william87 - Fotolia
Published: 01 Jun 2016
In the rush to virtualize everything, some IT pros have come to believe that traditional networking equipment will eventually become obsolete. But not so fast -- even IT and network managers who have already deployed virtual switches say that the importance of hardware won't disappear.
Many networking pros and industry analysts theorize that most companies, in virtualizing their networks, will ultimately choose one of two main options -- neither of which totally eliminates the role of network hardware. Some will use a VMware NSX overlay on top of existing physical networking gear, while others will deploy Cisco's Application Centric Infrastructure (ACI). ACI lets users run applications over a single network fabric that integrates physical and virtual switches.
"There's really no reason to expect that all physical networking infrastructure will disappear," says Chuck Huetter, second vice president of information technology at Ameritas, a large insurance and financial services firm based in Lincoln, Neb.
Huetter explains that a single physical server can support multiple virtual servers, and data traffic that stays within the virtual environment can take advantage of a virtual network switch. For data traffic to pass from one physical server to another or to pass outside the data center to the cloud or to another data center, however, it needs a physical network switch. That fact won't change anytime soon.
"Physical switches will always be needed," Huetter says. "In addition, multiple virtual servers on a single physical server can generate a lot of data traffic. And the more virtual servers you have, the greater the need for bandwidth on the physical servers and connectivity to the physical switches."
Importance of hardware in software-defined environments
Huetter is no Luddite. He says Ameritas has spent the last year building a new software-defined network at its data center in Lincoln, as well as at a second facility in Cincinnati, Ohio.
Ameritas based its new architecture on ACI, which can be deployed as part of a purely physical infrastructure. But Ameritas had multiple virtual applications and wanted to take advantage of virtual networking. So the company also deployed Cisco's Application Virtual Switch (AVS) technology, which lets Ameritas spin up virtual networks the way systems administrators can deploy virtual machines on VMware ESX servers.
But Huetter says that the importance of hardware is by no means a thing of the past, at Ameritas or elsewhere. For nonvirtualized bare-metal workloads, Ameritas uses Cisco Nexus 2000 top-of-rack switches connected to ACI leaf switches to extend the fabric. Nexus 2000 switches work in a similar fashion as a power strip, which uses just one electric outlet to provide multiple connections to electronic devices. Like a power strip, Nexus 2000 fabric extender switches enable the network to cost-effectively scale out by increasing the port density of each ACI leaf.
Matt Billmeier, the IT manager who handles the day-to-day networking chores that support the company's 2,500 employees, says Cisco AVS dramatically reduces the time it takes him to configure network switches. He says that, in some cases, configuration time drops from two weeks to a matter of days.
He adds that ACI also helps him streamline network management and make more efficient use of resources. For example, when a test and development group defines a project, all compute, storage and network resources are specified. When a project has a set time limit and is completed, ACI automatically returns both physical and virtual resources back to the main resources pool.
In the case of Ameritas, rather than negating the importance of hardware, software-defined networking means using the physical gear that remains more efficiently.
Virtual overlays need efficient physical underlays
Using a different approach, Arslan Munir, director of cloud engineering at photo publishing service Shutterfly, relies heavily on both Cisco and VMware technology.
In the past year, Shutterfly moved from a three-tier to a two-tier leaf-spine architecture, using Cisco Nexus 9300 leaf switches and Cisco 9500 spine switches for the core network. Today, eight spine switches and nearly 40 leaf switches reside in the company's main data center in Las Vegas. Munir says that transitioning to a two-tier system reduces network complexity, solves scalability challenges and significantly improves application performance.
"The application developers came to me and wanted me to find a way to deliver consistent [uptime and] application performance across the network," he says. "With the leaf and spine network, every switch is just one to two hops away," With a simplified [underlying physical] network, we need fewer people to manage it, configurations are simpler, and network performance is much improved with a simple and scalable architecture that's designed for failures, Munir adds.
Munir says Shutterfly does not use Cisco ACI, mainly because the company relies on a mix of both Cisco and Arista switches, as well as firewalls from Palo Alto Networks and Cisco. For virtual networking, it uses NSX, which offers microsegmentation for enhanced security.
Shutterfly isn't running so many applications that it needs the single fabric of ACI, Munir says. "Our switches are at 40 gigabit so we have plenty of bandwidth, plus NSX lets us run a truly vendor-agnostic environment, which is what we require. We really don't want to put all our eggs in one networking basket."
Importance of hardware in microsegmentation
Exostar -- a provider of cloud-based identity access management and supply chain management tools to regulated industries -- also relies on a mix of virtual and physical components. Like Shutterfly, the company runs VMware's NSX as a virtual overlay on top of its existing Cisco and Juniper networking gear.
Exostar infrastructure engineer Brandon Marrs says the network's physical Layer 2 switches primarily transport storage for east-west traffic within the data center. Because the company does so much work with the security-conscious, highly-regulated aerospace and defense industries, Exostar executes Layer 3 routing at the network's edge with next-generation physical firewalls.
Exostar was founded in 2000 as an industry-led consortium for aerospace and defense contractors BAE Systems, Boeing, Lockheed Martin, Raytheon and Rolls-Royce. While Exostar has expanded its reach into life sciences and healthcare, all of the industries it serves require the highest level of security and regulatory compliance.
Going with NSX was viewed as a natural extension of the company's investment in running VMware virtual machines, says Raj Dasgupta, Exostar's director of IT. By offering built-in segmentation, NSX delivers the level of security and information protection Exostar customers require. While the company's network still relies on hardware, it has turned to virtualization for higher level network management.
"With everything we are handling, it made no sense for us from a cost, resource and scalability perspective to continue managing the network with physical equipment," Dasgupta explains. By using NSX, every new network gets segmented, and the companies Exostar works with are comfortable that no one else has access to their data. "We can onboard new customers and their partners nimbly," he added.
As Ameritas, Shutterfly and Exostar demonstrate, network virtualization will play an increasing role at many businesses, but the importance of hardware remains. The vast majority of companies will continue to run physical switches on their internal data center networks -- even if it's only across east-west traffic between storage devices -- and physical Layer 3 routers at the edge. Using a physical router is still the only way a data center can communicate with the outside world. So companies can get virtual, but they can't forsake the physical.
ONUG 'Great Debate' transcript: In defense of hardware
Overlay networks will always need hardware
The creative way a Texas school district uses ACI
- Check the network before moving to the cloud –SearchSecurity.com
- IT Handbook: Network Considerations for VDI –SearchDataCenter.com
- Mobile banking strategies - maximise your revenues –ComputerWeekly.com
- Emerging PaaS security tactics –SearchSecurity.com