPN tunnel with Kolodnys Cisco infrastructure. With Vyattas technology, Kolodny was able to get the VPN between his private and public cloud resources up and running. Now it just runs, he said. Cisco is launching a software-based Cloud Services Router (CSR) 1000v that will eventually work in Amazon and Microsofts Azure cloud. But Z Galleries experience with unsupported firewalls points directly to the challenges enterprises face with hybrid cloud networking. Cisco is launching a softwareEstablishing network conbased Cloud Services Router nections between public 1000v that will eventually work and private clouds, and in Amazon and Mi crosofts maintaining consistent Azure cloud. network policies and Layer 4 through 7 services

in both environments, isnt easy when cloud providers dont always support an enterprises vendor of choice. Were just starting to see tools come out that can help manage both sides of things simultaneously, said Plankers of the University of Wisconsin. Extending security controls and networking [from private to public cloud] is a big problem. It depends on the cloud provider and what technologies they might have installed to enable people. Its a pretty immature space right now. Cloud provider Tier3 is one of these companies. Its enterprise customers can create MPLS VPN connections into the hosted cloud from their own enterprise clouds and then establish an isolated VLAN to route traffic back and forth that is protected by their own firewalls and policy. Through a

9 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

simple user interface, they can apply these policies to VMs and resources inside the hosted cloud. They can actually extend core services for identity management, said Jared Wray, Tier3 CTO. Through Tier3s interface, customers have visibility of resources in both public and private clouds, which helps them apply policy.

Stretching Layer 2 Across Hybrid Cloud Networks Integrating network services is one thing, but if the true promise of the hybrid cloud is to enable provisioning and migration of VMs across clouds using a single orchestration system, it will take an extended Layer 2. A shared Layer 2 network will mean that both sets of cloud resources could be

managed as a single IP range. The problem is, the technology to do this, doesnt quite exist yet. But NTT, which provides a fully dynamic software-defined network inside its virtual private clouds, sees the technology very close on the horizon. In NTTs virtual private cloud, softwaredefined networking (SDN) and OpenFlow give users an interface to provision network segmentation on demand. The NTT cloud has VMware hypervisors that are controlled by VMwares vCloud Director. But NTT also runs NECs OpenFlow switches and controllers to enable dynamic network provisioning. Through the customer portal, an engineer would define different network segments and create the virtual machines, deciding which network segments to place

1 0 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

them on, said Len Padilla, senior director of technology at NTT. Then they would connect them directly to firewalls and load balancers. NTTs homegrown orchestration system ties all of these resources together and then feeds connectivity into Cisco Catalyst 6500 series switches that sit on the edges of the virtual data center and connect out to the enterprises VPN. Everything in the network can be automated all the way until it reaches the outside connection. The next step is to let those [outside] connections be manipulated, said Padilla. We are looking at giving customers one pipe that connects them to the NTT network, but within that, being able to establish virtual network segments. Then they can come in through the portal and configure an IPSec tunnel.

Once NTTs network is extended into the enterprise data center, NTT will enable users to establish overlay networks, which will allow them to use a single IP addressing scheme for the VMs in both data centers, he said. Currently, NTTs orchestration system makes sure that everything is going out on the right VLAN once it hits the Cisco switches at the edge. The company has even been able to customize individual use cases where this process is automated, but the next step is getting that to happen in a standardized way, Padilla explained. As these edge and core and backbone switches become SDN awarewhether thats with OpenFlow or notwe will strip away pieces of the control software we have built and replace it, he said. Ciscos new Nexus 1000v Intercloud

1 1 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

software will enable Layer 2 overlays between public and private cloud infrastructure when it is available later this year. Nicira, the SDN and network virtualization startup acquired by VMware, appears to be working on a similar solution, Edelman noted. Many engineers also believe that tunneling protocols like VXLAN could extend Layer 2 domains into the public cloud if the protocols requirements for multicast networks are eliminated in future iterations.

