Tuesday, September 22, 2015

A Paradigm Shift coming to the networking arena

In Wikipedia "Paradigm Shift" is defined as "a change in the basic assumptions, or paradigms, within the ruling theory of science".  It is defined by Thomas Kuhn, in his influential book The Structure of Scientific Revolutions

It has been adopted in the business world to describe a "Fundamental change in an individual's or a society's view of how things work in the world".  One classic example of a Paradigm Shift in the business world is how the Japanese Automaker Toyota changed it car manufacturing process making it able to adjust to external demands or changes and thus making Toyota a major thread to the Big 3 U.S. Automakers.

DevOps is a Paradigm Shift in the IT industry and is becoming a popular way of agile software deployment methodology.

Then what is a Paradigm Shift in the networking arena?

I think most of us will think that Software Defined Networking (SDN) is a Paradigm Shift for the networking arena.  

Well if you think this way you are only half correct. I am sure you will agree with me after reading this post.

What is SDN?

Different people have different definition on what Software Defined Networking is.  I have a blog post that defines what SDN is.  This TechTarget article describe SDN as "an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center."

Overlay technologies such as VXLAN, STT or NVGRE is sometimes considered as a form of SDN.  In the blog post we will look at SDN as the separation of the control and data plane and there is a centralized SDN controller to program the traffic flow on the physical network device.

 image source: https://www.sdxcentral.com/wp-content/uploads/2013/08/sdn-framework.jpg

In this SDN model, there is the concept of:
  • Northbound Interface - Interface between the business application and the SDN controller
  • Southbound Interface - Interface between the SDN controller and physical network device
Both the southbound and northbound interface has a set of APIs.


Southbound API

OpenFlow is the most common protocol used in the Southbound Interface to manage the flow dictating how the packers are moved from the source to the destination. (Note: OVSDB is the configuration management protocol used by the SDN controller to configure the Open vSwitch that is running on the physical network device).

Northbound API

The beauty of SDN is that it abstracted the physical networking devices with software and thus making the network programmable in respond to external changes.  The Northbound API is the channel for the network applications to interface with the SDN controller.  This article is a good primer on Northbound API.

The Paradigm Shift - IBN

Separating the control and forwarding plane in SDN is not exactly a fundamental change on how networking is done.  The true change on how networking is the concept of Intent-Based Networking (IBN).  This article (Intent: Don't tell me What to do! (Tell Me What You Want) by David Lenrow has a good description of what Intent-Based Networking is. This article described Intent-Based Networking with these characteristics:
  • Intent is invariant
  • Intent is portable
  • Intent is compose-able
  • Intent scales out, not up
  • Intent provides context
Intent-Based Networking is another abstraction to the physical network where network application only specifies it intent and does not specifies how to achieve the intent.  This is similar to the Declarative Language where user only specifies the end result.  One example of Declarative Language is Puppet the Configuration Management Tool where user only list out the end state of the device that he/she wants to manage.

This is a Paradigm Shift in networking as we are shifting from the how to the what when network application interface with the SDN Controller.


The Advantages of Intent-Based Networking

There are several advantages for Intent-Based Networking:

Portability: Workload in the infrastructure tends to move around and in the case of Docker Containers, the application come and go in a rapid manner and the same application may be provisioned on different physical host.  By specifying only the what and not the how, it makes the application more agile or in other words more portable.

Composability:  By specifying the intent, the operator or developer of the network application does not need to know the protocol, network attributes or vendor.  "It is possible to provide an integrated system where multiple, discrete SDN services are offered, while resolving and avoiding potential conflicts over shared resources such as forwarding table" as described in David Lenrow's more recent article on this subject

Security: In the traditional SDN Northbound API, it is possible for the attacker to manipulation the flow creation or deletion. In the Intent-based Networking model, the Northbound API only specifies the what and not the how thus making is more save.

Currently this Intent-Based Networking concept is still under development but is gaining support from the following well know networking bodies:
  • The Open Network Foundation
  • Open Source SDN boulder Project
  • OpenDayLight Network Intent Composition 
  • Open Networking Lab
  • OpenStack
  • European Telecommunication Standards Institute (ETSI)

Further Reading on this subject

"Intent: What. Not How"

Could Intent Modeling Save the NFV Business Case?“,

Intent Models in NFV: More than “Useful”,

Diving Deeper into Intent Models for NFV

"Intent: Don't Tell Me What to Do! (Tell Me What You Want)." SDxCentral. N.p., 12 Feb. 2015. Web. 22 Sept. 2015.
"Intent-Based Networking Seeks Network Effect." SDxCentral. N.p., 18 Sept. 2015. Web. 22 Sept. 2015.
"What Is Software-defined Networking (SDN)? - Definition from WhatIs.com." SearchSDN. N.p., n.d. Web. 22 Sept. 2015.
Wikipedia. Wikimedia Foundation, n.d. Web. 22 Sept. 2015. 
"What Is a Paradigm Shift? Definition and Meaning." BusinessDictionary.com. N.p., n.d. Web. 22 Sept. 2015.  

Tuesday, September 15, 2015

Docker Global Hack Day #3

The Event

September 16, 2015 is the Docker Global Hack Day.  It starts at 4:00 pm Pacific Time and ends on September 21 (the following Monday). Local Docker meetup group will host the event and it will start with one hour of live stream with different speakers.  I believe food and drinks are provided also. The program at the local meetup will end on 9:00 pm but the project continues until Monday September 21.

The local meetup for Los Angeles is held at Ticketmaster

This is a global event where people all around the world will submit ideas on projects that is Docker related in these 3 areas:
  1. Docker Plugins
  2. Docker Plumbing – runC, Notary, etc.
  3. Docker Freestyle – must use features from the latest Docker releases including Engine and other Docker OSS projects
List of submitted projects can be found here.

