SlideShare a Scribd company logo

Cloud Networking is not Virtual Networking - London VMUG 20130425

Greg Ferro
Greg Ferro

The document discusses the distinction between cloud networking and traditional virtual networking, emphasizing that cloud networking utilizes software-defined solutions rather than hardware-centric models. It critiques the challenges of current networking practices such as high complexities, single points of failure, and inadequate automation, while advocating for a shift to software-defined networking (SDN), which enhances automation and control. Additionally, it highlights the need for collaboration between server and network teams as both areas converge through cloud technologies.

Technology
1 of 53
Downloaded 78 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
PacketPushers.net Cloud Networking is NOT Virtual Networking
PacketPushers.Net About Me •Host of Packet Pushers Podcast PacketPushers.net •“Cloud Plumber” at Canopy Cloud Cloud Network Architect, Office of CTO ( Division of Atos ) •Blog - EtherealMind.com •NetworkComputing.com (http:// networkcomputing.com/blogs/author/Greg-Ferro) 2
PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking is not Virtual Networking •Cloud Network Services •Where is SDN ? 3
PacketPushers.Net 4 Internet Not where servers are Security Thingies Wotsits "THE LAN" Servers Active Directory File SQLMailProvisioning MAGIC STUFF Friendly)Gnomes Dark Spirits Server Admins See...
PacketPushers.Net 5 Network Admins see .... ISP2 ISP1 Firewall Access Layer Load Bal WANB2B A SERVER WAAS /Cache IPS/IDS
PacketPushers.Net Networking is in my way •The Network is SINGLE SYSTEM •every element is interconnected to another in the LAN or WAN or both •Rebooting a device might/could take down the whole network •If rebooting or reconfiguring a server could cause the entire DC to fail, what would your job look like ? 6
PacketPushers.Net Data Centres != Universe • I’d like to remind VMware executives that network is bigger than VMware ....... • “vCDNI means that you never have to talk to the network guy ever again” VMworld 2010 (faceless butthead) • “Meanwhile, through all of the advances in server virtualization and cloud computing, networking has remained stuck in the past.” - Hatem Naguib, Vice President, Networking & Security - Mar 13, 2013 • Servers connect to Clients • Network is a platform. • VMware is just one “network app”. • take some time to look down the service chain instead of up your own arse 7
PacketPushers.Net Data Centres != Universe 8 Internet Campus LAN Remote Access The WAN Wireless Data Centre Firewalls Servers storage DC NETWORK Cabling VMware Network Security IP Voice This is you
PacketPushers.Net What a Server Does •Servers are Packet Generators •In SDN, Servers are FLOW Generators 9
PacketPushers.Net Impact Pyramid 10 Power, Physical Hosts Users Connectivity Applications Data Centre Network Servers, Storage, VMware Apps Impact Pyramid • Which failure class causes the greatest impact ? • A user ? • One server ? • A VMware cluster ? • A storage array ? • A Network ? • A Data Centre
PacketPushers.Net Networking is in my way •Because networks are good enough, the budget gets there last. •Wasted investments like patching, virus scan & updates. Networking doesn't have those problems at the same scale. •Servers were so far behind. •Custom silicon takes 3-5 years from concept to delivery. •Too expensive - 5 years depreciation cycle 11
PacketPushers.Net Rant Over Infrastructure As A Team 12
PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking IS NOT Virtual Networking •Cloud Network Services •Where is SDN ? 13
PacketPushers.Net Virtual Networking is OLD • Virtual LANs in 1996 • Virtual Routing in 2002/3 (MPLS) • Virtual Network Appliances (firewalls, load balancers) in 2007/8 • “Lets do it again” say bitter, cynical networking voices of experience • Virtual Networking is OLD networking 14
PacketPushers.Net 15 Virtual Problems •Four problems of Virtual Networking ‣ CapEx for all physical appliances ‣ Single points of redundant failure - software in coherent system ‣ No API / poor configurability ‣ Individual autonomous elements ( no vCenter, SCVMM/SCOM equivalent)
PacketPushers.Net Virtual Networking 1 - CapEx 16 • Initial Large CapEx for Data Centre Network • Sporadic Upgrades (usually in response to problems) Time CapitalExpenditure Network Install Port Capacity Network Upgrade Server Upgrades Server Upgrades Server Upgrades CapEx Waste