In Hybrid Cloud Networking, Getting Smarter about Application Placement In early hybrid cloud scenarios, many enterprises looked to divide tiered applications between public and private clouds. The goal was to host the tiers that required

rapid scaling in the cloud, while placing static, core components like database servers in the enterprise data center. When people say the word workload, they usually are thinking about a single virtual machine, said Dante Malagrino, CEO and co-founder of Embrane, a developer of SDN services appliances. In reality, customers IT organizations think in terms of applications a combination of multiple virtual machines interconnected by network segments and secured by firewalls and accelerated by load balancers. Splitting those segments across public and private clouds can cause countless problems, including the inability to extend firewall and load-balancing policy across disparate IP schemes. So some enterprises are approaching the hybrid cloud differently. Rather than

1 2 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

splitting application tiers across public and private infrastructure, they choose to migrate an entire application to the cloud, leaving only small but necessary hooks to the applications within the private cloud, such as authentication and authorization systems. If you have 10,000 applications, its more interesting to think about migrating 100 applications into the cloud because you want to free resources for more mission-critical applications in your data If you have 10,000 applications, center, versus splitting its more interesting to think your applications in half, about migrating 100 applications said Marco De Benedetto, into the cloud. CTO and co-founder of Marco De Benedetto, Embrane. CTO and co-founder, Embrane In those cases, De Benedetto said the enterprise

can free up internal resources for the critical applications that have much stricter service level agreements (SLAs).

Application Replication in the Hybrid Cloud Other enterprises choose to place application replications in the hosted cloud to tackle the problem of distance and latency, or simply to provide redundancy. You could have one instance of an application that runs in your own data center and one that runs in [a hosted environment], said Hanselman. Then you dont have to build a second data center. This buys you a separate location where you have the same operational capability. When using this strategy, it is important to ensure that the data source is consistent

1 3 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

in different environments, and that can be a challenge, said George Reese, CTO at enStratus, a provider of cloud infrastructure management tools. In some cases, even if the data cant be as equally consistent, enterprises take the chance to avoid latency. Using an orchestration system that provides visibility into available resources in private and hosted clouds allows enterprises to account for geography, available capacity and even the need for failover

when doing VM provisioning. We get visibility into what exists, and we use our own automation logic to construct network pathways to talk to virtual machines and monitor them. If we detect failure in one part, we can bring up resources [somewhere else] so we can move data around, said Reese. Nevertheless, Reese has high hopes for deeper levels of hybrid cloud integration that wont involve taking such risks. n

1 4 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Network Integration

In order to make networks flexible enough to support cloud orchestration, engineers have to bridge physical and virtual infrastructures?
Now that virtualization has taken hold in the data center, engineers have pushed the network into the virtual stack in order to route virtual machine (VM) traffic. But as virtual networks proliferate, network and server pros are forced to find ways to better integrate virtual and physical infrastructures. This integration is essential to the orchestration and automation of VM provisioning and migration. Virtual networks route traffic between VMs in the stack, but

Integrating Physical and Virtual Networks


BY DAVID GEER

1 5 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

it takes physical networks to connect these virtual environments to the outside world and to interconnect data centers. If the promise of automation and orchestration is the fluid provisioning and migration of VMs, virtual and physical networks have to be just as flexible, and manual network configuration for VMs wont remain an option. Whats more, engineers must be able to move VMs across both virtual and physical networks with their security and management policies intact. All of this requires communication between physical and virtual networks.

Many Virtual Switching Strategies Emerge The process of bridging physical and virtual networks starts with virtual switches that

provide visibility inside the virtualization stack. Both VMware and Microsoft have virtual switches built into their hypervisors, the vSphere Virtual Distributed Switch and the Hyper-V Virtual Switch, which provide visibility and make forwarding decisions. Until recentlybefore these switches were improvedthe virtualization team had to ask the networking team to create VLANs with Quality of Service (QoS) policies and to allot bandwidth for new VMs, according to Justin Giardina, chief technology officer of Iland, a cloud provider and VMware customer. Once the network team provisioned these resources, they couldnt share administration of these networks with the virtualization team. One of the best things to come out of VMwares technology for the distributed

