HP's Multitenant Device Context (MDC) software partitions a single switch into multiple virtual switches, ensuring separation between groups such as different tenants. The company's Ethernet Virtual Interconnect (EVI) extends Layer 2 networking over the WAN and competes with Cisco's Overlay Transport Virtualization (OTV) and Virtual Device Context on the Nexus 7000. EVI and MDC combined form the framework for HP's cloud networking and will be available free as a software upgrade in the fourth quarter for HP's FlexFabric A12500 switches. Since EVI and MDC are included with the A12500 software, HP claims its core switch with Layer 2 extensions costs just 56% of Cisco's Nexus 7000 with similar capabilities.
Extending Ethernet over the WAN is important for enterprises building private clouds. In InformationWeek Reports' recent survey "Private Cloud Vision vs. Reality," 83% of respondents building a private cloud reported that they plan to move VMs and workloads between data centers. As Jake McTigue points out in our recently published digital issue, "Next Gen WAN," while VPLS and MPLS can transport Ethernet across the WAN, going beyond two data centers is complex and requires BGP routing, which can introduce loops in the Ethernet network. Protocols like EVI and OTV are a less complex way to reliably bridge two or more data centers. The protocols are proprietary, but there are no standards being worked on in either the IEEE or IETF to provide the same function.
The main goal of Layer 2 extension protocols is to improve application availability and disaster recovery by making possible failover to geographically diverse locations. "Enterprises should re-architect applications to be fault-tolerant and resilient, but rewriting applications and rebuilding the underlying infrastructure is complex and expensive," explains Greg Ferro, a network architect and Network Computing contributor. "Layer 2 extension allows companies to use geographic replication without changing their applications." (For more from Ferro on the benefits of network resiliency, read "Using Cisco's OTV and LISP to Improve Application Availability.")
Ethernet Virtual Interconnect
EVI can connect up to eight data centers and optimize inter-data center traffic using equal-cost multipath load balancing. Unlike MPLS/VPLS and BGP, EVI requires only five commands on each core switch to configure. HP's proprietary Intelligent Resilient Framework (IRF), which creates multiple paths through data center networks, can run over EVI and lets companies use multiple WAN connections between data centers. HP claims that IRF and EVI speed up vMotion due to the ECMP load balancing across multiple WAN links. Obviously, the available WAN bandwidth and latency will ultimately determine how fast vMotion moves occur. Similar to OTV, an EVI network can be brought up in minutes--much faster than the months required by service providers to provision VPLS or MPLS circuits.
HP says its A12500 core switch lists for $56,510, including EVI and MDC. According to the company, a comparable Nexus 7000 costs $68,000, plus an additional $60,000 in software including: an enterprise license at $15,000, a VDC license at $20,000 and an OTV license at $25,000.
Multitenant Device Context
Bridging Ethernet over the WAN is useful, but the other requirement for private and public clouds is multitenant or service isolation. HP's Multitenant Device Context works by grouping Ethernet ports in one or more A12500 switch into a virtual switch with both the control and data planes isolated from other MDC instances. Each MDC has its own configuration, forwarding and routing tables, and management. In fact, moving traffic from one MDC to another requires running a cable between ports in different MDC instances. While that seems like a problem, it ensures that no MDC instance can access data on another by mistake.
Not only does MDC isolate traffic between tenants, but it also isolates faults and configurations from each other. Each MDC has its own set of administrators that can manage the virtual switch using an instance of HP's IMC or the command line. Since each instance of MDC is an isolated domain, a misconfiguration or process failure in one won't affect the others, which is a huge benefit in data centers with competing mission-critical applications that share the same infrastructure. Separated management is useful for midsize and larger enterprises that delegate administration to specific departments, and can be a significant cost savings. Rather than buying network equipment for each department, fewer core switches can be deployed and shared. Of course, that means an outage affects more departments, so designing for active/active failover is important.
HP's EVI and MDC can also operate together, similar to Cisco's combined OTV and VDC. Each MDC is a separate virtual switch, so it can have up to 32 EVI networks that are independent of the other EVI networks. Applications can access resources spread across multiple data centers under a single management domain, and IT can establish disaster recovery processes without making major changes to the physical network.
HP is partnering with F5 Networks to manage the redirection of connections from one data center to another when a VM changes locations. As Ferro points out in his discussion of OTV and LISP, when a workload moves from one data center to another, there's the potential for a traffic trombone, in which inbound connections enter data center A and are routed to data center B, and then back. LISP changes the routes in the network so that when a new connection is made, the traffic is routed to where the workload is and the IP address remains the same. HP tells F5's Global Traffic Manager to update DNS entries to the new IP address for the workload, which means connections are lost at the existing site and established at the new one.
HP is clearly targeting rival Cisco in the high-end data center by adding multitenant support and Layer 2 WAN extensions to HP's core switches. However, this isn't an innovation--it's evolution that meets the needs of data center networks. The offering isn't as comprehensive or as flexible as Cisco's OTV/LISP combination. Other networking vendors like Brocade, Juniper and IBM don't have comparable products or features that enable such simplified Layer 2 extension.