Embrane: Placing network services in the hypervisor won't work

The battle in software-defined networking and network virtualization is not about OpenFlow or which software overlay protocol to use -- it's about whether to place network services intelligence at the edge in hypervisors or distribute it to be more "network-centric," according to Embrane CEO Dante Malagrino.

More profoundly, that choice will determine who has control of the virtual network -- the networking team or the systems team, he said. Malagrino was in New York earlier this month to explain Embrane's technical approach to an investment community conference.

With its heleos software architecture, Embrane provides Layer 3 through Layer 7 network services, such as load balancing and firewalling, without using hardware or typical virtual appliances. Instead, Embrane deploys these services across a distributed pool of x86 servers that are centrally managed and controlled by one console, decoupling the features from underlying network or hypervisor infrastructure. (Note that Layer 3, in addition to Layer 4 through Layer 7, means the technology works across both the application and network layers).

Embrane can spin up network services on demand for cloud networks with distinct tenants or rapidly deployed applications. But heleos works across both existing physical networks and virtual overlays with the goal of bringing a deeper level of intelligence to network services and provisioning.

Cisco has added intelligence to virtual networks with its Nexus 1000v and virtual firewalling, and VMware has released a slew of virtual networking features, with more likely to come with the Nicira acquisition. But Malagrino said that Cisco has "pushed network intelligence to the edge" in the hypervisor, which is ultimately controlled by the systems team. Instead, these features should be managed by the network team, which should be "as agile as the systems team," he said.

"If it's on the hypervisor, you've got severe cultural problems ... who deals with the network service problems? The systems guys?" Malagrino asked.

The same could be said from the server team's perspective. Why would they want network guys fixing problems in the virtual stack?

But that's where Embrane's distributed architecture comes into play, according to Malagrino. With heleos, there will still be fewer machines to manage than there would be if these features were placed on thousands of hypervisors. Plus, because the heleos servers are centrally managed, troubleshooting becomes a whole lot easier, Malagrino said.

"If you put intelligence in every hypervisor, there are several thousand machines. Now you have to manage that," Malagrino said. "Also, if you keep putting more network capability in the hypervisor, you run out of cyles to run workloads."

Beyond problems introduced to the hypervisor, Malagrino insists that features such as load balancing must be geographically distributed throughout the network to work effectively.

Until recently, Embrane has focused on selling into the public cloud provider space, but now the company is looking to the enterprise and the private cloud with the message that its technology is complementary to existing hypervisor and network overlay strategies -- and meant for the hands of the network team.