faz1.com blog

So searchnetworking.com posted a primer on Multi-tenant networking covering the obvious approaches used today which are:

1. physical segmentation
2. VLANs
3. separate vSwitches like Nexus 1000V or Open vSwitch per application or tenant

Overall, I thought the article, written by Michael Brandenburg, Technical Editor, made a lot of good points and got me thinking enough to want to comment on it directly.  But I do think it needs more work.  I actually wanted to leave my comments on the site, but they don’t seem to let you (I did not try to register and log in).  That said, let’s dig into the article a little bit.

Specific to common approached to multi-tenant networking, I agree with 1. and 2., but not with 3. as explained in the article.  Approach 3 is never implemented on its own as the choice to deploy separate vSwitches actually leads to either 1.physical segmentation (different network devices upstream) or 2.VLANs because vSwitches can’t share physical NICs last I checked.  So option 3. only really serves to make option 1. or 2. better and isn’t really an option on it’s own (with today’s technology).  The Nexus 1000V only supports 1 VEM per server (a VEM is a Cisco vSwitch) anyway, but with that product, there are better approaches to securing the edge.  You can read about that here in my article 2 vSwitches are Better Than One, Right?

Also, this statement  is just wrong:

The vSwitch operates and runs in the same virtual environment as the virtual application servers, so instead of the servers pushing packets to a dedicated piece of networking hardware, packets go through to another virtual machine instance, requiring additional processing and overhead on the host server.

A vSwitch is NOT a virtual machine, typically there is a kernel module and a component running in user space.  In a VMW environment, CPU and memory usage of the vSwitch when a virtual machine transmits comes from that VM’s allocated mem/cpu resources.  On packet receive, regardless of the packet destination, mem/cpu cycles come from the hypervisor (not a specific VM allocation).

Another part of the article that I have a problem with is this:

The application would ultimately dictate the latency and bandwidth requirements, for example, and an application-aware network could then dynamically adjust itself to meet those demands.

Latency and BW are physical characteristics dictated by the underlying switches and routers.  How does a network dynamically add more Arista, Juniper or Cisco switches to increase capacity?  How does a network respin ASICs dynamically to lower latency?  It doesn’t.  Like a nervous system, an application aware network has to be able to provide feedback to the application system manager such that workloads can be intelligently reshuffled around the physical infrastructure to meet BW & latency requirements per tenant or per app.  And again, like a nervous system, there needs to be 1 brain providing this feedback for the network domain, not 1 brain per switch.

But this one I LOVE!

In an application-aware network, the private cloud and all of the applications would become the tenants on the network, receiving the appropriate isolation and security based on each application’s specific requirements.

Amen.  This applies to all clouds, not just private.

Finally, I am wondering why the author didn’t touch on technologies like VPLS or OpenFlow, both of which are viable solutions to the multi-tenant problem.

Michael, are you going to VMWorld?  If so, let’s grab a coffee and discuss some more.

Now that the VMware ESX vSphere 4.0 U1 update has been released, customers are moving from 3.0 and 3.5 to 4.0 at a very accelerated pace.  U1 means that the technology is stable, the kinks have been worked out and gremlins have moved on to terrorize something else.  It is also a major mental barrier (like Service Packs in the Windows world).  Now that the barrier has been removed, there are a lot more fact and experience based analysis coming from users championing for and against new features and solutions inside of the vSphere 4 offering.

A great example of this is captured over at Search Networking comparing 2 separate articles.  The first, by Bob Plankers (lead Linux and VMware systems engineer at the University of Wisconsin-Madison, he also runs The Lone Sysadmin blog) is why the VMware vSwitch is good enough for most. The 2nd, by David Davis (a virtualization author), does a good job of articulating the why the Benefits outweigh the extra cost of Cisco Nexus 1000V.

In addition to David points, I would add one point of clarification which Bob might not be aware of. The Nexus 1000V is sold and serviced through both VMware and Cisco. In fact, VMW offers a couple of bundles of the Nexus 1000V with the vSphere Enterprise Plus licenses (both full license and upgrade license). When VMW sells the Nexus 1000V with the vSphere software, they also sell support (in conjunction with the vSphere support). Both the VMW and Cisco support teams are trained on the Nexus 1000V at the same time and both equally capable of handling support issues. And if things get really tricky, the Cisco TAC backs up VMW’s support organization with a direct line into our engineering department.

Oh, one other thing. The latest release of the Nexus 1000V software (1.2) includes a simple GUI to allow you to complete the initial config in about 7 minutes. There is a VOD posted here to show just how easy it is:

http://www.youtube.com/watch?v=-sxWiz7S-z0

It is great to see more real world analysis from real users.  Looking forward to reading more of these in the future.

Check out the Brighttalk Virtualized Data Center Webcast this Thursday….lots of good topics including mine on the Nexus 1000V!

http://www.brighttalk.com/webcasts/8134/attend