In traditional networking infrastructure, segmenting network components typically involves the use of VLANs. When it comes to the cloud, network segmentation isn’t quite that straightforward. That’s where a new service from Rackspace called, Cloud Networks comes into play.
Cloud Networks leverages the OpenStack Quantum project and capabilities from VMware’s Nicira division to enable VLAN type capabilities in the Rackspace cloud.
John Engates, CTO of Rackspace explained to InternetNews that OpenStack Quantum exposes the concept of Software Defined Networking (SDN) and provides the ability to interact with the network.
“Customers can now define a private network or create multiple networks that they can place servers on,” Engates said. “They can now begin to mimic the architectures that had been built in the traditional network.”
Engates noted that as people moved to the cloud, the concept of VLANs was lost since VLANs don’t scale very well. The Cloud Networks concept is an effort to bring the same concept behind VLANs into the cloud era.
The ability to segment a network is useful for security as well as clustering.
“This is a foundational technology that allows customers to do a lot more with our cloud and bring more applications over,” Engates said.
Existing networks can’t simply be ported over to the Rackspace Cloud Networks approach with some kind of template based tool. Engates noted that so far, Rackspace hasn’t released any such high level tools for network migration. However he added that as the API behind Cloud Networks becomes available; he expects that third party automation vendors will have solutions available over time.
The process of building out segmented networks isn’t all that complicated. Engates explained that when a new server is spawned there is a drop down menu that enables the user to select which network to use, or to create a new network.
The Rackspace Cloud now uses the OpenStack project as its base technology. Quantum is the new networking component of OpenStack and it is fundamentally an abstraction layer to expose networking capabilities.
“The OpenStack project doesn’t itself orchestrate all of the networking technology,” Engates said. “So we’ve plugged in Nicira’s network virtualization platform into OpenStack.”
Engates explained that until now, Rackspace customers basically just received a server on a flat network. The network had both a public and a private interface. The public interface potentially could see all the other customers that were connected to the same network interface, unless proper security firewall groups were put in place.
“What this really does it it gives customers the ability to start with what is basically a private network,” Engates said. “There is no public communication available on that private network unless the customer specifically allows it.”