A brand new unified networking answer for enterprises


A cloud computing symbol over a network that stretches around the world.
Picture: Ar_TH/Adobe Inventory

Networking has lengthy been the holdout in enterprise aspirations towards high-performance, multicloud or hybrid architectures. Whereas such architectures have been as soon as aspirational advertising buzzwords, they’re in the present day’s enterprise actuality. Now, with the launch of Cilium Mesh, enterprises get “a brand new common networking layer to attach workloads and machines throughout cloud, on-prem and edge.” Consisting of a Kubernetes networking element, a multi-cluster connectivity aircraft and a transit gateway, Cilium Mesh helps enterprises bridge their on-premises networking belongings right into a cloud-native world.

It sounds cool, and it is cool, however reaching this level was something however easy. It additionally stays complicated for enterprises hoping to bridge their present infrastructure to extra fashionable approaches.

Typically we take with no consideration cloud-native architectures as a result of we fail to understand the complicated necessities they place on the infrastructure layer. For instance, infrastructure software program should now be able to working equally effectively in public or non-public cloud infrastructure. It have to be extremely scalable to fulfill the agility of containers and CI/CD. It have to be extremely safe as a result of it usually runs outdoors of firm premises. And it should nonetheless meet the standard enterprise networking necessities when it comes to interoperability, observability and safety, all whereas typically being open supply and considerably community-driven.

Oh, and to be related to enterprises, all this cloud-native goodness should translate again into the legacy-infrastructure “badness” that enterprises have been working for years. That is what Cilium Mesh does for the networking layer, and it’s what Thomas Graf, the co-founder and chief expertise officer of Isovalent, the creator of Cilium, took time to clarify.

Leap to:

On the highway to cloud native

Cilium and Kubernetes emerged at roughly the identical time, with Cilium shortly incomes its place because the default networking abstraction for all the main cloud service supplier choices (e.g., Azure Kubernetes Service and Amazon EKS Anyplace). Not that everybody knowingly runs Cilium. For a lot of, they get Cilium as a hidden bonus whereas utilizing a cloud’s managed providers. How a lot an organization is aware of about its Cilium use has a lot to do with the place it’s at in its cloud journey, in line with Graf.

Within the preliminary stage of a Kubernetes journey, it’s usually solely an utility group that makes use of Kubernetes as they construct an preliminary model of the appliance. We see heavy use of managed providers on this section and really restricted necessities on the community except for the necessity to expose the appliance publicly through an Ingress or API gateway. Graf famous: “These preliminary use instances are solved very well by managed providers and cloud choices, which have accelerated the trail to growing providers massively. Small utility groups can run and even scale providers pretty simply to start with.”

With extra expertise and better adoption of Kubernetes, nevertheless, this modifications, and generally dramatically.

For bigger enterprise Kubernetes customers, Graf highlighted, they convey typical enterprise necessities comparable to micro-segmentation, encryption and SIEM integration. Whereas “these necessities haven’t modified a lot” over time, he pressured, “their implementation have to be fully completely different in the present day.” How? Nicely, for starters, their implementation can not disrupt the appliance improvement workflow. Utility groups are not interested by submitting tickets to scale infrastructure, open firewall ports and request IP deal with blocks. In different phrases, he summarized, “The platform group is tasked to tick off all of the enterprise necessities with out disrupting and undoing the features which have been made on agility and developer effectivity.”

Moreover, the platform that’s constructed is cloud agnostic and works equally effectively in private and non-private clouds. The most recent necessities even demand to combine present servers and digital machines into the combination with out slowing down the extremely agile processes constructed on CI/CD and GitOps rules. It’s non-trivial; nevertheless, with Cilium Mesh, it’s very doable.

This shift will change networking greater than SDN

With Cilium Mesh, the undertaking has unified some particular kinds of hybrid and multicloud networking issues like cluster connectivity, service mesh and now legacy environments. Now that Kubernetes has turn into a typical platform, Graf urged, it has established a set of rules that should discover their approach into an organization’s present infrastructure. In different phrases, as Graf continued, “Present networks with fleets of VMs or servers should be capable of be related to the brand new north star of infrastructure rules: Kubernetes.”

That is the place issues get attention-grabbing, and it’s the place Cilium Mesh turns into crucial.

“With Cilium Mesh, we’re bringing all of Cilium — together with all of the APIs constructed on high of Kubernetes — to the world outdoors of Kubernetes,” Graf declared. As an alternative of working on Kubernetes employee nodes, Cilium runs on VMs and servers within the type of transit gateways, load-balancers and egress gateways to attach present networks along with new cloud-native rules together with identity-based, zero-trust safety enforcement, totally distributed management planes and fashionable observability with Prometheus and Grafana.

Importantly, Cilium Mesh is equally interesting to Kubernetes platform groups and extra conventional NetOps groups. The Kubernetes-native strategy offers platform groups the mandatory confidence to imagine extra accountability for managing non-Kubernetes infrastructure, whereas using well-known constructing blocks like transit gateways and Border Gateway Protocol (primarily the postal service for the web) offers the NetOps group a transparent but incremental path to a Kubernetes world.

It is a massive deal for enterprises struggling to make sense of multicloud, which incorporates nearly everybody. True, the idea of multicloud has been mentioned for a very long time, nevertheless it’s solely now that we’re getting past the hype (i.e., the power to deploy concurrently into a number of public clouds to optimize prices) to the messy actuality of enterprise IT (i.e., completely different groups use completely different instruments for a number of various causes). The principle battle, Graf identified, “is much less about how one can join all the general public cloud suppliers collectively (and relatively) how one can get to a unified structure to attach present on-prem infrastructure with every public cloud providing whereas sustaining uniform safety and observability layers.”

This shift to Kubernetes-style rules powering the community layer has a variety of advantages. Chief amongst these will probably be considerably smaller groups that can function and supply infrastructure extra successfully whereas providing platforms that can enable enterprises to undertake fashionable improvement practices to stay aggressive. It’s a giant deal, and one which guarantees to alter networking much more fully than software-defined networking as soon as did.

Disclosure: I work for MongoDB, however the views expressed herein are mine.