Revisiting the vCider SDN Solution Prior to Cisco Acquisition : I never really got a chance to know what vCider brought to the menu of network industry disruption  prior to their recent acquisition by Cisco. My two cent overview from what I remember vCiders technology being was a completely software delivered solution.
Big vendors can sit back and let the smaller companies innovate with creative network applications that take advantage of OpenFlow enabled devices, or they can build them themselves. I enjoyed going back and reading the posts and documentation from vCider, so I thought I would post some of the content that I found interesting. The vCider content is all viewable from web caches, nothing secretive, so if there is a post I didn’t put up that you were interested in reading you can find the cache. A Virtual Private Cloud (VPC) is a private network that you control and manage but that a least partially runs outside your enterprise data center, typically on one or more public cloud platforms such as Amazon EC2 or Rackspace.
A VPC enables you to securely connect whatever cloud or on-premises systems you like in a fast private network. Most IaaS providers offer some kind of VPC or VPN solution so that the provider’s resources can access on-premises systems. Increasingly, cloud applications are deployed across more than one IaaS provider to avoid service outages and to support disaster recovery. Finally, the vCider VPC offers fine-grained control over cloud cloaking exclusion rules for packet filtering. Simply stated, a virtual network is a network that you control, that runs on one that you don’t control. In addition, to secure communications between nodes within the VPC, all traffic must be encrypted. Finally, the vNet is the means by which the VPC isolates the cloud resources from the public internet. The virtual network built in the public cloud can be seamlessly attached to a corporate data center and LAN through the vCider Virtual Gateway. The Gateway is a system on the virtual network that also has access to the physical network in the corporate data center. Cloud Cloaking is a security technique by which systems running in the public cloud are rendered invisible to the public Internet. A host-based firewall that you load on your cloud systems can provide many important functions. Cloud cloaking locks down the systems from all external access; the virtual network lets you build network topologies and steer traffic flows exactly where you want them. OpenVPN is a Virtual Private Network (VPN) solution that lets you connect a client and server over an encrypted tunnel.
Beyond the performance limitations of OpenVPN, vCider additionally provides gateway functions and cloud cloaking technology to support cross provider Virtual Private Clouds. Subscribers have access to the vCider Configuration Console where they can create new virtual networks, connect them to their enterprise network and cloak them to become their own VPC. The Management Console reports node (system) status and availability, as well as a variety of network statistics including total throughput and packets per second for each node. As compared with the native network interface packets experience very little additional delay.
Our Cassandra performance benchmarks indicate that throughput between vCider nodes is nearly identical to that of native network interfaces. I first wrote about OpenFlow and Software Defined Networks a while back and there has been a lot of progress since then. The vision of ONF is not only that the networks be interoperable, but that they also be inter-controllable.
I’m going to spend some time in the OpenFlow Lab at Interop this week so I’ll be able to see first hand what is actually going on here. With the OpenFlow buzz  machine dialed up to 11, it was nice to read this interviewwith Kyle Forster, the co-founder of BigSwitch. Look, if we’re using OpenFlow controllers and switches to do stuff that switches do today, this is going to commoditize switching. It will be interesting to watch which vendors choose which path. The path they take could very well shape the industry for years to come. In light of recent IaaS provider outages, it is easy to understand that organizations are hesitant to move critical infrastructure into the cloud.
In this article, we will show how we can accomplish rapid failover of cloud resources, even across provider network boundaries. For our example, we bring up two servers, one in the Amazon EC2 cloud, the other in the Rackspace data center. In addition, we use vCider’s virtual network technology to construct a single network – a virtual layer 2 broadcast domain – on which to connect the two servers as well as agateway that will be placed into the enterprise network.
Finally, we use Linux-HA’s Heartbeat to configure automatic address failover between those servers in the cloud, in case one of them should disappear. After bringing up two Ubuntu servers, one in the Amazon EC2 cloud and one at Rackspace, we now construct our virtual network.
Go to the download page to pick up our installation package and follow the instructions there. We can see here that virtual IP addresses have been assigned to each node, which can already start to send and receive packets using those addresses. Our floating IP address will be managed by Linux-HA’s Heartbeat, a well established and trusted solution for high-availability clusters with server and IP address failover. This allows us to configure Hertbeat by referring to the cluster nodes via easy to remember server names. Note that we are listing both our cluster nodes by name and refer to the IP address of the other node, as well as ‘vcider0?, the name of the vCider network device.
On the second node, the Amazon EC2 server, create an exact copy of this file, except that the ‘ucast vcider0? line should refer to the IP address of the Rackspace server.
We now need to establish the authentication specification for both cluster nodes, so that they know how to authenticate themselves to each other.


