Duct tape is pretty amazing stuff because its versatile and easy to use. That being said, sometimes, that versatility and ease-of-use means it gets used at times when maybe it shouldn’t.
This thought came to mind a couple of weeks ago at VMworld. Over the course of the show, I had a number of conversations with folks about tunneling and overlay network. For many (mostly non-networking) folks, it seemed like the best thing since sliced bread—it gave them the holy grail—flexible, agile, one-demand connectivity without having to talk to the network folks.
From a networking perspective, its kinda funny, since the concept of tunnels is a decades old technology. It’s always played a legitimate role in a comprehensive networking strategy (MPLS and IPsec VPNs for example) so its cool to see an old concept find new applications.
However, lest we be lulled into blissful slumber by the unicorns playing lilting melodies through their horns, its good to remember, as with pretty much everything in IT, there is no free lunch. While overlays networks make life simpler for the server admin or the virtualization admin, there are a couple of things to bear in mind.
From an operational perspective, the overlay environment becomes a second network that needs to be managed—often a dumber, less instrumented network. Somewhere, someone still needs to maintain a fully functioning, highly available, secure, properly traffic-engineered network that underpins that virtualized connectivity. Think of this as the difference between your checkbook and your checking account—just because you can write a check doesn’t mean there is money in the account to cover it.
Now, if you are not a networking dude or dudette, your first reaction may be “why do I care?” Well, when you start seeing performance issues on your tunnel, you start to see intermittent drops on your tunnel, or you need to demonstrate auditable regulatory compliance, then you start to care. While some folks propose that the underlying network becomes irrelevant once you start using overlays, the truth is that the strengths and weaknesses (performance, availability, security, manageability, etc.) of the underlying physical network are going to manifest themselves in in whatever rides on top. While overlay technology is undeniably useful, having an approach that leverages the intelligence of the underlying infrastructure (assuming any exists) is going to pay off in the long run.