Rackspace floats virty router and firewall into its clouds
Forget iron, use heavenly Vyatta software appliances
Moving to clouds should mean breaking free of all kinds of specific hardware devices and running as much software as possible on generic virtual machines – which is why Rackspace Hosting is partnering with Brocade Communications to bring its Vyatta vRouter software to its public and private clouds.
Brocade has been gradually building up its networking and routing capabilities, snapping up Foundry Networks for its Ethernet switching for $2.6bn in December 2008, and buying virtual networker Vyatta for an undisclosed sum in November 2012. Vyatta was founded in 2005 and brought out the first release of its virtual network appliances in October 2007.
Among many things, the Vyatta stack includes a virtual router (which means it runs on a virtual machine hypervisor) that can do a lot of the work that ISR and ASR machines from Cisco Systems can do. The vRouter software is not just a router, however it is named. It also includes a virtual firewall, virtual private networking for linking internal and external sites to each other securely, and a network address translation appliance that allows for applications and databases to be provisioned without public interfaces on the internet, but still able to get patches and updates from the outside world.
John Engates, chief technology officer at Rackspace, says that up until now, customers have had to do a number of different things to try to get these functions into their public or private cloud slices, such as using firewall rules built into Linux, or using OpenVPN as well as the open source Vyatta or the commercial-grade software which has extensions not available in the open source version.
A graphical user interface, integration with Chef and Puppet management tools, and integration with CloudStack and OpenStack cloud controllers is only available in the Vyatta Network OS Enterprise Edition. In hybrid cloud setups, Rackspace has even installed physical VPN, firewall, and routing appliances on behalf of customers.
"With Vyatta, customers can now get industrial-strength firewall, routing, and VPN into the cloud," says Engates, and in such a way that integrates with the Cloud Networks multi-tiered virtual Layer 2 networking service that is part of the public cloud as well as the RackConnect service.
The Cloud Networks service is based on VMware's NVP OpenFlow controller and Open vSwitch virtual switch, which plugs into the XenServer commercial-grade hypervisor from Citrix Systems that Rackspace uses to underpin its OpenStack-based public cloud. (VMware got its hands on NVP and Open vSwitch last year when it acquired virty networking upstart Nicira.)
The vRouter virtual appliance can also link systems running inside a private data center to the Rackspace Cloud. Up until now, customers had to use the RackConnect service, which required an F5 Big-IP or Cisco ASA hardware appliance, but now customers will be able to use vRouter virtual routers instead if they so choose.
One important thing, says Engates, is that both the Cloud Networks service and the vRouter service are both IPv6 compliant, so you don't have to mess around with IPv4.
The vRouter service is in early adopter phase now, which means it is in limited availability. But within the next month or so, Engates says Rackspace will feel comfortable enough with the virty firewall, router, NAT, and VPN appliance to make it generally available. The vRouter service will cost 18 cents per hour over and above whatever Cloud Server instance you run it on.
"We are recommending that people start with a 1GB RAM server instances," Engates. This instance should be able to handle about 30Mb/sec of bandwidth for firewall traffic, which is a pretty small appliance. In this case, the server instance costs 6 cents per hour, so you get the virtual firewall for 24 cents per hour, or about $2,100 per year.
If you need to step up to 100Mb/sec of bandwidth on the firewall, Rackspace recommends a 4GB server instance, which 24 cents per hour for the server and another 18 cents per hour, which works out to $$3,680 per year. ®
Sponsored: Global DDoS threat landscape report