1 6 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

virtual switch is the ability to pass down administration capabilities to the virtualization engineer while keeping the physical network visible to the networking team as well, said Giardina. But VMwares approach to switching left network pros without the ability to apply their networking skills to the virtual network. To address this, Cisco launched the Nexus 1000v, which provides visibility into the stack, but also more networking control. The 1000v replaces switching in VMware or Microsofts hypervisors and extends traffic and security policy across virtual networks and VM paths. It also enables deep network monitoring and analysis within the virtual environment, with features like Switch Port Analyzer (SPAN), Encapsulated Remote SPAN (ERSPAN), NetFlow, packet capture/analysis, and

DHCP/IGMPv3 snooping. Arista Networks took a different approach to expanding networking capabilities in the virtual environment, integrated its EOS operating system with VMwares vSphere environment, thereby extending its own network programmability features into the virtual network.

SDN and Overlays for Physical and Virtual Network Bridging Part of the goal of orchestration and automation is to enable cloud networks with automated provisioning of multiple distinct virtual network segments. The idea of these multi-tenant networks is to be able to turn up network segments on demand to support VM provisioning and migration. Many enterprises are looking to use

1 7 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

software-defined networking (SDN) controllers combined with distributed virtual switches to provision network segments or tunnels and to communicate back to the underlying physical network. These network software overlays are used to move traffic between virtual machines, as well to reach over Layer 2 or Layer 3 physical networks in order to connect servers and interconnect data centers. VMware relies on the VXLAN standard to build these overlays, while Microsoft uses NVGRE. To integrate the virtual edge, some vendors have made it so these controllers can communicate back to a Layer 2 switch outside the virtual switching infrastructure that is used to direct traffic. The Open vSwitch, which has gained the most traction next to VMwares vswitch, has led the way in combining virtual

switching with a centralized controller to provision and manage overlays, as well as to more tightly integrate virtual and physical networks. The Open vSwitch works with a centralized OpenFlow-based controller to manage distributed virtual switches as one logical switch. Using the controller, the technology has a full view of every component and node on the virtual network and can direct individual data flows along with linked network services. The switch and controller software can institute cluster-level network configurations across many servers, eliminating the need to separately configure the network for each VM and physical machine. The switch also enablesVLAN trunking, visibility via NetFlow, sFlow and RSPAN. The technology, which supports

1 8 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

XenServer, Virtual Box, KVM environments, was largely initiated by Nicira Networks, which has since been acquired by VMware. VMware maintains that it will continue Niciras support of Open vSwitch. IBM, Big Switch and NEC have also launched virtual switching technology that uses SDN with centralized controllers to gain a broader view of both physical and virtual resources, as well as to provision network segments on demand. In these strategies, an OpenFlow controller manages flows within the overlay network, but also communicates out to the physical network. IBM offers the Distributed Virtual Switch 5000v, which lives on a VMware hypervisor and creates tunnels between endpoints across the underlying network

infrastructure. IBM has its own virtual network overlay strategy, using distributed virtual switches deployed on hypervisor hosts to create tunnels between endpoints across the underlying network infrastructure. NECs ProgrammableFlow 1000 vswitch, which works in a Microsoft environment, also combines an OpenFlow controller and virtual switches. Together, the technology maps all of the VMs and enables network provisioning for migration, making sure QoS and ACL policy can be applied throughout. Similarly, BigSwitchs Big Virtual Switch, works with the Big Network Controller, to gain a view of the entire virtual and physical network and to provision network segments on demand, applying and managing forwarding policy across virtual and physical environments.

1 9 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

this is all transparent to the hardware side, he said.

Virtual Switching In Action


Many companies have made headway in integrating physical and virtual infrastructure. Heres how. vSphere Meets Cisco Discovery Protocol: Not every company is ready to move to full SDN or network virtualization, but there are plenty of measures to take to be sure the virtual and physical worlds are communicating. Cloud provider Iland, which is primarily a Cisco switch and router shop, takes advantage of VMwares integration of the Cisco Discovery Protocol (CDP) Messaging System into its VMware virtual switches. When a network team member adds network components, creates a VLAN on a physical switch, or works with MAC addresses, the CDP Messaging System integration makes these things clear, said Ilands Giardina. When we bring up a VM, whether we need to make sure it follows an IP address policy or a port security policy or a VLAN policy,

