IEEE Ethernet Specs Could Soothe Data Center Ills

alphadogg writes "Cisco, HP and others are waging an epic battle to gain more control of the data center, but at the same time they are joining forces to push through new Ethernet standards that could greatly ease management of those increasingly virtualized IT nerve centers. The IEEE 802.1Qbg and 802.1Qbh specifications are designed to address serious management issues raised by the explosion of virtual machines in data centers that traditionally have been the purview of physical servers and switches. In a nutshell, the emerging standards would offload significant amounts of policy, security and management processing from virtual switches on network interface cards (NIC) and blade servers and put it back onto physical Ethernet switches connecting storage and compute resources. 'There needed to be a way to communicate between the hypervisor and the network,' says Jon Oltsik, an analyst at Enterprise Systems Group. 'When you start thinking about the complexities associated with running dozens of VMs on a physical server the sophistication of data center switching has to be there.'"

This is a big deal for cloud hosts.

This is a huge deal for cloud hosts. We aren't a cloud provider, but we do offer similar services on our corporate network. We're using Xen to run over 5000 FreeBSD instances on a singe high-end server. When you're dealing with this many instances, all under constant use, the networking overhead becomes huge.

At first we were using Linux, but it just couldn't offer the throughput that we need. We aren't in a position to acquire more hardware (which is, of course, why we are using virtualization so extensively), so we had to find a better software solution. We found that FreeBSD was compatible with our applications, but had a much more efficient network stack.

Cisco

[nighty5]

Cisco / VMware has done some work in this space, abeit it is a Cisco / VMware solution.... The Nexus 1000V basically provides an overlay to the virtual networking stack from VMware and places it into an appliance with a Cisco CLI. It can then be hooked into the usual Cisco management suspects. The solution makes sense because it also gives back control of the network aspects back to netops, instead of the server ops/virtual ops... http://www.vmware.com/products/cisco-nexus-1000V/

howto secure virtual machines

[Euzechius]

When using virtual machines you loose some control and visibility compared to the tradition pizza box server. A physical server is easy to pinpoint, easy to implement ACLs (ethernet/ip), Quality of Service, traffic monitoring or just to shut down a network port. :) Both VEPA and VN-link are technologies that allow you to better seperate different virtual machines on the same physical box.

For VMware, Cisco developed a virtual switch ( YES, a downloadable switch! :) that integrates with VMware ESX 4 that offers all this network security, monitoring goodness. This virtual switch is called the Nexus 1000v and can be downloaded at http://www.cisco.com/en/US/products/ps9902/index.html ( 60-day trial ).

About a year ago the ethernet specifications for data centers already got an extension called FCoE or Fibre Channel over Ethernet ( http://www.t11.org/fcoe ). Basically this allow you to use one ethernet network for both your lan and your storage san. And thus not needing to build out a seperate Fibre Channel SAN.

Re:Reasons for lack of HTTPS

[jolyonr]

buggeration!

At least it was posted securely