Home / Blogs

Maslow's Hammer Meets the Software Defined Data Center

Juha Holkkola

In my previous post, I talked about the significance of DNS in connection with the Software Defined Data Center (SDDC) and Software Defined Networking. Although the second generation DNS provisioning model I outlined should have seemed straight-forward enough, in real life it is anything but. In my view, the real-world complications of a seemingly trivial issue are largely related to how the network industry approaches IP addressing.

"I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it was a nail.
—Abraham Maslow, The Psychology of Science

Until the late 90s, the networking industry largely depended on static IP address allocations. Around that time, the number of connected devices started growing rapidly, making it impossible for the network administrators to keep up much longer with the manual configuration of the equipment. To solve this problem, along came the Dynamic Host Configuration Protocol (DHCP) and the fireworks of dynamic IP assignment.

The trouble is, the networking community has not got anywhere since the late 90s. Granted, there have been new RFCs relating to DHCP along the way — DHCPv6 being the most notable example — but deep down the IP addressing paradigm has remained exactly the same. Either the addresses are static or they are issued dynamically by a DHCP server. In this regard, insofar the cloud has been no different.

When one takes a look at various cloud stacks, they mostly rely on DHCP as far as IP addressing is concerned. Admittedly, that works fine in public clouds where no one really cares what IP address is assigned to a given tenant. Ditto for private clouds, as all tenants are firmly sitting in the same enterprise network. But as soon as one gets around to multi-tenant Infrastructure-as-a-Service (IaaS) clouds, that's when DHCP goes sour.

Looking at an enterprise out there, the chances are it takes good use of a private network. Looking at two, the chances are their private networks overlap. And once you have an IaaS Cloud provider trying to service both simultaneously in a multi-tenant cloud environment, the DHCP service no longer works, unless you set up and manage a dedicated DHCP service for each enterprise end-user. Even if the IaaS Cloud provider didn't have more than a few dozen customers, DHCP would likely become a no-go. Just imagine the Operating Expense and you will know why.

Interestingly enough, VMware and Cisco both acknowledged the VLAN and IP Address Management challenges in data centers already in 2011. Their solution was Virtual eXtensible Local Networks, or VXLANs, extending the VLAN address space to gazillion available IDs.

Although I am confident that having network equipment that supports VXLAN Tunnel End Points (VTEP) allows the software defined data center to scale better, it actually does nothing to address the IP allocation issue. In fact, in isolation, it has the potential to make things worse, since in addition to allowing the managed address spaces to grow larger, it also allows the address spaces to span across a number of VLANs.

To address the root cause, the networking community has to take a hard look at the IP addressing methods used in connection with SDDC. While DHCP continues to be a good technology as far as IP allocation to physical devices is concerned, it is not well-suited for multi-tenant cloud environments. Rather, what is needed is an automated IP commissioning system that supports overlapping private networks with tagging for appropriate VLANs and/or VXLANs, with open APIs used to integrate the whole enchilada with cloud orchestration and DNS architectures.

To wrap up this SDDC trilogy, my next blog will discuss how IP commissioning should work in practice.

By Juha Holkkola, Co-Founder and Chief Technologist at FusionLayer Inc.

Related topics: Cloud Computing, DNS, IP Addressing, Networks

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Mobile Web Intelligence Report: Bots and Crawlers May Represent up to 50% of Web Traffic

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

What Holds Firms Back from Choosing Cloud-Based External DNS?

Data Volumes and Network Stress to Be Top IoT Concerns

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Measuring DNS Performance for the User Experience