The DC Problem
Lately, great changes have been taking place in the Information Technology and Communications environments, with the appearance of new technologies and work methodologies whose main purpose is to solve increasingly demanding business needs for any company that requires technology to cover its services.
The arrival of new paradigms of continuous display of applications in container environments and the new Cloud environments revealed that traditional data centers have certain problems when managing and scaling, due to the pace of changes that developers introduce in the environments of production. Specifically, the datacenter network is one of those that suffers most of the problems, since they are not capable of adapting to the operation of new environments neither in dynamism nor in consistency.
All these problems do not happen exclusively in container environments but also in the display of traditional loads through automated procedures introduced in the world of systems in the last years, through automation tools such as Ansible, Puppet, Terraform, or Cloud forms, furthermore confirming these problems.
It is also necessary to mention here the container orchestration, which allows DevOps teams to set up their “chiringuito”, displaying an invisible overlay network for network engineers, so they lost knowledge of what was happening on their network, generating problems both at the level of visibility and troubleshooting. All this, together with the security problem within an unmanaged overlay network, has caused most companies to be reluctant to set up this type of solutions or that datacenter engineers have to go beyond their field of knowledge to be able to apply the security measures that any environment requires.
SDN in Datacenter
SDN networks allow us to separate the control plane from the data plane, ensuring that the latter is distributed in the network equipment and therefore enabling the management of telecommunications infrastructures from a single point. This contributes to solving some of the problems of traditional networks, such as management, having a global vision, maintenance costs or update times.
The gap between the control plane and data plane, and the existence of complete APIs in most of the new IT environments, allow SDN networks to be able to integrate with traditional virtualization solutions, letting us know from the control point from SDN data that before we needed to look for and relate manually. This has made possible the improvement of troubleshooting, being able to answer basic questions that were asked each time a problem had to be diagnosed or a report on the real state of the environment had to be made, as fortunately, the SDN networks have all this information in their control plane.
If the mentioned problem is transferred to a container orchestration environment such as Kubernetes, Openshift or Docker Swarm, troubleshooting at a network equipment level would be practically impossible since the overlay network packets are transparent in the network equipment. All this, together with the fact that the life cycle of a container can be very short, makes troubleshooting a real odyssey.
Fortunately, SDN networks allow integration with these new container orchestration and deployment infrastructures, allowing visibility of what happens in the internal communications of the cluster, facilitating the diagnosis of problems in general and the downsizing of the encapsulation load to networking at the web level on the processing hosts themselves, causing an increase in the resources available on the hosts for workloads.
Another of the most representative advantages of the integration of SDN networks with container infrastructures is the dynamic configuration capacity that the different components of the container cluster to manage the connectivity of each container at the SDN level. This gives us the opportunity to implement a set of rules previously defined by the datacenter team to each container that is deployed, providing an important level of self-management to the solution as well as applying segmentation functions within the same network. Additionally, in the case of a container orchestrator such as Kubernetes or Openshift, it is possible to develop the functionalities of the SDN network, being able to create layer 4 balancers to present the services to the outside, allowing the platform to scale horizontally without external balancers and reducing the tromboning traffic made within the overlay network.
Additionally, SDN networks have been born already prepared to offer datacenter services in a completely redundant way, offering native DCI (Datacenter Interconnect) mechanisms that allow us to extend our datacenter between geographically dispersed sites without the present or actual network inconveniences that we have all suffered .
The arrival of cloud services has also caused datacenter networks having to adapt as it is necessary to share costs between traditional datacenter and public cloud environments. Thanks to SDN networks, we can integrate with different Cloud providers simultaneously, building a hybrid datacenter that allows us to extend our virtualization and container solutions to the Cloud.
These integrations allow us to abstract from the own implementation carried out by Cloud providers, offering us a homogeneous service delivery environment in which our workloads are treated the same, regardless of whether they are executed in our on-premises datacenter or in at the provider´s Cloud services. At the time of implementing these policies quickly offers us the possibility of moving our workloads with total dynamism, taking advantage of the solution that best always suits our requirements, whether for strategic (business) and / or tactical (technological) reasons.
It is not only the datacenter network that has had to adapt to the new paradigms, but also the security infrastructure, which has become the greatest concern for most companies in recent times, both in a general and in a particular level in the container environments. The capabilities of SDN networks greatly expand the possibilities of segmentation and securing of traditional networks, allowing communication to be managed through specific rules and policies per entity regardless of its associated root. This has allowed that segmentation and micro-segmentation to be applied to elements that would traditionally be level 2 to add security to the environments without the need to subdivide the network based on routing and smaller network masks.
In addition, we should mention that regardless of the environment in which we find ourselves, whether physical equipment, virtual machines or containers, for the SDN network they are all considered the same type of entity, which allows us to apply everything mentioned before to any type of environment.
And last, it is worth mentioning that SDN networks do not simply remain at the level of traditional routing and switching, but allows the implementation of functionalities that were previously above all these, such as firewall services in the transport layer, letting us not only to completely isolate the different network equipment, but also apply partial isolation and lets us or not pass the communications depending on our needs.
Is SDN network the solution?
Nowadays the capacity of SDN networks have greatly improved the lives of engineers, letting network administrators engage in both virtualization and container level displays. This means that they can be involved in the entire workflow and have complete visibility of what is happening on the network, allowing each administrator to have a well-defined role and apply their specialization where it is necessary.
The growth of both virtualization and container environments, as well as the rise of cloud services, will cause a substantial increase in the number of organizations that will implement SDN, as it helps to keep centralized control and to scale. The management of the network infrastructure through the control plane allows administrators to have a greater degree of control that of which they would from a traditional legacy network.
However, SDN networks are still growing and still have a long way to go. We all know, this technology has a very high development potential, as organizations are always looking for ways to lower the complexity of network management and reduce overall costs, and the capacity of the SDN network in this regard is very promising.
Though its advantages are clear, there is certain resistance to change, especially the high learning curve and the deep organizational changes that introduces, so it is necessary that SDN networks continue to develop so that their resolution is generalized.
Undoubtedly, the future of datacenter services depends on the adoption of an automation philosophy services supported by this type of SDN networks integrated with the rest of the datacenter technologies.
Víctor Duque, Ernesto Fernández, Víctor Martin y Sergio Segovia.
Datacenter and DevOps Architectures Consultants at SATEC
This article was published on September 10 by the newspaper “REDES&TELECOM” You can access through this link.