Your SlideShare is downloading. ×
Cloud Networking is not Virtual Networking - London VMUG 20130425
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cloud Networking is not Virtual Networking - London VMUG 20130425

333

Published on

Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual …

Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad.

Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
333
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. PacketPushers.netCloud Networkingis NOT Virtual Networking
  • 2. PacketPushers.NetAbout Me•Host of Packet Pushers PodcastPacketPushers.net•“Cloud Plumber” at CanopyCloud Cloud Network Architect, Office of CTO( Division of Atos )•Blog - EtherealMind.com•NetworkComputing.com (http://networkcomputing.com/blogs/author/Greg-Ferro)2
  • 3. PacketPushers.NetAgenda•Why your Network Guy Doesn’tCare About You•Cloud Networking is not VirtualNetworking•Cloud Network Services•Where is SDN ?3
  • 4. PacketPushers.Net4Internet Not where servers areSecurityThingiesWotsits"THE LAN"ServersActive Directory FileSQLMailProvisioningMAGIC STUFF Friendly)GnomesDark SpiritsServer Admins See...
  • 5. PacketPushers.Net5Network Admins see ....ISP2 ISP1FirewallAccessLayerLoad BalWANB2BA SERVERWAAS /CacheIPS/IDS
  • 6. PacketPushers.NetNetworking is in my way•The Network is SINGLE SYSTEM•every element is interconnected toanother in the LAN or WAN or both•Rebooting a device might/could takedown the whole network•If rebooting or reconfiguring aserver could cause the entire DC tofail, what would your job look like ?6
  • 7. PacketPushers.NetData Centres != Universe• I’d like to remind VMware executives that network is bigger thanVMware .......• “vCDNI means that you never have to talk to the network guy everagain” VMworld 2010 (faceless butthead)• “Meanwhile, through all of the advances in server virtualizationand cloud computing, networking has remained stuck in thepast.” - Hatem Naguib, Vice President, Networking & Security -Mar 13, 2013• Servers connect to Clients• Network is a platform.• VMware is just one “network app”.• take some time to look down the service chain instead of upyour own arse7
  • 8. PacketPushers.NetData Centres != Universe8InternetCampusLANRemote AccessTheWANWirelessData CentreFirewallsServersstorageDC NETWORKCablingVMwareNetwork SecurityIP VoiceThis is you
  • 9. PacketPushers.NetWhat a Server Does•Servers are Packet Generators•In SDN, Servers are FLOW Generators9
  • 10. PacketPushers.NetImpact Pyramid10Power, PhysicalHostsUsersConnectivityApplicationsData CentreNetworkServers, Storage,VMwareAppsImpact Pyramid• Which failure classcauses the greatestimpact ?• A user ?• One server ?• A VMware cluster ?• A storage array ?• A Network ?• A Data Centre
  • 11. PacketPushers.NetNetworking is in my way•Because networks are good enough, the budget getsthere last.•Wasted investments like patching, virus scan &updates. Networking doesnt have those problems atthe same scale.•Servers were so far behind.•Custom silicon takes 3-5 years from concept to delivery.•Too expensive - 5 years depreciation cycle11
  • 12. PacketPushers.NetRant OverInfrastructure As A Team12
  • 13. PacketPushers.NetAgenda•Why your Network Guy Doesn’t CareAbout You•Cloud Networking IS NOT VirtualNetworking•Cloud Network Services•Where is SDN ?13
  • 14. PacketPushers.NetVirtual Networking is OLD• Virtual LANs in 1996• Virtual Routing in 2002/3 (MPLS)• Virtual Network Appliances (firewalls,load balancers) in 2007/8• “Lets do it again” say bitter, cynicalnetworking voices of experience• Virtual Networking is OLD networking14
  • 15. PacketPushers.Net15Virtual Problems•Four problems of Virtual Networking‣ CapEx for all physical appliances‣ Single points of redundant failure -software in coherent system‣ No API / poor configurability‣ Individual autonomous elements ( novCenter, SCVMM/SCOM equivalent)
  • 16. PacketPushers.NetVirtual Networking 1 - CapEx16• Initial Large CapEx for Data Centre Network• Sporadic Upgrades (usually in response to problems)TimeCapitalExpenditureNetwork InstallPort CapacityNetworkUpgradeServer UpgradesServer UpgradesServer UpgradesCapEx Waste
