Embrace the change ... resistance is futile ;)

After all the laws-of-physics-are-changing hype it must have been anticlimactic for a lot of people to realize what Nicira is doing (although I’ve been telling you that for months). Not surprisingly, there were the usual complaints and twitterbursts:

  • It’s just an overlay solution;
  • It’s yet another tunneling protocol;
  • It doesn’t have end-to-end QoS;
  • It’s a simple solution using too-complex technology;
  • Why are they playing at the edge instead of solving the whole problem?

All of these complaints have merits ... and I’ve heard them at least three or four times:

  • When we started encapsulating SNA in TCP/IP using RSRB and later DLSw;
  • When we started replacing voice switches with VoIP and transporting voice over IP networks;
  • When we replaced Frame Relay and ATM switches with MPLS/VPN.

Interestingly I don’t remember a huge outcry when we started using IPsec to build private networks over the Internet ... maybe the immediate cost savings made everyone forget we were actually building tunnels with no QoS.

Anyhow, we’ve proven time and again in the last 20+ years that the only way to scale a networking solution is to push the complexity to the edge and to decouple edge from the core (in case of virtual networks, decouple them from the physical ones).


Stop fighting the IP tunneling ... you will be assimilated.

Assuming one could design the whole protocol stack from scratch, one could do a proper job of eliminating all the redundancies. Given the fact that the only ubiquitous transport we have today is IP, and that you can’t expect the equipment vendors to invest into anything else but Ethernet+IP in the foreseeable future, the only logical conclusion is to use IP as the transport for your virtual networking data ... like any other application is doing these days. It obviously works well enough for Amazon.

You have to use transport over IP if you want the solution to scale ... or a completely revamped layer-2 forwarding paradigm, which is not impossible, merely impractical in a reasonable timeframe ... but of course OpenFlow will bring us there ;)

I’m not saying Nicira’s solution is the right one. I’m not saying GRE or VXLAN or NVGRE or something else is the right tunneling protocol. I’m not saying transporting Ethernet frames in IP tunnels is a good decision – I would prefer to have full IP routing in the hypervisors and transport IP datagrams, not L2 frames, between hypervisor hosts. I’m also not saying IP is the right transport protocol, it’s just the only scalable one we have today.

However, I’m positive that the only way to build scalable virtual networks is to:

But, as always, this is just my personal opinion, and I'm known to be biased.

2 comments:

  1. Very nicely put, Ivan... Agreed w/ all points around scale benefits of simplified L3 core with smart edge devices (hypervisors) dealing w/ the high number of endpoints (VMs). The part that also has to follow is the end-of-row services such as loadbalancers, VPN concentrators, firewalls, IPS/IDS - L2/L3 only solution will fall short and have a limited mobility diameter.

    ReplyDelete
  2. Now just do this and peer to the external world with standard protocols that do the same thing.. *ahem.*

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.