AVI NETWORKS ARCHITECTURE Industry s first analytics-driven, elastic, distributed load-balancer for on-premise and cloud environments



Similar documents
APPLICATION DELIVERY IN OPENSTACK WITH AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM

APPLICATION DELIVERY IN OPENSTACK WITH AVI NETWORKS

CLOUD APPLICATION DELIVERY Benefits of hyperscale, for enterprises of any size.

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM FOR VMWARE VCLOUD AIR

AVI NETWORKS CLOUD APPLICATION DELIVERY PLATFORM INTEGRATION WITH CISCO APPLICATION CENTRIC INFRASTRUCTURE

Enabling Database-as-a-Service (DBaaS) within Enterprises or Cloud Offerings

Pluribus Netvisor Solution Brief

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Leveraging SDN and NFV in the WAN

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

Getting More Performance and Efficiency in the Application Delivery Network

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

Deploying F5 BIG-IP Virtual Editions in a Hyper-Converged Infrastructure

Blue Planet. Introduction. Blue Planet Components. Benefits

Use Case Brief CLOUD MANAGEMENT SOFTWARE AUTOMATION

Performance Management for Cloudbased STC 2012

SDN Applications in Today s Data Center

Smart Network. Smart Business. Alteon NG Solution Brochure

All-Flash Arrays Weren t Built for Dynamic Environments. Here s Why... This whitepaper is based on content originally posted at

RemoteApp Publishing on AWS

Simplified Management With Hitachi Command Suite. By Hitachi Data Systems

SDN and NFV in the WAN

Cisco Application Control Engine in the Virtual Data Center

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

Virtualization Essentials

Elasticsearch on Cisco Unified Computing System: Optimizing your UCS infrastructure for Elasticsearch s analytics software stack

Virtualization, SDN and NFV

Taking the Open Path to Hybrid Cloud with Dell Networking and Private Cloud Solutions

Intel Service Assurance Administrator. Product Overview

Testing & Assuring Mobile End User Experience Before Production. Neotys

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

The promise of SDN. EU Future Internet Assembly March 18, Yanick Pouffary Chief Technologist HP Network Services

DECODING SOFTWARE DEFINED NETWORKING (SDN) Nico Siebelink Technical Director Northern Europe

MaxDeploy Hyper- Converged Reference Architecture Solution Brief

Resource Utilization of Middleware Components in Embedded Systems

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

Frequently Asked Questions: EMC ViPR Software- Defined Storage Software-Defined Storage

Zeus Extensible Traffic Manager in Virtualized Hosting Environments.

HP Virtualization Performance Viewer

Why Service Providers Need an NFV Platform Strategic White Paper

How To Monitor Hybrid It From A Hybrid Environment

Introduction to Junos Space Network Director

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

MRV EMPOWERS THE OPTICAL EDGE.

SolidFire SF3010 All-SSD storage system with Citrix CloudPlatform Reference Architecture

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

THE VIRTUAL PROBE: ASSURANCE & MONITORING IN THE NFV/SDN ERA

Avi Cloud Application Delivery Platform (CADP) v15.1

Cloud Customer Architecture for Web Application Hosting, Version 2.0

Introduction to Cloud Design Four Design Principals For IaaS

Strategic Direction of Networking IPv6, SDN and NFV Where Do You Start?

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

Maxta Storage Platform Enterprise Storage Re-defined

Clodoaldo Barrera Chief Technical Strategist IBM System Storage. Making a successful transition to Software Defined Storage

5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

Availability for your modern datacenter

Business Case for Open Data Center Architecture in Enterprise Private Cloud

Server & Application Monitor

Cisco Intercloud Fabric for Business

Successfully Deploying Globalized Applications Requires Application Delivery Controllers

Scalable Network Monitoring with SDN-Based Ethernet Fabrics

Brocade One Data Center Cloud-Optimized Networks

Scalable Network Monitoring with SDN-Based Ethernet Fabrics

Elevating Data Center Performance Management

Stratusphere Solutions

CloudCenter Full Lifecycle Management. An application-defined approach to deploying and managing applications in any datacenter or cloud environment

can you effectively plan for the migration and management of systems and applications on Vblock Platforms?

