Microsoft Azure is built on software-defined networking (SDN) and achieves scale by focusing on software-based answers to its issues. But a piece of hardware was the Azure enhancement discussed by CTO Mark Russinovich at today’s Open Networking Summit.
SmartNIC covers those functions that need a hardware boost, or that Microsoft would just prefer to offload from the CPU — the philosophy being that CPUs are better left running virtual machines to serve Azure customers, Russinovich said.
Encryption is a prime example of the “boost” case: Hardware will always be able to do it faster than software. It’s just a question of whether you need that much firepower. You often don’t. But as 100-Gb/s networking starts to become a reality in the data center, Microsoft is worried — rightfully so — about software’s ability to keep up.
So, the SmartNIC is going to be applied inline — meaning traffic flows through it — for functions including encryption, quality-of-service processing, and storage acceleration. “The sky’s the limit, really, with what we can do with an FPGA given its flexible programming,” Russinovich said.
SDN and Azure
Russinovich’s talk also covered many of the software-based aspects of Azure, some of them refreshers on the architecture described by Microsoft Partner Development Manager Albert Greenberg at ONS last year.
For example, the rules that would fill the SmartNIC FPGA come from an element called the Virtual Filtering Platform (VFP), which Microsoft has discussed previously. It sends a packet through a gauntlet of match-action tables to come up with a particular rule for that packet’s flow — except, rather than apply rules per-flow, Microsoft tends to do it per-connection. It just turns out that most controllers are managing connections rather than flows, Russinovich said.
Click here for all our coverage from ONS 2015.
Regardless, the VFP looks at just one packet and applies the derived rules to the subsequent packets in that connection or flow. Where necessary, those rules would be implemented through SmartNIC.
Separately, Russinovich talked about Microsoft’s tiered system of SDN controllers — the tiering being necessary for controlling regions as large as 500,000 hosts apiece.
A regional controller oversees a region and delegates work to cluster controllers, which act as the proxies that talk to network switches.
The regional controller also keeps track of network state. If a cluster controller fails, its replacement can learn its state from the regional controller.
The tiered approach looks like it’s going to be common in large networks. AT&T wants to used tiered SDN controllers as well. A controller based on OpenDaylight Project code would be responsible for a global view, overseeing local controllers based on either ONOS (for white box switches) or OpenContrail (for virtual routers and virtual switches).