PacketPushers.Net SVR WAN RTR Internet RTR FWL FWL SVR SVR SVR SVR SVRSVR Stateful HA Active/Standby WANInternet LoadBal LoadBal Stateful HA Virtual Networking 2 - Failure Modes •Single points of Complex failure •Why have only one pair of firewalls ‣ routing, cost, power users ‣ Only one or two critical services need HA •HA systems are inherently risky & shared fate systems. ‣ Active/Standby firewall •HA in vertical scale system = $$$$$’s 17
PacketPushers.Net Virtual Networking 3 - Configuration • Manual Configuration • All devices are configured using “power tools” • Every engineer is a “power user” • Why have an API ? Substandard & lack vendor commitment • Restricts number of devices (requires power users) • A serious networking problem..... 18
PacketPushers.Net Virtual Networking 4 - Autonomy •Individual autonomous elements •Central control neither desirable or relevant ie vCenter, SCVMM/SCOPs is risky system. •Resilient & Distributed Systems like the Internet work well. •Data Centres are NOT distributed. 19
PacketPushers.Net VBLOCK UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx VNX MDS MDS UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx Ethernet CoreEthernet Core NX7K Core Context NX7K Core Context LoadBal UCS6200 UCS6200 LoadBal NX7K Aggr Context NX7K Aggr Context ASA Firewall ASA Context ASA Context ASA Firewall ASA Context ASA Context MPLS/WANInternet VMDC Design Template v2.1 - Cisco CVD NX5K NX5K NX5K NX5K DMZ SvrDMZ SvrDMZ Svr DMZ SvrDMZ Svr Complex, Insecure •Traffic loops to physical devices •Insecure (VLANs, Routing) •Advanced networking skills for dumb results •Chained failure domains 20
PacketPushers.Net Many Moving Parts 21 Cisco UCS B-Series Blade/ C-Series Rack Server vPC Passthrough Switching (PTS) Operating System - vSphere Ethernet dNIC FEX2100 FEX2100 Ethernet dNIC FC dHBA FC dHBA FI6100 FI 6100 Palo/VIC Software CNA Software pNIC Software pNIC Software pHBA Software pHBA Ethernet dNIC Ethernet dNIC FC dHBA FC dHBA Nexus Switch Nexus Switch Fabric Sync vPC Link Connection Pinning Connection Pinning Connection Pinning Ethernet dNIC FC dHBAmore Could be PortChannel •Takes a long time to understand this complexity. •Automation / Software solves the problem
PacketPushers.Net 22 Virtual Networking - Strengths •performance, scale •no centralised points of control (failure domain) •distributed, self healing, eventual consistency •20 year proven system, widespread knowledge & expertise
PacketPushers.Net Define Cloud Networking Cloud Networking is: •Network Devices as Software •Don’t buy hardware. Install software. •Deploy many small instances (horizontal) instead of one big one (vertical) 23
PacketPushers.Net Cloud Networking • Build Network Services with Applications • Instead of a firewall deploy a Web Service. • Instead of A Load balancer install the “Sharepoint Load Balancer”. • One network per service is a huge change in network practice 24
PacketPushers.Net Cloud Pro & Con’s • Use 20 small network devices than instead of 1 pair of physical devices • Distribute complexity, reduce failure • simpler configuration -> easier operation -> better fault tracing • More complex network design • You MUST deploy / build automation & monitoring to manage many devices. 25
PacketPushers.Net SVR MPLS/WAN RTR Internet RTR FWL FWL SVR SVR SVR SVR SVRSVR DC Design Today 26
PacketPushers.Net MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services VMware vCloud Everything a VM Cloud Networking 27
PacketPushers.Net Awesome? 28
PacketPushers.Net MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services Cloud Networking Design Problems •Network Appliances close to server/application •What about routing ? •What about server-to- server communication ? •Better Security. •Business control over applications, developers & business units 29
PacketPushers.Net Complexity •Complex Design is a good tradeoff for Better DevOps •Complexity can be solved with AUTOMATION 30
PacketPushers.Net Cloud Networking looks like...... •VMware vCloud •vApps •vCNS 31
PacketPushers.Net Cloud Networking Gotchas • network is subject to hugely bursty traffic and loads • No one knows what sort of load / bandwidth / packet per second / concurrent flows the application needs. • Hypervisor VMs are SLOW and LATENT compared to custom silicon • Cascading failure in congestion events 32