Engineers trained on Cisco hardware can easily apply what they know to the virtualization stack and they can use this communication to apply virtual network components and services to network segments. In the past, we had to deal with multiple firewalls and multiple routers for each customer. VMware enables us to spin up iterations of its virtual firewall called the vShield Edge [a part of vCloud Networking and Security] and still have transparency at the network layer to administer everything. And now we dont have to provision that extra hardware, Giardina said. This creates savings in time, CAPEX, person hours, and training. We can virtualize everything and the only cost is the monthly recurring cost to run the existing gear, Giardina said. Rackforce Uses Cisco Nexus 1000v: For Rackforce, a provider of data center services, Ciscos Nexus 1000v virtual
(Sidebar continues on page 21)

2 0 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

(Sidebar continued from page 20)

to see each VM and the amount of traffic it is using, and to look at the flows and where the traffic is going, said Skrinnikoff. This enables end-to-end QoS and policy enforcement. With the Cisco Nexus 1000v, an engineer can integrate existing provisioning engines, script the network deployments, and have a single consistent network configuration from the virtual to the physical, Skrinnikoff explains. Rackforces existing virtual networking topology uses Layer 2 isolation in which VLANs segment traffic in isolated, secure environments for each tenants traffic. We have hundreds to thousands of VLANs running to each of our cloud infrastructures. We broke it out into multiple clouds. We are in the process of deploying a VXLAN overlay using vCloud Director, said Skrinnikoff. This will ease scaling for Rackforces virtual network. VXLAN is simple to integrate, easy to implement, and is the most widely supported by the switch vendors we use, said Skrinnikoff. The Cisco Nexus 1000v supports VXLAN. n

switch met challenges to integrating the virtual edge. First, all of Rackforces equipment is dual-homed, using multiple upstream switch fabrics. Rackforce uses IBM blade centers and Cisco UCS chassis with dual home switching, using fabric A and fabric B. VMware did not support two fabrics in an active-active mode when Rackforce was looking for a vswitch solution. The only way to do that was using the Cisco Nexus 1000v with MAC pinning, said Denis Skrinnikoff, director of network at Rackforce, a Cisco customer. This created an active-active port channel to different fabrics without having to rely on the LACP or VPC protocols that were typically used to do multi-chassis link aggregation, but that Cisco UCS and IBM blade center did not support. The second challenge for Rackforce was policy enforcement. Using the Cisco Nexus 1000v, we identify and observe the traffic to each VM. I can use SNMP from the virtual switch and integrate my existing monitoring tools

2 1 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

The Big Virtual Switch integrates or communicates at the virtual edge with any physical switch from one of Big Switchs vendor partners, allowing for policy to stretch across physical and virtual networks. Big Switch is promoting its Big Virtual Switch as a solution that integrates the virtual edge without undoing the physical network beneath. Some of the more siloed solutions that are focused on network virtualization only, rather than SDN, leave you an environment where the work of building the virtual networks can undo the network

engineering underneath, said Dan Hersey, a network virtualization product manager at Big Switch. Overlay strategies in which the controller doesnt talk to the physical network can lead to network conflicts, along with complexities in debugging and troubleshooting, he said. These overlay networks require software gateways and processing servers that cannot be configured without duplicating the underlying physical network control plane configuration. This leads to increased costs and troubleshooting complexity, Hersey said. n

2 2 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Overlay Networks

Vendors VMware, Big Switch, Cisco, and others are working to come up with the winning overlay approach to creating virtual network abstractions.
The network must virtualize, and overlay networks may be the best path available. The demand for network virtualization is prompted by the cloud provider communitys quest for a new way to manage, orchestrate and automate network management. Traditional networks just cant keep pace with the clouds requirements for agility, flexibility and manageability. In an effort to evolve, the networking industry is virtualizing networks to give them properties similar to server virtualization.

Overlays May Be the Best Path Forward for Networking


BY SALLY JOHNSON

2 3 SDN GETS REAL

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

This network virtualization involves networks being decoupled from hardware, with the flexibility of virtualization and quick provisioning speeds. One way to decouple networks is to create a virtual network abstraction. Just like server virtualization provided a virtual machine abstraction from x86 hardware, networks can provide virtual network abstractions with the same properties and operational simplicity. How can you create virtual network abstractions? This is where overlay networks come into play.

