Cloud Networking is not Virtual Networking - London VMUG 20130425


Published on

Talking how and why virtual networking that we use today is not suitable for use in Cloud deployments. First I talk about the gap between "server" & "networks", then discuss the problems of virtual networking that we use today. Then into using software appliances instead of physical devices by highlighting the good & bad.

Then a brief overview of Software Defined Networking and how it will impact Cloud Networking in the next two years,

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud Networking is not Virtual Networking - London VMUG 20130425

  1. 1. PacketPushers.netCloud Networkingis NOT Virtual Networking
  2. 2. PacketPushers.NetAbout Me•Host of Packet Pushers•“Cloud Plumber” at CanopyCloud Cloud Network Architect, Office of CTO( Division of Atos )•Blog -• (
  3. 3. PacketPushers.NetAgenda•Why your Network Guy Doesn’tCare About You•Cloud Networking is not VirtualNetworking•Cloud Network Services•Where is SDN ?3
  4. 4. PacketPushers.Net4Internet Not where servers areSecurityThingiesWotsits"THE LAN"ServersActive Directory FileSQLMailProvisioningMAGIC STUFF Friendly)GnomesDark SpiritsServer Admins See...
  5. 5. PacketPushers.Net5Network Admins see ....ISP2 ISP1FirewallAccessLayerLoad BalWANB2BA SERVERWAAS /CacheIPS/IDS
  6. 6. PacketPushers.NetNetworking is in my way•The Network is SINGLE SYSTEM•every element is interconnected toanother in the LAN or WAN or both•Rebooting a device might/could takedown the whole network•If rebooting or reconfiguring aserver could cause the entire DC tofail, what would your job look like ?6
  7. 7. PacketPushers.NetData Centres != Universe• I’d like to remind VMware executives that network is bigger thanVMware .......• “vCDNI means that you never have to talk to the network guy everagain” VMworld 2010 (faceless butthead)• “Meanwhile, through all of the advances in server virtualizationand cloud computing, networking has remained stuck in thepast.” - Hatem Naguib, Vice President, Networking & Security -Mar 13, 2013• Servers connect to Clients• Network is a platform.• VMware is just one “network app”.• take some time to look down the service chain instead of upyour own arse7
  8. 8. PacketPushers.NetData Centres != Universe8InternetCampusLANRemote AccessTheWANWirelessData CentreFirewallsServersstorageDC NETWORKCablingVMwareNetwork SecurityIP VoiceThis is you
  9. 9. PacketPushers.NetWhat a Server Does•Servers are Packet Generators•In SDN, Servers are FLOW Generators9
  10. 10. PacketPushers.NetImpact Pyramid10Power, PhysicalHostsUsersConnectivityApplicationsData CentreNetworkServers, Storage,VMwareAppsImpact Pyramid• Which failure classcauses the greatestimpact ?• A user ?• One server ?• A VMware cluster ?• A storage array ?• A Network ?• A Data Centre
  11. 11. PacketPushers.NetNetworking is in my way•Because networks are good enough, the budget getsthere last.•Wasted investments like patching, virus scan &updates. Networking doesnt have those problems atthe same scale.•Servers were so far behind.•Custom silicon takes 3-5 years from concept to delivery.•Too expensive - 5 years depreciation cycle11
  12. 12. PacketPushers.NetRant OverInfrastructure As A Team12
  13. 13. PacketPushers.NetAgenda•Why your Network Guy Doesn’t CareAbout You•Cloud Networking IS NOT VirtualNetworking•Cloud Network Services•Where is SDN ?13
  14. 14. PacketPushers.NetVirtual Networking is OLD• Virtual LANs in 1996• Virtual Routing in 2002/3 (MPLS)• Virtual Network Appliances (firewalls,load balancers) in 2007/8• “Lets do it again” say bitter, cynicalnetworking voices of experience• Virtual Networking is OLD networking14
  15. 15. PacketPushers.Net15Virtual Problems•Four problems of Virtual Networking‣ CapEx for all physical appliances‣ Single points of redundant failure -software in coherent system‣ No API / poor configurability‣ Individual autonomous elements ( novCenter, SCVMM/SCOM equivalent)
  16. 16. PacketPushers.NetVirtual Networking 1 - CapEx16• Initial Large CapEx for Data Centre Network• Sporadic Upgrades (usually in response to problems)TimeCapitalExpenditureNetwork InstallPort CapacityNetworkUpgradeServer UpgradesServer UpgradesServer UpgradesCapEx Waste
