An interesting comparison of two statistics recently dropped into my feed. The first was the current use of HTTP/2 across top websites. In the two years since ratification of the standard, it’s gone from statistically nothing to just over 8 percent of top web sites. The stat against which this was compared was IPv6 adoption rates. IPv6, as you may recall, was ratified in 1998. To be fair, it wasn’t until 2006 when ICANN ratified a policy for distributing IPv6 addresses, so realistically we’re comparing rates as of 2006. That rate? About 6 percent.
An application layer (layer 7) standard has surpassed adoption rates of a network layer (L3) standard in less than two years.
This might be an illustration of a commonly held aphorism, “if it ain’t broke, don’t fix it.” But more likely it’s indicative of a common theme today in which networks are clearly bifurcated into two distinctive domains: that which carries traffic and that which generates it.
A typical enterprise organization is responsible for carrying – securely and with all possible speed – the traffic generated by a significant number of applications. Statistics vary based on industry, region, and size, of course, but it is not hyperbolic to state that the majority of medium and large enterprises (more than 500 employees) are stewards to more than 200 applications on average. That’s a lot of pressure on the network in the course of one day. Even if we move half or more of those to the public cloud, the network is still responsible because, well, employees have to be able to access those apps and that means they need the network.
Still, there’s a lot of turmoil going on in that application landscape. Not only is there a steady migration to cloud but there is also a rapid change in architectures and technologies used to deploy an increasing number of mobile apps and APIs designed to spur the growth of business. Those changes are putting extreme pressures on the network, too, in the demands to support constant volatility while maintaining hyper-stable reliability. It’s a challenge, to say the least.
That’s why we’re seeing the physical emergence of the conceptual split between the networks responsible for core business availability and security and those that must support the scale and security of applications and APIs. The result is a two-tier network that simultaneously supports business requirements (carrying traffic) without constraining applications and impeding their ability to fuel the next generation of business (generating it). Organizations that consciously embrace the notion of a two-tier network architecture will be better able to maintain the secure posture they need to survive in today’s target-rich environment without impeding the performance or availability of the applications necessary to thrive in today’s fast-paced, application economy.
More generally, this split can be seen in the distinction made between “North-South” traffic and “East-West” traffic. The core network (north-south) is responsible for carrying traffic in and out of the data center. It is here that the first lines of defense remains in firewalls and DDoS protection and the gateways that translate between secure (HTTPS) and plaintext (HTTP) web application traffic, between mobile APIs and their back-end services, between IoT device protocols, and the applications controlling them. This is the demesne of traditional NetOps, where changes are infrequent and carefully managed, whether manually or programmatically driven. A mistake in the core network impacts not just one app or two, but the entire business.
Deeper in the data center are the applications and users that generate the traffic carried by the core (north-south) network. This is the application network (east-west) where virtual machines and increasingly, containers (see Survey: Container Adoption Is Skyrocketing), as well as legacy servers host applications and services and data sources. This is where change occurs, regularly—where services are scaled in and out, up and down—where new apps are deployed with increasing frequency as new features and functions are added to the applications driving productivity and profit for the business. This network is agile, software-defined, and almost magically managed with programmatic tools and frameworks. The application network is the domain of DevOps, where operators and developers alike eschew the organizational overhead associated with changes to the core, business network. Mistakes are expected, even common, and are met with little angst.
The emergence of a two-tiered, data-center network architecture is necessary for organizations maintaining a large portfolio of applications to embrace concepts like cloud and DevOps with confidence. Access to apps both inside and out is critical and requires a solid, scalable, and secure core network. But the need to quickly and frequently update apps is also key, and a flexible, software-driven infrastructure (including the network) must be available. These two networks are complementary, not contrary, to one another.
The reliability of the N-S network is needed to carry the traffic generated by the apps that rule the E-W network. Recognizing both tiers and architecting them each for their primary goals will enable organizations to support all its applications and users, and scale to meet the challenges coming up next.