What is NFV, SDN, Virtual Networks, Docker, Kubernetes and Overlay Networks?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Music] everyone this is David bumble coming to you from Oxford in the United Kingdom on a call again with Chuck who's based in California and hopefully you finding these calls really useful don't forget to send me messages on Twitter with questions that you have for Chuck so hey Chuck how's life in California life in California is quite hot today it's it's only 8:30 or so here in the morning but it's supposed to get up to a hundred and thirteen degrees Fahrenheit which is about 45 degrees in your neck of the woods in Celsius so it will be a hot one today very hot well yeah we we in the middle of a heat wave again so we'll stall so it's amazing how hot it is yeah so Chuck Ferg let's forget about the weather let's talk about important stuff so what on earth is nav let's start with that you bet so nfe of course stands for network functions virtualization what it is is kind of a few parts apart the name that is kind of what it is so the general idea is that you have these networking functions they get provided in the data center or in the carrier service provider environment or enterprise or whatever it might be these network functions can be things like firewalls load balancers security ids/ips type stuff they can be when concentrators a bunch of other carrier type equipment all of those functions today or most of those functions today require cuts customers to purchase expensive hardware on which the service is run and so what that means is that people who have to buy this stuff end up paying a lot of money for its you have to have your purchasing department have relationship with all of the different vendors because you're buying all this different hardware if you want to upgrade things of course you need to upgrade your hardware as well as the software and people were looking at that in this whole software to find whatever revolution and said wouldn't it be nice if we if this these functions would be executable via software on an industry standard server rather than having to have their specialized hardware and of course there's a lot of pushback from the people who create these products because they've spent a lot of money to create really good hardware with special capabilities so they're a six and all the other stuff that they build in have a lot of advanced functionality the trade-off or the the counter-argument to that to running it on an industry standard server is that you end up with economies of scale you're dealing with upgrades at the pace of software rather than hardware it's much less expensive if you need more horsepower you just put more servers on which you run virtual machines etc etc so that's kind of that general idea is running Network functions that used to run on specialized hardware running them instead on industry standard servers that you can get from Dell or HP or Cisco or whoever it might be and so network functions virtualization the the virtualization term there is one that often confuses people confuses me it's difficult to know what people are talking about when they talk about virtualization you can talk about virtualization in this case it basically means taking something that ran on Hardware on a specialized appliance and turning it into a piece of software that you would download and then run on some general-purpose computing system like a server that's one idea of virtualization we talked about network virtualization in the networking world and quite often what we mean by that is tunneling like the X LAN for virtual extensible land nvg or env GRE network virtualization using JRE that's another definition of virtualization where you're basically virtualizing the networking capability and it's easy to get those confused just understand that when people are talking about nfe what they're really talking about is virtualizing those functions remember it's network functions virtualization so it is what the name implies it's virtualizing those functions meaning running them in software and the place that you run them is on a server somewhere and a lot of vendors you know that provide like your f5s or your checkpoints or your load balance or firewall etc vendors they typically have versions of their product that run on that are virtualized and can be purchased as software but that has not been the predominant means of delivery of that function me up to this point in time with nfe you have the promise or the potential for virtualized versions of these things becoming much more prevalent and you know that you get a lot of other advantages by it being in software you can deploy that service anywhere that you want geographically you don't have to package up a box and ship it somewhere you can just download the software to whatever branch office or other environment that you want and it's automatically downloaded and up and running in as long as it takes to download and bring up a piece of software so there's a lot of other advantages too so you mentioned a lot of things there so as an analogy and again correct me as always if I'm wrong because more than likely going to happen in the past we used to have physical servers so we had a physical server for email a physical server for something else like a database and various sort of server functions were dedicated to pieces of hard way but then through the use of VMware and virtual machines we virtualized those servers is this kind of the same idea but we're virtualizing firewalls routers and other devices correct it's kind of the same idea so in the past you would dedicate a physical piece of hardware for running one specific type of operation like an email server or web server or whatever now you run those on virtual