Author: Tom Yin, Managing Partner at TJTC LLC
As the future of IT architecture continues to evolve, enterprises are encountering a growing set of challenges and design factors. These include regulatory compliance, security, cost optimization, and new business opportunities, making the modern IT and networking landscape increasingly complex to deploy and adapt. At the same time, enterprises need to tap into Multi-Cloud tools and services cost effectively and maximize the benefits of xPU (CPU/GPU/DPU/…) transition and innovation.
SONiC platform has been the most prominent open source Network Operating System (NOS) in allowing enterprises to move away from proprietary network stacks that is supported across whitebox switches and ASICs from different manufacturers; however this control plane provides a flexible and cost-effective solution for also simplifying multi-cloud networking. By leveraging x86 servers for network functions, enterprises can utilize standard, off-the-shelf hardware in on-demand cloud and edge data centers, transforming application-centric network infrastructure from a CAPEX to an OPEX model.
The SONiC NOS control plane is hardware-agnostic, capable of managing large-scale network environments with high agility and efficiency. It offers a comprehensive set of networking features, such as BGP, VXLAN, and advanced telemetry, which address the needs of complex enterprise and data center networks. When paired with FD.io VPP DPDK data plane acceleration, SONiC greatly simplifies Software Defined Network (SDN) for hyper-converged, application-centric network infrastructures, whether on-demand bare metal servers at the edge or within cloud environments.
In the recent ONE Summit 2024 SONIC workshop, a team of contributors – including Tom Yin, Michel Franchesco, Shin Julio, Ankit Goel, Vivekanandan M, and Oleg Berzin – showcased how SONiC can be leveraged in conjunction with the FD.io VPP (Vector Packet Processing) technology to create a secure and high-performance virtual gateway for multi-cloud environments running in a colocation with private connectivity and baremetal as a service as shown in the below diagram. The infrastructure below enables private cloud connectivity between Azure and AWS via Equinix Fabric with SONIC and VPP running on dedicated containers within Equinix Bare Metal as a Service. For many enterprises this setup can be instantiated and teardown quickly to solve many use cases such as transfer of large data sets between clouds/data centers or to comply with disaster recovery policies of having key data across two separate clouds.
The key objectives of this demo were to:
- Meet Regulatory Compliance: Ensure the network infrastructure adheres to local physical and data security requirements, with private connectivity and storage.
- Enhance Privacy and Security: Leverage private connectivity and segmentation capabilities to protect sensitive data, enabling Virtual Private Cloud (VPC) across Multi-Cloud infrastructures colocation and hyperscalers
- Optimize Cost and Performance: Reduce egress costs and leverage bare metal as a service to enable quick migration between hybrid and multi-cloud providers.
- Unlock New Business Opportunities: Seamlessly connect to the rich capabilities of cloud providers, such as CPU/GPU processing and advanced Hyperscalers services and tools.
To achieve these goals, the team integrated open source SONiC with FD.io VPP, a high- performance, flexible, and extensible network stack, running on x86 bare metal servers. This setup provided a secure and cost-effective multi-cloud routing solution, with features like private segmentation for each tenant, that we can now provision within minutes.
The SONiC VPP performance testing results were impressive, showing sub-millisecond latency between edge metal application workloads and Azure ExpressRoute, and AWS Direct Connect with Round Trip Time (RTT) of less than 1ms. You can refer to the video presentation linked below, and reach out to the team (sonicmulticloud@gmail.com) to learn how to deploy and test SONiC VPP over x86 servers to create a virtual multi-cloud connectivity gateway and discuss how this foundational infrastructure can be used for solving your use cases.
ONES SONIC VPP Multi-Cloud Demo Video
We are currently working with the SONIC community to extend the SAI (Switch Abstraction Interface) API to bind VPP memif and expose VPP NAT and VxLAN Multi-tenant traffic steering support over x86 servers.
We can also use this foundational connectivity infrastructure for numerous other open source initiatives such as LF Networking’s Paraglider and techniques such as confidential computing for securing data in use for inference at the edge.