PacketPushers.Net Gotchas - Hardware Huggers •networking is ‘addicted’ on hardware ( network hugging has a practical basis e.g. cabling, WAN, path analysis ) •hardware is needed but software more important. •merchant silicon will change networking, especially in low end, but unlikely to commoditise in same way as servers 33
PacketPushers.Net Gotchas - Vendors • vendors commit hundreds of millions to design and manufacture of silicon on multi-year cycles • Software undermines existing vendor strategies • Firewalls: Palo Alto PanOS, Cisco ASA , Juniper SRX. Load Balancers: F5 TMOS, Citrix NetScaler. (consider Riverbed Stingray) • Pricing is not aligned to requirement ‣ i.e. software pricing equivalent to hardware price ‣ assumes one for one replacement 34
PacketPushers.Net Gotchas - HA •You still need TWO appliances for HA ‣ but most applications are not HA •LB’s, Firewalls, Routers are always HA because they are critical ‣ are they critical because one big unit in a single location 35
PacketPushers.Net Gotchas - Server Teams • distributed software devices means spreading load and configuration. • Also mean more complexity. • You must control “application sprawl” to maintain network integrity in switching & routing • Server / VM teams MUST learn some Cloud Networking / Network teams MUST learn some Cloud Server 36 MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services
PacketPushers.Net And so to SDN •Devices like vCNS Shield, Edge and App are (relatively) feature simple. •But might be Good Enough™ •If you follow the previous points you will realise that you need much better networking .... 37
PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking is not Virtual Networking •Cloud Network Services •Where is SDN ? 38
PacketPushers.Net Define SDN •Primary: Software configured networking •Automated deployment •Automated change •Let the VM/Server do it’s own networking. 39
PacketPushers.Net Any Changes ? •Networking in still Networking •Servers are still Servers •SDN moves most networking into the “vSwitch” •The Network Guy will control it •You will need networking skills to SDN 40
PacketPushers.Net Pre-Virtual Networking 41 SWSW SW SW SW SW SW SW SW SW Sw SW Core Distribution Access
Physical Network 42
SDN Network 43
SDN Network 44 Network Agent vServer vServer vServer vServer vServer vServer Network Agent vServer vServer vServer vServer vServer vServer Network Agent vServer vServer vServer vServer vServer vServer Tunnel Fabric Flow Forwarding Ethernet/IP LAN Fabric VXLAN
PacketPushers.Net vSwitch SDN (Today) 45 •vSwitch becomes an active network “agent” instead of a patch panel •Flows not Packets •Routing and Switching •Load Balancing •Edge Security
PacketPushers.Net Controller Networks 46 East West LAN Switches Network SDN Controller OpenFlow
Controller Networking 47 East West LAN Switches Network SDN Controller OpenFlow Quantum/OpenStack Configuration Controller Orchestration Controller Northbound SDN Northbound SDN Southbound SDN North/South LA
PacketPushers.Net SDCC 48 • Cannot “software” a physical network but you can program a “software” network • Network Agents move complexity to the edge • Ubiquitous Network Services increases the overall network usefulness • Vastly improved security • Options for networking multiple clouds and bare metal servers
PacketPushers.Net SDN Vendors •Real Products ‣ BigSwitch Networks ‣ NEC ‣ Midokura ‣ VMware/Nicira •“Shipping” ‣ Nuage Networks (Alcatel/Lucent) ‣ Contrail (Juniper) ‣ VMware/Nicira •Still Working on It ‣ Cisco (multi-product, multi-strategy) 49
PacketPushers.Net My views on VMware NSX • NSX delivers SDN strategy • Works for Enterprise AND Service Providers • NSX is solution for KVM. Hyper-V & bare metal future. • NSX appears “software only” - expect network vendors to offer integrated solutions 50
PacketPushers.Net SDN Reality • Unproven. Beta - 2013. Major Release 2014. • Enterprise will find it hard to value (ITIL / ITSM disconnect) • vSphere vs vCloud = Virtual vs Cloud Networking • Server / Networking duty merge • Rewiring of team & technical disciplines • ITIL & ITSM Change management overhaul 51
PacketPushers.Net SDN Closeout •SDN delivers business outcomes •SDN means MORE networking not less •Servers <-> Networks will be tightly integrated as a technology and team structure will reflect that - “IaaT” • 52
PacketPushers.Net About Me •Host of Packet Pushers Podcast PacketPushers.net •“Cloud Plumber” at Canopy Cloud Cloud Network Architect, Office of CTO ( Division of Atos ) •Blog - EtherealMind.com •NetworkComputing.com (http:// networkcomputing.com/blogs/author/Greg-Ferro) 53