The Road to SDN: Software-Based Networking and Security from Brocade

Core and Pod Data Center Design

Netvisor Software Defined Fabric Architecture

Software Defined Environments

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Ten Best Practices for Optimizing ADC Deployments

How To Make A Cloud Service More Profitable

Master Hybrid Cloud Management with VMware vrealize Suite. Increase Business Agility, Efficiency, and Choice While Keeping IT in Control

Transform Your Business and Protect Your Cisco Nexus Investment While Adopting Cisco Application Centric Infrastructure

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

A Look at the New Converged Data Center

WHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager

Intel IT Cloud Extending OpenStack* IaaS with Cloud Foundry* PaaS

Software-Defined Networks Powered by VellOS

How do software-defined networks enhance the value of converged infrastructures?

Use Case Brief BUILDING A PRIVATE CLOUD PROVIDING PUBLIC CLOUD FUNCTIONALITY WITHIN THE SAFETY OF YOUR ORGANIZATION

Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

Is Hyperconverged Cost-Competitive with the Cloud?

VMware vcloud Networking and Security Overview

Microsoft s Cloud Networks

Oracle Cloud Platform. For Application Development

Transcription:

WHITE PAPER AVI NETWORKS ARCHITECTURE Industry s first analytics-driven, elastic, distributed load-balancer for on-premise and cloud environments Challenge Operational complexity with legacy ADCs that need to be managed as individual appliances Lack of elastic scale for network services A loss in visibility and control as applications move to cloud-like infrastructures. Solution A distributed architecture with a single-pass data plane for load balancing, health monitoring, content optimization, content transformation and application security. A controller-based architecture that delivers a single point for policy, control and management. A closed-loop architecture that constantly analyses user-to-app characteristics to autoscale network services out/in in realtime Benefits Simplified, automated operations Quick deployment and rollout of new applications and services High availability and elastic scale Integrated inline analytics and visibility into application performance Summary Application development, deployment, delivery and consumption are undergoing a radical transformation. Unfortunately, the Application Delivery Controller (ADC) providing load balancing, content switching, rewrite, optimization and application security has not evolved to keep up with this transformation. The Avi Networks solution is purpose-built for the cloud and mobile era using a unique analytics-driven and software-defined architecture called HYDRA (Hyperscale Distributed Resources Architecture). This white paper describes the Avi Networks HYDRA architecture in detail. Trends Several recent industry trends have transformed the way applications are delivered and consumed. 1. Non-desktop access is the standard By early 2014, Internet usage on mobile devices exceeded desktops/laptops according to this ComScore report and as a result, applications are being redesigned and re-architected to allow consumption across a variety of client devices. The same application may be accessed via browsers or native/html5 apps; it may be simultaneously consumed on high bandwidth/low latency desktops or high latency/low bandwidth mobile phones. 2. From monolithic, shrink-wrapped apps to a close federation of microservices The microservices architecture decomposes large monolithic applications to a set of smaller services called microservices that are developed, deployed and scaled independently. Each self-contained microservice has the same network services requirements as the (former) larger application such as load balancing, security, content optimization, transformation, etc. The overall application may be stitched together on different clients using microservices, e.g., a Javascript program in a desktop Web browser, a native mobile app, and an HTML5 tablet app all issuing REST calls to the same set of microservices in the backend. 3. From data centers to clouds Enterprise applications are being deployed in diverse locations including on-premise data centers, private clouds and public clouds. The same application may be developed and tested in a private cloud and deployed in the public cloud. Regardless of the location, all applications require application delivery and security services from a single point of control for consistent, secure and agile application deployment. 4. Diversity of form factors Applications are increasingly deployed in a variety of form factors. These can include virtual machines (VMs), containers, bare metal or containers in a VM. They can have unique networking deployment models that range from physical to virtual overlays to NAT with private subnet per host, etc. When legacy physical or virtual appliance-based ADCs are plugged into a physical fabric, traffic has to be stitched together and the devices have to be integrated into every networking/sdn control plane, making deployments unwieldy, clumsy and complex. 1