machines initially people were skeptical about the viability of running things and virtual machines and they said well there's too much overhead and having virtual machines it's just not a really efficient use of the hardware etc etc but the advantages so much dwarfed the disadvantages that everybody's doing that in their data centers today and it's the same idea you know to the extent that it takes off this nfe thing I guess we'll figure out if it's gonna be a viable alternative or not I recently went to an open networking summit where they talk about OpenFlow opendaylight a little bit about nfe but it's not an NF II conference but one of the main guys that it started the whole NF sdn craze had a session that I attended his name is Scott Schenker from UC Berkeley one of the originators of OpenFlow protocol and all the stuff the clean slate program at Stanford and elsewhere and he had a session that was called why NFV has failed and how we can fix it and sort of springboarding on top of what you said about virtual machines David the premise of this session was that we've gone about doing nfe incorrectly we immediately said oh and a fee we need to run our network functions virtually in a virtual machine and as you and your audience may know there's currently a fair amount of discussion regarding the best way to do virtualization whether it is through virtual machines where you have an entire operating system etc running in a virtualized Manager manner or whether you use containers using technologies such as docker for your container and kubernetes for a container Orchestrator these containers are much more lightweight they share the operating system but they have a separate container for lack of a better word in which your service runs isolated from all the other services and the premise of this nfe talked get back to that was that we should not be using virtual machines for our services and he went so far as to say nor should we be using the lighter-weight containers for our network functions virtualization he went so far to suggest that we should just be using applications that run on an operating system so just like today on your phone or on your computer or whatever you have multiple applications running they were making the claim in this session that these applications being even more lightweight than containers provide all of the segregation that you need between your different functions to run alongside each other and it simplifies it we know how to do distributed applications across multiple servers this is something that you know Google and Facebook and Microsoft and everybody are doing every day every moment of every day and we have a lot of expertise in doing it so why don't we do that so NFV yeah I kind of sort of springboarded from what you said but running in a virtual machine or running in a container or even as this proposal suggested running as a separate application but the main idea is that you turn that hardware appliance into a piece of software and you run it on industry standard servers that's the general idea of nfe so chuck what's that on your head what happened to you did you forget into a fight or what well I would love to say that you know it is the result of what most of my injuries and bloodletting is a result of which is either having an accident playing soccer or some other sports or giving blood which sometimes doesn't go exactly the way that you wanted it to unfortunately I'm embarrassed to say that this was actually my house attacked me so I might die near my bed as my glasses fell off of the nightstand you know the thing that's just next to your bed and I've reached down to get them in the morning when it was dark and unfortunately we have a very pointy part let's see so I'm going to make this pointy a very pointy part of our end table and my head happen to meet the very sharp corner of my end table so yeah a few choice words later I got a paper towel and stop the bleeding but this has been like a week or so so I look pretty tough it it enhances my manliness doesn't it don't I like weight yeah you should have you should have just told us you got into a fight or something I should have done that yeah we're protecting a damsel in distress how's that that's right oh you someone kicked you in the head when you were trying to die for the soccer ball or something yes that would have been nice yes that would have been better anyway let's meet let's get on with the interview Chuck otherwise people are good at us okay so Chuck you mentioned a lot of terms they do you mind giving us sort of an overview of what is a virtual machine versus what is docker versus what is kubernetes yeah sure so of course on my laptop for your laptop or desktop or on a server or whatever it's a generalized piece of hardware on which runs an operating system and then on that operating system it is sharing the memory in the disk and the CPU etc so that your multiple applications can run that's true on my on my little phone here is true on my laptop or my tablet or whatever so that's generally how computers work the idea of virtual machines actually has been around for a long time I worked on a product called vm/370 which ran on IBM mainframes in the late 1970s so large realization has been around for a long time but it's only in the last decade that has really become mainstream and the general idea of a virtual machine is that the software creating the virtual machine environment makes the operating system think that it's running on us piece of hardware but it's really not so it's making the same calls to get access to memory in the CPU and all the other stuff but the virtual machine software is intercepting those and it's allowing multiple virtual machines to run on the same physical machine so in something like