More Related Content

What's hot (20)

PDF
Hybrid Cloud Enablement Technologies
hybrid cloud
 
PDF
Presentation cloud orchestration
xKinAnx
 
PDF
OpenStack Scale-out Networking Architecture
Randy Bias
 
PDF
SDN Service Provider use cases Network Function Virtualization (NFV)
Brent Salisbury
 
PDF
Application Delivery Platform Towards Edge Computing - Bukhary Ikhwan
OpenNebula Project
 
PDF
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
PPTX
CloudStack Architecture
CloudStack - Open Source Cloud Computing Project
 
PDF
The evolution of data center network fabrics
Cisco Canada
 
PPTX
Introduction to CloudStack Networking
ShapeBlue
 
PDF
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld
 
PPTX
Designing CloudStack Clouds
ShapeBlue
 
PDF
Cloud Computing Architecture with Open Nebula - HPC Cloud Use Cases - NASA A...
Ignacio M. Llorente
 
PPTX
VMUGbe 21 Filip Verloy
Filip Verloy
 
PPTX
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
CloudStack - Open Source Cloud Computing Project
 
PDF
An Introduction to VMware NSX
Scott Lowe
 
PDF
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
PDF
Opening Up Your Network with SDN
Open Networking Summits
 
PPTX
CloudStack Overview
sedukull
 
PPTX
Network Virtualization Architectural & Technological aspects
deshpandeamrut
 
PDF
StarlingX - Project Onboarding
Shuquan Huang
 
Hybrid Cloud Enablement Technologies
hybrid cloud
 
Presentation cloud orchestration
xKinAnx
 
OpenStack Scale-out Networking Architecture
Randy Bias
 
SDN Service Provider use cases Network Function Virtualization (NFV)
Brent Salisbury
 
Application Delivery Platform Towards Edge Computing - Bukhary Ikhwan
OpenNebula Project
 
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
CloudStack Architecture
CloudStack - Open Source Cloud Computing Project
 
The evolution of data center network fabrics
Cisco Canada
 
Introduction to CloudStack Networking
ShapeBlue
 
VMworld 2013: Real-world Deployment Scenarios for VMware NSX
VMworld
 
Designing CloudStack Clouds
ShapeBlue
 
Cloud Computing Architecture with Open Nebula - HPC Cloud Use Cases - NASA A...
Ignacio M. Llorente
 
VMUGbe 21 Filip Verloy
Filip Verloy
 
Introduction to CloudStack: How to Deploy and Manage Infrastructure-as-a-Serv...
CloudStack - Open Source Cloud Computing Project
 
An Introduction to VMware NSX
Scott Lowe
 
VMware NSX for vSphere - Intro and use cases
Angel Villar Garea
 
Opening Up Your Network with SDN
Open Networking Summits
 
CloudStack Overview
sedukull
 
Network Virtualization Architectural & Technological aspects
deshpandeamrut
 
StarlingX - Project Onboarding
Shuquan Huang
 

Viewers also liked (20)

PDF
The Future of Cloud Networking is VMware NSX
Scott Lowe
 
PPTX
Networking in cloud computing
Barani Tharan
 
PPTX
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
RightScale
 
PDF
Software Defined Networking (SDN) with VMware NSX
Zivaro Inc
 
PPTX
IaaS with Software Defined Networking
Prasenjit Sarkar
 
PDF
Locaweb cloud and sdn
Gleicon Moraes
 
PPTX
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
Mirantis
 
PPTX
ODCA infrastructure as-a-service Framework & Usage Scenarios
Open Data Center Alliance
 
PDF
Comparing Cloud-Based Infrastructure Services
CDW
 
PDF
Tutorial on SDN and OpenFlow
Kingston Smiler
 
PPTX
VMworld 2015: VMware NSX Deep Dive
VMworld
 
PDF
Network Virtualization with VMware NSX
Scott Lowe
 
PPTX
What Does It Cost to Build a Data Center? (SlideShare)
SP Home Run Inc.
 
PDF
CLOUD RAN- Benefits of Centralization and Virtualization
Aricent
 
PDF
Cloud RAN fronthaul
ssk
 
PPTX
Software Engineering unit 4
Abhimanyu Mishra
 
PDF
Network: Synchronization: IEEE1588's Future in Computing and the Data Center
Michelle Holley
 
PPT
Simplifying Data Center Design/ Build
Schneider Electric
 
PDF
Enterprise data center design and methodology
Carlos León Araujo
 
PPTX
Data Center Trends 2014
Belden Inc
 
The Future of Cloud Networking is VMware NSX
Scott Lowe
 
Networking in cloud computing
Barani Tharan
 
Understanding Virtual Networking in the Cloud - RightScale Compute 2013
RightScale
 
Software Defined Networking (SDN) with VMware NSX
Zivaro Inc
 
IaaS with Software Defined Networking
Prasenjit Sarkar
 
Locaweb cloud and sdn
Gleicon Moraes
 
aCloud Services Architecture - Harshal Pimpalkhute, Sr. Prod. Mktg. Mgr., A1...
Mirantis
 
ODCA infrastructure as-a-service Framework & Usage Scenarios
Open Data Center Alliance
 
Comparing Cloud-Based Infrastructure Services
CDW
 
Tutorial on SDN and OpenFlow
Kingston Smiler
 
VMworld 2015: VMware NSX Deep Dive
VMworld
 
Network Virtualization with VMware NSX
Scott Lowe
 
What Does It Cost to Build a Data Center? (SlideShare)
SP Home Run Inc.
 
