Cloud Infrastructure

02:36 PM
Jeff Loughridge
Jeff Loughridge
Repost This

Networking In The Cloud

In discussing network design with my clients, I talk about how routers, firewalls and other network gear can be interconnected to provide a scalable and redundant IP network. These foundations of network design apply to networks composed of tangible components or the virtualized infrastructure that extends corporate data centers to the cloud. I find that the networking aspects of cloud computing are frequently overlooked or addressed as an afterthought.

AWS allows you to create up to 10 VPN connections to data centers per VPC and provides a form to request more connections. I've never needed more than 10 VPN connections, so I don't know if Amazon approves all these requests. Administrators can create up to five VPCs per region. Traffic between VPCs must traverse your data centers; Amazon does not offer a method for direct VPC-to-VPC connectivity. Alternatively, you could roll your own VPC-to-VPC connectivity with open source VPN software such as Openswan and OpenVPN. This option can be very complex, and I wouldn't advise pursuing it unless your network engineers and sys admins understand how the failure of these homegrown tunnels will affect the services in the cloud.

If you take away one point from my article, let it be this: The integration of your data center with the cloud can't be performed by system administrators and application developers alone. Do your sys admins know how to configure IPSec and the BGP? Probably not, and potential mistakes makes on-the-job learning a major business risk. Your network engineers must work hand-in-hand with your systems team in all aspects of migrating to the cloud and maintaining cloud services. I've seen many application teams take ownership of the cloud without understanding the effects on networking. You pay your network engineers for their subject-matter expertise. Insist on their involvement.

Network engineers bring experience to the project that helps ensure a smooth user experience. You don't want your users to groan each time they hear that another application or service will be deployed in the cloud, because of slower response time or other issues that lead to a degraded experience. Moving services to the cloud has an impact on the network. Let's cover what that means.

Network characteristics such as latency and jitter play a more prominent role when users access services and applications in the cloud. The primary driver of latency is distance. Applications that once existed in a data center in the same building as employees may be located in distant cities. Applications must be capable of dealing with increased latency without affecting the user experience. Most business-class ISPs will have jitter SLAs of 4 milliseconds or less, so the change in jitter probably won't have the same impact as the latency increase. Of course, if your applications have stringent jitter requirements, you will have to assess how the minor increase affects your application.

Data confidentiality is critical in the cloud. As mentioned earlier, the AWS VPC has no connectivity to the Internet unless explicitly configured. Purchasing dedicated links from your data center to Amazon's data center would not be feasible or needed for the most companies. The use of IPSec tunneling across Internet circuits provides a secure, standards-based tunneling mechanism for encrypting data. You won't have to worry about your data being comprised as it is transmitted across the network.

Since connectivity to the cloud typically uses existing Internet connections, you must take the traffic between your data center and the cloud into consideration when doing network capacity planning. Incremental service deployment in the cloud gives you visibility into bandwidth needs. The lead times associated with many ISPs for circuit turn-up are long. For this reason, an abrupt and complete switch to the cloud could degrade service for extended periods until Internet circuits are upgraded to higher capacities.

You might be wondering if the cost of the increased bandwidth for cloud services outweighs the benefits of the cloud. In the majority of instances, I would argue that the added cost is minor compared with the cost savings introduced by running services in the cloud. On a per-megabit basis, bandwidth prices continue to decrease, particularly as businesses move to Ethernet access for the WAN. One location type that must be examined is branch offices connected at lowers speeds using access technologies such as T1 and DSL. Depending upon current bandwidth usage, you should evaluate your options for connecting the branch office with Ethernet or business-class cable services.

Another bandwidth-related issue is the implementation or modification of quality of service (QoS) policy. Applications that formerly did not have to contend for bandwidth within the enterprise may have to do so on WAN links that do not have the capacity of internal LAN links. I recommend purchasing sufficient Internet bandwidth such that packets are not dropped under normal conditions. QoS should be relied on in abnormal states, such as increases in traffic due to denial-of-service attacks and link failures.

Still unsure about the cloud? You can perform extensive testing on AWS's VPC for less than $100. You may find that the cost and availability benefits of the cloud make it a valuable tool for your IT infrastructure. Don't forget that transitioning applications and services to the cloud will not always be simple and painless, depending on the complexity of the service. Maintaining existing levels for security and user experience will require a lot of planning. Applications developers and sys admins can't do this alone. The addition of network expertise to integration team will help ensure successful migrations and day-to-day upkeep of your data center's extension to the cloud.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/9/2012 | 4:53:34 PM
re: Networking In The Cloud
I enjoyed your comments but I would also like to hear more of your thoughts on actually monitoring and managing your network in the cloud once you've taken the step to go the cloud route. I've actually written a blog about this ( and would love to hear your comments.
User Rank: Apprentice
3/23/2012 | 8:19:34 AM
re: Networking In The Cloud
I must admit that I shared your initial dislike of the early Cloud hype, yet I can't help but think many Cloud offerings are still in their infancy. There are certainly a number of business applications that could easily fit on the Cloud, but the realization of all the promises remains to be seen. The value a Cloud Service lies in the quality of its Service Catalog, and how closely those services align with your particular IT needs.

You certainly covered a number of important points such as application latency and increased bandwidth requirements, but doubts still remain about important issues within their Service Level Agreements, such as guaranteed uptime, assured access to your data and the options available when migrating out of your Cloud provider. Perhaps the Cloud will only be equivalent to an existing datacenter when they can insure you will get the same flexibility, reliability and security of your current environment at the same or lesser cost. There's absolutely a place for Cloud Services as they exist at present, but as always let the buyer beware.

It would be great to hear about your positive/negative Cloud experiences.
More Blogs from Commentary
Edge Devices Are The Brains Of The Network
In any type of network, the edge is where all the action takes place. Think of the edge as the brains of the network, while the core is just the dumb muscle.
SDN: Waiting For The Trickle-Down Effect
Like server virtualization and 10 Gigabit Ethernet, SDN will eventually become a technology that small and midsized enterprises can use. But it's going to require some new packaging.
IT Certification Exam Success In 4 Steps
There are no shortcuts to obtaining passing scores, but focusing on key fundamentals of proper study and preparation will help you master the art of certification.
VMware's VSAN Benchmarks: Under The Hood
VMware touted flashy numbers in recently published performance benchmarks, but a closer examination of its VSAN testing shows why customers shouldn't expect the same results with their real-world applications.
Building an Information Security Policy Part 4: Addresses and Identifiers
Proper traffic identification through techniques such as IP addressing and VLANs are the foundation of a secure network.
Hot Topics
SDN Strategies Part 4: Big Switch, Avaya, IBM,VMware
Kurt Marko, Contributing Editor,  4/18/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Twitter Feed