I remember giving the networking talk at the 2010 OpenStack design summit to a sparsely populated room in San Antonio. At the time, there were few real deployments to point to, there was no Quantum, Open vSwitch was relatively unknown, and the term “SDN” had only been coined a year-and-a-half earlier.
Much has changed since that time. OpenStack has grown wildly in popularity and has become the leading open cloud orchestration framework. We have seen a number of large-scale production OpenStack deployments — many of which have involved VMware. And, we have seen the creation of a proper networking layer within OpenStack that enjoys significant multi-vendor support.
Of course, things have changed for Nicira as well. In July 2012, we were acquired by VMware. At the time, there was some concern that VMware would not embrace OpenStack with the same enthusiasm as Nicira had. Since the VMware acquisition, however, we’ve almost doubled the number of developers on OpenStack, we were a top 10 contributor toward Grizzly, and we have broadened our efforts to integrate more technology, including VMware vSphere® and VMware vShield Edge™. We also continue to participate in some of the largest and most sophisticated OpenStack deployments in the world.
The rationale for VMware’s involvement in OpenStack is simple. The transformation to the software-defined data center will take many forms, and VMware understands that many customers will want to piece together different technologies based on their requirements using open frameworks. Nicira was quite successful with this model, and VMware is committed to supporting that trajectory not just with networking, but with compute and management as well.
OpenStack continues to mature, and so have networking technologies in their suitability for the cloud. So, as we gather in Portland this week for the latest edition of OpenStack Summit, I’d like to highlight two major technical trends in networking and discuss how these trends are materializing in OpenStack to change the way networking is done in the cloud.
Network Functions are Moving to the Edge
A longstanding yet often missed trend in networking is the movement of traditional networking functions to the server. For example, it is not uncommon for a Web 2.0 data center to use only a very simple IP fabric, and for load balancing, security, isolation, failure handling, billing, etc. to be implemented in the web application or the ADC’s (the L4-L7 load balancers). This approach is not limited to HTTP; it can be found underlying PaaS offerings, IaaS offerings, big data and many other modern data center applications.
The benefits of this approach are largely self-evident. Moving functionality into software allows it to be provisioned programmatically rather than configured manually as is the case with networking today. Further, network services can be implemented and deployed at software time scales without requiring any hardware changes. Software running on servers can also implement functionality that would be very difficult to do in hardware at the switch, which has to handle tens or hundreds of ports simultaneously.
Although clearly an improvement, this is not a general solution. App- and platform-specific services generally only apply to the platform for which they were written and cannot easily be used by other workloads. This results in tremendous reduplication of core services and also greatly limits the applicability to traditional workloads.
Ideally we would see the emergence of a software layer of networking services that applies to all workloads. For that, we look to the next trend.
The Network Access Layer Goes Virtual
In 2012, the number of virtual ports surpassed the number of physical access ports globally. This means that today the majority of access ports reside on the server and the “first hop” switching intelligence is implemented in software.
It is not difficult to see how the movement of the access layer of the network into the server — in software – starts to provide many of the same benefits enjoyed by the applications discussed in the previous section. Until recently, however, the virtual networking layer still relied on the physical networks for a number of services, thereby limiting the ability to fully take advantage of software.
This is where network virtualization comes in.
Network Virtualization: Networking at the Edge for All Workloads
Similar to a server hypervisor, which provides virtual machines as an operational abstraction, a network virtualization solution provides virtual networks. Virtual networks look like physical networks. They provide L2-L7 services and standard management interfaces, and therefore they do not require any changes to the application or existing network management tools. Yet they have the operational model of a virtual machine so they can be programmatically managed.
One way to look at network virtualization is that it provides the benefits of running network services in software to all workloads. It can do this without requiring any change to the guest operating system, the application, or the networking hardware because all the functionality is implemented in the vSwitch running in the hypervisor. In some sense it is an alignment of these two trends (edge services and access delivered through software at the server level). Modern datacenters set the model for cost, speed to provision and speed of innovation, and the prevalence of virtual ports and virtual switches provides the insertion point.
OpenStack is an excellent platform for deploying network virtualization. There are already multiple offerings that provide full software-based network virtualization that is fully compatible with Quantum and OpenStack. For those of you who want to play around and understand the basic model, I suggest starting with the Quantum Open vSwitch plugin.
I’ve always been a huge fan of OpenStack and continue to be. I’m also a big believer in the transformation of networking to a more agile, software model. I’m excited to talk more about these two loves at the OpenStack Summit this week.