  17. 17. PacketPushers.NetSVRWANRTRInternetRTRFWL FWLSVR SVRSVR SVRSVRSVRStateful HAActive/StandbyWANInternetLoadBal LoadBalStateful HAVirtual Networking 2 -Failure Modes•Single points of Complex failure•Why have only one pair of firewalls‣ routing, cost, power users‣ Only one or two critical servicesneed HA•HA systems are inherently risky &shared fate systems.‣ Active/Standby firewall•HA in vertical scale system = $$$$$’s17
  18. 18. PacketPushers.NetVirtual Networking 3 - Configuration• Manual Configuration• All devices are configured using“power tools”• Every engineer is a “power user”• Why have an API ? Substandard &lack vendor commitment• Restricts number of devices(requires power users)• A serious networking problem.....18
  19. 19. PacketPushers.NetVirtual Networking 4 - Autonomy•Individual autonomous elements•Central control neither desirable orrelevant ie vCenter, SCVMM/SCOPs isrisky system.•Resilient & Distributed Systems likethe Internet work well.•Data Centres are NOT distributed.19
  20. 20. PacketPushers.NetVBLOCKUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxVNXMDS MDSUCS2100 UCS2100UCS 5100B2xx B2xxB2xx B2xxB2xx B2xxB2xx B2xxEthernet CoreEthernet CoreNX7K CoreContextNX7K CoreContextLoadBalUCS6200 UCS6200LoadBalNX7K AggrContextNX7K AggrContextASA FirewallASA ContextASA ContextASA FirewallASA ContextASA ContextMPLS/WANInternetVMDC Design Template v2.1 - Cisco CVDNX5K NX5KNX5K NX5KDMZ SvrDMZ SvrDMZ SvrDMZ SvrDMZ SvrComplex, Insecure•Traffic loops to physicaldevices•Insecure (VLANs, Routing)•Advanced networkingskills for dumb results•Chained failure domains20
  21. 21. PacketPushers.NetManyMoving Parts21Cisco UCS B-Series Blade/ C-Series Rack ServervPCPassthrough Switching (PTS)Operating System - vSphereEthernetdNICFEX2100 FEX2100EthernetdNICFCdHBAFCdHBAFI6100 FI 6100Palo/VIC SoftwareCNASoftwarepNICSoftwarepNICSoftwarepHBASoftwarepHBAEthernetdNICEthernetdNICFCdHBAFCdHBANexusSwitchNexusSwitchFabric SyncvPC LinkConnectionPinningConnectionPinningConnectionPinningEthernetdNICFCdHBAmoreCould bePortChannel•Takes a long time tounderstand this complexity.•Automation / Softwaresolves the problem
  22. 22. PacketPushers.Net22Virtual Networking - Strengths•performance, scale•no centralised points of control(failure domain)•distributed, self healing, eventualconsistency•20 year proven system, widespreadknowledge & expertise
  23. 23. PacketPushers.NetDefine Cloud NetworkingCloud Networking is:•Network Devices as Software•Don’t buy hardware. Install software.•Deploy many small instances(horizontal) instead of one big one(vertical)23
  24. 24. PacketPushers.NetCloud Networking• Build Network Services withApplications• Instead of a firewall deploy a WebService.• Instead of A Load balancer install the“Sharepoint Load Balancer”.• One network per service is a hugechange in network practice24
  25. 25. PacketPushers.NetCloud Pro & Con’s• Use 20 small network devices thaninstead of 1 pair of physical devices• Distribute complexity, reduce failure• simpler configuration -> easier operation-> better fault tracing• More complex network design• You MUST deploy / build automation &monitoring to manage many devices.25
  26. 26. PacketPushers.NetSVRMPLS/WANRTRInternetRTRFWL FWLSVR SVRSVR SVRSVRSVRDC Design Today26
  27. 27. PacketPushers.NetMPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network ServicesVMware vCloudEverything a VMCloud Networking27
  28. 28. PacketPushers.NetAwesome? 28
  29. 29. PacketPushers.NetMPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network ServicesCloud NetworkingDesign Problems•Network Appliances closeto server/application•What about routing ?•What about server-to-server communication ?•Better Security.•Business control overapplications, developers &business units29
  30. 30. PacketPushers.NetComplexity•Complex Design is a goodtradeoff for Better DevOps•Complexity can be solvedwith AUTOMATION30
  31. 31. PacketPushers.NetCloud Networking looks like......•VMware vCloud•vApps•vCNS31
  32. 32. PacketPushers.NetCloud Networking Gotchas• network is subject to hugely burstytraffic and loads• No one knows what sort of load /bandwidth / packet per second /concurrent flows the application needs.• Hypervisor VMs are SLOW and LATENTcompared to custom silicon• Cascading failure in congestion events32
  33. 33. PacketPushers.NetGotchas - HardwareHuggers•networking is ‘addicted’ on hardware( network hugging has a practicalbasis e.g. cabling, WAN, pathanalysis )•hardware is needed but softwaremore important.•merchant silicon will changenetworking, especially in low end,but unlikely to commoditise in sameway as servers33
