I've been getting a lot of questions about network virtualization and SDN lately, so to get some clarification and find out more about these technologies, I reached out to one of the experts on the subject: Dan Mihai Dumitriu, CEO and co-founder of Midokura.
---
VMblog: I want to jump right in with a common question that I'm being asked. How is Network virtualization different from SDN?
Dan Mihai Dumitriu: Software-defined
networking (SDN) is way to manage networks that separates the control
plane from the forwarding plane. Network virtualization (NV) is
complementary to SDN, but deals with creating a logical software-based
views of the hardware and software networking resources like switches
and routers.
MidoNet is an
example of a network virtualization overlay where there's a system of
logical switches and edge routers. MidoNet interacts with the physical
layers to forward packets, and provides the intelligent abstraction to
make it easier to deploy and manage network services and resources. As a
result, NV can align the network for better utilization and support of
virtualized environments.
NV
can be used to create virtual networks within a virtualized
infrastructure. This enables NV to support the complex requirements in
multi-tenancy environments. Further, NV can deliver a virtual network
within a virtual environment that is truly separate from other network
resources. In these instances, NV can separate traffic into a zone or
container to ensure traffic does not mix with other resources or the
transfer of other data.
Like
any new technology, NV is now gaining traction with early adopters and
moving towards mainstream. It will continue to follow along the adoption
curve of OpenStack and container orchestration.
VMblog: How has network virtualization changed since its debut a few short years ago?
Dumitriu: Network
virtualization is not a new thing, but what is different today are the
applications and the need for an application-centric approach. Instead
of focusing on ports and protocols, make sure you can understand and map
the security policies to the business application they support. Network
admins generally are not aware of the business application workloads
their networks are sustaining, but this is definitely an area of note.
Overall, it's important to maintain an awareness of your applications
and the connectivity they need to remain support. Containerization
provides a vehicle to describe the infrastructure needs of the
application and network virtualization can play a big part through
integrating with container orchestration.
VMblog: What technology developments have made it so hot?
Dumitriu: Traditionally,
decision warehouse and analytics software were proprietary and
expensive to license. Only large enterprises could afford the upfront
capital expense in software and hardware and therefore generally data
related to revenue generation were analyzed.
However,
with the proliferation of open source big data analytics tools like
Elasticsearch, Logstash, Kibana (Elk stack), even text-based per host
level event logs can be analyzed in real-time.
That
is what is happening to network virtualization today. For instance,
MidoNet uses Elasticsearch, Logstash to analyze the current and past
flows traversing the virtual network, giving the network admin a
stronger set of tooling for troubleshooting their virtual networks.
VMblog: Explain the relationship between cloud and network virtualization.
Dumitriu: Cloud
resources make it easier for developers to have access to
infrastructure. The cloud has increased the amount of experimentation
done in parallel (rather than sequentially as in the past), which means
higher application deployment frequency as well as shorter lead time.
Such improvements directly address the typical bottlenecks experienced
in traditional network provisioning and network change requests.
Previously, if the launch of an app has a lead time of six weeks but it
takes six weeks to make network changes, then the network would totally
be in the way of meeting the bottom line - the revenue generation that
is contingent upon a timely application delivery.
Frankly,
the biggest headache and overall TCO in networking is operations. SDN
provides cost savings initially, and has shown its value in providing
long term relief from the major headaches in network operators. While
initial acquisitions costs are important, more and more organizations
are evaluating projects based on long term, TCO. In a world where value
needs to be proven first for every environment, such evaluation can be
challenging to vendors unaccustomed to this mode of selling.
VMblog: What sort of adoption trends have you been seeing among enterprises, service providers and others?
Dumitriu: To
accelerate application delivery, what used to be delivered as
monolithic applications are now are divided into microservices - each
with its own tech stack and delivery schedules. Microservices are
driving containerization, not the other way around. Web services are
already adopting containers and I expect the future to hold broad
enterprise adoption of containers by their in-house application
developers.
VMblog: How are open source technologies playing a role?
Dumitriu: Today, open source is leading the infrastructure space. Here's a diagram that shows how: http://www.midokura.com/wp-content/uploads/2016/01/abt-side-pop.jpg
Like
the OpenStack project, which is composed of open source KVM, Libvirt,
RabbitMQ and mySQL, MidoNet is build on foundational open source
technology, including: Zookeeper, Cassandra, ElasticSearch and Logstash.
The pace of innovation for distributed systems built on open source
foundations is becoming more rapid. Products built on open source are
able to reach product maturity faster than their proprietary
equivalents. This is because using open source the architecture lends
itself to more frequent updates, and because offers the flexibility to
swap out a component to achieve better performance.
VMblog: What's next in network virtualization?
Dumitriu: Traditionally,
application deployments included observation points for network
security. This introduced network bottlenecks, and the virtualization of
workloads using VLANs came at the cost of scalability limitations,
vendor lock-in and overall lack of agility.
In
conventional networking, network administrators use network taps, which
are external monitoring devices that mirror the traffic passing between
two network nodes. Placing a TAP (test access point) at a specific
point in the network in order to monitor data requires heavy planning,
and moving the TAPs and adding more TAPs is yet another administrative
burden.
In the OpenStack
environment, technologies like Open vSwitch and MidoNet provide
software-based or virtual TAPs (instead of using hardware devices) so
that tenants can monitor ports on virtual machines and/or containers in
Neutron-provisioned networks.
Specifically
in Midokura Enterprise MidoNet (MEM) 5.0, using MEM Insights, users can
mirror any device including ports, bridges and routers and output onto a
deep-packet inspection firewall or intrusion detection system (IDS).
They can proactively monitor virtual networks and detect anomalies
before any harm can be done for security and compliance use cases.
VMblog: And what's next for Midokura?
Dumitriu: Awareness
of MidoNet has expanded to more than 122 countries across the globe.
Our initial use cases provided an SDN plug-in for OpenStack networking.
As Docker gains broad enterprise adoption, operations team are looking
to OpenStack to consolidate infrastructure (compute, networking and
storage) management. Project Kuryr was born to address the use case for
bridging container networking with OpenStack networking, seamlessly
mapping Docker APIs with Neutron APIs as containers are instantiated.
##
Once again, a special thank you to Dan Mihai Dumitriu, CEO and co-founder of Midokura, for taking time out to speak with VMblog and answer a few questions about the company and the network virtualization market.