Role of Overlays in Network Virtualization An overlay is essentially a software construct that lives around the edges of a

physical network. Typically this overlay consists of virtual switches that reside on the virtualized servers connected to the edges of a data center network. The overlay network relies on a network control plane to handle virtual switching on the server hosts, much like a physical network does. Depending on the vendor, these control planes can use traditional network protocols, or they can rely on a software-defined networking (SDN) controller. Network operators can decouple networks from the physical infrastructure with overlay networks by introducing a new addressing layer. If you use overlays to do network virtualization, when a virtual machine (VM) sends a packet, this packet lives in an address space thats totally virtual, explained Martin Casado, Nicira co-founder and now

2 4 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

VMwares chief architect for networking. But the overlay adds a header to the outside of the packet, and thats in the physical world. So if you look at the packet on the wire, it has a virtual address space on the inside and the physical address space on the outside. This enables virtual networks to have different service properties than the physical networks. Using a very simple L3 fabric, I can build a complex L2, L3, with access control lists (ACLs), virtual network. And this, in turn, makes it possible to use simple-to-manage physical hardware to reimplement much of networking in software at the edge, said Casado. Overlay networks arent new. Wireless local area networks (LANs) have long existed as overlays on campus networks. And virtual private networks (VPNs) establish

overlays on wide area networks (WANs). The new part is bringing the overlay to the entire network and into the data center networkat scale and without adding complexity to the overall deployment, said Andrew Harding, senior director of product marketing at Big Switch Networks. This delivers not only dramatic cost effectiveness, but also dramatic improvement in managing, deploying and maintaining a data center network. For overlays to be successful, engineers need to focus on the big picture. The advent of tunneling protocols like VXLAN, NVGRE and STT has led many people to focus too heavily on protocols rather than architecture. Tunneling protocols are just mechanisms, but providing the overlay and the overall virtualization are the important

2 5 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

parts of the story, according to Brad Casemore, IDC research director of Datacenter Networks. In the long run, the industry will support whichever tunneling protocol makes the most sensepossibly even all of them. The bigger story is what overlays are capable of doing and how this supports network virtualization.

A Look at the Main Overlay Approaches Vendors including VMware, Big Switch, Midokura, IBM and Cisco are all developing overlay network technologies. Heres a look at the vendors whose overlay products have been on the market longest: VMwareNicira, Big Switch, and Cisco. SDN vendors are offering controller-based network overlays, in which a

controller tells vswitches what to do via tunneling protocols. Cisco and some others are using a more old-school approach with a virtual switchthe Nexus 1000vthat operates like one of its physical switches and replaces the native virtual switches embedded in software from VMware. One of the most significant differences in approaches is the degree to which its considered a software-only solution or is a solution that involves a hardware element, noted Casemore.
VMwares Nicira Network Virtual-

ization Platform. Last year, VMware acquired Nicira and its Network Virtualization Platform (NVP) software solution, which can create an intelligent abstraction layer between virtualized hosts and an existing physical network. NVP is managed by

2 6 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

a distributed controller system. Just like VMware created virtual machines, our focus now is on creating virtual networks that are fairly completewith L2, L3 and ACLsand work just like physical networks, so you can have tens and thousands of isolated virtual networks at scale, said Casado. NVP reduces provisioning time, one of the most immediate problems in virtualized data centers. Rather than taking seven days, it now takes 30 seconds to provision a network, said Casado. And were solving isolation issues and moWere solving immediate bility issues. Were solving customer pain points. immediate customer pain Martin Casado, points, and then well tochief architect for tally change the paradigm. networking, VMware Next up: new methods of

debugging and security. Well come up with new methods of operational flexibility that we cant even imagine today. During the next three to four years, well see networking move into areas we cant even fathom today.
Big Switchs Big Virtual Switch. Big

Switchs Big Virtual Switch is an OpenFlow-based network virtualization application that runs at the top of the companys SDN stack where the northbound API is located. Our Big Network Controller, which is based on the open source Floodlight Project, is in the middle of the stack and ties together the physical and virtual networks and makes it simple to deploy SDN. Beneath that, we interface to physical switches through OpenFlow, said Harding.