  • 17. PacketPushers.NetSVRWANRTRInternetRTRFWL FWLSVR SVRSVR SVRSVRSVRStateful HAActive/StandbyWANInternetLoadBal LoadBalStateful HAVirtual Networking 2 -Failure Modes•Single points of Complex failure•Why have only one pair of firewalls‣ routing, cost, power users‣ Only one or two critical servicesneed HA•HA systems are inherently risky &shared fate systems.‣ Active/Standby firewall•HA in vertical scale system = $$$$$’s17
  • 18. PacketPushers.NetVirtual Networking 3 - Configuration• Manual Configuration• All devices are configured using“power tools”• Every engineer is a “power user”• Why have an API ? Substandard &lack vendor commitment• Restricts number of devices(requires power users)• A serious networking problem.....18
  • 19. PacketPushers.NetVirtual Networking 4 - Autonomy•Individual autonomous elements•Central control neither desirable orrelevant ie vCenter, SCVMM/SCOPs isrisky system.•Resilient & Distributed Systems likethe Internet work well.•Data Centres are NOT distributed.19
  • 20. PacketPushers.NetVBLOCKUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxVNXMDS MDSUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxEthernet CoreEthernet CoreNX7K CoreContextNX7K CoreContextLoadBalUCS6200 UCS6200LoadBalNX7K AggrContextNX7K AggrContextASA FirewallASA ContextASA ContextASA FirewallASA ContextASA ContextMPLS/WANInternetVMDC Design Template v2.1 - Cisco CVDNX5K NX5KNX5K NX5KDMZ SvrDMZ SvrDMZ SvrDMZ SvrDMZ SvrComplex, Insecure•Traffic loops to physicaldevices•Insecure (VLANs, Routing)•Advanced networkingskills for dumb results•Chained failure domains20
  • 21. PacketPushers.NetManyMoving Parts21Cisco UCS B-Series Blade/ C-Series Rack ServervPCPassthrough Switching (PTS)Operating System - vSphereEthernetdNICFEX2100 FEX2100EthernetdNICFCdHBAFCdHBAFI6100 FI 6100Palo/VIC SoftwareCNASoftwarepNICSoftwarepNICSoftwarepHBASoftwarepHBAEthernetdNICEthernetdNICFCdHBAFCdHBANexusSwitchNexusSwitchFabric SyncvPC LinkConnectionPinningConnectionPinningConnectionPinningEthernetdNICFCdHBAmoreCould bePortChannel•Takes a long time tounderstand this complexity.•Automation / Softwaresolves the problem
  • 22. PacketPushers.Net22Virtual Networking - Strengths•performance, scale•no centralised points of control(failure domain)•distributed, self healing, eventualconsistency•20 year proven system, widespreadknowledge & expertise
  • 23. PacketPushers.NetDefine Cloud NetworkingCloud Networking is:•Network Devices as Software•Don’t buy hardware. Install software.•Deploy many small instances(horizontal) instead of one big one(vertical)23
  • 24. PacketPushers.NetCloud Networking• Build Network Services withApplications• Instead of a firewall deploy a WebService.• Instead of A Load balancer install the“Sharepoint Load Balancer”.• One network per service is a hugechange in network practice24
  • 25. PacketPushers.NetCloud Pro & Con’s• Use 20 small network devices thaninstead of 1 pair of physical devices• Distribute complexity, reduce failure• simpler configuration -> easier operation-> better fault tracing• More complex network design• You MUST deploy / build automation &monitoring to manage many devices.25
  • 26. PacketPushers.NetSVRMPLS/WANRTRInternetRTRFWL FWLSVR SVRSVR SVRSVRSVRDC Design Today26
  • 27. PacketPushers.NetMPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network ServicesVMware vCloudEverything a VMCloud Networking27
  • 28. PacketPushers.NetAwesome? 28
  • 29. PacketPushers.NetMPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network ServicesCloud NetworkingDesign Problems•Network Appliances closeto server/application•What about routing ?•What about server-to-server communication ?•Better Security.•Business control overapplications, developers &business units29
  • 30. PacketPushers.NetComplexity•Complex Design is a goodtradeoff for Better DevOps•Complexity can be solvedwith AUTOMATION30
  • 31. PacketPushers.NetCloud Networking looks like......•VMware vCloud•vApps•vCNS31
  • 32. PacketPushers.NetCloud Networking Gotchas• network is subject to hugely burstytraffic and loads• No one knows what sort of load /bandwidth / packet per second /concurrent flows the application needs.• Hypervisor VMs are SLOW and LATENTcompared to custom silicon• Cascading failure in congestion events32
  • 33. PacketPushers.NetGotchas - HardwareHuggers•networking is ‘addicted’ on hardware( network hugging has a practicalbasis e.g. cabling, WAN, pathanalysis )•hardware is needed but softwaremore important.•merchant silicon will changenetworking, especially in low end,but unlikely to commoditise in sameway as servers33
