SDN service chaining
Once organizations adopt ITaaS or cloud models, they inevitably need to support dynamic creation, insertion, and scaling of network and security services. For example, in a private cloud environment, employees can spin up virtual machines to run their multi-tier applications -- and they need load-balancing or firewall services between the different tiers. This approach makes sense only when the infrastructure can automate the orchestration of services along with other resources.
Again, take AWS as an example. Amazon makes various network and security services, such as firewalls, load balancing, and CDN (through CloudFront) services available on top of its infrastructure. These services can be spun up to run on EC2 virtual machines on a per-tenant basis to accommodate self-service, service selection, and insertion.
Borrowing from AWS, a private-enterprise cloud needs to be an elastic platform that allows dynamic service insertion, wherein services are extracted from special-purpose hardware appliances and run as virtual instances over a standard compute platform. These services, often security or L4-7 network services, can scale on demand and be dynamically inserted into traffic flows to function at a more granular level.
For the increasing number of enterprises that adopt a hybrid cloud or operate multiple data centers across a wide geography, it's extremely important to have smooth workload movement across multiple clouds for disaster recovery and high availability.
For example, companies like Google and Amazon operate multiple data centers across the world. Due to the increased use of mobile devices, a user request can potentially trigger compute or storage operations in any of the data centers. In addition, the adoption of big data analytics tools, such as BigTable and Hadoop, can dramatically increase advertisement relevancy but result in significant east-west traffic increase within and across data centers.
Google and Amazon have been building technologies like intercloud federation and software-defined WANs to support their global operations with flexibility and high availability. Intercloud federation handles the exchange of routing and control information across multiple cloud environments -- along with the network connecting these environments -- so an entity in one cloud can seamlessly communicate with another entity in a different cloud.
AWS has been supporting deployments of multiple VPCs (virtual private clouds) connected to customer sites. If enterprises are considering setting up a hybrid cloud and move workloads across public and private clouds securely, they can take a page from Amazon's playbook: Design a well-thought-out approach to seamlessly translate virtual identifiers inside a data center -- such as VXLAN ID to VRF (virtual routing and forwarding) instances, since VPNs are the preferred approach for intercloud connections.
Of course, WAN bandwidth is scarcer than bandwidth inside a data center, so enterprises must ensure they can differentiate among different types of traffic and maintain SLAs (service-level agreements). To that end, Google has pioneered a software-defined WAN in its B4 network to use logically centralized network control for more deterministic, efficient, and fault-tolerant connections across the WAN.
Google's WAN has two backbones: One is called I-Scale for Internet user traffic that is usually smooth and diurnal, requiring high availability and loss sensitivity. The other backbone is called G-Scale for data center internal traffic that is bulky but can tolerate higher loss and has less stringent high-availability requirements. G-Scale handles most of the east-west traffic that is growing at a much higher speed than the north-south user traffic handled by I-Scale. Google implemented B4 to have a logically centralized traffic-engineering controller, which allows applications to manipulate bandwidth across data centers through WAN networks.
Although the early SDN products primarily focus on automation and orchestration within a data center, the more mature SDN solutions, such as those from Google and Amazon, are designed to take intercloud federation across WAN and software-defined WAN into consideration. Looking to the service-provider world, BGP, MPLS, and L3VPN/EVPN are the dominant and proven technologies that can scale, isolate, and guarantee SLA. This dictates that a translation scheme needs to be well thought out to map the tenant identifiers inside a data center to MPLS labels to go through the WAN.
Cloud providers have been on the forefront of the SDN movement and will continue to pioneer new and novel approaches with the emerging technology. Enterprises can borrow the lessons learned by these companies to build a more agile, dynamic, and elastic IT infrastructure -- one that will provide an edge in an increasingly competitive world.
New Tech Forum provides a venue to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to firstname.lastname@example.org.