2 7 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

Big Switch dynamically segments the network into tenant or user networks, through virtual network segments (VNS) that can support a spectrum of topologies and use cases within a data centerfrom a pure overlay, a kind of tunnel-only network, to a pure OpenFlow one with physical switches. A pure overlay works in environments with a legacy physical network and OpenFlow-enabled on the virtual switches only, said Harding. In a pure OpenFlow environment, which is likely in a new data center deployment or a build-out for a specific application, it has The Nexus 1000v relies on all the benefits of physitraditional network protocols cal switchesessentially for its control plane. hardware acceleration of the network that can work

with virtual switches. Along this virtual spectrum, we also support hybrid network virtualization, which is required to integrate physical firewalls and physical application delivery controllers.
Ciscos Nexus 1000v. Cisco has adopted

an open approach toward network virtualization and its cloud strategy by providing customers with a choice of hypervisor and orchestration stacks, according to Prashant Gandhi, director of Ciscos Data Center Group. The Nexus 1000v is a virtual switch designed to function much like its physical switch counterparts in Ciscos Nexus series of data center switches. Like those physical switches, the Nexus 1000v relies on traditional network protocols for its control plane. It also relies on the VXLAN

2 8 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

EDITORS DESK

HYBRID CLOUD NETWORKING FALLS SHORT, BUT NOT FOR LONG

INTEGRATING PHYSICAL AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH FORWARD FOR NETWORKING

protocol for added scalability, with the ability to build bare metal workloads and physical services through VXLAN-VLAN functionality. Ciscos switch has a modular architecture, with a Virtual Supervisor Module (VSM) controlling the behavior of multiple Virtual Ethernet Modules (VEMs). The architecture is similar to a physical modular switch. Unlike Big Switch and Nicira, Cisco recommends a hardware element for the Nexus 1000v. While the VEMs are embedded on individual hypervisor hosts, Cisco advocates running the VSM on the Nexus 1010 Virtual Services Appliance for scalability and performance. Our Nexus 1000v secure multi-tenant

solution supports customers using many different solutions: VMware ESX, Microsoft HyperV, Citrix Xen, and KVM. It also integrates with many orchestration platforms, including open source OpenStack, CloudStack, VMware vCloud Director and Microsofts SVCMM platforms, Gandhi said. Moving forward, exactly how all of the vendors differentiate themselves from each other will come into clearer focus. Not just from a subjective standpoint, but also qualitatively in terms of what theyre offering, how theyre offering it, and how theyre positioning it. Many of the vendor strategies are in flux right now, Casemore said. n

2 9 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3

ABOUT THE AUTHORS

RIVKA GEWIRTZ LITTLE is the executive edi-

tor for TechTargets Networking Media.

SHAMUS MCGILLICUDDY is the director of

news and features for TechTarget Networking Media.


DAVID GEER writes about security and

Network Evolution is a SearchNetworking.com e-publication.


Kate Gerwig, Editorial Director Kara Gattine, Senior Managing Editor Rivka Gewirtz Little, Executive Editor Shamus McGillicuddy, News Director Sally Johnson, Feature Writer Rachel Shuster, Associate Managing Editor Linda Koury, Director of Online Design Neva Maniscalco, Graphic Designer Doug Olender, Vice President/Group Publisher

enterprise technology for international trade and business publications.


SALLY JOHNSON is the feature writer for

TechTarget Networking Media.

dolender@techtarget.com

@
WEBSITE Visit us E-MAIL Contact us TWITTER Follow us TechTarget, 275 Grove Street, Newton, MA 02466
2013 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher. TechTarget reprints are available through The YGS Group. About TechTarget: TechTarget publishes media for information technology professionals. More than 100 focused websites enable quick access to a deep store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice. At IT Knowledge Exchange, our social community, you can get advice and share solutions with peers and experts.

3 0 N E T W O R K E V O L U T I O N, A P R I L 2 0 1 3