The general idea behind Software Defined Networking (SDN) is to decouple network hardware and its control plane from the software that runs on top of it.
Networking startup Embrane now aims to take the idea of software defined architecture to the next level with SDN software that enables applications with their own networks. Embrane calls its custom SDN networks for applications vTopologies. They include vLinks, which all run with the company’s heleos solution.
Dante Malagrinò, co-founder, president, and CEO of Embrane, explained to Enterprise Networking Planet that his company’s approach to SDN revolves around application-centric networking. Embrane enables that with a number of technologies.
“Virtual Topologies (vTopologies) and vLinks are ways to virtualize a network for connectivity at Layer 3,” Malagrinò said.
In contrast, OpenFlow, commonly associated with SDN, works at Layer 2 in the networking stack. As such, Malagrinò stressed that Embrane’s technology can complement Layer 2-based virtualization approaches.
The Embrane Elastic Service Manager (ESM) also serves as a key enabler for the complete application-centric solution. The ESM, vTopology and vLink technologies empower Embrane to create application containers.
“Application containers are all about the idea of delivering virtual network infrastructure that can be provided on a per-application basis,” Malagrinò said.
The 2 Million Firewalls Rule
One of the reasons why having application containers with virtual networks is to avoid what Malagrinò referred to as the “two million firewall rules” scenario.
Malagrinò explained that he encountered a customer with two million firewall rules set up across the organization. As it turns out, this company had so many rules because every time it deployed a new application, it also added a new set of firewall rules. Over time, those rules added up. When the time came to de-commission a given application, the company didn’t know which rules applied and ended up just keeping all the rules, even though the associated application was no longer running.
An application-focused approach to networking would prevent that scenario, since each application would carry its own network and its own set of network firewall rules.
How it Works
The vLinks are point-to-point Layer 3 overlays that can chain any set of Embrane software-defined services. So for example, firewall and load balancer technologies can be used as an overlay, independent of the physical networking structure.
Modern applications typically include more than just a single virtual machine. That’s where the vTopology comes into play. With the vTopology, all the disparate components needed for a given application are encapsulated and empowered with virtual network capabilities.
ESM fits into the solution as an orchestration piece for provisioning and controlling all of the various network service pieces in an Embrane network. With ESM, an entire vTopology can be brought up or down with a single API call.
The move toward embracing the application and overlay model for SDN is not a new one. Startup PLUMgrid recently announced its SDN overlay approach. Networking giant Cisco is also in the application-centric camp with its upcoming Insieme venture, though full details on that effort have not yet been publicly disclosed.
“The interesting thing about Insieme is that it seems to be focused on applications,” Malagrinò said. “We have an alignment of vision with Insieme, but my expectation is that with Cisco there will be a significant hardware component, so we might be complementary – we’ll see when it enters the market.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.