  34. 34. PacketPushers.NetGotchas - Vendors• vendors commit hundreds of millions to designand manufacture of silicon on multi-year cycles• Software undermines existing vendor strategies• Firewalls: Palo Alto PanOS, Cisco ASA , JuniperSRX. Load Balancers: F5 TMOS, CitrixNetScaler. (consider Riverbed Stingray)• Pricing is not aligned to requirement‣ i.e. software pricing equivalent to hardware price‣ assumes one for one replacement34
  35. 35. PacketPushers.NetGotchas - HA•You still need TWO appliances for HA‣ but most applications are not HA•LB’s, Firewalls, Routers are always HAbecause they are critical‣ are they critical because one big unit in asingle location35
  36. 36. PacketPushers.NetGotchas - Server Teams• distributed software devices meansspreading load and configuration.• Also mean more complexity.• You must control “applicationsprawl” to maintain networkintegrity in switching & routing• Server / VM teams MUST learnsome Cloud Networking / Networkteams MUST learn some CloudServer36MPLS/WANRTRInternetFWL FWLSVR SVRRTRFWL FWL FWL FWLRTR RTRRTRSVR SVRFWL FWLSVR SVRSVR SVRSVRPhysical Network Services
  37. 37. PacketPushers.NetAnd so to SDN•Devices like vCNS Shield, Edge andApp are (relatively) feature simple.•But might be Good Enough™•If you follow the previous points youwill realise that you need much betternetworking ....37
  38. 38. PacketPushers.NetAgenda•Why your Network Guy Doesn’t CareAbout You•Cloud Networking is not VirtualNetworking•Cloud Network Services•Where is SDN ?38
  39. 39. PacketPushers.NetDefine SDN•Primary: Software configurednetworking•Automated deployment•Automated change•Let the VM/Server do it’s ownnetworking.39
  40. 40. PacketPushers.NetAny Changes ?•Networking in still Networking•Servers are still Servers•SDN moves most networking into the“vSwitch”•The Network Guy will control it•You will need networking skills to SDN40
  41. 41. PacketPushers.NetPre-Virtual Networking41SWSWSWSWSWSWSWSWSWSW SwSWCoreDistributionAccess
  42. 42. Physical Network42
  43. 43. SDN Network43
  44. 44. SDN Network44Network AgentvServervServervServervServervServervServerNetwork AgentvServervServervServervServervServervServerNetwork AgentvServervServervServervServervServervServerTunnel FabricFlowForwardingEthernet/IPLAN FabricVXLAN
  45. 45. PacketPushers.NetvSwitch SDN (Today)45•vSwitch becomes an active network“agent” instead of a patch panel•Flows not Packets•Routing and Switching•Load Balancing•Edge Security
  46. 46. PacketPushers.NetController Networks46East West LANSwitchesNetwork SDNControllerOpenFlow
  47. 47. Controller Networking47East West LANSwitchesNetwork SDNControllerOpenFlowQuantum/OpenStackConfiguration ControllerOrchestrationControllerNorthbound SDNNorthbound SDNSouthbound SDNNorth/South LA
  48. 48. PacketPushers.NetSDCC48• Cannot “software” a physical network but youcan program a “software” network• Network Agents move complexity to theedge• Ubiquitous Network Services increases theoverall network usefulness• Vastly improved security• Options for networking multiple clouds andbare metal servers
  49. 49. PacketPushers.NetSDN Vendors•Real Products‣ BigSwitch Networks‣ NEC‣ Midokura‣ VMware/Nicira•“Shipping”‣ Nuage Networks(Alcatel/Lucent)‣ Contrail (Juniper)‣ VMware/Nicira•Still Working on It‣ Cisco (multi-product,multi-strategy)49
  50. 50. PacketPushers.NetMy views on VMware NSX• NSX delivers SDN strategy• Works for Enterprise AND ServiceProviders• NSX is solution for KVM. Hyper-V &bare metal future.• NSX appears “software only” - expectnetwork vendors to offer integratedsolutions50
  51. 51. PacketPushers.NetSDN Reality• Unproven. Beta - 2013. Major Release 2014.• Enterprise will find it hard to value (ITIL / ITSMdisconnect)• vSphere vs vCloud = Virtual vs Cloud Networking• Server / Networking duty merge• Rewiring of team & technical disciplines• ITIL & ITSM Change management overhaul51
  52. 52. PacketPushers.NetSDN Closeout•SDN delivers business outcomes•SDN means MORE networking notless•Servers <-> Networks will be tightlyintegrated as a technology and teamstructure will reflect that - “IaaT”•52
  53. 53. PacketPushers.NetAbout Me•Host of Packet Pushers•“Cloud Plumber” at CanopyCloud Cloud Network Architect, Office of CTO( Division of Atos )•Blog -• (