HP hardens switches to juggle myriad virty networks

Extends Layer 2 nets around the world

SANS - Survey on application security programs

Hewlett-Packard has tweaked the Comware operating system at the heart of its switches to make them more amenable to the clouds and to implement what is being called software-defined networking (SDN).

Communication between computers is now more fluid than ever as servers and storage are increasingly virtualised and made more malleable. How exactly sysadmins juggle dynamic configurations is the subject of heated debate, however.

Rather than get into an ideological battle over the widely implemented communications protocol OpenFlow and virtual switches, HP's engineers have added features to the Comware software to give their gear SDN functionality.

"OpenFlow does not equal SDN," said Mike Banic, vice president of marketing for HP Networking - the division of the Enterprise Servers, Storage, and Networking group that does the switching and routing, and is the amalgam of HP's ProCurve and acquired 3Com networking businesses.

Two Comware features are being announced today: multitenant device context, or MDC, and Ethernet virtual interconnect, or EVI. Both are part of a broader HP strategy that HP calls Virtual Application Networks and a network design it calls the FlexNetwork architecture.

Like the OpenFlow crowd, HP wants to break the control plane in switches away from the forwarding plane in those devices. Back in April it took its Intelligent Management Controller (IMC), which has been around for a couple of years, and positioned it as the control plane for its campus, branch, and data center switches, managing access to networking resources across those networks - much like a hypervisor carves up CPU, I/O, and memory resources for a physical server for virtual machines to consume.

The IMC software does essentially the same job as Nicira's NVP controller for networks of Open vSwitch virtual switches, and also has the benefit of plugging into VMware's vCenter management console and the ESXi hypervisor's vSwitch virtual switch (also made by VMware). The software does an analogous job to what Nicira is peddling with its OpenFlow approach, but it does not hew to OpenFlow. (At least not yet.)

It programmatically controls virtualized network resources, using templates tied to specific n-tier applications, and orchestrates how those resources change as virtual machines on servers and their workloads change. This is what matters as far as HP is concerned. Incidentally, HP supports OpenFlow technology atop its switches, so this is not an either-or situation between Virtual Application Networks and OpenFlow.

The two new features of the Virtual Application Networks stack announced today are not external to HP's switches, but rather inside them, in the network operating system. In this case it's Comware 7.0, at the heart of the 3Com switches that used to be branded the A Series and the E Series, but which have had their letters dropped since then. The capabilities are being rolled out in the high-end 12500 switch to start, but will eventually be cascaded down the product line to all the way to the edge top-of-rackers.

With Multitenant Device Context, the idea is simple enough. Virtual LANs, or VLANs, running on a single switch share a common database inside the switch and shared access to the memory in the switch where this data is stored. MDC puts an electronic wall between those VLANs, carving up the memory and giving a piece for each VLAN to use independently.

Carving up switch memory to divide up your network

The net effect is that instead of having to buy a different switch for each department that you want to keep isolated, or for each cloud or hosting client that wants a secure network for their applications, you can now let multiple departments or clients share a single switch and keep those VLANs isolated from each other.

With the Ethernet Virtual Interconnect feature of the Comware 7.0 software, HP is tackling another problem: interconnecting multiple data centers. Companies can do this today with Multiprotocol Label Switching (MPLS) and Virtual Private LAN Switching (VPLS) services from their telecom providers, but it can take months to design and implement the services and it takes hundreds of complex commands to set all the gear up. Moreover, says Banic, in a stack of Cisco Systems gear (just to pick on the market leader) the three software licenses to implement these cross-data center links can cost more than a 12500-class switch itself.

With EVI, HP is putting extensions into the Layer 2 routing functions of the 12500 switch that effectively turns up to eight of the 12500 switches into a geographically distributed Layer 2 switch. And linking one data center to another takes only five commands and a few minutes to set up, says Banic, and because it is an overlay on the existing networks, you don't have to go through a network redesign.

Moreover, because the EVI feature is just part of the Comware 7.0 network operating system, there is no incremental cost, either. Without having to do a redesign for MPLS and VPLS and paying for software to implement it, the cost of linking data centers is half as much doing it the HP way, Banic claims.

The point for customers is to put the two new features, MDC and EVI, together, to implement network partitioning and bursting between their data centers, like so:

HP's EVI and MDC switch features in action

HP's EVI and MDC switch features in action

By adding the two features together, you can do cloud bursting from virtual machines and VLANs over any Ethernet transport linking from two to eight data centers together and keep the VLANs isolated and secure from each other at the same time, satisfying the paranoid. (Well, somewhat anyway.)

When coupled with another piece of software called Intelligent Resilient Framework, or IRF, which aggregates multiple core and aggregate switches so they look like a single giant switch to edge devices and therefore flattens the Layer 2 network, vMotion live migration between data centers can be significantly faster. Check out this IRF benchmark report [PDF] for more on that.

HP will demonstrate the MDC and EVI features of its switches at VMworld 2012 in two weeks. The software is available as a patch to Comware 7.0 starting today for the 12500 switches, and at no additional charge to customers. No word on when it will be cascaded down to the other switches in the HP Networking lineup. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
IBM rides nightmarish hardware landscape on OpenPOWER Consortium raft
Google mulls 'third-generation of warehouse-scale computing' on Big Blue's open chips
It's GOOD to get RAIN on your upgrade parade: Crucial M550 1TB SSD
Performance tweaks and power savings – what's not to like?
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.