The Road to Software-Defined Networking
There is tremendous excitement in networking today around Software-Defined Networks, or SDN. It’s tempting to write it off as hype, but that’s dangerous because SDN is just beginning to emerge and has the potential to completely change the networking landscape. The reason for the excitement is that the improvements promised by SDN create real value to customers, which is always the difference between hype and real revolution.
The Vyatta software-based networking and security solution is complementary to emerging SDN architectures, and in fact provides a way to ensure a smooth transition from today’s networks to the flexible, agile SDN networks of the future.
Why is there a need for SDN?
There’s a larger movement at work here. Most commonly known as the private cloud, it is the transition to operation of IT infrastructure as a utility. Even though this has been a topic in the IT industry for many years, we are now seeing the technologies that enable this utility model finally coming together. The concept recasts internal IT departments as service providers. Leaders adopting this approach describe a self-service portal – where their customers (departments) can request compute, storage and networking resources for instant availability, just as they would from leading public cloud service providers.
It’s exciting to be an enterprise IT programmer again and many companies are realizing that internal IT is now the competitive battleground – building connections between content on mobile devices and social media into ad campaigns, product fulfillment and customer affinity, all to improve the bottom line. Programmers are aligned with product groups and business units, not centralized in an IT department, and when they need resources they expect to get them fast.
In its search for a more responsive datacenter, IT has been building easy-to-provision, agile internal capacity with the ability to create application environments by provisioning virtualized servers and storage. If an application’s needs grow, VMs can be added on additional servers to meet the request. Many tools have emerged, from virtualization vendors and others, to create this highly dynamic environment. Often the public cloud is used to handle demand beyond what the internal servers can satisfy.
But the network has not kept up, especially the higher-level network functionality. It’s caught in the world of rack-em and wire-em hardware devices.
What SDN offers – programmability
The first requirement for SDN is that network elements need to be programmable. Orchestration platforms are emerging – names like CloudStack, OpenStack, Eucalyptus, Chef and Puppet – which allow the provisioning user-interface to be used to create, configure and connect server, storage and networking resources on demand. Some datacenters today are run via homegrown scripting, which uses the APIs of the components to create a custom orchestration environment. The DevOps movement goes even further in abstracting datacenter resources to the point that they can be called in-line within code – code that then defines the operation of the datacenter.
Some of the SDN products available today use OpenFlow as a common interface between a controller and the actual switching elements. The principle is that having control centralized makes the whole network run more efficiently, but the real value is that the controller is being used as a point of programmable control. A centralized point that can be used by orchestration layers to quickly effect change in the network is valuable – allowing creation of the IT-as-a-utility model. All but the simplest networks require multiple controllers in order to reach meaningful scale.
OK, so SDN lets the network become programmable – so we can create networks that can respond to demand. That’s the most significant benefit of SDN but not the only one.
SDN also offers abstraction
Today, departments and applications are most often segmented using 802.1q VLAN encapsulation. This works pretty well, but creates administrative complexity, causing network operations to keep track of who is using various VLANs, while adding lots of manual configuration work. Today’s emerging SDN products use new encapsulation methods, such as VXLAN, NVGRE and STT, to segment a department’s network. Departments can use whatever IP addresses and VLANs they want, without restriction – lifting a major coordination headache from the operations team.
I’m ready to build SDN – is it ready?
There are some SDN deployments and proof-of-concept tests in place today and vendors and users are working together to bring SDN to maturity. Google has deployed OpenFlow in its production network, but Google has internal network engineering teams unmatched by any other company. We can expect SDN adoption to continue to pick up, as underlying technologies become more mature.
The larger networking story
At Vyatta we’ve observed that fundamental networking technologies are still needed in an SDN world, in fact they become even more important. When VLANs are used to create separate pools of computing power, routers and firewalls are used to provide connections between them, as well as connections to the corporate network. Often cables are run to a large, expensive centralized set of routing and security gear. This becomes an expensive shared resource, which cannot be scaled under software or API control. It doesn’t fit the private cloud vision – instead it’s lots of agile, programmable resources surrounding a fixed, limiting physical network core.
