In-Depth
Network Lessons from 2010 Drive Predictions for 2011
It was a busy year for IT professionals in 2010. What did network administrators learn this year, and how will these lessons affect the top enterprise trends in 2011?
By Jarrod Siket, Senior Vice President, Sales and Marketing, Netronome
It was a busy year for IT professionals in 2010. What did network administrators learn this year? I think it boils down to three key lessons, which also drive my top three predictions for the new year.
Lesson #1: Embedded x86 goes mainstream for network communication designs.
We saw an amazing shift in the design of networking and security products for communications networks. The x86 processor became a popular choice for designs that required significant amounts of computationally-intense L4-L7 application processing beyond simple switching and routing. In these use cases, x86 brought a lot to the table: an attractive price, performance, power, innovation, continuity of supply, ease of programming, breadth of tools, and a large skilled workforce familiar in programming the devices.
Lesson #2: Memory bandwidth fell further behind network processing speeds.
Designers of networking products have often used network processors from merchant silicon providers or their own custom ASICs in order to keep pace with rapid increases in bandwidth requirements. Given the historically low level of packet and security processing involved in L2 - L3 - based switching and routing solutions, designers have been crafty in their methods to avoid memory bandwidth bottlenecks.
In 2010, more intelligent networking and security applications have become standard requirements for enterprise and carrier networks. These devices not only are required to support very high throughputs at 10 Gbps and beyond, but also the number of instructions per packet, the number of concurrent flows, and the total memory transactions required to support these levels have increased substantially.
Today, top-end computing processors operate at over 3GHz, but leading DDR memory trails at less than half the frequency of general-purpose processors. This widening gap between memory bandwidth and network processing speeds is removing the benefits of the advancing CPU operating frequencies.
Lesson #3: Security moves to the forefront.
This year we saw more records set in networking speeds, the number of connected devices (smartphones, iPad, game consoles), growth in real-time traffic (such as IP video and voice), and new forms of business services enabled through cloud computing. Security of these online communications is paramount.
At a time when overall IT spending has been down, network designers spared no expense in deploying an array of solutions to protect inbound attacks and outbound leaks including network firewalls, forensics devices, intrusion detection and prevention systems, data loss prevention and other devices. The need to ensure network security has moved to the forefront, and IT administrators agree that all traffic must be intelligent and securely processed without exception.
Predictions for 2011
What will keep network administrators awake at night in the coming year?
Prediction #1: Growth in network bandwidth will create a new choke point.
Network capacity will increase, with interfaces growing from 1 Gbps to 10 Gpbs, 40 Gbps, and 100 Gbps to remove network performance bottlenecks. Ironically, these infrastructure changes will create a new set of bottlenecks of equal or greater negative impact.
Enterprise and carrier networks are critically dependent on a host of network and security appliances that are deployed inline and require 100 percent packet capture, stateful flow processing, and deep packet inspection. These appliances are historically built on standard servers with general-purpose processors. These devices and their commodity components will fail to keep pace with the network I/O performance and latency requirements. As a result, these in-line appliances will significantly hinder the performance of high-speed network deployments.
Prediction #2: Cloud computing will expose new gaps in network security.
More enterprises will take full advantage of the cost and administration benefits provided by cloud computing. However, the adage that “there is no such thing as a free lunch” will be proven true.
Enterprise network operators have spent more than a decade reinforcing their security architectures to ensure protection by meeting industry and corporate compliance goals and satisfying government regulations. Emerging cloud providers will face a challenge in delivering these same levels of security assurance in their own hosted data centers, let alone while the data and communications traverse public networks that are outside the control of both the enterprise and the cloud service provider.
Prediction #3: Server virtualization effectiveness will be limited by network I/O performance.
Data centers will continue the rush towards deploying higher-density, multicore servers and further enhance them with various forms of operating system virtualization. In current designs, racks of servers are secured and directed traffic after being surrounded by additional equipment such as load balancers, firewalls, switches, and routers. Virtualization allows these servers to be tightly consolidated from discrete, individual machines into shared cores or virtual machines inside a single server.
The stated benefits of virtualization are numerous, including lower power, less complex network design, increased utilization, and overall lower equipment and operational costs. However, to achieve these benefits, the requisite switching, routing, load balancing, and security processing must be integrated within these devices while ensuring that each core or virtual machine is guaranteed adequate network bandwidth and traffic isolation.
None of these issues will deflate the enthusiasm around server virtualization and consolidation, but it will drive a new series of innovation and network I/O virtualization (IOV) and IOV security processing.
Jarrod J.S. Siket is a senior vice president for sales and marketing at Netronome, the leading developer of network flow processors that are used for cybersecurity and intelligent networking applications. You can contact the author at jarrod.siket@netronome.com.