a data center where a server is only utilizing quite often you know a fraction of the entire compute power of that system this allows you to run multiple virtual machines on a single physical server and thus make way better use of the hardware capabilities that you have every one of those virtual machines thinks it's running on its own piece of hardware it has its own Nick's it has you know a certain number of cores and the CPU it has its own memory etc everything looks to the operating system the apps running on top of it like it has its own physical Hardware device but it doesn't it's just a virtual machine and you get you know really nice efficient use of your compute the computing Hardware by doing this virtualization and so that's what a virtual machine is it's it is simulating the entire operating system and the applications that run on top of it now a little bit lighter weight thing that that would be a container and the container technology you've probably heard of most is docker there's others out there and there's other things called containers that get to be confusing but for our purposes we're talking about virtual machines and now a lighter-weight version of that is called a container and the idea of a container is that you have a separate kind of walled domain in which all of your applications can run that's entirely separate from other containers running on the same piece of hardware and so consequently what you end up with is you have your own host name you have your own namespace you have your own Nicks etc but you are actually sharing the operating system itself with all of the other containers running on that particular system so as you can imagine because you're not replicating the operating system every time for every virtual machine everybody is sharing it you're using this container technology instead it's way more lightweight than the virtual machine idea and so there's a lot of arguments you know basically back and forth about VMs are better no containers are better no this is better etc etc so that fight is still going on you know we're still in the evolutionary process going from physical machines to virtual machines so this is kind of early to go already from virtual machines to containers but you know people are still making that evolutionary progression from physical to virtual to consider in containers so there's still dust that needs to settle in that whole environment in that argument so that's kind of what the those two different things are virtual machines versus containers now people have heard of kubernetes kubernetes is an Orchestrator or like a management and control piece of software whose goal it is is to manage a number of these containers and so kubernetes happens to be one implementation that was originally created by Google it has since been open sourced and it's probably the most popular one in use today especially by people who favor open source software a docker has their own version of an Orchestrator for docker it's called docker swarm that competes with kubernetes kubernetes will has defined interfaces so that it can use multiple containers down below it but the one that you'll see kind of most often would be Dockers so you have kubernetes over the top orchestrating all of these docker containers that are running either on one system or on multiple systems and that's kind of the general idea is that something like kubernetes has knowledge of what instances need to be spun up where they need to be spun up when they are no longer necessary etc that's the general you know high-level abstract view of what kubernetes is and what Dockers containers are and what virtual machines are there are virtual machine orchestrators as well of course VMware not only has virtual machine technology but it has you know the whole VM wire service that they provide that helps even manage virtual machines in your network of course they orchestrate virtual networks as well they create a version of Sdn called overlay based Sdn with their VMware products that will work either with you know either with their own virtual machines or with other vendors virtual machines so there's there's orchestration for all of these things but kubernetes is the orchestrator that's probably most popular for containers in virtualized environments so kubernetes is kind of as an analogy similar to vSphere or whatever management product you're using from VMware or others to manage virtual machines kubernetes is used to manage containers that is correct yep yeah okay and just to make sure I understand this and for everyone's benefit if I had ten virtual machines running on a host operating system that host operating system could be Windows or could be ESX I could be something I end up having eleven operating systems don't I so I've got the host plus the ten virtual machines that was death correct the virtual machines are refer to his guests and the yep the main one on which everything else is running is a host so a lot of my job involves spinning up Linux virtual machines to build my software and I run other virtual machines to simulate hardware devices etc so I have as my host operating system is Windows 10 and I'm running VirtualBox which is free and on VirtualBox I have multiple virtual machines and you know I I teach classes for other vendors for Sdn and I just before we started recording this I had three virtual machines up and running one was the Sdn controller one was the mini Met Network and one was the kind of the user interface app server all running on top of my Windows virtual machine so I have like you say I have four operating systems running one is the host and then on top of that host just running the virtualization software VirtualBox in my case I have the three guest operating systems but if you