Problem solve Get help with specific problems with your technologies, process and projects.

Building a private cloud: aIs the physical network hostile?

In building a private cloud, engineers seek dynamic provisioning and automation for wide-scale virtualization, but are physical networks hostile to this type of dynamism?

Organizations are adopting private cloud with great gusto. According to recent benchmark studies conducted by Nemertes Research, 35% of companies in 2012 will adopt the technology -- a 75% year-over-year increase from 2011. But building a private cloud means offering a whole new model for service delivery from the data center based on virtualization, orchestration, multi-tenancy, provisioning, etc. That will mean learning new techniques that can seem hostile to the physical network as we know it.

At this point, most IT planners are focusing on private Infrastructure as a Service (IaaS) -- or the delivery of dynamic compute, storage and networking to application development teams and business units. 

IT professionals have learned that dynamism is the name of the game in private cloud IaaS. To really be beneficial, the private cloud must offer elastic, self-provisioned, on-demand, multi-tenant pools of shared compute, storage and networking. It is critical to keep these in mind since they apply to all levels of the cloud stack.

Why physical networks don't cut it for the private cloud

The problem is that in today’s data center, some aspects of networking are fundamentally hostile to these private cloud computing concepts. Specifically, the majority of network architectures assume a fixed relationship between device identification and physical address. 

Previously, it was uncommon for virtualization servers and storage to move around the data center. Now virtual machines move for a number of reasons, including load balancing, power management, maintenance and disaster recovery/avoidance. But the underlying network is still very much mired in the ID/location relationship. Just as we’ve broken ID from location in the wireless network, we’ll need to do the same in the data center.

Addressing multi-tenancy in the private cloud

A key characteristic of the cloud is multi-tenancy. In a private data center this means creating distinct virtual networks over a physical network so that human resources and finance, for example, share the same server, storage and network resources. We need controls in place to isolate one tenant from another. This is necessary for business, security and compliance reasons. Most IT shops today depend on the virtual LAN (VLAN) as the core control to provide logic and multi-tenancy in the private cloud. VLANs (802.1q) are effective for multi-tenancy by isolating one department’s virtual servers from another. 

The cloud VLAN challenge

There are a few issues with VLANs, however. First, the maximum number of VLANs is 4,094 -- 4,096 technically. This is probably not an issue for a small data center, but a large data center with thousands of servers will run up against this limit quickly. Second, different hypervisors have limitations on how many hosts may be supported in certain configurations -- high availability, for example -- which drives up the number of VLANs significantly. Third, VLAN management can be complex for network and virtualization admins, particularly in a cloud environment, at scale.

VLANs exist in the physical realm on physical switches and in the virtual realm on virtual switches and they need to match up...exactly. This usually requires close coordination between network and server admins, and often the process of tying a virtual VLAN to a physical VLAN is a manual process. Network administrators say managing more than 100 VLANs is a significant challenge for them.  

The bottom line is that VLANs have served us well, but we need more than the VLAN to support the private cloud. This is because of the limitations listed above as well as the VLAN being too limiting for wide-scale virtual machine motion.

About the author: Ted Ritter is a senior research analyst with Nemertes Research, where he conducts research, advises clients, and delivers strategic seminars. A Certified Information Systems Security Professional (CISSP), Ritter leads Nemertes' research on information stewardship, which includes compliance and the management, access, storage and backup of data.

This was last published in December 2011

Dig Deeper on Cloud Networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.