1. Networking is undergoing a third major transition driven by cloud computing, mobile devices, and software-defined networking.
2. Applications are becoming distributed across private and public clouds, making the application the new network as IT departments lose control over hardware.
3. The rise of containers is pushing networking down to the application level, requiring new approaches for provisioning, troubleshooting, and security at this more granular level.
2. 1. Cloud & Mobile
Networking is Changing
3. Containers and PaaS
2. The Application is the Network
What does this mean for OpenStack Networking?
3. We are in the 3rd fundamental structural transition in the history of IT
Cloud Computing
We are here
Mainframe
Mainframe
PC Revolution
Client/Server
Cloud
Cloud
• Mobile Devices & Clouds
(public & private)
• Software Defined
• Local Applications
• Minor role for networking
• Desktops & Servers
• Campus Networks
• Data Centers
5. Networking for Mobile & Cloud
• traceroute to demo-aws.eng.vmware.com (52.35.205.45), 64 hops max, 52 byte packets
• 1 * * *
• 2 50-254-159-158-static.hfc.comcastbusiness.net (50.254.159.158) 3.367 ms
• 3 50.184.162.1 (50.184.162.1) 26.484 ms
• 4 te-0-2-0-15-sur04.santaclara.ca.sfba.comcast.net (162.151.30.113) 13.716 ms
• 5 hu-0-3-0-4-ar01.hayward.ca.sfba.comcast.net (68.87.192.241) 30.744 ms
• 6 hu-0-0-0-0-ar01.santaclara.ca.sfba.comcast.net (68.85.154.249) 27.420 ms
• 7 be-33651-cr01.sunnyvale.ca.ibone.comcast.net (68.86.90.93) 16.763 ms
• 8 he-0-12-0-0-pe02.529bryant.ca.ibone.comcast.net (68.86.86.166) 29.906 ms
• 9 as16509-2-c.529bryant.ca.ibone.comcast.net (66.208.229.30) 20.418 ms
• 10 * * *
• 11 * * *
• 12 205.251.229.68 (205.251.229.68) 48.178 ms
• 13 205.251.232.145 (205.251.232.145) 35.174 ms
• 14 54.239.48.191 (54.239.48.191) 39.651 ms
• 15 205.251.232.151 (205.251.232.151) 49.356 ms
• 16 205.251.230.125 (205.251.230.125) 32.864 ms
CONFIDENTIAL 5
For mobile users, companies no longer control the networking hardware
Example:
• Working from Starbucks
on an AWS demo.
• My IT department
controls 0% of
networking hardware
• It is still responsible for
security & compliance
6. Clouds are the New Silos
IT Department Nightmare: Different teams, different technology stacks, different security & compliance
On-Premises
Datacenter
8. Web
Portal
Retail
App
Web
Portal
Big Data Big Data
Tomorrow’s Networking
Connect and Secure Applications across Private and Public Multiple Clouds
Connect & Secure
• Create private networks within
or across clouds
• Define logical switches routers
• Use firewalls to segment
applications
• Service Insertion
• Distributed Enterprise Edge
Internet
9. Networking is Changing
2. The Application is the Network
1. Cloud & Mobile
3. Containers and PaaS
What does this mean for OpenStack Networking?
13. THE APP HAS EVOLVED
INTO A NETWORK
INFRASTRUCTURE HAS
EVOLVED INTO A
SOFTWARE PLATFORM
VIRTUALIZATION
14. Networking is Changing
3. Containers and PaaS
1. Cloud & Mobile
2. The Application is the Network
What does this mean for OpenStack Networking?
15. Host
Hypervisor
Containers
Containers are emerging as the application management layer of choice
App
bin/libs
OS
App
bin/libs
OS
App
bin/libs
OS
bin/libs
OS
Application ContainersVM Applications
Application Containers
Host
App
App
App
App
App
App
App
App
App
Containers
bin/libs
16. Container Networking
Containers run inside of VMs
• One VM per server per security
domain
• Containers often behind NAT
• No container level networking
Does this make sense?
It actually does…
16
Enterprise model today
VM
Container
Container
Container
Container
Hypervisor
VM
Container
Container
Container
Container
vSwitch
17. Container Networking
Two levels of vSwitch
• First layer vSwitch inside the
container VM
• Second layer vSwitch inside the
Hypervisor
• Container level networking
17
In the future, container level visibility
VM
Container
Container
Container
Container
Hypervisor
VM
Container
Container
Container
Container
vSwitch
vSwitch vSwitch
22. Example: NSX for OpenStack and Amazon Web Services
22
Native support for AWS instances with coherent services and security posture for on and off-premise
22
AWS Cloud
Data Center
Web
Server
HR
Server
Developer
Launches instances
via Amazon console
Amazon Web
Services
• Native AWS Server
instances (AMI’s)
• Added to NSX virtual
networks via policy
On-Premise
NSX/vSphere
• AWS instances are added
to logical switch
• Consistent security posture
on-premise and in cloud
• AWS instances leverage
services
…
IT Administrator
Defines network and
security policy
Internet
23. CONFIDENTIAL 23
On-Prem Data Center
(Today) Containers
(2016)
Public Clouds
(2016)
Virtual Desktop
(VDI)
Mobile Devices
(Airwatch)
Internet of Things
(Roadmap)
Branch Offices
(Partner)
Networking is Evolving
• H/W networks no longer under
IT control (e.g. mobile, IoT,
public clouds)
• Challenge is security,
compliance and QoS
NSX Everywhere
• An overlay to manage
network policy
• Spans many types of
underlying networks
• Transparent app-level
security across clouds
Example: NSX for OpenStack and beyond…
Managing Security and Connectivity for many Heterogeneous End Points