Shortcomings of Legacy Application Delivery Solutions Traditional ADCs have at least three major shortcomings in how they are deployed, consumed and managed. 1. From custom ASIC to standard x86 Commodity x86 CPUs are more than adequate to perform all advanced ADC functions, including crypto using specialized crypto instructions (AES-NI from Intel) even for the most demanding applications. Switching all of Google applications to use TLS barely increased the overall load on CPU by 1-2% according to this blog. Observations at Amazon Web Services (Reference: AWS Re: Invent Conference 2013 talk) show average server CPU utilization in data centers at 12-15%. Hence, it makes sound economic and environmental sense to implement network services as software functions on commodity servers instead of specialized hardware appliances. This is also the rationale behind the Network Functions Virtualization (NFV) architecture. 2. Separation of data, control and management planes MANAGEMENT PLANE HARDWARE ADC APPLIANCES VIRTUAL ADC APPLIANCES CLOUD APPLICATION DELIVERY PLATFORM DATA PLANE CONTROL PLANE Runs inside a VM A secure cloud service portal provides: Figure 1: Separation of data, control and management planes Enterprise class security: Central administration for policy management of tenants/users/roles, security profiles, and the ability to access audits/logs/events/alerts from a single point for all services Automation and self-service: A self-service portal where users can create/modify/delete a service using a UI or APIs that also serves as a central policy repository for all service instances Central control: Lifecycle management for the service data plane, including automatic placement, capacity management (elasticity) and high availability for all services Legacy ADCs are managed as individual appliances, not as service instances. Some appliance vendors provide a manager of managers for device management, but the pitfalls of element/device management versus SDN are well known. A true SDN architecture is needed to provide services for the cloud. Legacy ADC Use proprietary hardware No separation of control of data planes Don t use real-time suer-to-app analytics Shortcomings Spares, installation, scalling issues Each ADC appliance needs to be individually configured, managed and troubleshot ADCs are over provisioned and under utilized Figure2: Shortcomings of legacy ADC solutions 2

3. Analytics-driven application delivery ADCs reside at a strategic location in the application topology, view every transaction that traverses the system and have direct access to a wealth of user, client, application and infrastructure information. However, traditional ADCs provide little information beyond time series graphs or SNMP counters for a few basic metrics such as packets/bytes or requests/connections, and they neither provide nor consume any of the rich analytics information they have access to. Cloud Application Delivery Platform Avi Networks has built a next-generation ADC solution providing secure, reliable and scalable application delivery services for applications in the data center and/or the cloud from a single point of management and control. At the heart of the Avi Networks solution is the Hyperscale Distributed Resources Architecture (HYDRA). For the first time in the ADC industry, HYDRA separates the data plane from the control plane. AVI UI REST API AVI CONTROLLER AVI SERVICE ENGINES Figure 3: Avi Networks Hyperscale Distributed Resources Architecture (HYDRA) HYDRA architecture consists of the following components. Avi Service Engines Avi Service Engines provide a single-pass data plane for load balancing, health monitoring, content optimization, content transformation and application security. They also serve as probes that analyze every application transaction. Avi Service Engines are co-located as VMs or containers with applications on standard x86-based servers, forming a distributed microservices infrastructure and providing comprehensive application delivery services. Single-Pass Pipeline Architecture Processing on Avi Service Engines occurs in modular, event-driven, non-blocking, asynchronous pipelines performing integrated layer processing for all OSI layers (L2-L7) in a single pass from packet reception to transmission. The pipelines are free of context switches, system calls and interrupt processing, and they avoid significant socket, kernel and device driver interrupt overheads. Efficient Memory and Cache Management Avi Service Engines use several advanced memory and cache management techniques to optimize data transfers and scale performance across cores. Techniques include zero-copy data transfers, memory mapped buffers, packed and cache aligned data structures, lockless queues and rings, fixed sized pools, large TLB pages, per-core exclusive state and more. 3

