A new, unified network solution for businesses

Networking has long been the cornerstone of enterprise aspirations for high-performance, multi-cloud or hybrid architectures. While such architectures were once aspirational marketing buzzwords, they are today’s corporate reality. Now, with the launch Cilium mesh, enterprises get “a new universal networking layer to connect workloads and machines across the cloud, on-prem and edge.” Consisting of a Kubernetes networking component, a multi-cluster connection plane, and a transit gateway, Cilium Mesh helps businesses bridge their on-premises network devices to the cloud world.

Sounds good, and it is there is cool, but getting this far wasn’t easy. It remains complicated for businesses hoping to bridge their existing infrastructure to more modern approaches.

We sometimes take cloud-based architectures for granted because we don’t recognize the complex requirements placed on the infrastructure layer. For example, infrastructure software must now work equally well in public and private cloud infrastructure. It must be highly scalable to match the agility of containers and CI/CD. It needs to be very secure because it often runs off-site. And it must still meet traditional enterprise networking requirements for interoperability, observability, and security, while being generally open source and somewhat community driven.

Oh, and in order to be relevant to enterprises, all of this cloud-native goodness has to trade back into the “badness” of the legacy infrastructure that enterprises have been running for years. That’s what Cilium Mesh does for the network layer, and that’s what Thomas Graf, co-founder and CTO of Isovalent, creator of Cilium, took the time to explain.

Jump:

On the way to cloud native

Cilium and Kubernetes were released around the same time, and Cilium quickly earned its place as the default network abstraction offered by all major cloud providers (e.g. Azure Kubernetes Service and Amazon EKS Anywhere). It’s not like everyone consciously runs Cilium. For many, Cilium is a hidden bonus when using cloud-managed services. Graf says how much a company knows about using Cilium depends a lot on where it is in its cloud journey.

In the early stages of the Kubernetes journey, often only one application team uses Kubernetes when building the initial version of the application. In this phase, we see heavy use of managed services and very limited network requirements, other than making the application publicly available through an Ingress or API gateway. Graf noted, “These initial use cases are very well addressed by managed services and cloud offerings, which have greatly accelerated the path to service development. Small application groups can initially run and even scale services quite easily.”

However, with more experience and wider adoption of Kubernetes, this is changing, and sometimes dramatically.

For larger enterprise Kubernetes users, Graf pointed out, there are typical enterprise requirements such as micro-segmentation, encryption and SIEM integration. While “these requirements have not changed much” over the years, he emphasized, “their implementation today must be completely different.” How? Well, for one thing, their implementation should no longer disrupt your application development workflow. Application teams no longer care about scaling infrastructure, opening firewall ports, and requesting IP address blocks. In other words, he summed it up: “The platform team’s job is to meet all the enterprise requirements without disrupting and undoing the gains in agility and developer efficiency.”

In addition, the built platform is cloud-agnostic and works equally well in public and private clouds. The latest requirements even require the integration of existing servers and virtual machines into the mix without slowing down highly agile processes based on CI/CD and GitOps principles. This is not trivial; however, with Cilium Mesh it is very doable.

This shift will change the network more than SDN

With Cilium Mesh, the project unified certain types of hybrid and multi-cloud networking problems, such as cluster connectivity, service mesh, and now legacy environments. Now that Kubernetes has become a standard platform, Graf suggested, it has created principles that should find their way into a company’s existing infrastructure. In other words, as Graf continued, “Existing networks containing virtual machines or servers must connect to the new north star of infrastructure principles: Kubernetes.”

This is where things get interesting and where Cilium Mesh becomes critical.

“With Cilium Mesh, we bring all of Cilium, including all APIs built on Kubernetes, to the world outside of Kubernetes,” Graf said. Instead of running on Kubernetes worker nodes, Cilium runs on virtual machines and servers as transit gateways, load balancers, and egress gateways to connect existing networks with new cloud-native principles, including identity-based, zero-trust security enforcement. distributed control planes and modern observability with Prometheus and Grafana.

Importantly, Cilium Mesh is equally attractive to Kubernetes platform teams and traditional NetOps teams. A Kubernetes-native approach gives platform teams the confidence to take on additional responsibility for managing non-Kubernetes infrastructure, while using well-known building blocks such as transit gateways and Border Gateway Protocol (basically the internet’s mail service) for NetOps . a clear but growing path to the Kubernetes world.

This is a big deal for businesses struggling to make sense of multicloud, which includes almost everyone. It is true that the concept of multicloud has been debated for a long time, but we have only just gotten past the hype (that is, that it can be deployed in several public clouds at the same time in order to optimize costs) to the messy reality of enterprise IT (that is, different teams use different devices for different reasons). . The main struggle, Graf pointed out, “is less about how to connect all public cloud providers (and more about how to arrive at a unified architecture to connect existing on-prem infrastructure with all public cloud offerings while maintaining unified security and observability .layers.”

There are many benefits to moving to Kubernetes-style principles that power the network layer. Chief among these are significantly smaller teams that operate and deliver infrastructure more efficiently, while offering platforms that enable businesses to adopt modern development practices to stay competitive. It’s a big thing, and it promises to change the network even more completely than the software-defined network it once was.

Disclosure: I work for MongoDB, but the opinions expressed here are my own.