Story image

Is this SDN 2.0? Apstra founder reveals new innovation

03 Oct 17

Article by Mansour Karam, CEO and Founder, Apstra

The introduction of overlays in the early days of SDN enabled organisations to bridge the gap between the dynamic nature of their business policies and the static nature of their network. At the same time, overlays introduced significant challenges, which limited their adoption in the enterprise.

Responding to customer requests in this area, Apstra is announcing  AOS 2.0. Leveraging the recent advances in network operating system APIs and switch silicon support for VXLAN, AOS 2.0 delivers the first intent-based integrated underlay and overlay solution for the data centre network.

Around a decade ago when SDN discussions first began, switches had no APIs, and to deliver dynamic policy there was no choice but to bypass networking engineering teams and extend an overlay on top of the physical network. This approach  created a number of problems that limited the adoption of the technology:

1. Underlays and overlays are opaque to each other. Because the underlay and overlay are totally decoupled, it is that much harder for IT teams to debug networking problems. Was it caused by the overlay? The underlay? Through which links or interfaces do the packets pertaining to this particular overlay tunnel flow?

2. Organisational processes break with decoupled underlays and overlays.  Overlays made it unclear who was really responsible for network services. The network engineering team? The compute team? The cloud team? Compute teams are often driven to buy and operate an overlay without the participation of network teams. That could mean that two network operators in the same data centre don’t really work together. Or even acknowledge each other. Worse, the networking team is often finger-pointed, often without evidence. The network is the most critical asset in the data centre; one operational team should be empowered and responsible - not two.

3. Overlays don’t easily work with bare metal devices. While most workloads are virtualised, there is a lot of bare metal out there; storage, database, and many devices and appliances. The common solution is to build a gateway which generally encaps/decaps flows between the overlay and a bare metal segment. I am bullish on the use of an overlay, but quite honestly, a gateway for bare metal is a hack which only became necessary because of the unnatural fracture between underlay and overlay.

Introducing AOS 2.0:

  1. Integrated overlay/underlay: Leveraging the patent-pending, innovative AOS state repository and intent modeling technology, all the state pertaining to the physical underlay, its topology, its logical entities, virtual networks, and all related telemetry are stored in the AOS distributed data store, and represented in a graph that captures all the pertinent relationships. As a result, AOS 2.0 provides powerful visibility into network state, including the physical and virtual, through its process of closed-loop, continuous validation of state against intent. In short, with AOS 2.0, the underlay/overlay correlation problem that has plagued first generation SDN solutions becomes a thing of the past.
  2. All under the control of the network engineering team! AOS 2.0 enables network engineering teams to implement a network infrastructure that leverages a modern Leaf/Spine L3 underlay network architecture using multi-vendor state-of-the-art equipment, that features an L3 underlay and stitches L2 services on top — within the rack, and across racks. Organisations can then deliver L2 connectivity for their Applications, and enforce policies and security zones across their various Application services Tiers — all under the control of network teams.
  3. Natural support for bare metal servers. With AOS 2.0, configuring a virtual network spanning two separate racks generally involves a two step approach: (1) configuring VLANs connecting end points to Top of Rack (TOR) switches, and (2) configuring VXLAN tunnels between TOR switches that belong to different racks. This approach applies to both virtual and bare-metal end points and never requires gateways.

In addition, AOS 2.0 leverages the same AOS core to provide the same unique AOS advantages:

  1. Intent-Based and Vendor-agnostic: the vendor-independent approach of AOS is taken to another level with our multi-vendor implementation of VXLAN-based virtual networks. Owing to the Intent-Based approach of AOS, arcane vendor-specific configurations of VXLAN are abstracted away from network users, as are complicated vendor-specific troubleshooting procedures. The result is unprecedented hardware vendor choice and interoperability.
  2. Fully Automated: AOS 2.0 gets us closer to the vision of a self- operating or autonomous network infrastructure. It leverages the extensible foundation of AOS to deliver end-to-end automation of all phases in the life cycle of network services across the underlay and the overlay: design, build, deploy, and validate. This includes Day 0 Initial Provisioning, Day 1 Builds and Day 2 Operational Changes and Troubleshooting capabilities. With unique system-wide commit capabilities for change operations and sophisticated continued validation and root-cause analysis capabilities through intent-based analytics, AOS 2.0 delivers the most powerful autonomous operation capabilities available today.

Adding AOS 2.0’s new enterprise-class features (including RBAC, HTTPS, and Headless Operations), organisations can confidently start the process of migrating from legacy L2 data centre infrastructures to modern Leaf-Spine infrastructures with fully automated and integrated L3 underlay and L2 overlay — all under the control of networking teams.

And we’re just getting started. Customer-driven feature velocity is a key part of our vision, enabled by the extensible AOS architecture. This brings our customers expanded device support, and advanced intent-based analytics — which are coming as part of turn-key applications in future releases. Stay tuned for more to come from Apstra in the coming months. Indeed, a new era has begun, and we’re not looking back!

Data centre cybersecurity actions that most people overlook
Schneider’s Steven Carlini discusses ways to improve data centre cybersecurity that most people don’t think of until it’s too late.
Alibaba Cloud showcases commitment to Hong Kong
The company’s service capability in Hong Kong has doubled since it established its first data centre in the city in 2014.
5 tips to reduce data centre transceiver costs
Keysight Technologies' Nicole Faubert shares her advice on how organisations can significantly reduce test time and cost of next-generation transceivers.
The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.