My submitted project

My goal after VMworld 2015 is to learn the language Go and this Docker hack day is just perfect for me as Docker as well as Kubernetes are mostly written in Go.  Earlier I had an article on "A New Chapter in Docker Networking" and the project that I am going to submit to the Docker Global Hack Day is libnetwork related.

Hack Title

Utility to display traffic counter per container

Brief abstract of the project

This project is to provide a utility to display the transmit and receive counter for each container by tapping into libnetwork.  This will be a good debug tool to provide visibility on the traffic pattern of each container and to see if there is anything abnormal.

My expectation of this project

This project should able to provide me a jump start on Go and Docker.  Since this is a very simple project I do not expect to win nor expect anyone to join me but this can push me to focus and deliver the project before Monday September 21.

A part from having a jump start on Go and Docker, I hope I can meet different people of the Docker community.

Thursday, September 10, 2015

My first VMworld - It was simply awesome

Last week I was able to attend this renowned number 1 IT conference that everyone talked about - VMworld.

I arrived on Sunday afternoon and left Thursday evening.

It was a wonderful experience and when I left the conference I wrote this on Twitter:


In short, this summarizes my first VMworld.  I had good experience, memory and friendship.

Before I went I have no idea what I will encounter at the conference.  I worried being alone in a BIG crowd but the Twitter community immediately ensured that I would not be. I had written a blog post setting my theme to VMworld 2015 – Experience.

I was to experience VMware in 3 ways:
  1. Technologies
  2. People
  3. Community
As I reflect on the conference this is what I experienced at VMworld.

Technologies of VMware

There are tons of blog posts on what was announced at VMworld 2015. I like this post the most which stated the following points:
  1. VMware public cloud gets vCloud Air SQL, Site Recovery Mgr Air and object storage
  2. Working with Nvidia's Grid 2.0 on virtual desktop
  3. VMware Integrated OpenStack rev 2.0 (based on Kilo release)
  4. VMware vSphere Integrated Container and Photon Platform
  5. vSphere storage driver for ClusterHQ Flocker
It is clear that VMware is getting into the container space under the umbrella of Cloud-Native Apps which also includes technologies such as Docker containers as well as DevOps.  At VMworld 2015 there is a 3 day DevOps mini conference – DevOps @ VMworld held at the Hang Space with keynotes and hands on training.  There is also the Developer Day and Hackathon on Wednesday.  Participants of the hackathon were given a free one day pass to VMworld (if they have not registered to attend VMworld) and a $600 credit for vCloud Air.

People of VMware

For me this is the best part of VMworld.  At the conference people of VMware get together to talk and to exchange ideas or concepts.  At the conference, friendships are built and this is why we have such a strong VMware community.  Even being a first time attendee of the conference I could already feel the bonding effect among the attendees.

The VMunderground events on Sunday that began at 1:00 pm was just amazing. People in this event mingled well and everyone was extremely friendly.  I, am a nobody in the VMware community was able to meet some VMware “hot shots” and was greeted with friendly smiles and warm conversations. 

Every day, the Partner Exchange was very crowded and was difficult to move around.  Still people were very cordial and would give others the right of way if they were on a collision course in a tight space.  After all there were 23,000 people at this conference.

I also attended a few parties hosted by different vendors and I was able to interact with different people.  I was able to encourage one person to start blogging.

Some of the people I met, I recognized them not by their face but by their Twitter handle. And in one instance, I have a change to tell the story of my Twitter handle - vCloudenBeer (ping me on Twitter if you want to know the story).

Community of VMware

There are 2 specific communities that I am involved in. The first one is VMUG and the second one is vBrownBag.

VMUG is the best place to learn, network and to share. This year VMUG was having a lounge at Moscone West 2nd floor instead of just a booth at the Partner Exchange.  Attendees were able to play games, relaxed and to talk to different people at the VMUG Lounge.  The staffs from VMUG headquarter were all very friendly, capable and organized. I took a picture at the VMUG Lounge where they provide a photo booth for members to capture memories.

The vBrownBag crews were busy from Monday to Thursday.  Lots of people signed up for a 10 minutes slot to present different topics.  Some were rookies like me and some were VMware veterans. Complete schedule of all the presentations can be found here

My presentation was on Wednesday and you can view it on YouTube with the slide deck posted here. Comments on the presentation are welcome as I wanted to improve my presentation skill.  My presentation topic was on "Microsegmentation - a perfect fit for Microservices security" which some how aligned with one of the highlighted topics of WMworld 2015 by VMware.  Before the presentation I have written blog posts on this subject.  One of these blog posts (A new chapter in Docker Networking) was featured at the DockerWeekly.  This was encouraging and elevated my confidence during the presentation because being featured at DockerWeekly validated my presentation content.  After all this was VMworld and not just any event.

Thanks to James Brown (@jbcompvm), I was able to take part on another vBrownBag slot talking about Virtual Design Master as a participant sharing my experience and benefits from the contest. It was in a form of penal discussion.  English being my second language, this is a bit challenging to me as the session is not scripted nor based on PowerPoint that we can expand on or reference to. It was free form question and answer. If interested, you can watch this here.   

With these efforts I am now a proud owner of this polo shirt

It was simply awesome

Yes, it was simply awesome. I did not attend a single session nor tried any Hands-on lab at WMworld but I had a great time interact with different people and felt the bonding effect of the conference.  Of course I bought home a whole bunch of new t-shirts and other swags.

Next year VMworld will be held in Las Vegas and I am looking forward to experiencing the technologies, people and communities of VMware again.