were using docker containers or some kind of container technology would only have one operating system is that right that is a true statement and I would be running multiple containers that would have instances say of my application a lot of times the containers are used not to run a bunch of multiple applications but to have a single purpose so like an instance of an email server or a web server or an SD win controller or something like that and that's what containers are so lightweight because they don't run redundant operating systems you just get the application that you want rather than having to install a whole whole operating system with a bunch of stuff that you don't need so right that is true so but I will tell you virtualization has its advantages you know rank virtual machines as it images I can run different operating systems so on my host I could be running a Mac OS as well as Linux as well as Windows if I needed to do that and in fact in the situation I described on one of my virtual machines I'm running the abun to version of Linux on another one I'm running cent OS version of Linux and on the third one I'm running a different distribution of Linux I'm running three different Linux type of operating systems in VirtualBox so it does depend on what your needs are if you or everything's running on the same operating system then maybe it makes sense to do containers if you have a need to run different OSS like your you know I've no idea what it is your web service is on Linux but your shared folders is running on Windows and you need to be able to swap them around then probably a virtual machine type an environment may be better for you and hence you saying that you know there's still the dust still needs to settle because some people will say there's advantages to the one over the other yes and they hold their own opinions fiercely and believe that you should agree with them so not unlike politics in the United States so it's let's not get into that yes so lot of a lot of this yeah you mentioned this is twice now I think so just to clear it up for everyone you mentioned the difference briefly between n of E versus virtual networks and I'm assuming when you talk about virtual networks you're talking about overlay Sdn networks is that right I yep that's correct so what's it can you briefly explain what a virtual network is versus I mean in a V you've said it's like virtualizing a function which could be virtualizing a firewall but what is a virtual network because that term goes around as well that's a great question but let me start by answering a question you didn't ask but maybe on people's minds because I hear you know some of the folks that are your people David have written to me hey I don't really understand this business about this and that and then this and that that they talk about our nfe and Sdn so hopefully you know you know a little bit about and if V if you've listened to what I was talking about and didn't fall asleep a little bit earlier you know what that is about so how do the two work together it's really fairly straightforward the idea of nfe is that I can spin up and run a virtual networking function anywhere that I want on an industry standard server the question is now that it's been virtualized and is running on an industry standard server how do I pump my networking packets and traffic through that service and that's where Sdn comes in so you use software-defined networking to route traffic through your firewall through your load balance or through your ids/ips through your win on s'en traitor whatever it might be you need to dynamically be able to change the way that packets are routed through the network and in order to do that no matter what version of Sdn you're using to accomplish it you need to use software-defined networking and so Sdn routes the traffic into these now virtualized or software based services running on servers in the network so that's kind of the a general idea of software-defined networking and NFV and how they work together now you specifically asked about it but before we go into overlays I'm glad you brought that up so we here sorry to interrupt Chuck because I think it's it's really important that you that you mentioned this is this also to do with a service chaining idea that you often hear people talk about yeah so service chaining if you have to do it manually then you need to you know daisy chain wires through your network and put in the big machine the big appliance one after the other and have your service have your traffic routed through your services that way with the advent of virtualized services running on servers somewhere in the network and routing which is dynamic now via Sdn you can now chain these things together so first when a packet comes in you know it goes through your revolved packet core it goes through your firewall like those through load balancer you know whatever it is in terms of services you can line those up and route traffic through them appropriately now it's way easier to plug in wires and have everything be statically configured and not have to worry about stuff and that is nobody's going to dispute that that's way easier the situation that we face these days though is we live in a world of dynamic services in terms of servers and compute and storage and we live in a world where we want to be able to dynamically change how the networks behave and in that world we're going to have services or network functions that move around and we're going to have services that move around and therefore we're going to need to have traffic that gets routed appropriate to where the service is and that's why we need to get to this automated more automated more dynamic more software driven way of doing networking because the problem is