Editor's Note: Occasionally, Enterprise Networking Planet is proud to run guest posts from authors in the field. Today, Midokura's Dan Conde discusses the benefits of overlay-based software defined networking.
By Dan Conde
As a datacenter's networking requirements change, new network services like load balancing, firewalls, and network isolation demand updates to the physical network infrastructure. This often creates challenges. Applications and security concerns are growing ever more complex and in ever greater need of rapid provisioning. For the networks of today and tomorrow, agility is critical. This is a key driver in the movement toward software defined networking. But of the different approaches to SDN, which one holds the most promise?
Hardware programmability vs. overlay SDN
First, let’s look at some different approaches to SDN. One approach emphasizes programmability of network entities. The programmability model enables the automation and manipulation of physical network devices using software interfaces. It's an evolution of the way we already interact with hardware devices, made more flexible via automation. With this approach, however, ultimately the network packets still travel between hardware devices in a traditional manner, with the traditional limitations that this implies.
The second method involves the creation of virtualized software appliances that emulate or replace hardware devices. This approach begins to eliminate hardware devices. Network packets instead move "hop-by-hop" across software entities. This model basically creates a software version of a traditional hardware-defined network. I think this overlay approach holds the most potential.
The benefits of overlay networks
An overlay network enables separation of the virtual network configuration and topologies from the physical networks underneath. The virtual network deals with most of the higher-level policy, freeing the underlying physical network to worry only about delivering packets to a destination. Overlay SDN allows organizations to redesign and upgrade the physical network as needed without affecting the virtual topology. Additionally, the virtual network provides much more flexibility for the rapid creation, updating, and deletion of networks. Someday in the future, you’ll want an underlay network that's dumb, fast and out of control.
By "dumb, fast, and out of control," all I mean is that it’s better to have the network infrastructure designed to deliver packets quickly and reliably from one point to another, unfettered by much policy or control. In this scenario, the network becomes a simple IP transport. Meanwhile, a separate, more intelligent control plane can determine how the data travels through the system. This provides much of the flexibility promised by programmable appliance-based networking, without the complexity of managing those appliances and paying for the overhead of packets being shuttled between appliances.
An overlay network sits on top of a simple network. This is made possible by overlaid network packets encapsulated within other network packets. IP packets are piggybacked and ultimately carried to their intended destination. The beauty of this approach is that since a packet of data is just a set of bits, a controller can sit on the side and direct the traffic. This allows us to cleanly separate the movement of the data from the control of the packets. Also, since network packets are just sets of bits, one can manipulate those bits to simulate what happens to the packets had they traveled through various physical network devices.
The limitations of overlay networks
An overlay virtual network system can’t be isolated from the rest of the datacenter, however. It’s difficult to imagine an enterprise, at least in the short term, becoming completely virtualized using an overlay network. Packets do sometimes still need to traverse traditional routes, the overlay must still talk to external networks, and gateways require many protocols.
For the moment, therefore, the idealized overlay network may not be able to address the needs of an entire enterprise network. But it can certainly benefit those within a cluster of servers running a virtualized network platform. In the future, however, the boundaries of an overlay network look likely to encompass more systems, potentially even working across data centers.
Ultimately, overlay networks fulfill the promise of virtualization as applied to networking. The physical transport of data becomes decoupled from most of the policies and control of the packets, providing much more flexibility in the design of the network. Going back to the "dumb and fast" theme I mentioned earlier, we can design a network to do just one thing, but do it very well: deliver packets quickly. A simple network is easier to scale and manage. The goal of modern computing platforms is to be scalable and agile, and an overlay approach is well suited to accomplish this goal.
Header photo courtesy of Shutterstock.
Dan Conde is a Senior Product Manager at Midokura. He specializes in system and infrastructure software and has previously worked at VMware, Rendition Networks, NetIQ and Microsoft. Dan received his Computer Science degree from the University of California at Berkeley and his MBA from the Haas School of Business at UC Berkeley.