vRack: an insight into the OVH.com private network
With the vRack (virtual rack), OVH.com offers its clients the possibility to interconnect all their IT infrastructure components, located all over the world, via a private network. This is a huge innovation that meets the growing need amongst companies* deploying hybrid architectures, combining different types of resources - physical, virtual, external or internal. Already awarded the “Best of IT innovation award 2014” _prize by Initiative Mittelstand in Germany (April 2014), the vRack confirms the ability of the leading European web hosting provider to invent the future of web hosting and networks.
“Three years ago, our information flows were pretty much vertical. In other words, they flowed from within our datacenters, outside our datacenters, to the internet”, Octave Klaba explained. “Now, an increasing part of these flows is horizontal; machines need to rapidly and securely exchange data between them- selves.” This is the case with e-commerce web- sites’ N-tier infrastructures that operate a pool of VPSs and physical servers (some used for the front-end, others used to house databases isolated from the public internet), or even Big Data platforms. “A few years ago, the web was static. The user connected to machines to receive standard content. Then, the web became dynamic with applications generating content based on the user’s requests, requiring more powerful servers. Now, connected devices, from PCs to smartphones, are empty shells with very limited resources. All intelligence has been transferred to the datacenters. The servers work in clusters to generate and process huge volumes of data before sending the result back to the user’s workstation.” OVH revealed this major change well ahead of anyone else. “OVH’s strength lies in our many highly-skilled users throughout the world”, Octave continued. “The needs expressed by a few very innovative start-ups a few years ago heralded the most common needs of today.”
vRack 1.5: a private multi-datacenter network for interconnecting servers and dedicated clouds
In 2009, OVH.com launched the vRack 1.0 to respond to the need to connect machines within a private network. Why? To enable users to bring together several dedicated servers on one virtual rack. Back then; this feature was only available if the different machines were hosted on the same site, Roubaix in our case.
Since then, OVH.com has expanded its datacenter portfolio by setting up datacenters in Strasbourg and Gravelines in France, and Beauharnois in Canada. OVH’s line of services has also significantly grown with the arrival of storage servers, VPS, public (RunAbove) and private (Dedicated Cloud) cloud solutions, Big Data clusters, etc. “Clients have spread their machines over several datacenters, and then created more complex infrastructures by combining their physical resources with cloud resources. Naturally, they called for a way to interconnect their different services via a private network”, explained Mehdi Bekkai, Product Manager for dedicated servers. This was a challenge for the OVH engineers - “We consulted suppliers, and not just the ones we already worked with. They hadn’t anticipated this new need, or rather complete paradigm shift in network design. It was not an option for us to wait for suppliers to complete their R & D; we had to offer our clients immediately workable solutions”, recalled Guillaume Delabre of the OVH.com network team. “In particular, we had to work out how to transport our clients’ vRacks from one datacenter to another. To do this, we combined several technologies, using some for different purposes from what they were originally designed for. The whole thing materialized in the summer of 2013 when we deployed a network that was parallel to the one that connected our datacenters to the net. To connect the machines to this private network, we integrated a second network card into the new server lines that were eligible for vRack, and the whole second network was wired.” Working like ants, the datacenter technicians rolled out nearly 2000 kilometers of cables in under three months. “We believe that the vRack is indispensable for all the clients who have a number of OVH’s services,” Mehdi explained. “This is why we’ve deployed it on a huge scale; it’s now included in a large number of our offers.”
Responding to today’s and tomorrow’s uses
The vRack 1.5 enables the possibility to interconnect different OVH.com services within one or more private secured networks (VLAN). For example, Infrastructure, Storage, and Big Data line servers, as well as Dedicated Cloud, can be configured with vRack. All of this is immediately available in a few clicks via the Control Panel or OVH API. Connected in this way, physical and virtual servers and VMs exchange data more quickly between each other without passing via the public network, in total security. Depending on their machines and their network card, the vRack user benefits from 1, 10, or 40 Gbps capacity. Mehdi Bekkai, Product Manager Dedicated Servers, took stock of vRack’s current uses: “The vRack is most obviously used to isolate critical web servers, and therefore attacks and intrusions. N-tier architecture - now the norm for large projects (e-commerce, intranet, etc.) and ensuring performance and security - is nowadays easier to deploy. As the vRack enables data to be transmitted more quickly and securely, it also benefits users that operate a redundant infrastructure, or one that’s divided between several faraway datacenters, as part of a DRP or BCP, or for organizing load balancing based on their users’ locations. In such cases, the vRack makes it possible to synchronize all the components of an infrastructure. For the same reasons, businesses praise the vRack for its critical data backup on storage servers, or even for its ability to couple their Dedicated Cloud - hosting multiple front-end web applications – with dedicated servers designed to maximize their SQL databases’ performances. Finally, users no longer have to design an often complex and time-consuming IP addressing plan for the different components of their infrastructure; you can attach an IP block to a VLAN and root it within a private network using ARP protocol. You no longer need to amend firewall settings to authorize new hardware’s private IPs; it’s easier to manage load peaks and extend an infrastructure horizontally.”