Harnessing the Power of x86 Avi Service Engines fully leverage the x86 AES-NI instruction set to provide scalable cryptographic performance on commodity x86 CPUs. Elliptic curve cryptography provides even further speedup: 4x the performance for the same cipher strength at the same CPU utilization. SCALE OUT SERVICE ENGINES L7 HTTP, DDoS CONTENT SWITCHING WEB SECURITY, REWRITES L4 TCP, SSL, DDoS LOAD BALANCING HIGH PERFORMANCE SINGLE-PASS PIPELINE Figure 4: Avi Service Engines Data Collection and Analysis Without Performance Impacts Avi Service Engines examine terabits of traffic flowing through the data plane pipelines. High efficiency filters discard all but the most significant analytics data points and logs, significantly reducing the data by up to a factor of 1,000. Key metrics, analytics data points and logs are then aggregated and streamed to the analytics engine on the Avi Controller using compression, variable length encoding and a wire protocol efficient yet extensible format. High Availability Avi Service Engines can be configured in a variety of high availability options: Dedicated Active- Standby Pair, Shared N-Way Active-Active Service Engines, Shared N-Way Active-Standby and Shared Best-Effort. All existing connections are typically dropped in active-hot standby failover with legacy appliances. On the other hand, existing connections on the running Service Engines in an active-active cluster are preserved on an Avi Service Engine failover. For example, a single Service Engine failure in an active-active cluster of four Service Engines results in disruption for just 25% of existing connections with the Avi data plane. ACTIVE ACTIVE ACTIVE Figure 5: Avi Service Engines in an active-active cluster 4

Elastic Scale All applications have periods of low, medium and high load and performance requirements based on realtime user demand. The Avi Networks solution uniquely scales out the data plane performance in response to the application needs using several techniques. Automatic creation of Service Engines: As more virtual services are created, the Avi Controller dynamically creates new Service Engines and places new virtual services on those newly created Service Engines. Pooling resources to meet a spike in scale: As the performance and load requirements of a single application varies, Avi Service Engines work together to gracefully add or remove Service Engines handling the load for a single virtual service. Redistribution of load across Service Engines: Virtual services can be gracefully migrated across Service Engines to redistribute load. SCALE-OUT Figure 6: Avi Service Engines elastic scale Policy Engine (resides within Avi Controller) The Avi Controller cluster houses the policy engine and the API endpoint for configuring services. The Avi Controller cluster is architected as an active-active, scalable control plane cluster, unlike traditional active-standby appliance control planes. Avi Controller exposes a declarative policy model using first class REST objects to the administrator. Unlike traditional appliances providing REST APIs bolted on top of the CLI, all communication with the Avi Controller is over REST using native Avi policy objects. Avi UI and Avi CLI only use REST APIs to communicate with the Avi Controller. In an automated cloud environment, API agility and efficiency are critical for service availability and productivity. Inline Analytics Module (integrated within Avi Controller) The Avi Controller cluster also houses scalable, streaming, real-time analytics engines for Inline Analytics. Avi analytics engines use various techniques to optimize the transport, storage and analysis of streaming data points. Over 500 data points are collected and processed every second per service. An append-only schema for low latency, high bandwidth data storage and retrieval Sharded and replicated data storage backends for performance and high availability In memory and on disk reverse indexes for real-time log analytics Real-time quantile calculation to extract the most significant dimensions State efficient anomaly detection algorithms for deviation detection A weighted decision tree analysis for health score factor drilldowns Spatial and temporal correlation of anomalies for root cause analysis 5