CLOUD RAN- Benefits of Centralization and Virtualization
Aricent
 
Cloud RAN fronthaul
ssk
 
Software Engineering unit 4
Abhimanyu Mishra
 
Network: Synchronization: IEEE1588's Future in Computing and the Data Center
Michelle Holley
 
Simplifying Data Center Design/ Build
Schneider Electric
 
Enterprise data center design and methodology
Carlos León Araujo
 
Data Center Trends 2014
Belden Inc
 
Ad

Similar to Cloud Networking is not Virtual Networking - London VMUG 20130425 (20)

PDF
The Impact of Cloud
Juniper Networks
 
PPTX
Raga_SDN_NSX_1
Ranjith Kumar
 
PDF
New Networking Technology Survey & Analysis
IT Brand Pulse
 
PDF
From SDN to Cloud Networking
Juniper Networks
 
PPTX
Icccn 1.0
Gary Berger
 
PDF
10 sdn-vir-6up
Sachin Siddappa
 
PDF
infraxstructure: Emil Gągała "Ludzie, procesy, technika – czy wirtualizacja ...
PROIDEA
 
PDF
2015 Ethernet Buyer Behavior
IT Brand Pulse
 
PPTX
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Dan Mihai Dumitriu
 
PDF
Introduction to Software Defined WANs
APNIC
 
PDF
ACM-CTO-Roundtable
Surendra Reddy
 
DOCX
Akash rajguru project report sem VI
Akash Rajguru
 
PDF
SDN Network World Nuage Networks
Patricia Dugan
 
PPTX
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
ADVA
 
PDF
OVNC 2015-Software-Defined Networking: Where Are We Today?
NAIM Networks, Inc.
 
PDF
Net1674 final emea
VMworld
 
PPTX
Demystifying Networking: Data Center Networking Trends 2017
Cumulus Networks
 
PDF
Sdn primer pdf
Pooja Patel
 
PDF
Envisioning the Network Cloud
APNIC
 
PDF
Cloudstack collaboration conference Europe - SDN and Devops
John Willis
 
The Impact of Cloud
Juniper Networks
 
Raga_SDN_NSX_1
Ranjith Kumar
 
New Networking Technology Survey & Analysis
IT Brand Pulse
 
From SDN to Cloud Networking
Juniper Networks
 
Icccn 1.0
Gary Berger
 
10 sdn-vir-6up
Sachin Siddappa
 
infraxstructure: Emil Gągała "Ludzie, procesy, technika – czy wirtualizacja ...
PROIDEA
 
2015 Ethernet Buyer Behavior
IT Brand Pulse
 
Midokura OpenStack Day Korea Talk: MidoNet Open Source Network Virtualization...
Dan Mihai Dumitriu
 
Introduction to Software Defined WANs
APNIC
 
ACM-CTO-Roundtable
Surendra Reddy
 
Akash rajguru project report sem VI
Akash Rajguru
 
SDN Network World Nuage Networks
Patricia Dugan
 
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
ADVA
 
OVNC 2015-Software-Defined Networking: Where Are We Today?
NAIM Networks, Inc.
 
Net1674 final emea
VMworld
 
Demystifying Networking: Data Center Networking Trends 2017
Cumulus Networks
 
Sdn primer pdf
Pooja Patel
 
Envisioning the Network Cloud
APNIC
 
Cloudstack collaboration conference Europe - SDN and Devops
John Willis
 
Ad

Recently uploaded (20)

PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
PDF
Peak of Data & AI Encore AI-Enhanced Workflows for the Real World
Safe Software
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
PDF
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
PPTX
Digital Circuits, important subject in CS
contactparinay1
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
MuleSoft MCP Support (Model Context Protocol) and Use Case Demo
shyamraj55
 
Peak of Data & AI Encore AI-Enhanced Workflows for the Real World
Safe Software
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
UPDF - AI PDF Editor & Converter Key Features
DealFuel
 
