Cloud providers are rapidly growing the number of virtual private servers they maintain for customers, but the fundamental limits of cloud networking are constraining their ability to scale their infrastructure.
For years, the concept of a virtual LAN (VLAN) has enabled network engineers to secure and manage their networks through segmentation, but IEEE 802.1q -- the standard that supports VLANs -- only supports 4,096 VLANs within a domain. This VLAN limit can constrain the ability of a cloud provider to offer thousands of customers in the same data center.
"Corporate networks don't require thousands of private networks within a flat switch, but when you are a service provider, you need to offer private networks within a public cloud, and [the customer's] instances need to be able to talk to each other securely," said Thomas Stocking, chief operating officer at Gandi US Inc., a domain name registrar and cloud hosting provider. "4,096 VLANs isn't such a high number when you have 1,000 customers and you can't offer them more than four VLANs."
Providers need an affordable and reliable way to work around the cloud VLAN limit in order to expand their operations.
Solving VLAN limit issue in cloud networking
Gandi recently announced the beta release of its Private VLAN Technology, which it claims will solve the VLAN limit without requiring investments in software-defined networking (SDN) products that use tunneling protocols like VXLAN, NVGRE and STT, Stocking said. The scalable VLAN technology will be made available to all cloud providers as open source software following the beta test.
The private VLAN technology uses the Transparent Interconnection of Lots of Links (TRILL) protocol to overcome network infrastructure limitations. The protocol combines Layer 2 bridges and Layer 3 routers to allow for multi-path and multi-hop capabilities, boosting the number of VLANs that can be implemented in a given switching fabric to 16 million. This protocol will also allow providers to use existing network hardware as long as the infrastructure supports jumbo frames to handle encapsulation, he said.
More on cloud infrastructure
Virtualization basics for cloud providers
Cloud trends: the future of cloud computing is PaaS
When does cloud federation need layer 2 connectivity?
The technology adds an encapsulation layer on top of a provider's existing cloud infrastructure, Stocking said. "This isn't like working with SDN, which adds a whole new layer on top of your existing network," he said. "This technology allows providers up against the VLAN limit to use virtualization to allow for private networking, using their existing Layer 2 and Layer 3infrastructure and still ensuring security to their customers."
Gandi is using TRILL to provide a unique identifier on a per-tenant basis to extend the number of VLANs, said Mike Fratto, senior analyst for enterprise network systems at Washington, D.C.-based Current Analysis.
"The immediate benefit for cloud providers using this method is boosting the number of customers they can support and [adding] more flexibility for their customers," he said. "Providers can assign one ID per tenant, but then that tenant can potentially add any number of VLANS behind their ID."
Better cloud networking segmentation will enable unique services
The more network segmentation and space a cloud provider has, the more room for unique services they will have to offer their customers. "Most cloud providers are on a very generic level where they offer and charge for a service, but if they have more visibility and segmentation, they can start charging uniquely for new services," said Andre Kindness, senior analyst with Cambridge, Mass.-based Forrester Research Inc.
While segmentation is not a new problem for cloud providers, working to solve the problem on a network level is. "Typically, providers have been using bolted-on hardware solutions, like firewalls, which make the process more manual. The idea now is to do more of this work down in the actual network," Kindness said.
"There are different ways to preform isolation in the switching through the network, but customers won't care, as long as cloud providers can prove [the users'] traffic is isolated, and grant them freedom to work within the network infrastructure, within their cloud service," Current Analysis' Fratto said.