Scalable Automated Networking for Apache CloudStack
In the age of cloud, AI, and hyperscale data – there are going to be more and more cloud providers. Every country is deploying multiple sovereign clouds, MSPs and hosting providers are becoming public cloud providers, and even traditional enterprise data centers are transforming into private cloud operators.
As the new generation of cloud service providers (CSPs) strives to meet the growing demands of their customers, scalability and automation in network infrastructure become critical factors. Apache CloudStack, a popular open-source cloud computing software for new CSPs, presents certain networking challenges when used with traditional switch fabrics. This article explores these challenges and introduces how Netris provides a scalable, automated networking solution that seamlessly integrates with Apache CloudStack and allows you to build a truly future-proof cloud service offering.
The Limitations of Traditional Switch Fabrics with CloudStack
Apache CloudStack requires a robust switch fabric to manage network isolation between Virtual Private Clouds (VPCs). Commonly, this isolation is achieved using VLANs (Virtual Local Area Networks). However, VLANs have a hard limit of 4,096 identifiers (per IEEE 802.1Q standard), which restricts the number of VPCs a CSP can support. For cloud environments of any size, this limitation becomes a significant bottleneck upfront or growth-wise.
Apache CloudStack does support Tungsten Fabric as an isolation method, which was supposed to address the scalability issue. However, the Tungsten Fabric project was shut down in August 2024. It was originally a Juniper Networks proprietary SDN called Open Contrail and wasn’t open, then Juniper opened it and renamed it Tungsten Fabric, and finally wind down in August 2024.
Other supported isolation methods do not offer encapsulations or markings that switch fabric or other network components can understand, making the CloudStack deployment to operate as an “island”.
To overcome scalability challenges, CloudStack offers the ability to use VXLAN (Virtual Extensible LAN) instead of VLANs. VXLAN extends the number of available network identifiers to 16 million, theoretically supporting a vast number of VPCs. However, integrating VXLAN with traditional switch fabrics presents new challenges.
Challenges with the default Multicast-based VXLAN Isolation
Most traditional switch fabric solutions—such as Cisco ACI, Arista CloudVision, Juniper Apstra, and others—do not natively integrate with CloudStack’s VXLAN implementation. As a result, CloudStack’s default VXLAN, based on multicast, operates as a VXLAN “island,” isolated from the physical network infrastructure. This isolation creates several problems:
– Can’t extend VPCs: Without integration between the VXLAN control plane of the physical switch fabric and the VXLAN control plane the Apache CloudStack there’s no scalable way to extend the virtual network beyond the boundaries of the CloudStack.
– No Direct Connect Equivalent: CSPs cannot offer services similar to AWS Direct Connect, which would allow customers to establish private connectivity between CloudStack VPC and their data centers or offices.
– Scaling Limitations of CloudStack’s Virtual Router: CloudStack’s built-in virtual router does not scale efficiently for large environments. Replacing it with an external component isn’t feasible without VXLAN control plane integration.
Netris: A Solution for Scalable, Automated Networking
Netris addresses these challenges by offering network automation, abstraction, and operations software that is purpose-built for building and operating clouds.
Netris’ switch fabric manager natively integrates with CloudStack controller through API and with its virtual VXLAN fabric using BGP/EVPN control plane. This integration enables CSPs to build scalable and automated network infrastructures that overcome the limitations of traditional switch fabrics.
Seamless VXLAN Integration
By integrating with CloudStack’s virtual VXLAN fabric using BGP/EVPN and APIs, Netris enables the virtual network segments to be extendable into the physical network switches. Basically, the switch fabric’s VXLAN fabric is connected with CloudStack’s VXLAN fabric at the underlay and control plane levels, and the Netris controller is connected with the CloudStack controller on API level – two integrations exchanging vital metadata for seamless operation. This native integration provides several benefits:
– Extended VPC Connectivity: Enables connectivity between VPCs and external networks, breaking the limitations of the VXLAN “island.”
– AWS-like Direct Connect Functionality: CSPs can offer services equivalent to AWS Direct Connect, allowing customers to establish private, high-throughput connections to their VPCs.