A Virtual Server (known as a VPS or VDS) is a server running its own operating system on a much larger physical server which is powering many virtual servers at once. A VPS offers a cost effective alternative to a dedicated server, with the flexibility to upgrade or downgrade resources anytime you need to.
Our customers tell us our VPS servers are some of the fastest and most reliable on the market, and it's no surprise. As standard we offer CentOS Linux or Windows VPS servers, however if the OS works on our vps platform, we're happy to install it for you. We operate dual hot-swap power supplies throughout, from our VPS hypervisors to the storage, network switches and routers.
If you are still considering the first, basic steps of moving some part of your infrastructure to the cloud, this gallery will give you a quick view of Rackspace's interface from sign-up to creating your first virtual machine.
Rackspace account As with many e-commerce sign-up forms, the Rackspace form is split into different pages for account, identity, and payment. The now-familiar breadcrumb (the table at the top with four numbered boxes) shows what stage of the process you have reached. The really smart ones are not only going to develop their own applications, but also get in front of all this and make their devices the preferred platform for everyone’s network applications. It will be interesting to watch which vendors choose which path.
Cisco has quite a few announcements recently and presumably upcoming that can allow for some connecting of dots for a preview of an SDN data center strategy with splashes of cloud, fabric, tunnels, orchestration and stacks.
SDN in the Data Center has had so much focus due to the ever-growing earnings potential in the data center and the ability to avoid the hardware constraints presented in today’s silicon. Want to span regions or cloud platforms to support HA architectures or simply to choose best-of-breed providers?
Also, cloud users often wish to deploy parts of their application at different IaaS providers that offer price or performance advantages.
Virtual networks are independent and isolated from other networks and the hardware on which they run.
In order to extend a data center into the cloud, at a minimum, the network in the public cloud needs to support the users own private IP addresses. This typically is a physical machine that runs in the DMZ or behind an appropriately configured firewall. This simply requires that you set up a VPN connection to a system on the vCider virtual network, then configure that node as the vCider Gateway.
Just like any virtual machine that’s running in the cloud, systems in your data center, once configured with vCider software, can join the virtual network and become part of the VPC. By cloaking public cloud resources, vCider makes the attack surface of your cloud application disappear. However, the administrative burden that goes along with maintaining policies consistent across a set of elastic cloud systems can be overwhelming.
Rather than establishing firewall rules for access to cloud-based systems, a VPC lets users secure their systems with their existing enterprise security infrastructure. This installs a user space process called the Network Monitoring Daemon (NMD) and a high-performance network device driver. However, please see our Download page for a list of standard AMIs that are compatible with our software. The download includes executables for all supported kernels which is why the download is about 1MB. OpenVPN is an application that runs in user space and can not deliver the level of performance of the vCider kernel-resident device driver software. The vCider device driver on the system accepts fully formed Ethernet frames from the local network driver.
As compared to latency across the WAN between systems on the virtual network, the additional latency is negligible. Our performance benchmarks indicate only incremental CPU utilization increases as compared with native networking. In fact, given the disruptive potential of OpenFlow I have serious doubt any major supplier will ever support it outside of proof of concept trials. OpenFlow is just one technique for Software Defined Networks (SDN) that have the potential to revolutionize the way networks are build and managed. I remember Interop back in the late ’90s where the plugfests were the highlights of the conference. It is, by far, the most thoughtful piece I’ve read so far on what OpenFlow is and where the opportunities lie. For example, instead of having all your servers with Amazon EC2, also have some with Rackspace.
We use a simple example to show how to construct a seamless and secure extension of your enterprise network into the cloud, with built-in automatic failover between servers located in different cloud provider’s networks.
This demonstrates the point of being able to cross provider boundaries, but of course, if you prefer you could also just have a setup in multiple geographic regions of the same provider. The gateway acts as the router between the local network and the virtual network in the cloud, securely encrypting all traffic before it leaves the safety of the corporate environment.
The IP address failover facilitated by Linux-HA requires the cluster machines to be connected via a layer 2 broadcast domain. This address is a “floating address”, which may fail over between the two servers at Rackspace and Amazon EC2. In our example, we install it in two cloud based nodes and in one host within our enterprise network. Thanks to vCider’s virtual layer 2 broadcast domain, Heartbeat can finally also be used in IaaS provider networks that do not natively support layer 2 broadcast. For more details about the Heartbeat configuration options, please refer to Heartbeat’sdocumentation. Since all communication on a vCider network is fully encrypted and secured, and since with vCider we can easily cloak our network from the public Internet, we use a simplified setup here, which saves us the creation and exchange of keys. It provides easy access to the usual cloud virtual hardware and services – load balancers, DNS, backup and so on.