Flexible networking to fit the flexible cloud
Networking should be deployed in a manner that is:
- Scalable – create as much capacity as needed by creating more instances, like you would with a compute VM
- Programmable – with a RESTful API and connections to OpenStack and other emerging orchestration tools
- Close to the applications – to avoid creating extra traffic on the network, unnecessarily accessing some central resource
Vyatta makes a router that runs in a VM, providing:
- Stateful firewall, IPSec and SSL-based VPN, web filtering, dynamic routing and underlying services like NAT, DHCP and more as IPv6-ready pre-packaged virtual machines
- Mature and widely tested OSPF, BGP and RIP
- Runs on VMware, Xen, XenServer and KVM
- Optimized to go fast on today’s x86 servers – the most ubiquitous resource in the datacenter
Routing can become just another VM-based resource, which can be orchestrated and deployed like any other datacenter resource, leveraging the economies of the x86 infrastructure. Vyatta creates the security that is needed between separate pools of compute and storage - whether the pools were created by VLANs or by SDN products.
That brings us to:
Transition time – preparing for the coming SDN world
It is hard to become comfortable adopting a complete restart of networking and security, trusting business critical operations to something entirely new. Networking and security technologies have evolved over more than 30 years, being improved along the way to adapt to a wide variety of special cases. Every enterprise network is built on a complex set of established networking technologies and they have been installed, updated and optimized over time.
Using established protocols to bridge existing networks with new SDN installations makes sense. Any new SDN installation beyond a small proof-of-concept requires BGP or OSPF routing – which should extend seamlessly from the existing network to the new one. Following this logic, it makes sense to use a similar approach across today’s VLAN-based private cloud and tomorrows SDN-based cloud. The same is true for security – it would make sense to use the same firewall technology across existing and new.
vPlane and the Future of SDN
If Vyatta Network OS provides many of the advantages of SDN today, Vyatta’s vPlane technology will deliver even more benefits and at a higher speed. Vyatta vPlane is the industry’s first highly scalable L3 forwarding plane for next-generation enterprise and cloud networks.
vPlane is a distributed L3 forwarding plane that is architecturally separate from Vyatta’s network controller. The vPlane technology runs on individual x86 cores and takes advantage of the latest Intel advances related to networking performance. With this architectural separation, vPlane will allow Vyatta to deliver an order of magnitude faster forwarding performance that can scale linearly with the number of available server cores. Vyatta’s vPlane software can process 11 million packets per second per CPU core and so far has been tested to 40 million packets per second on an industry-standard x86 server.
By separating control and forwarding planes instead of having them in one integrated piece of hardware, vPlane provides the ability to massively scale the router’s data plane while preparing for a central controller in the future. Like the envisioned control plane in SDN, the control plane within each vPlane router operates under APIs and can be controlled by software.
vPlane will enable:
- Near line-rate 10Gb/s throughput at all packet sizes to leverage the new era of 10Gb/s servers
- Physical decoupling of the forwarding plane from the control plane
- Full interoperability with existing network infrastructure
- The ability to accommodate new protocols such as OpenFlow
vPlane represents a major extension of Vyatta’s commitment to software-based networking, a rapidly growing category that Vyatta pioneered and continues to lead.
Consumers of technology love simplicity, vendors lean toward complexity. When VLANs were first introduced they caught on because they offered a way to simplify networks. Complexity in networks has become a real pain point and SDN offers the possibility of relief.
As datacenters take on the look of an internal utility, a new way of providing networking is needed. Vyatta enables programmable networking without requiring changes to network or security configurations, using proven routing, firewall, VPN and other technologies to deliver the network resources needed at the right place and at the right time. With its software-based networking and security solution, Vyatta makes it possible to build toward an SDN environment today.