Up to 4,000 VLAN to isolate every client and interconnect applications
“Some clients, impressed by the vRack, asked us to go even further. Resellers, for example, would like to isolate every one of their clients who rents out a number of virtual servers. Large businesses would like to compartmentalize their infrastructure by applying strict access filters.” It was clear that we needed to push the limits of isolation within the physical private network that linked up one user’s different services. “We’ve opted for a technology that makes it possible to encapsulate VLAN within a VLAN”, added Guillaume. In concrete terms, a vRack is deployed between the clients’ various services, meaning a physical connection between the various machine ports. And, within this vRack, the client can add up to 4000 VLAN. The traffic in each VLAN is tagged so that it can be encapsulated and decapsulated at any point in the private network that’s configured by the user. A small yet important detail – the user can tag each of their VLANs themselves, in other words, they can choose the number of each of the sub-networks that will link the services of their choice.” Today, Dedicated Cloud clients already benefit from this increased number of available VLAN (vRack 2.0). In a few weeks from now, users with eligible dedicated servers will also get a vRack that can hold up to 4000 VLAN. “The possibilities to combine physical and virtual resources within the vRack, and to multiply VLAN are all the more interesting as, thanks to load balancing IP, it will soon be possible to spread the load between different services interconnected by a VLAN,” Mehdi added.
Dedicated Connect : Interconnect your internal datacenter to the PVH datacenters to create hybrid clouds
“Businesses want to outsource all or part of their IT system, by isolating it within a private network. For them, the best solution is a private connection that connects to our datacenters directly from their offices or datacenters, and that doesn’t pass through the notoriously untrustworthy public network”, Mehdi explained. The OVH.com teams have therefore deployed new routers to receive its clients’ fiber connections directly from the various points of presence (PoPs) in the OVH.com network. Currently, a bunch of clients benefit from the Dedicated Connect service - a 100% private direct connection with no bandwidth or traffic limitations - which passes via one or two 1 or 10 Gbps ports, between their internal IT system and its extension within the OVH.com infrastructures.
The vRack adapts to the changes of the application hosting market, from LaaS to PaaS
“Our clients realized that they were spending more time setting up applications than coding them - incredible!” adds Mehdi. This explains the growing success of software container technology (LXC), in which the developer loads an application and its dependencies so that it works on any type of resource. “Creating a container is virtually instant, whereas a VM can take a few minutes to boot. This technology, supported by projects such as Docker, is ideal for spreading distributed systems over new resources (horizontal scalability). These containers can equally be added to a bare machine and a VM, the advantage being that you can switch the VM from one server to another to increase availability.” Going back to the vRack, it’s an essential component of this type of architecture. Every one of the4000 VLANs available in the vRack can support the creation of 16 million VXLANs. The user can easily do this. “vRack’s complexity is masked by the API - the developer programs and automates the creation of these private networks with simple requests. Technically, it doesn’t make a difference to them if the VLAN deployed is an encapsulated VLAN or even a VXLAN. They just see that it works straightaway.” Developers become DevOps wizzes, without necessarily needing advanced network skills. “We’ve entered the era of Software-defined networking”, Octave concluded, “but suppliers haven’t yet caught up with us. As they lack the adequate hardware, these days we design our own virtual router so that, in the mid-term, each user can manage even more precisely this multi-layered network, and add features and services. This router - or in reality, software developed by our engineers which will run on a standard server – makes it possible for example to interconnect servers and dedicated clouds with new services, VPSs, public cloud resources (RunAbove), and VPNs via the vRack. But that’s not all. This router - a convergence point of all a user’s private networks - will also be able to perform load balancing at Layer 7 (http), 3 and 4 (IP).” The evolution of vRack technology will be something to watch.
*According to a Gartner study published in September 2013, 70% of businesses interviewed said that the hybrid cloud would be part of their 2015 strategy.