Connecting Islands of Resources in an SDN Data Center
Oct 28, 2013
Application Agility is Critical
Organizations are rolling out new applications that they use to drive the business. These applications are virtualized. They are increasingly distributed, dynamic and they can span locations. They connect employees, customers and the supply chain. They make employees more productive, help customers to engage with the business and facilitate better inventory management. They also provide timely business intelligence. This means revenue to the organization. Time to deploy is critical. Organizations need to be agile when it comes to deploying new applications.
The problem is that the network is an obstacle. Due to the complexity of configuring the network speed of deployment is an issue. There are so many things that need to be configured. You need to configure route mapping, port mapping, VLAN mapping, QOS, NAT, ACLs and the list goes on. The networking side hasn’t changed since it was invented decades ago. It takes weeks to configure the network connections that are needed when you deploy an application.
Organizations have been using server virtualization for years to overcome the limitations of physical server virtualization. When you have to deploy a physical server it could take weeks from the time you first knew you needed it until it was up and running. Now provisioning virtual servers only takes minutes. With virtualized servers we realized agility and resilience and improved physical server utilization. We need the same type of benefits for the network. You can’t let the network get in the way when you need to move fast and gain the advantages of new applications. Organizations are looking for ways to provision the network work quickly.
Overlay Networks are the Answer
Organizations are turning to virtual overlay networks as the answer to the application provisioning dilemma. These systems are managed via a central controller that provides a way to manage the tunneling protocols used to connect to the various components of the application. This includes connections to the virtual machines, virtual switches and routers, and virtualized versions of network services appliances such as load balancers, firewalls and intrusion detection and prevention devices.
Software overlay networks promise to solve a number of issues. Some virtualized applications require Layer 2 adjacency to their storage resources and it is required for VM live migration. This is forcing broadcast domains to grow, pushing the limits of VLANs. Overlay networks alleviate the workload mobility problem by providing Layer 2 connectivity in the data center. They also have mechanisms to overcome VLAN limitations. When resources move, the virtual networks move with them. Virtual overlay networks promise to speed up provisioning and accelerate application rollout by providing agility and elasticity in the way network connections are deployed. However there are other issues to consider.
You still have islands of resources that need to be connected. You have an array of applications that exist in your organization that were deployed over the years. They might be home grown, or client server style that have limitations such as hardwired IP addresses or they might need layer 2 access to data over the WAN. They might be SOA types that have large data stores that are not virtualized. You have physical devices to connect to like a server load balancer, firewall, WAN optimization controller. You may need to connect to resources in remote locations. You need a way to bridge between the SDN environment and these legacy resources.
Gateway Services Connect Everything
To connect your islands of resources Juniper has developed gateway services on the MX series routers. The Layer 2 gateway enables SDN controllers to communicate with non-SDN VMs, bare metal servers, and L4-L7 network services which can be physical devices or virtualized services. The Layer 3 gateway enables VMs in the SDN environment to communicate with VMs in non-SDN environments, bare metal servers, and L4-L7 services. The SDN to WAN gateway provides communication from SDN environments to remote locations over the same or different encapsulations—for example, from VXLAN to EVPN, MPLS over GRE to EVPN, VXLAN to GRE, or VXLAN to an L3VPN. The SDN to SDN gateway translates between SDN controller types with the same or different tunnel encapsulations such as VXLAN to VXLAN, or VXLAN to MPLS over GRE.
These functions are performed on Juniper’s Trio ASIC, which has the ability to peer and exchange routes with multiple SDN controllers simultaneously, avoiding the need to insert a second router or a virtual appliance into the architecture. These conversions require not only translating from a tunnel header into a native IP header, but simultaneously doing a L3 lookup as well. Since Juniper uses programmable silicon in the MX Series, it can be programmed to do simultaneous lookups in hardware at high-performance to solve this problem. This solution provides a high degree of multi-tenancy where it is possible to create an architecture using a Layer 2 overlay that provides separation for each tenant. This is done using tunnel ID’s to map traffic in to VRFs, with one instance connecting to legacy resources and the other connecting to another overlay for example.
How Gateway Services Are Used
Enterprises are deploying virtualized applications to interconnect their employees, supply chain, and customers. They are using SDN overlays to get these applications up and running faster, however they have other types of applications in their data centers that they need to connect together so that they can share data and access various application components. Many organizations are seeking ways to avoid disaster-related outages, and to rapidly recover from such disasters should they be unavoidable. These organizations are implementing workload mobility from their primary data center to another active or backup data center. They can use the gateway functions to enable VM mobility for this purpose. Juniper recently announced EVPNs can be used to set up the data center interconnects and put them into a Layer 2 domain for VM mobility. Network connectivity from branch office locations to data centers can be provided by a variety of IPVPN connection types such as IPSec or L3 IPVPNs. Since SDN environments often use VxLAN with the gateway capabilities VPN services on the MX Series can connect branch offices to SDN environments in the data center via VPN to VXLAN conversions.
Data center operators offer hybrid cloud services where they provide hosted infrastructure to the enterprise, which the enterprise can use to host applications, spin up virtual machines, and move virtual machines as needed to support workloads that might need increased capacity. These are used by Enterprise organizations that are looking to optimize their compute resources to ensure application performance. Data center operators hosting applications for the enterprise can use MX Series gateway capabilities to connect branch office locations over the WAN using a variety of VPN services. They can also use the MX Series devices to span application instances or connect to storage resources and they can use it to bridge between instances of SDN systems. With the proliferation of data from all sorts of sources there is a wealth of information that needs to be analyzed and acted upon. Some cloud service providers are hosting Big Data Analytics infrastructure for the enterprise. This means that many data stores need to be hosted and often need to be replicated over the WAN from one data center to another and require various methods of access.
For More Information
Organizations investigating overlay networks today need to think about their network infrastructure and how it will serve them in the future. Investing in the right network architecture will be critical to their ability to move to SDN while supporting their current environment. With robust support for IP networking, a complete set of L2 and L3 VPN services and integration with SDN controllers, the Juniper Networks MX Series Router with Universal SDN Gateway capabilities provides a complete solution for transitioning networks to SDN, as well as the business agility that brings. This is accomplished while maintaining interoperability with existing resources and protecting investment in existing network infrastructure. To learn more see the paper, Integrating SDN in to the Data Center.