STREAMING DATA STORE END-TO-END TIMING VMware OpenStack SDN Controllers APP DATA USER DATA SERVER DATA NETWORK DATA REDUCED DATA FROM SERVICE ENGINE COLLECTORS INFRA DATA FROM CLOUD COLLECTORS LOG INDEXER MACHINE LEARNING ANOMALY ENGINE HEALTH SCORE CLIENT LOGS CLIENT INSIGHTS Figure 7: Avi Controller Inline Analytics Inline Analytics processing subsystems provide comprehensive analytics dashboards about applications, end users and the infrastructure: App Analytics with comprehensive end-to-end timing and customizable dashboard with key metrics time series for every virtual service A single App Health Score with drilldown, encompassing current and past application performance, infrastructure utilization and anomalous behavior Log Analytics providing real-time search capability for application transactions with dimensional analytics for over 20 dimensions such as geo, OS, browser, etc. Client Insights providing dimensional analytics on Real User Metrics (W3C Navigation timing and Resource timing) such as page load time, DNS query, connection establishment, data transfer, etc. Anomaly detection for significant deviation from auto learned baselines and auto correlation of events, configuration changes and anomalies across space and time DISTRIBUTED MICROSERVICES APP/USER/SYSTEM PERFORMANCE DATA ADJUST PERFORMANCE, PLACEMENT, CAPACITY INLINE ANALYTICS Figure 8: The industry s only closed-loop application delivery system Using inline analytics and machine learning techniques, Avi s Distributed Microservices data plane continuously and automatically adjusts the performance, placement and capacity of application delivery services based on end-user and application insights derived by the Inline Analytics engine. Some examples of Closed-Loop Application Delivery are: Servers consume 40% power when idle and 85% at low CPU utilization according to this Facebook blog. Avi Networks ServerSaver algorithm constantly monitors server response time and loads the fewest servers required at any given load while still providing superior levels of service. Avi Networks ADC dynamically learns application load patterns based on time of day and day of the week, and it autoscales both Avi Service Engines and backend servers without the need for guessing or pre-provisioning capacity. 6

100% Programmable Centralized Control 100% of features supported via REST API Centralized policy database, configuration, provisioning Auto-X Auto-place virtual load balancer Auto-discover and integrate with vcenter/openstack Auto-scale based on real-time parameters Summary Figure 9: Simplified operations delivered by Avi Networks Avi Networks is bringing application delivery, security and analytics to align with three technology megatrends impacting enterprise data centers: cloud adoption, mobile endpoints and microservicesbased application architectures. Using a Distributed Microservices architecture, Avi Networks provides elastic and scalable application delivery services on commodity x86 servers across data centers and the cloud. It is purpose-built for the cloud+mobile era and uses a unique analytics-driven and software-defined architecture called HYDRA (Hyperscale Distributed Resources Architecture). The integrated Inline Analytics module provides actionable insights to administrators for operational simplification; in addition, the performance, placement and capacity of application delivery services are automatically adjusted in response to application load, user traffic and infrastructure resources. About Avi Networks Avi Networks is the Cloud Application Delivery Company. The Avi Networks ADC solution brings the benefits of hyperscale application delivery to enterprises at any scale. With a unique analytics-driven and distributed load-balancing architecture HYDRA, the Avi Networks Application Delivery and Analytics solutions guarantee the end-user application experience for on-premise and cloud-based applications. The company s founding team has previously delivered products that today run in more than 80 percent of the world s data centers. For more information, visit us at www.avinetworks.com and follow us at @avinetworks Avi Networks 945 Stewart Drive Suite 150 Sunnyvale, California 94085 408.628.1300 www.avinetworks.com 2015 Avi Networks. All rights reserved. Avi Networks, the Avi Networks logo, Distributed Microservices, Inline Analytics, Cloud Application Delivery Platform, and Hyperscale Distributed Resources Architecture are trademarks of Avi Networks in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Avi Networks assumes no responsibility for any inaccuracies in this document. Avi Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 80002-01 July 2015 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information