– Scalable Network Isolation: Supports overlapping IP addresses across numerous VPCs without the constraints of VLAN limits.
Replacing the Virtual Router with Netris SoftGate
Netris SoftGate is a cloud networking functions software designed for CSPs. It runs on dedicated Linux servers serving any VM, Container, or Bare Metal endpoint connected to Netris-managed switch fabric. Netris SoftGate seamlessly replaces CloudStack’s virtual router, offering a more scalable and robust solution, while the end-users still continue using CloudStack’s native methods.
– NAT function: Netris SoftGate provides scalable NAT functionality for Internet Gateway (SNAT), NAT Gateway (Port forwarding), and Elastic IP (1:1 DNAT) functionalities.
– Elastic Load Balancer: Netris Layer-4 load balancer integrates with Apache CloudStack for Elastic Load Balancer functionality. Netris Layer-4 load balancer has TCP and HTTP health checks and is using Maglev algorithm for consistent hashing to provide horizontal scalability.
– Network Access Control: ACLs defined in Apache CloudStack are picked up by Netris. The external traffic is controlled on SoftGate nodes, while local traffic between VPCs or Subnets/Tiers is locally controlled on CloudStack hypervisors.
– Scalability: SoftGate can scale out horizontally by adding more nodes, accommodating growing network demands without performance degradation. SoftGate is running on dedicated servers, and the load distribution and multi-tenancy are automatically handled by Netris’s network automation engine.
How Netris Enhances CloudStack Operations
With Netris integrated into Apache CloudStack, CSPs and their customers experience a more streamlined and scalable networking environment.
Seamless End-User Experience
End-users continue to interact with CloudStack as usual:
– Create VPCs: Users can create Virtual Private Clouds without worrying about underlying network limitations.
– Configure NAT and Load Balancing: Set up NAT rules and load balancer configurations directly within CloudStack or through Kubernetes.
– Manage Network Access Control: Define access control rules to secure network traffic.
Netris handles the complexity behind the scenes, automatically translating these user configurations into appropriate configuration of the switch fabric and running cloud networking functions on the SoftGate.
Streamlining Cloud Provider’s Network Engineering
Netris streamlines network engineering through network automation and abstraction, multi-vendor hardware, and an expert technical assistance center.
– Network Automation: Netris automates day-0/1 and day-2 operations of network switch fabrics and SoftGate, so there’s no need to develop tedious home-grown scripts to go and scrap CLIs or learn complex APIs. Netris controller provides an intuitive web console and Terraform provider for network engineers and devops/netops to manage all aspects of the physical switch network from a centralized controller.
– Multi-Vendor Hardware: Netris fabric manager supports ethernet switches of various vendors such as NVIDIA (Mellanox), Arista, Dell, Edge Core, and other vendors will follow. SoftGate only requires Ubuntu Linux and a certain amount of CPU/RAM resources, so it is compatible with all modern servers.
– Support: Netris provides 24/7/365 support through highly qualified network experts who can help you anytime you need technical assistance.
Benefits of Using Netris with Apache CloudStack
Integrating Netris with Apache CloudStack offers several advantages for CSPs:
– Scalability: Overcomes VLAN limitations, supporting millions of VPCs with overlapping IPs.
– Flexibility: Provides the ability to offer services akin to AWS, GCP, and other large cloud providers.
– Performance: Replaces the less scalable virtual router with a robust, horizontally scalable solution.
– Automation: Streamlines network operations through automation, reducing the potential for human error.
– Cost-Effectiveness: Leverages network switches from multiple hardware vendors and commodity servers instead of expensive routers and firewalls, minimizing hardware cost.
Conclusion
As cloud environments continue to grow in scale and complexity, CSPs need networking solutions that can keep pace. Netris offers a scalable, automated networking approach that integrates seamlessly with Apache CloudStack. By addressing the limitations of traditional switch fabrics and enhancing network functionality, Netris enables CSPs to deliver robust, flexible, and high-performance services to their customers.
