As the software-defined-networking (SDN) bandwagon gathers pace, the notion that all your networking appliances can be replaced with virtual appliances is being bandied about a lot. Gartner chap Joerg Fritsch has just posed an interesting question to those pushing that line: “whether a computing node with a hyper-visor installed …
"Fritsch doesn't come at the question from an SDN perspective: his piece considers a multi-tier application whose different components have differing security requirements, but his thoughts"
I don't expect articles posted late at night to be fully checked and edited, but could you at least finish sentences?
Otherwise, definitely good food for thought.
SDN networking needs a cloud orchestration. He is showing a serious lack of competency here by not understanding how multi-tenancy works in hypervisor systems.
SDN enables orchestration. The largest stumbling block in cloud orchestration is the network. It's all well and good automating your virtual switches, adding port groups and vlans within the hypervisor stack, but it's when you break out of that stack that things get interesting. Suddenly you are dealing with firewalls, routers, and switches which traditionally have not been designed with centralised automation in mind. It SHOULD be easy to programattically add another virtual firewall / router context / vlan etc on these components, but it's not, certainly not with traditional vendors. That's where SDN comes in, particularly in multi-tenant environments with different customers traversing the same tin or piece of copper. NFV is even more exciting. Why exit traffic from a host, through a switch, firewall or router, and then back to the same or nearby host to move traffic from vm to vm? It's crazy, and completely inefficient. With Intel baking IP packet management into their chips, which makes moving packets CPU efficient, a virtual router or firewall moving the traffic from VM to VM without traversing the external network just makes so much sense. And being a new-world software device, exposing an API for orchestration should be relatively simple. Unfortunately Cisco forgot that part with their 1000V series, but that's just typical of Cisco.
As a cloud service provider, no technology has ever had me salivating in desire for a mature, interoperable solution than SDN.
Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers.
"Aside from the orchestration capability, it also removes the most troublesome parts of running a cloud - network engineers."
Great. I'm really looking forward to hosting a bunch of applications with a "cloud" provider which employs no network engineers. I feel safer already.
... oh dear.