UiPath DevConnect 2025: Agentic Automation Community User Group Meeting
DianaGray10
 
Digital Circuits, important subject in CS
contactparinay1
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
“Computer Vision at Sea: Automated Fish Tracking for Sustainable Fishing,” a ...
Edge AI and Vision Alliance
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
Transforming Utility Networks: Large-scale Data Migrations with FME
Safe Software
 

Cloud Networking is not Virtual Networking - London VMUG 20130425

  • 2. PacketPushers.Net About Me •Host of Packet Pushers Podcast PacketPushers.net •“Cloud Plumber” at Canopy Cloud Cloud Network Architect, Office of CTO ( Division of Atos ) •Blog - EtherealMind.com •NetworkComputing.com (http:// networkcomputing.com/blogs/author/Greg-Ferro) 2
  • 3. PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking is not Virtual Networking •Cloud Network Services •Where is SDN ? 3
  • 4. PacketPushers.Net 4 Internet Not where servers are Security Thingies Wotsits "THE LAN" Servers Active Directory File SQLMailProvisioning MAGIC STUFF Friendly)Gnomes Dark Spirits Server Admins See...
  • 5. PacketPushers.Net 5 Network Admins see .... ISP2 ISP1 Firewall Access Layer Load Bal WANB2B A SERVER WAAS /Cache IPS/IDS
  • 6. PacketPushers.Net Networking is in my way •The Network is SINGLE SYSTEM •every element is interconnected to another in the LAN or WAN or both •Rebooting a device might/could take down the whole network •If rebooting or reconfiguring a server could cause the entire DC to fail, what would your job look like ? 6
  • 7. PacketPushers.Net Data Centres != Universe • I’d like to remind VMware executives that network is bigger than VMware ....... • “vCDNI means that you never have to talk to the network guy ever again” VMworld 2010 (faceless butthead) • “Meanwhile, through all of the advances in server virtualization and cloud computing, networking has remained stuck in the past.” - Hatem Naguib, Vice President, Networking & Security - Mar 13, 2013 • Servers connect to Clients • Network is a platform. • VMware is just one “network app”. • take some time to look down the service chain instead of up your own arse 7
  • 8. PacketPushers.Net Data Centres != Universe 8 Internet Campus LAN Remote Access The WAN Wireless Data Centre Firewalls Servers storage DC NETWORK Cabling VMware Network Security IP Voice This is you
  • 9. PacketPushers.Net What a Server Does •Servers are Packet Generators •In SDN, Servers are FLOW Generators 9
  • 10. PacketPushers.Net Impact Pyramid 10 Power, Physical Hosts Users Connectivity Applications Data Centre Network Servers, Storage, VMware Apps Impact Pyramid • Which failure class causes the greatest impact ? • A user ? • One server ? • A VMware cluster ? • A storage array ? • A Network ? • A Data Centre
  • 11. PacketPushers.Net Networking is in my way •Because networks are good enough, the budget gets there last. •Wasted investments like patching, virus scan & updates. Networking doesn't have those problems at the same scale. •Servers were so far behind. •Custom silicon takes 3-5 years from concept to delivery. •Too expensive - 5 years depreciation cycle 11
  • 13. PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking IS NOT Virtual Networking •Cloud Network Services •Where is SDN ? 13
  • 14. PacketPushers.Net Virtual Networking is OLD • Virtual LANs in 1996 • Virtual Routing in 2002/3 (MPLS) • Virtual Network Appliances (firewalls, load balancers) in 2007/8 • “Lets do it again” say bitter, cynical networking voices of experience • Virtual Networking is OLD networking 14
  • 15. PacketPushers.Net 15 Virtual Problems •Four problems of Virtual Networking ‣ CapEx for all physical appliances ‣ Single points of redundant failure - software in coherent system ‣ No API / poor configurability ‣ Individual autonomous elements ( no vCenter, SCVMM/SCOM equivalent)
  • 16. PacketPushers.Net Virtual Networking 1 - CapEx 16 • Initial Large CapEx for Data Centre Network • Sporadic Upgrades (usually in response to problems) Time CapitalExpenditure Network Install Port Capacity Network Upgrade Server Upgrades Server Upgrades Server Upgrades CapEx Waste
  • 17. PacketPushers.Net SVR WAN RTR Internet RTR FWL FWL SVR SVR SVR SVR SVRSVR Stateful HA Active/Standby WANInternet LoadBal LoadBal Stateful HA Virtual Networking 2 - Failure Modes •Single points of Complex failure •Why have only one pair of firewalls ‣ routing, cost, power users ‣ Only one or two critical services need HA •HA systems are inherently risky & shared fate systems. ‣ Active/Standby firewall •HA in vertical scale system = $$$$$’s 17