if you vmotion a server a virtual machine from one physical server to another your service chaining or your whole stuff that rots the traffic to that server needs to be adjusted now is that kind of what you what you're saying as well yeah that's correct in fact that's kind of one of the arguments that's driven this whole technological trajectory that we're on with respect to making things software driven or software-defined is you know in the data center you can do a V motion that moves the service from one spot to another you can do that with the push of one button and depending on the size of the VM it takes 30 seconds to a minutes however getting the networking to follow that so that you can now use it today takes a week or months because you have to have a trouble ticket the people who have to do things in terms of configuration have to figure out how to modify the configuration they have to deploy the configuration they have to fix it because they probably did it wrong you know all of that stuff takes away money long yeah yeah yep so does that lead us into the virtual networks discussion because the next question is okay so how do you do this then how are people implementing this idea that you move the VM and things follow along in the network sphere yeah so kind of the backstory to software-defined networking is the this whole idea of virtualization in the data center primarily was taking hold and people who had data center stuff and let's face it everything's in the cloud these days so everything is data center based or just about everything networking had to follow so all of the folks who had been given us you know all the really cool protocols and the really cool advancements to be GP into OSPF and is is and spanning tree and to trill and the shortest path bridging and all this other stuff they said oh we need to figure out a way to have networking keep pace with this and so they came up with this idea of network virtualization and that's the term that was used for protocols which as I mentioned are mainly tunneling protocols of the nature of VX LAN and VG re stainless transport tunneling those type of protocols were invented for a number of reasons but primarily they've been applied in the data center and as you probably know the general idea of the protocols is that you take the original packet which you would normally just ship off to a physical device from the server since you're using virtualization you take the original packet and before you even leave the server when you are still running in that virtual switch or virtual router in on the server in the virtualization software and the hypervisor what it's going to do is this is going to encapsulate that original packet with another package and so that other packet then gets sent out into the network that means that this other packet has its own MAC source and destination IP source and destination and the original packets is hidden inside it it's encapsulated that's the whole idea of tunneling and so you create these things that we call tunnels between virtual switches on one ends of the network and then you pass packets that are encapsulated from one end to the other and that's the idea of virtualization I mentioned VX LAN which is the predominant one from Cisco and VMware back when they were BFFs I was telling a class I stands for best friend forever I was telling a class of Fujitsu people I think in Texas and they said oh so they were BFF FN and I thought I was you know hip to the language and understood what that was but bfff n I didn't know what that is and he said his teenager told him pfff n stands for best friends forever for now and I think that's kind of what happened to Cisco and VMware as you're probably aware they're no longer best friends you know yeah Cisco thinks VMware is you know infringing I'm not sure if that's the right word but they're sort of creeping in to the networking world with their virtual switches and virtual routers running in the hypervisor of their software you know cisco has its own virtualization stuff so the two are no longer best friends but yeah VX Land still the most predominant one nvg are used to the Microsoft's baby and they used to be doing things in there as your data centers using NV GRE I heard from somebody actually in Australia who said that you know Microsoft recently announced that they weren't using NV GRE anymore this is as of a couple of months ago they're using VX LAN I looked up I found one article to mention that but it I wasn't sure if it was definitive or not I'll let you know the folks listening can investigate and figure out what's what in that regard but yeah they do basically the same thing Mac in IP encapsulation and just to round off the discussion of network virtualization stateless transport tunneling was developed by Anna Sarah who is one of the first Sdn companies for the data center that did this overlay technology and their claim about stateless transport tunneling is that they take better advantage of certain capabilities in server NICs that would be large segments offload which allows you to pass it allows the system to very efficiently handle large amounts of data anyway that's probably giving you more information than learnt but that's the idea of network virtualization and you know what it kind of is in the networking realm these days more detail is always better Chuck they think all coals like this is always nice to get into the nitty-gritty [Music]

Info

Channel: David Bombal

Views: 19,552

Rating: 4.9715304 out of 5

Keywords: Kubernetes, Docker, Containers, Virtual Machines, Containers vs VMs, Container VM, Vmware, NFV, Network Function Virtualization, NFV Containers

Id: -RNDhWxX9n4

Channel Id: undefined

Length: 36min 17sec (2177 seconds)

Published: Sat Jul 07 2018