It’s been a while
So what gives? Well, I’ve been spending most of my time on the front lines: meeting with customers, breaking the ice, laying out the fundamental case for Network Virtualization, face to face, heart to heart. Just a whiteboard, rolled up sleves, and a room full of intelligent IT converstationalists.
This is, actually, my favorite thing to do.
I’m not a real big fan of the formal presentation, the pomp and pageant of tech conferences, or endless pontificatating from atop some ivory tower “Office of the CTO” … “customers want this, customers want that, blah, blah, blah”. Not to minimize that stuff. It’s important too, and there’s always a time and place for that.
But there’s nothing better than having a raw, unscripted conversation, laying out the core concepts of a transformative networking tech and seeing where the dialogue takes you, and learning a few new things with each discussion.
And there’s never a shortage of things to talk about when the topic is Network Virtualization.
When you look what it takes to deploy an application, all the VMs and network services, you’ll find that network provisioning is a tremedous drag — up and down the stack — the VLANs, Firewalls, Load balancers, Routing (VRF), ACLs, QoS, IP addressing, DNS, ACLs, Monitoring, NAT, VPN, the list goes on. Now try to pick that application up (network services and all) and move it to another data center … <pound head here>
The virtual machines are in this 21st century world of sofware automation, common hardware, API’s, mobility, and rapid provisioning. Provisioning the network, on the other hand, is still stuck in this 1990’s era of humans, keyboards, CLIs, specialized hardware, and chokepoints. Despite the best efforts of server virtualization, the application is still not fully decoupled from hardware.
When you think about it … the problem with networking is NOT packet forwarding. That’s one thing the networking industry has done really really well. We have these wonderful line rate 10/40/100G switches running extremely well engineered and robust distributed routing protocols such as OSPF/BGP/ISIS. We don’t need to re-invent that.
The problem with networking is the manual deployment of networking services and policy. All the stuff you need to configure in network hardware to get a new application online (or moved to another data center).
Contrary to the current SDN hype — we don’t need to decouple network hardware control planes from data planes. Rather, we need to decouple the network policy from packet forwarding. Network Virtualization.
Networking needs to evolve. Everybody seems to agree.
How do you do that? Decouple, Distribute, Automate.
Decouple the application from networking hardware (finally!) — the entire L2-L7 stack. Move the workload’s network closer to the workload — at the edge software layer.
Distribute networking services at the software edge. Distributed in-kernel L3 routing. Distributed in-kernel statefull firewall. No more chokepoints. Move the services to the workload. Stop moving workloads to the services. End the traffic steering madness.
Automate the complete L2-L7 virutal network deployment in lock step with the compute. The cloud provisioning system should be deploying the entire application stack — the VMs and its complete virtual network. Throw some API messages at the server virtualization software. Throw some API messages at the network virtualization software. Validate and snapshot the whole thing.
Now we’re talk’n