Docker containers, an application-minded interface, and massive scale are among the traits Nuage Networks is emphasizing with version 3.0 of its software, released last Thursday.
That same, day, Nuage showed off its newest stuff as part of Networking Field Day, where vendors present their latest technology to a preselected group of bloggers and delegates. (The results were also livestreamed and posted to the web, so, don’t feel left out.) SDNCentral got a sneak peek ahead of time, to get a flavor of what the company has been working on.
The showcase item was a live demo on Amazon Web Services, where an implementation of Nuage Virtualized Services Platform (VSP) was running. The company showed 20,000 virtual machines — each one being an instance of Nuage’s Virtual Routing and Switching (VRS) running in a Docker container — being turned up on 40 servers in eight minutes.
This helped show off Nuage’s familiarity with Docker containers — because you’re not cool nowadays unless you’re into Docker — but it was also meant to show Nuage’s ability to scale. (In fact, Nuage considered an even bigger turn-up that would have taken an hour. That could be interesting — having a demo run during the entirety of an hour-long talk.)
Some of that scaling comes from Nuage’s use of Layer 3 rather than Layer 2, said Dmitri Stiliadis, Nuage’s CTO. Specifically, Nuage takes advantage of the “community” aspect that was already available in BGP routing. As new nodes get added to the network, Nuage assigns each new route to a BGP community.
The payoff comes in applying policies. Nuage can quickly assign one policy that applies to a whole category of connections — “Deny all traffic from any web servers in this BGP community,” for instance. Other networking setups require creating access control list (ACL) entries telling nodes how they can interact with one another (or not). In most cases, this eventually leads to an n-squared pileup of ACL entries, Stiliadis claimed.
“That’s how OpenFlow and most people are solving this problem, and that’s why they’re having scalability issues,” he said.
While I don’t think anyone else has talked about this BGP-based technique, it’s not necessarily unique to Nuage. Since communities are part of BGP inherently, anybody taking a Layer 3 approach to network virtualization could do the same thing. Juniper‘s Contrail comes to mind.
Cisco‘s Application-Centric Infrastructure (ACI) takes a similar approach, but it operates by applying tagging on a per-flow or per-packet basis, Stiliadis said. That’s a data-plane approach, whereas Nuage thinks it gets more scaling power by taking a control-plane approach.
Regarding Docker containers, Nuage isn’t using them just as an affectation. Stiliadis foresees a day when all operating-system processes wind up as containers. And Nuage officials say there’s a Fortune 100 company setting up a proof-of-concept for a container-based platform-as-a-service (PaaS) implementation.
Abstractions for Applications People
Another Nuage demo showed off an automated application-deployment process.
It’s the same idea Nuage already used in network virtualization. There, the company’s interface lets you essentially drag and drop network elements onto a grid, and Nuage’s software does the background work of setting up the connectivity between them.
Nuage now has a similar interface (pictured at right) for placing applications. Apps get drag-and-dropped onto a grid, and the user selects connectivity options between them (straight HTTP, for instance). The proper routes and policy/security rules get applied automatically.
The idea was to abstract the network enough so that applications developers wouldn’t have to know about subnets or APIs. “This is what we mean when we say we need to look at application delivery as the product,” says Sunil Khandekar, Nuage’s CEO.
The setup also keeps networking and applications people separate, reflecting the way a lot of enterprises are structured. The network operators can create the rules for the applications people to apply later on, avoiding the routine of the applications side having to request changes of the network side.