Author: Jamie Busic
So here we are with yet another ambiguous term that means anything to anyone. SDN or Software Defined Networking and NFV (Network Function Virtualization) are all the rage with computer scientists, virtualization software companies, network hardware vendors, and marketing executives. But when you look past the fluff, there is some pretty interesting things that are going on in this space that could and should make IT environments more flexible and better.
Rewind to the early 2000’s when virtualization was just getting off the ground and lines were firmly drawn between camps. Server, storage, and network people didn’t mix. They would work together on a project, but the expectation of management was to pick a discipline and master it. To further make matters more isolated, Unix and Windows Admins would have separate lunch tables along with security and network engineers. Then VMWare caught some momentum and lines became blurred. To truly implement VMWare, engineers had to touch multiple technology silos, and this didn’t sit well with some engineers, mostly network engineers (of which I am one). Server engineers were typically tasked with implementing virtualization and with it came VSwitches and DVSwitches that implemented VLANs and hid some of the network traffic from the network engineering. This is when it became apparent there was a gap when it came to networking inside of virtualized environments.
Fast forward to 2011 and the story was similar if not marginally better. Cisco had brought out the Nexus 1000V, a software only version of their datacenter switch, that shimmed its way into where the DVSwitch went. The 1000V allowed for Cisco like control of the virtual switch. It was marginal and really didn’t offer anything outside of giving network engineers control of the virtual switching environment. The bad part of 1000V was it created a lack of automation between the virtual environment and the network, i.e. more work. What it didn’t address was a situation where the virtual servers could move around between hardware devices and sometimes even datacenters but network elements were stuck in physical appliances wherever they might be located. This made for difficult Disaster Recovery planning and increased costs due to Global Load Balancers and other additional steps to accommodate for the inflexible network devices.
So how does SDN and NFV enhance and improve upon an inflexible network in conjunction with virtualization? To answer this question we need to narrow down the terminology. I am going to focus on the NFV portion of the topic. The first way it helps is by taking physically rigid network appliances and now making them a virtual server or a plug-in to the hypervisor stack. Case in point, Vyatta, now the Brocade VRouter. This very slick piece of engineering takes a high performance router and firewall and puts it into software. Why are you getting so worked up you say? By taking a piece of software that doesn’t introduce bottlenecks in most environments and making it a VM. we now get all the features that a hypervisor has to offer. First, you get failover between physical pieces of hardware whereas before you had to buy a second hardware appliance, cable it, power it, etc. Secondly, there is nothing stopping you from replicating it like any other VM to a DR site, complete with its configuration. That in of itself solves an enormous amount of DR challenges. What about the ability to snapshot or backup the network appliance just like you do any other server? No more configuration backup applications for network appliances that may or may not work. Just take a backup of the NFV appliance like you would any other server. What if you need to do heavy filtering between network segments for PCI or HIPPA compliance? No problem, fire up another virtual router in seconds.
So about this time you are probably saying not everything in the network row can be virtualized, and you would be right. Big load balancing for instance with SSL offload is not a candidate at this time for NFV due to ASIC acceleration only found in hardware. Same holds true for very high end firewalls like those from Palo Alto. Yes, they have a NFV appliance, but it really isn’t the same as their hardware counterparts with their dozens of co-processors. But if you look at where the trends are going, network vendors getting behind NFV see all of the benefits that it brings and will ride Moore’s law to get more bang for the buck into their software devices. Intel alone over the last couple years has been jamming network instruction sets into their processors and chipsets that make these NFV appliances fly. I have personally seen a virtual router in software scale out across physical server hardware and approach 100G speeds.
If you asked me to look into a crystal ball and predict what the next five to ten years looks like for virtualization networking I would say the following:
– First, expect most of the intelligence in the network to move into these NFV devices. Most of the exciting part of the network is in control plane anyhow and you need to get the policy and policing as close to the workload as possible which means into the virtual environment.
– Secondly, with the move of network intelligence to the “edges” or in this case the virtual server environment, expect big dumb core networks with fast switching and then again at the perimeter more intelligence, which may or may not be put into NFV.
– Lastly, the missing divide in long distance DR are new and enhanced routing and control plane protocols. There was a move to make giant layer-2 switched networks between datacenters which in my opinion was never a great idea. Layer 2 is best when it stays inside a datacenter or metro area network. This stretching of layer 2 was a by-product of the limitations of layer-3 and above network functions. However, with all the new breakthroughs in virtual routers, firewalls, load balancers, etc. there only needs to be a better way to re-attach these services to the network when they move. There exist some hacks today, some of which I have developed, however, I fully expect a new set of control plane protocols that deal with location better than what we have now.
While there are a lot of changes still coming, there are a load of benefits that can be had today by implementing NFV technology, and the best part is that when updates happen, you only have to update the software powering the NFV (virtual device).
mt_calloutbox] About the Author: Jamie Busic is a technology Entrepreneur that has founded several successful companies including instantWorkplace, Bluemile Wireless, and Bluemile and has held roles at major institutions such as Dell, L Brands, and Chase. Jamie focuses on Cloud Computing, High Performance Flash Based Storage, Campus & Datacenter Networking, and Security. [/mt_calloutbox]