Nick deals with the lower layers of the Internet - the machines, networks, operating systems, and applications. Matt has been bearish and ahead on thought leadership on the topic of SDN, when one would be scoffed at or jumped on from the tech bullies. The Tunnel Endpoint (TEP) then registers with at the vCider website to pick up its TEP to IP mapping. To reiterate nothing below here is my content merely web cache being reposted so folks can enjoy some nice diagrams and commentary.
This virtual network supports familiar enterprise LAN capabilities such as multicast, IP failover, etc.
Sometimes a provider might be physically located closer to end users or have some other unique advantage. Just as multiple virtual machines (VMs) can run inside a hypervisor on a single host, many virtual networks can run simultaneously on the same physical network. Cloud resources that run in EC2 can be networked with systems that run in Rackspace Cloud or physical systems at a co-lo provider. The physical machines in your data center would use an IP address on virtual network to communicate with systems outside of the data center. Also, administering a VPN between more than just a few systems is an enormous administrative burden that most users are unwilling to bear. Everything that can be done through the Configuration Console can also be done via the API. From the destination MAC address in the Ethernet frame, it determines which physical system is running the destination virtual interface. In fact, when applications require encryption, vCider can dramatically improve performance. We take that for granted now, but there was a time when it wasn’t uncommon for one vendor’s router to be unable to route another vendor’s packets.
So, how can a responsible organization go about moving part of its network and server infrastructure into the cloud, without exposing itself to undue risk and without putting all eggs into a single IaaS provider’s basket?
This rules out deployment on IaaS providers like Amazon EC2 and others, which do not offer any layer 2 networking capabilities.
The gateway machine (in green) is part of the enterprise network as well as the vCider network and acts as router between the two. Nick's job stops there, and he hands over to the designers and developers who build the top layer that customers use.
I think the idea of revisiting some long in the tooth practices is beginning to catch on which is great for those of us held accountable for their performance and availability. Before I reinvent the wheel on explaining this Ivan Pepelnjak did a great writeup and a video explanation in his cloud networking webinar. The automation provided by a VPC eliminates the need for manually configuring networks with OpenVPN or host-based firewalls. To accomplish this with a VPN would require a full mesh of point-to-point tunnels, creating significant and on-going administrative overhead. Web traffic can be accepted in on a specific system, while the rest of the network remains private and cloaked, invisible to malicious users.
As long as the systems can run the vCider software and have Internet access, the can be included in a virtual network. Once a system is specified as a gateway, vCider then will automatically configure routes on all the systems on the virtual network with routes to the gateway for access to the corporate LAN.
The only way to access the applications is via the private non-routable IP address across the virtual network. Multiple interfaces lets users build specific network topologies that may be required for certain application deployments. It then encapsulates the unmodified frame in an IP packet and sends it to the indicated physical system. Performance through the virtual network gateway is dependant on the performance of the system on which the software runs.
Since all traffic in the VPC is encrypted natively, these third-party encryption solutions (and their performance impact) can be eliminated.
Ideally, configure one to be the backup for the other, so that in case of failure a seamless and automatic switch over may take place. However, as we will see, it works perfectly fine on the layer 2 broadcast domain provided by vCider. We will see in a moment that the address failover is rapid and client request continue to be served, without major disruption. So I wanted to revisit what little I remember and post the web mirrors that I didn’t read enough of. This is especially burdensome when considering the dynamic nature of typical cloud-based applications. Cloud users need a universal solution for securely connecting cloud resources in a private network.
In addition, cloud cloaking is designated on a per-network basis so supporting multiple interfaces on a system lets systems straddle the boundary between the VPC and external networks. There, the receiving network driver delivers to the vCider device driver the IP payload, which is the original Ethernet frame. This, however, is not made easy, due to proprietary management interfaces for each provider, and because traditional network tools often cannot be used across provider networks.
Chris Marino one the co-founders wrote quite a bit on his thoughts around the emerging SDN opportunities and some interesting insights from a VC. This unmodified frame is simply sent up to the application where it receives it, unaware of its true path.



How get icloud password
Owncloud ldap mail xp
Build your personal cloud ubuntu


Comments

  1. 27.01.2016 at 16:52:34


    Offer one of the least expensive cloud storage.

    Author: Ebru
  2. 27.01.2016 at 22:15:45


    Become an accepted practice to incorporate the mozy we think you'll love back daily.

    Author: 4upa4ups
  3. 27.01.2016 at 17:58:59


    Here we are assuming in this set enabling the Subscription Economy online subscription.

    Author: SINDIRELLA