North/South, East/West – All in the Cloud?

Arthur Cole
Compass

Nearly the entire history of enterprise networking has been about streamlining and optimizing north/south communications; that is, from the user to the server to storage and back again. To be sure, east/west architectures between various data resources have existed for some time, but in most cases their load requirements have been modest.

That all started to change around the turn of the century as distributed architectures and virtualization added complexity and abstraction to the once "simple" data environments that ruled the enterprise.

Today, east/west communication is driven by a plethora of developments, such as virtual desktops, parallel and multi-threaded workloads, new generations of machine-to-machine and intelligent resource management solutions, plus automated mirroring and replication between storage arrays.

To make matters even more challenging, the enterprise is now looking to duplicate this functionality in the cloud, enabling not just communication between data centers, but between servers and virtual machines within those data centers. Small wonder, then, that traditional hierarchical networking architectures are giving way to fabric-based constructs.

A good place to catch a glimpse of the future is Amazon. The company has kept its self-made infrastructure rather close to the vest, but Network World's Brandon Butler gleaned some of the details from VP James Hamilton at last year's AWS re:Invent conference. Hamilton pegged the need for greater east/west support as a primary consideration for Amazon’s intra- and inter-data-center networks. Using proprietary ODM networking gear, plus custom protocols and dedicated links between resources throughout its various Availability Zones, the company is able to maintain a highly versatile networking environment that ties Amazon’s own infrastructure to that of its Direct Connect partners and the public Internet.

But since today’s networks are already vulnerable to malicious threats, won’t incorporating a lot of lateral traffic simply compound the problem? It depends on how you implement security, says VMware’s Tony Paikeday. The sledgehammer approach would be to build “zones of trust” using internal data center firewalls that would presumable extend across the cloud to hosted infrastructure. This isn’t likely to enhance flexibility or performance, however. Instead, it makes more sense to put the VM within a container so that it becomes its own secured data ecosystem. In this way, all of the traffic to and from each VM is protected regardless of whether it’s moving north, south, east or west. This is a radical change for networking in that it dissolves the perimeter-based view of the data center to a more holistic, dynamic environment. But since this is what’s happening to infrastructure across the board it’s the only way to give security the kind of scale that’s prevalent in the cloud.

You may be wondering if SDN and NFV makes it easier to support east/west traffic, and thankfully it does, says Darien Hirotsu of SDN services company SDN Essentials. Virtual LANs and MPLS-based virtual private networks (VPNs) have just about maxed their ability to carve networks into smaller and smaller slices. With abstract networking, you gain entirely new levels of policy and governance management for key functions like packet filtering and traffic isolation in the case of multi-tenant environments. Today, these tasks are performed manually, but on the abstract level they can be centralized and automated, which further enables the kind of dynamic resource configuration that virtual-data environments are made for.

Pushing this kind of functionality to the cloud, of course, means it will navigate across wildly diverse hardware and software platforms, some of which might not share data as easily others. This is what open networking seeks to address, of course, and standards bodies like the Open Network User Group (ONUG) are starting to take a hard look at the challenges of east/west communications. One issue is the fact that most network configuration is done through the command line interface (CLI) rather than a more user-friendly web-based API. CLI configuration also makes it harder to direct communications between the various network layers compared to more programmable approaches like HTTP and SNMP.

East-west connectivity in the cloud will be key for the deployment and scale of dynamic, integrated data ecosystems. In this world, data will have to move not only forward and back, or even just side to side, but also diagonally, crosswise and perhaps in spirals.

If the goal is to put data and services as close to users as possible, then the enterprise will need to build the right shortcuts across both local and wide-area infrastructure.

Related articles