With the advent of Software Defined Networking, enterprises are able to manage their network through a series of abstracted layers, offering a flexibility that was out of reach even 10 years ago. While this may seem futuristic to some, SDN is quickly becoming the new standard when working with containers, networks, and VMs at scale.
The OpenStack community has also embraced SDN, offering its own set of standards as to how OpenStack designers must configure firewalls, DNS, and router configurations. With these standards come a variety of tools for developers and network architects working not only with Linux-based platforms but across one’s stack.
An Introduction to PLUMgrid
PLUMgrid began in the midst of the cloud era, positioned as a company that was focused on all things VM and container based. In this episode of The New Stack Makers embedded below, The New Stack founder Alex Williams and co-host Scott M. Fulton III sat down with Wendy Cartee, PLUMgrid vice president of product management and marketing to discuss how PLUMgrid approaches system networking for today’s stack, security in the data center, and the future of orchestration.
The interview can also be heard on YouTube.
Cartee first noted that PLUM part of PLUMgrid is an acronym based on the four key things one does when packet processing: Parse, lookup, update, and modify. As such, the company’s primary focus is on intelligent networking. Regardless of whether one is working with containers or VMs, PLUMgrid sits above the networking layer to enable seamless services. “PLUMgrid allows application developers to have a seamless, intelligent network that enables them to run applications without worrying about connectivity, policy, and security issues,”
This ‘seamless services’ approach offers security embedded directly into the networking aspect of building an SDN network, Cartee explained, “It’s no longer just about connectivity, or about the next path or route. It’s about distributing policies and security, asking how does it become embedded as a part of every VM/available per container basis?”
PLUMgrid approaches security as an integral part of every layer to the new stack. By implementing a process called micro-segmentation, it provides data centers with increased privacy through segmenting network traffic. In a traditional model, if a security breach passes a standard firewall, attackers could potentially access an entire database. With PLUMgrid’s micro-segmentation, Cartee explained that if a breach occurs it will not affect a micro-segmented domain.
Cartee went on to note that PLUMgrid began by developing an SDN plugin for Docker. It has now become an ecosystem technology partner with Docker, bringing the core concepts of micro-segmentation into the Docker community by enabling container technology to leverage the benefits of SDN overlay. These plugins are available on GitHub for those who may wish to contribute to the project.
— The New Stack (@thenewstack) April 26, 2016
As PLUMgrid runs its encryption technology on top of one’s existing stack, it can easily be embedded into servers running containers and virtual machines. This makes deploying it simple for network architects and developers alike. “PLUMgrid sits at the SDN overlay layer. It doesn’t require any hardware changes within the data center at all. Micro-segmented virtual domains can be created on demand by customers without impacting any hardware,” Cartee explained.
Having the ability to build an entire networking infrastructure on command is something that Cartee noted has changed the way we work with technology today. The shift from modular networking styles and struggling to configure a deployment has been revolutionized by the variety of tools available to developers today. “To be able to compose a virtual network, applications, and security policies on demand is amazingly powerful. That’s what’s exciting about what this new stack can offer,” Cartee said.
Isolating traffic and segmenting domains have become crucial elements of security which PLUMgrid has brought to OpenStack. Such fine-grained SDN tools were unheard of 15 years ago, and now offer network architects the tools to manage their infrastructure with ease.
Keeping Things Simple with Cumulus Networks
As networking models continue to evolve, the frameworks which connect systems have evolved along with them. Some of these frameworks have become a part of servers, leading to the breakdown of what once was a single-vendor ecosystem for physical IT networking. JR Rivers, Cumulus Networks co-founder, and CTO started off the episode of The New Stack Makers embedded below by highlighting Cumulus’s approach to the new networking ecosystem:
“Make them better, don’t make them worse.”
In this second episode of The New Stack Makers embedded below, Williams and co-host Lee Calcote spoke with Rivers to discuss system networking, addressing the complexities involved in working with containers and VMs on a network, and the future of microservices.
The interview can also be heard on YouTube.
As the networking breakdown has been 10 years in the making, Cumulus followed the age-old KISS strategy. Without adding a lot of bells and whistles and by keeping things simple and predictable, it soon found massive support within the Docker community. “With Docker networking, they know how IP works. As long as we make IP work really well they love it. We focus on that, making things simple to deploy and easy to manage,” Rivers said.
And, as VXLan was added to the Linux kernel, this data center overlay network tunneling tool allowed for a much quicker networking setup. Prior to the addition of VXLan to the Linux kernel, Rivers explained that many developers were inventing their own homebrew network protocols and overlays, or would have purchased a physical server and workstation to which you would then assign a static IP address. In a recent experiment with Dell and Red Hat, Cumulus Networks showcased why a simple, quick approach is important when working with microservices.
“Servers had well-known names, people would code IP addresses into apps. In this world of super flexible computing, whether it’s container or VM based, this goes out the door. Addressing is dynamic, tying services to namespace is important. How people solve these problems in environments is an interesting concept. There is no standard–Docker, Kubernetes, everyone is different. Everyone is using IP, but naming mechanisms are independent,” Rivers noted.
Containers touch on a core issue many have with them to this day: They are, by their very nature, ephemeral. Physical servers were often large, taking up space on one’s desk or within an entire data center lined wall-to-wall with servers.
Architecture, deployment, monitoring, troubleshooting and life cycle management make up the five pillars of operations. Rivers explained in no uncertain terms that the last four pillars are places where people, “Install software on a switch because they don’t want to run servers. You’ll always find they have an infrastructure they use for compute, and there’s a separate one for networking. Because we’re a Linux platform, it all folds in.”
As there are so many components to today’s infrastructure, Rivers went on to explain that making blanket statements is counter productive. He goes on to further emphasize this point, stating that it’s all about the customer model, rather than the vendor model. Fitting into the customer’s solution rather than putting wrapper after wrapper around it. This approach dovetails well with Cumulus Network’s focus on simplicity, particularly when working with microservices.
— The New Stack (@thenewstack) April 27, 2016
“Being able to understand what happened at that moment in time when you think you have encountered a problem is important,” Rivers noted. As microservices are often short-lived instances, determining when or how a problem happened can be a challenge. The creation of APIs has helped to break this down, in essence masking the complexity of the changes happening within an average microservice-based environment.
“Containers come and go at a faster pace. If you look at container-oriented application, there are a lot of small instances. You see instances coming and going at a blinding pace. It makes people solve things in a better way.”
Docker, GoDaddy and Red Hat are sponsors of The New Stack.
Feature image via Pixabay, embedded images via PLUMgrid, Cumulus Networks.
The New Stack is a wholly owned subsidiary of Insight Partners. TNS owner Insight Partners is an investor in the following companies: Docker.