Scaling Overlay Virtual Networks

Overall rating: 4.74 Instructor: 4.71 Materials: 4.81 more …

Every major hypervisor- and networking vendor has an overlay virtual networking product or solution. Most of them work reasonably well in small environments, but would they also scale to thousands of hosts and tens- or hundreds of thousand of virtual machines or Docker containers? Would they scale to thousands of hosts or hundreds of thousands of virtual machines or containers?

This free webinar sponsored by Nuage Networks explores the scalability challenges of overlay virtual networks and give you some guidelines that you can use to select the overlay virtual networking solution for your public or private cloud.

Availability

This webinar is part of Cloud Computing and Networking roadmap and accessible with free or standard subscription

Start now Access free content

Contents

Distributed Forwarding Plane

Virtual networking infrastructure must provide layer-2, layer-3 and network services abstractions, preferably distributed across the physical infrastructure to prevent chokepoints and optimize end-to-end traffic flow.

This section describes the typical challenges a distributed forwarding plane must cope with and solutions used by Nuage VSP to overcome them.

Scaling Control Plane

Regardless of how well a cloud orchestration system or cloud infrastructure controller is implemented, it’s bound to hit scalability limits that can only be overcome with a scale-out architecture, ideally implemented with a loosely coupled federation of controllers.

High Availability and Multiple Availability Zones

Architects of large cloud deployments usually split them in multiple independent availability zones to minimize the impact of catastrophic failures.

The availability zones should be as loosely coupled as possible; their only potential interaction point should be the cloud orchestration system. Overlay virtual networking solutions with federated controllers are obviously one of the best possible architectures one can use to implement highly independent availability zones.

Hardware VTEPs

Integration of overlay virtual networks with the physical world is one of the crucial functions of every overlay virtual networking solution. Small-scale implementations can rely on software gateways; hardware gateways are the only viable answer in large-scale deployments.

Service providers offering multi-tenant cloud services to their existing VPN services customers face another challenge: integration of overlay virtual networks with customer VPN networks.

This section will describe the range of potential solutions, from software gateways and L2/L3 hardware gateways to full-blown overlay-VPN integration offered by Nuage VSP.

Large-Scale Security Groups and Microsegmentation

Modern scale-out application architectures often rely on host-level protection (sometimes called VM NIC firewall or microsegmentation) – a packet filter or firewall inserted between a virtual machine (or a Linux container) and the adjacent virtual switch.

Most microsegmentation implementations allow the users to specify security rules between groups of virtual machines or containers, resulting in a typical O(n^2) problem – the number of packet filter or firewall rules inserted in front of a VM grows faster than the size of the application infrastructure, potentially resulting in performance bottlenecks.

In this section you’ll see how scalable microsegmentation approaches relying on control-plane security group tagging reduce this problem, resulting in improved forwarding performance in large-scale virtual networking implementations.

Scaling Network Address Translation

Network Address Translation (NAT) is even harder to scale than distributed firewalling. While it’s possible to distribute the translation state across the virtual infrastructure, the necessary state synchronization makes most such approaches impractical.

Nuage VSP uses an alternate approach to distributed NAT that allows a cloud designer to implement common NAT requirements (floating public IP addresses and access to public IP address space from private IP address space) without sacrificing the overall scalability.

Service Chaining and High Availability

Service chaining (insertion of transparent or inter-subnet network services in the forwarding path), particularly when coupled with high availability requirements, is another typical scalability obstacle. This section will describe the typical challenges encountered while deploying service chaining and features of Nuage VSP one can use to alleviate them.

Target Audience

Network architects, designers and implementation engineers working in environments that plan to deploy private or public cloud services.

Prerequisites

To attend this webinar, you should be familiar with the basics of server and network virtualization, VLANs and IP routing.

Awareness of virtual networking concepts is highly recommended. Consider listening to the Introduction to Virtual Networking, Cloud Computing Networking and Overlay Virtual Networking webinars.

Happy Campers

About the webinar

I am new to the cloud technologies and it was very fullfilling for me. Thanks.

(Anonymous)
Presents the technologies relevant information concisely without the vendor sales hype.
(Anonymous)
It was simply an excellent presentation. Just straight to the point!! This has been enormous uplift to my career.
Aju Francis

Tweets

I'm definitely a geek to enjoy waking up to pals @ioshints & @dstiliadis talking "way over my head" networking stuff on notsosurround sound.
@patricia_dugan
Attending @ioshints ’s Scaling Overlay Virtual Networks webinar. Very new to this stuff. Can we say “trying to drink from a firehose?”
@DeniseFishburne
Sitting in on the Scaling Overlay Virtual Networks webinar hosted by @ioshints and sponsored by @nuagenetworks. Fantastic information! #SDN
@IPv6Freely
Good information on scaling overlay networks w/ @ioshints and @dstiliadis. Thanks guys
@kernelcdub
Great under the bonnet webinar on @nuagenetworks from @ioshints & @dstiliadis Subscribe to http://ipspace.net for video & slide content
@martenhauville
@patricia_dugan @shi_sha_ Class or no class, I'd watch anything that had @dstiliadis & @ioshints playing off each other.
@RealLisaC
@RealLisaC @patricia_dugan Enthusiastically agree! Both great teachers - lucky me/us @dstiliadis @ioshints thank you.
@shi_sha_
@RealLisaC what I love is that @ioshints is always just facts and technology and no marketing.
@dstiliadis

The Authors

Ivan PepelnjakIvan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.

Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.

More about Ivan Pepelnjak

Dimitri StiliadisDimitri Stiliadis leads technology and architecture initiatives at Nuage Networks. Before founding Nuage Networks, Dimitri was the CTO of Alcatel-Lucent Ventures and he led the Alcatel-Lucent strategy in cloud computing and NFV. He was also the CTO of the OmniAccess Nonstop Laptop Guardian, a security and compliance solution for IT organizations. At Bell Labs Research, he led a series of research programs with fundamental contributions in packet classification, traffic management, router architectures, and asset management, and was instrumental in the commercialization of these technologies. Dimitri received a PhD and an MsC in computer engineering from the University of California, Santa Cruz, in 1996 and 1994 respectively. He is the author for more than 50 papers in international conferences and journals, holds more than 20 patents, and was the co-recipient of the 1998 IEEE Fred W. Ellersick Prize Paper Award.

Nuage NetworksNu-âhj: From French, meaning ‘cloud’. Nuage Networks brings a unique combination of groundbreaking technologies and unmatched networking expertise to the enterprise and telecommunications industries. The Silicon Valley-based start up has applied radically new thinking to the problem of delivering massively scalable and high programmable SDN solutions with the security and availability required by business-critical environments. Nuage Networks, backed by Alcatel-Lucent’s (Euronext Paris and NYSE: ALU) rapidly growing IP division, has the pedigree to serve the needs of the world’s biggest clouds. The cloud has made promises – the mission of Nuage Networks is to help you realize them. For more information, visit Nuage Networks on: www.nuagenetworks.net, read the latest posts on the Nuage Networks blog http://www.nuagenetworks.net/blog/ and follow the company on Twitter: https://twitter.com/nuagenetworks.