Software-defined network services vendor Embrane has built a Layer 3 overlay technology on its Heleos platform...
that allows network engineers to create and tie Layer 4-7 network service chains to specific applications.
Embrane Heleos uses a new routing function called vLink to create point-to-point Layer 3 overlays that bind together any two instances of its network services. On top of vLink, Embrane created the concept of vToplogies, service chains that can be assigned to individual applications throughout their lifecycle.
One of the biggest, most persistent problems faced by engineers in highly virtualized data centers is the length of time it takes to spin up network services for new applications, said Bob Laliberte, senior analyst with Enterprise Strategy Group.
"A problem associated to that is, how do you link and associate those services to that specific application," he said. "Pulling those services together, tying them together and attaching them to those applications could dramatically help [engineers] when those applications move."
With Embrane's vToplogies, engineers can create "golden images" of network services topologies for each application.
"If you have one of our load balancers and one of our firewalls, you can link them together using vLinks. You can then use the vLinks in combination with our services to create entire vTopologies, where you have firewalls and load balancers connected to each other and to Layer 2 domains. These vToplogies effectively become the entire network infrastructure that supports a specific application," said Dante Malagrino, CEO and president of Santa Clara, Calif.-based Embrane.
Customers can use Embrane's orchestration software, Elastic Services Manager, to rapidly create and manage countless vTopologies through a simple interface, building up and tearing down service chains for applications on demand.
"You have the ability to power on and power off these vTopologies as a single [object]," Malagrino said. "Cloning, deleting; you can do these things with a simple click of a button or call from one API [application programming interface]."
This simple service-chain provisioning eliminates some of the manual traffic engineering and physical segmentation that network engineers typically would have to do with Embrane and other Layer 4-7 network service platforms.
"[Before vLinks, our customers] would configure the interfaces to be part of certain VLANs [virtual local area networks] and then our services were inserted into those VLANs," Malagrino said.
Avoiding policy bloat with network service chains
Embrane is not the first SDN vendor to start talking about the concept of a network service chain. Juniper Networks championed the idea of service chains early this year when it laid out its SDN vision at its Global Partner Conference in Las Vegas. Both Juniper and Embrane models shift the Layer 4-7 network services model away from building monolithic platforms for all applications that can be difficult to manage.
In many data centers, Layer 4-7 network services are shared resources. Yet every application has specific requirements of these services, so network engineers insert hundreds of policies, configurations and rules into their load balancers and firewalls, which makes infrastructure very inflexible.
"We have customers come to us and say, 'Every time I deploy a new application, I have to go to my firewall and change its rules. After a while, so many applications have been deployed and I can't tell which configuration on that box is associated to which application anymore. The safest thing for me to do is not to touch anything that's already there,'" Malagrino said. "It's a massive management problem and it also becomes a performance and security problem."
More on overlay networks and
What is the difference between an overlay network and SDN?
NetSocket introduces end-to-end network virtualization with layer 4-7 services
In mobile networks, SDN and NFV enable service orchestration
Embrane describes its new service chaining approach as application-centric networking.
"Application-centric networking is the ability to create SDN infrastructure and combinations of network services and links that connect these network services together," Malagrino said. "From development to test to production, you have this virtual network infrastructure that is created and dedicated to the applications and moves with the application."
Embrane customer Ryan Labs Asset Management hasn't started using vLink technology, but it's taking an application-centric approach to internal firewalling with Embrane.
"In our virtual environment we wanted to create completely separated production, development and [quality assurance] environments," said George Fajta, director of IT at Ryan Labs. "There are lots of ways to accomplish that. We have a hardware appliance firewall with physical connections, but it just seemed more reasonable to try a software solution that would be virtualized and allow us to create these firewalls and rules. And if we didn't need them anymore, we could get rid of them."
Fajta could have segmented his environment traditionally using VLANs, but he wanted more flexibility so applications in different environments could access the same back-end databases.
While Fajta currently has no plans to use vLink and vTopology, he said the technology is an affordable and simple alternative to other options on the market.
"I was attending a competitor's event the other day and they were speaking about the software-defined data center. I was looking at the board and starting to add up the cost of the licensing involved. It starts to escalate fairly quickly and my budget is not going to be in the hundreds of thousands of dollars to license all that software. And I don't need to do things like self-service portals. The way [Heleos is] licensed and deployed allows me to get some features of the software-defined data center without having to add things I don't need and spend a lot of money."