Cell phones are keeping network configurations among different zones. No matters where you are, or what antennas, routers or switches your data/voice is being transferred through; you will be connected to your loved ones for sure.
Your private cloud is distributed among different spots. Instances are moving among clusters or facilities driven by power/hardware failures, performance or proximity. Wouldn’t it be cool if instances’ network settings and rules could be taken wherever they are moved?
Reach out your instances at any point in the cloud. Powerful statement. A long-term vision about what network techs should be actually developing.
I’ve started at Nuage as Tech Business Dev for CALA (LATAM+Caribbean). The adoption of techs like SDN/NFV and CMSs (OpenStack/CloudStack) has just began in this part of the World. We’ve got a big opportunity. Sell a whole new concept of IT Services. Something that most of the customers are demanding today: agility.
OpenStack/OpenVSwitch Network Challenge: Why would I have to risk my career for being agile?
The management of thousands of tunnels over a limited underlay hardware shared-network-pipe is starting to corner Net Ops. How to control traffic to/from every instance? How to manage thousands of distributed ACLs? How early could you identify any traffic anomaly (noisy neighbors)? How fast could you fix it?
You want to stay pure in open-source? Neutron needs as much work as the complexity of your network APIs. Issues start coming up as soon as tenants start provisioning advanced network services like vrouters or load balancers. How do they scale? How reliable are they?
Instances of any kind must serve users. Users are at any inside/outside spot to your DC. Business Apps would be reached through the OVS they are connected to. Every OVS should help the rest of the world to find it. The fact is OVS can’t by itself. Neutron makes some part of this job. However, Neutron can’t directly speak to Core/Edge routers. It must relay on external featured pieces of hardware/software.
VTEP hardware encapsulate/decapsulate VxLAN at the service of APIs’ triggered commands (i.e. OVSDB). VTEPs help you to easily reach out instances and appliances at any spot in the datacenter. Adding network services can not be easier. Some brings ML2 plug-ins to Neutron to extend VXLAN tunnel processing at hardware level. However, it requires to stay in the VLAN to VxLAN transformation reducing dramatically the amount of subnets you can create. Even in the OVS space, it´s much better keep the encapsulation into the compute node. How to add VTEP devices and keep the simplicity of a consolidated orchestration process in my cloud?
DC’s Core/Edge will route those packets to any required remote point. Most of the time, this point won’t be directly addressed. Destination could be immersed into other private space. How to be aware what is actually happening in there? How could we stay tune when remote instances are being created/terminated?
Would you call Net Ops team? They will kindly take care of this after some paper work. Touching ultra sensitive resources relying on thousands of configuration lines. Core systems route millions of packets that moves hundreds of critical services. How many times would they help you out to update just a couple of routes? How prompt would they finish that job?
If I were a Net Ops in charge of any DC core, I would be better delaying any change request. I would have to be 100% sure. Many meetings and validation will help to keep my neck safe. I don’t blame them. Their job is to keep things running and stable. Why would I have to risk my career for being agile?
Nuage brings a powerful and open overlay network option
Nuage is not the only option to manage and control the overlay network. Even you could exclusively do it on opensource. However, as I’ve showed in the previous section, there are many considerations.
Flexible and open: All actions could be applied through APIs. Most of the SDN/NFV vendors have constraints to support containers, or hyper-visors like KVM. Nuage even supports bare metals thru virtual or hardware gateways. Underlay switches are managed through an OVSDB standardized schema supported by vendors like Arista, HP and Cumulus Networks.
Nuage reduces the complexity of thousands of ACLs to just a bunch of templates. One security template could apply policies to an entire Layer-3 domain of subnets and instances. Even, you can re-use it to many mores domains. App Devs don’t need to be aware what IP-address space and network settings are assigned. No need to deal with security teams after the initial template setup. It speeds up any App deployment.
Nuage simplifies the addition of networks services. Its partner ecosystem probes it: F5, Palo Alto Networks, Fortinet are among these partners. Besides most have a developed plug-in for Neutron, some of them still need help to work with or to take more advantage of their features.
Routing/Switching will be spread among compute nodes. Tunnels are efficiently provisioned thanks to its advanced routing features: VPLS Back Bone. This will save important compute/network resources. Advantages that come along with a powerful IP routing tech: Alcatel-Lucent Service Routing Operating System (SROS). More than 300K implementations bring enough confidence to manage critical services through this powerful SDN controller.
A confidence that brings agility to Net services. A matured routing tech that automates changes avoiding unnecessary risk into DC Core systems. Once Net Ops set advanced routing configurations between edge routers and SDN through MP-BGP, we are all set. Instances/Subnets could be turned down/up or move among Datacenters, and communication still succeeds. Net Ops can now be agile and still keep their necks supporting their heads. Less closing-my-eyes-waiting-to-be-hit by a customer after a “write config” command, and more peace of mind.
See you soon!