  • 34. PacketPushers.NetGotchas - Vendors• vendors commit hundreds of millions to designand manufacture of silicon on multi-year cycles• Software undermines existing vendor strategies• Firewalls: Palo Alto PanOS, Cisco ASA , JuniperSRX. Load Balancers: F5 TMOS, CitrixNetScaler. (consider Riverbed Stingray)• Pricing is not aligned to requirement‣ i.e. software pricing equivalent to hardware price‣ assumes one for one replacement34
  • 35. PacketPushers.NetGotchas - HA•You still need TWO appliances for HA‣ but most applications are not HA•LB’s, Firewalls, Routers are always HAbecause they are critical‣ are they critical because one big unit in asingle location35
  • 36. PacketPushers.NetGotchas - Server Teams• distributed software devices meansspreading load and configuration.• Also mean more complexity.• You must control “applicationsprawl” to maintain networkintegrity in switching & routing• Server / VM teams MUST learnsome Cloud Networking / Networkteams MUST learn some CloudServer36MPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network Services
  • 37. PacketPushers.NetAnd so to SDN•Devices like vCNS Shield, Edge andApp are (relatively) feature simple.•But might be Good Enough™•If you follow the previous points youwill realise that you need much betternetworking ....37
  • 38. PacketPushers.NetAgenda•Why your Network Guy Doesn’t CareAbout You•Cloud Networking is not VirtualNetworking•Cloud Network Services•Where is SDN ?38
  • 39. PacketPushers.NetDefine SDN•Primary: Software configurednetworking•Automated deployment•Automated change•Let the VM/Server do it’s ownnetworking.39
  • 40. PacketPushers.NetAny Changes ?•Networking in still Networking•Servers are still Servers•SDN moves most networking into the“vSwitch”•The Network Guy will control it•You will need networking skills to SDN40
  • 41. PacketPushers.NetPre-Virtual Networking41SWSWSWSWSWSWSWSWSWSW SwSWCoreDistributionAccess
  • 42. Physical Network42
  • 43. SDN Network43
  • 44. SDN Network44Network AgentvServervServervServervServervServervServerNetwork AgentvServervServervServervServervServervServerNetwork AgentvServervServervServervServervServervServerTunnel FabricFlowForwardingEthernet/IPLAN FabricVXLAN
  • 45. PacketPushers.NetvSwitch SDN (Today)45•vSwitch becomes an active network“agent” instead of a patch panel•Flows not Packets•Routing and Switching•Load Balancing•Edge Security
  • 46. PacketPushers.NetController Networks46East West LANSwitchesNetwork SDNControllerOpenFlow
  • 47. Controller Networking47East West LANSwitchesNetwork SDNControllerOpenFlowQuantum/OpenStackConfiguration ControllerOrchestrationControllerNorthbound SDNNorthbound SDNSouthbound SDNNorth/South LA
  • 48. PacketPushers.NetSDCC48• Cannot “software” a physical network but youcan program a “software” network• Network Agents move complexity to theedge• Ubiquitous Network Services increases theoverall network usefulness• Vastly improved security• Options for networking multiple clouds andbare metal servers
  • 49. PacketPushers.NetSDN Vendors•Real Products‣ BigSwitch Networks‣ NEC‣ Midokura‣ VMware/Nicira•“Shipping”‣ Nuage Networks(Alcatel/Lucent)‣ Contrail (Juniper)‣ VMware/Nicira•Still Working on It‣ Cisco (multi-product,multi-strategy)49
  • 50. PacketPushers.NetMy views on VMware NSX• NSX delivers SDN strategy• Works for Enterprise AND ServiceProviders• NSX is solution for KVM. Hyper-V &bare metal future.• NSX appears “software only” - expectnetwork vendors to offer integratedsolutions50
  • 51. PacketPushers.NetSDN Reality• Unproven. Beta - 2013. Major Release 2014.• Enterprise will find it hard to value (ITIL / ITSMdisconnect)• vSphere vs vCloud = Virtual vs Cloud Networking• Server / Networking duty merge• Rewiring of team & technical disciplines• ITIL & ITSM Change management overhaul51
  • 52. PacketPushers.NetSDN Closeout•SDN delivers business outcomes•SDN means MORE networking notless•Servers <-> Networks will be tightlyintegrated as a technology and teamstructure will reflect that - “IaaT”•52
  • 53. PacketPushers.NetAbout Me•Host of Packet Pushers PodcastPacketPushers.net•“Cloud Plumber” at CanopyCloud Cloud Network Architect, Office of CTO( Division of Atos )•Blog - EtherealMind.com•NetworkComputing.com (http://networkcomputing.com/blogs/author/Greg-Ferro)53

×