Lucera, an infrastructure as a service provider recently spun out of investment bank Cantor-Fitzgerald, uses home-grown SDN WAN technology to connect financial institutions with global trading centers in Chicago, New York and London.
"Aside from Google, I think we run the only global SDN -- a truly, truly software-defined network," said Lucera CEO Jacob Loveless, who recently won a "Thought Leadership" award at the Open Network User Group conference.
Lucera started as a project inside Cantor-Fitzgerald, where Loveless and some other Cantor engineers set out to build on-demand infrastructure for the bank's high-frequency trading operation. Now a separate company that counts Cantor as a customer, Lucera provides on-demand compute and network connectivity for trading applications that need to be located close to the London, New York and Chicago trading centers. Lucera's homegrown SDN WAN provides on-demand connections to banks on a per-application basis.
"I was sick of networking in finance," Loveless said. "It was a major source of cost and an unbelievable source of frustration. In 2006 or so, we had a piece of [network] equipment that we could dynamically reconfigure via software to serve different purposes. It was a precursor to SDN. We took that idea and grew it into a product."
Lucera maintains infrastructure in financial colocation data centers in New York, Chicago and London. It interconnects those three infrastructure footprints with 17,000 miles of low-latency fiber. The SDN network is a home-grown system of software edge routers running on custom-built equipment with Intel x86 processors. Lucera's software is based on Quagga and Intel's Data Plane Development Kit. "Basically, big Ivy Ridge-based boxes with a ton of custom network interface cards," Loveless said. "[The routers] lean on the silicon in the NICs to do a lot of the heavy lifting from an acceleration standpoint. Then a lot of the routing logic is in the [Linux] user space."
The routers manage fiber interconnects among Lucera and its banking customers. The network provides flow-based routing that allows financial institutions to connect their internal IP address space directly into Lucera. Banks can spin up high-frequency trading applications on demand in Lucera's infrastructure, with low-latency subscriptions to third-party market data, and connect those applications directly into a trading center.
"This SDN, in its purest form, is a carrier-grade network address translation [NAT] system," Loveless said. "When you have a piece of fiber terminate at Lucera, we essentially NAT it and it becomes a flow-based system. [Our network] basically takes a connection to Goldman Sachs [for example], which is talking on the Goldman Sachs IP address range, and allows that application-level port to route to another network -- either[another Goldman Sachs network] or to another customer's private network."
Lucera has built a proprietary software stack that operates as a shared control plane across all of its software edge routers. Every router knows the state of every other router on the Lucera network. And the software translates business logic down to the network nodes, so that the system can route by application flows.
"Every SDN node knows what every other SDN node has," Loveless said. "When you go in and say, 'I want to create this flow to connect Bob to Joe,' you issue that command to the fabric. One router says 'I have Bob. I'll enable Bob.' Another says 'I have Joe. I'll enable Joe.' They know when each other are enabled and then they say, 'Let's go ahead and open that connection.' Even though they are different individual systems, you control them and manage them as one cohesive system."
The Lucera SDN has an application-centric control plane. Customers go into Lucera's portal and define network flows based on the applications they spin up. The system defines them as a set of IP addresses, ports and protocols. Given that Lucera's control plane coordinates from Layer 1 to Layer 7, it can route flows based on those individual applications.
"When you enable a flow, you're enabling it for an application," Loveless said. "It's easier to manage because everything by default is closed and the only thing that moves through the network is those applications which have been permitted."
Lucera's SDN doesn't handle the entire routing stack. It leaves some tasks to traditional networking.
"We do a very specific subset [with SDN]," he said. "We do NAT, static routing, port address translation, and that's really it. Load balancing and failover are further up the stack. We're not doing BGP. Where we get lost sometimes in SDN is, 'OK, we're going to recreate all of networking in the [Linux] user space.' A lot of times you don't need to do it all. When you elevate things like failover up-stack, things actually work better."