  • 18. PacketPushers.Net Virtual Networking 3 - Configuration • Manual Configuration • All devices are configured using “power tools” • Every engineer is a “power user” • Why have an API ? Substandard & lack vendor commitment • Restricts number of devices (requires power users) • A serious networking problem..... 18
  • 19. PacketPushers.Net Virtual Networking 4 - Autonomy •Individual autonomous elements •Central control neither desirable or relevant ie vCenter, SCVMM/SCOPs is risky system. •Resilient & Distributed Systems like the Internet work well. •Data Centres are NOT distributed. 19
  • 20. PacketPushers.Net VBLOCK UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx VNX MDS MDS UCS2100 UCS2100 UCS 5100 B2xx B2xx B2xx B2xx B2xx B2xx B2xx B2xx Ethernet CoreEthernet Core NX7K Core Context NX7K Core Context LoadBal UCS6200 UCS6200 LoadBal NX7K Aggr Context NX7K Aggr Context ASA Firewall ASA Context ASA Context ASA Firewall ASA Context ASA Context MPLS/WANInternet VMDC Design Template v2.1 - Cisco CVD NX5K NX5K NX5K NX5K DMZ SvrDMZ SvrDMZ Svr DMZ SvrDMZ Svr Complex, Insecure •Traffic loops to physical devices •Insecure (VLANs, Routing) •Advanced networking skills for dumb results •Chained failure domains 20
  • 21. PacketPushers.Net Many Moving Parts 21 Cisco UCS B-Series Blade/ C-Series Rack Server vPC Passthrough Switching (PTS) Operating System - vSphere Ethernet dNIC FEX2100 FEX2100 Ethernet dNIC FC dHBA FC dHBA FI6100 FI 6100 Palo/VIC Software CNA Software pNIC Software pNIC Software pHBA Software pHBA Ethernet dNIC Ethernet dNIC FC dHBA FC dHBA Nexus Switch Nexus Switch Fabric Sync vPC Link Connection Pinning Connection Pinning Connection Pinning Ethernet dNIC FC dHBAmore Could be PortChannel •Takes a long time to understand this complexity. •Automation / Software solves the problem
  • 22. PacketPushers.Net 22 Virtual Networking - Strengths •performance, scale •no centralised points of control (failure domain) •distributed, self healing, eventual consistency •20 year proven system, widespread knowledge & expertise
  • 23. PacketPushers.Net Define Cloud Networking Cloud Networking is: •Network Devices as Software •Don’t buy hardware. Install software. •Deploy many small instances (horizontal) instead of one big one (vertical) 23
  • 24. PacketPushers.Net Cloud Networking • Build Network Services with Applications • Instead of a firewall deploy a Web Service. • Instead of A Load balancer install the “Sharepoint Load Balancer”. • One network per service is a huge change in network practice 24
  • 25. PacketPushers.Net Cloud Pro & Con’s • Use 20 small network devices than instead of 1 pair of physical devices • Distribute complexity, reduce failure • simpler configuration -> easier operation -> better fault tracing • More complex network design • You MUST deploy / build automation & monitoring to manage many devices. 25
  • 27. PacketPushers.Net MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services VMware vCloud Everything a VM Cloud Networking 27
  • 29. PacketPushers.Net MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services Cloud Networking Design Problems •Network Appliances close to server/application •What about routing ? •What about server-to- server communication ? •Better Security. •Business control over applications, developers & business units 29
  • 30. PacketPushers.Net Complexity •Complex Design is a good tradeoff for Better DevOps •Complexity can be solved with AUTOMATION 30
  • 31. PacketPushers.Net Cloud Networking looks like...... •VMware vCloud •vApps •vCNS 31
  • 32. PacketPushers.Net Cloud Networking Gotchas • network is subject to hugely bursty traffic and loads • No one knows what sort of load / bandwidth / packet per second / concurrent flows the application needs. • Hypervisor VMs are SLOW and LATENT compared to custom silicon • Cascading failure in congestion events 32
  • 33. PacketPushers.Net Gotchas - Hardware Huggers •networking is ‘addicted’ on hardware ( network hugging has a practical basis e.g. cabling, WAN, path analysis ) •hardware is needed but software more important. •merchant silicon will change networking, especially in low end, but unlikely to commoditise in same way as servers 33
