What do Virtualization and Cloud executives think about 2012? Find out in this VMblog.com series exclusive.
Predictions 2012 - Networking
Article by Abhishek
Chauhan, CTO, Cloud Networking Group, Citrix
The super-prediction for networking in 2012 can be
summarized in one word. Change.
The key drivers of this change - cloud and mobility -
have steadily gained strength through 2011.
Now, the datacenter is changing.
The aApps are changing. And so is
the way these apps are delivered and consumed.
Underlying all of this is the network.
And change is knocking on networking's door. As the crescendo of change builds up, 2012
promises to be a critical year for disruption and the transformation of
Here is a complete look at some of the trends that stand
out for us at Citrix.
Disaggregation Drives New Paradigms
"Let us bring all our traffic to one place and pipe it
through a few centralized networked nodes.
This will give us better control over our network."
If you spot a problem with the above approach, give
yourself a pat on the back. For many
years now, many network designers and many network designs have gone this way,
failing to detect the problems you did.
The problems are many.
Forcing all traffic to take a "detour" for the sake of control is just
plain inefficient. This is increasingly
clear with the new "flat networks" where there is no obvious choke point that
could be repurposed to serve as the control point. Bringing everything to one place means fatter
pipes, fatter routers, more scale.
On the other hand, if the goal is control and visibility,
can this be met without concentrating the traffic? With centralized control, yet distributed
enforcement, that goal can become a reality.
This question is starting to be asked, and answers will emerge in 2012.
This uber-trend is driving the thinking behind many new
network designs - everything from the new distributed packet cores designs in
LTE, to controller + vswitch designs at L2, to emerging firewall and ADC
Software Defined Networking Gets Application-awareness
It is rubber-meets-road time for OpenFlow and software
defined networking (SDN). The momentum behind SDN continues across the vendor
community, with initial cloud scale deployments starting to happen.
The SDN paradigm allows for the separation of the
"brains" of the network, via software defined policies, from the "brawn" of the
network that actually moves bits and bytes across wires. Since OpenFlow operates at layers 2-3 of the
network, most SDN style schemes tend to be about providing more flexible ways
to do routing and switching.
What we are seeing now is a desire to achieve a similar
separation at layer 7, to separate the brain from the brawn and allow a
flexible, software-defined policy pipeline that operates in an
application-aware manner. At layer 7, a system that facilitates the paradigm of
centralized control and distributed enforcement of application aware policies
is a must.
The Move to Software
Networking is moving to software running on general
purpose hardware. Application delivery
controllers (ADCs) from all major vendors are now available as software virtual
machines, albeit with varying degrees of completeness. More importantly, these soft ADCs have been
But the move to software is also enabling new ways to
employ these contraptions. Instead of
thinking of an ADC as a per-datacenter building-block, new architectures
arrange these on a per-tenant and often per-application basis, which enable a
larger number of finer-grained control entities. These entities are made possible via the
software. As the software ADCs prove
themselves, we expect this trend to tick up in 2012, and as a result, we expect
better ways to manage these armies of tiny soldiers.
Consolidation Around Layer 7
Consolidation at layer 7 is not new. "Upper layer protocols" have been all the
craze. WAN optimization folks have been
talking about optimizing for applications, while firewall vendors have been
talking about inspecting applications.
Mobile vendors have been talking about DPI at the application
layer. Joe the plumber has been plumbing
applications... you get the idea.
What is new is the realization that some of these
functions - which have all migrated up to layer 7 - have become prime
candidates for consolidation.
Load balancers and ADCs have been the primary location
where a full functioning L7 proxy has resided.
Traditional firewalls have tried to be application-aware, but have
struggled with fundamental architectural issues around the lack of a true
application proxy. New next-generation
firewalls, built with application awareness in mind, have this capability. But the duplication of application centric
functions and policies make operations harder and drive the cost of front-end
In 2012, there will be mainstream awareness and vendors
moving to provide a "unified policy front-end" that streamlines common actions
such as L7 parsing and proxying, to deliver a simpler way to configure and
manage, and provide more scalable, front-end for acceleration, security and
availability policies in the data center.
The start of this application front-end consolidation
wave will begin with firewalls and ADCs being delivered from a common
And finally, my last prediction: Before the calendar rolls over to 2013, IEEE
will have finalized a standard way for doing the kind of things vxlan and nvgre
folks are dreaming up.
If your face took on the "ya right" look before breaking into a mild smile after
reading the above, you're with me.
About the Author
Abhishek Chauhan is
CTO for the Cloud Networking Group at Citrix, driving the company's technology
vision for its networking products.
Abhishek joined Citrix through the acquisition of Teros, where he served
as CTO. Prior to founding Teros,
Abhishek helped architect scalable network services and distributed systems at
Sun Microsystems working on the J2EE blueprints. Before joining Sun, he co-founded Vxtreme
where he was the architect. He studied
Computer Science at University of Wisconsin and Indian Institute of Technology,