  • 34. PacketPushers.Net Gotchas - Vendors • vendors commit hundreds of millions to design and manufacture of silicon on multi-year cycles • Software undermines existing vendor strategies • Firewalls: Palo Alto PanOS, Cisco ASA , Juniper SRX. Load Balancers: F5 TMOS, Citrix NetScaler. (consider Riverbed Stingray) • Pricing is not aligned to requirement ‣ i.e. software pricing equivalent to hardware price ‣ assumes one for one replacement 34
  • 35. PacketPushers.Net Gotchas - HA •You still need TWO appliances for HA ‣ but most applications are not HA •LB’s, Firewalls, Routers are always HA because they are critical ‣ are they critical because one big unit in a single location 35
  • 36. PacketPushers.Net Gotchas - Server Teams • distributed software devices means spreading load and configuration. • Also mean more complexity. • You must control “application sprawl” to maintain network integrity in switching & routing • Server / VM teams MUST learn some Cloud Networking / Network teams MUST learn some Cloud Server 36 MPLS/WAN RTR Internet FWL FWL SVR SVR RTR FWL FWL FWL FWL RTR RTRRTR SVR SVR FWL FWL SVR SVRSVR SVR SVR Physical Network Services
  • 37. PacketPushers.Net And so to SDN •Devices like vCNS Shield, Edge and App are (relatively) feature simple. •But might be Good Enough™ •If you follow the previous points you will realise that you need much better networking .... 37
  • 38. PacketPushers.Net Agenda •Why your Network Guy Doesn’t Care About You •Cloud Networking is not Virtual Networking •Cloud Network Services •Where is SDN ? 38
  • 39. PacketPushers.Net Define SDN •Primary: Software configured networking •Automated deployment •Automated change •Let the VM/Server do it’s own networking. 39
  • 40. PacketPushers.Net Any Changes ? •Networking in still Networking •Servers are still Servers •SDN moves most networking into the “vSwitch” •The Network Guy will control it •You will need networking skills to SDN 40
  • 44. SDN Network 44 Network Agent vServer vServer vServer vServer vServer vServer Network Agent vServer vServer vServer vServer vServer vServer Network Agent vServer vServer vServer vServer vServer vServer Tunnel Fabric Flow Forwarding Ethernet/IP LAN Fabric VXLAN
  • 45. PacketPushers.Net vSwitch SDN (Today) 45 •vSwitch becomes an active network “agent” instead of a patch panel •Flows not Packets •Routing and Switching •Load Balancing •Edge Security
  • 46. PacketPushers.Net Controller Networks 46 East West LAN Switches Network SDN Controller OpenFlow
  • 47. Controller Networking 47 East West LAN Switches Network SDN Controller OpenFlow Quantum/OpenStack Configuration Controller Orchestration Controller Northbound SDN Northbound SDN Southbound SDN North/South LA
  • 48. PacketPushers.Net SDCC 48 • Cannot “software” a physical network but you can program a “software” network • Network Agents move complexity to the edge • Ubiquitous Network Services increases the overall network usefulness • Vastly improved security • Options for networking multiple clouds and bare metal servers
  • 49. PacketPushers.Net SDN Vendors •Real Products ‣ BigSwitch Networks ‣ NEC ‣ Midokura ‣ VMware/Nicira •“Shipping” ‣ Nuage Networks (Alcatel/Lucent) ‣ Contrail (Juniper) ‣ VMware/Nicira •Still Working on It ‣ Cisco (multi-product, multi-strategy) 49
  • 50. PacketPushers.Net My views on VMware NSX • NSX delivers SDN strategy • Works for Enterprise AND Service Providers • NSX is solution for KVM. Hyper-V & bare metal future. • NSX appears “software only” - expect network vendors to offer integrated solutions 50
  • 51. PacketPushers.Net SDN Reality • Unproven. Beta - 2013. Major Release 2014. • Enterprise will find it hard to value (ITIL / ITSM disconnect) • vSphere vs vCloud = Virtual vs Cloud Networking • Server / Networking duty merge • Rewiring of team & technical disciplines • ITIL & ITSM Change management overhaul 51
  • 52. PacketPushers.Net SDN Closeout •SDN delivers business outcomes •SDN means MORE networking not less •Servers <-> Networks will be tightly integrated as a technology and team structure will reflect that - “IaaT” • 52
  • 53. PacketPushers.Net About Me •Host of Packet Pushers Podcast PacketPushers.net •“Cloud Plumber” at Canopy Cloud Cloud Network Architect, Office of CTO ( Division of Atos ) •Blog - EtherealMind.com •NetworkComputing.com (http:// networkcomputing.com/blogs/author/Greg-Ferro) 53