Businesses are set to modernize their IT infrastructures, turning to cloud and edge computing as they move out of datacenters.
To shift from the static datacenter to a more dynamic and geo-distributed setup, they wind up using a mix of cloud services, colocation datacenters, and edge facilities. This move that has set in motion a series of changes in the network topology, and unlocked a floodgate of data, opening them up to vulnerabilities from within.
At the recent Networking Field Day Experience at Aruba Atmosphere 2023, one of the solutions HPE Aruba showcased was the Aruba CX 10000 Series. Designed for modern distributed datacenters, the CX10000 represents a new category of switches that enable a network fabric immune to legacy limitations.
Designed jointly with AMD Pensando, CX 10000 is a switch engineered for data-first modernization. Director of Data Center Switching PLM, Todd McDole gave an overview of the market context, while Sr. Manager TME Global Wired Enterprise Switching, Yash Nagaraju demoed the product making it visual to the audience.
Opportunities and Challenges
The evolution of network over the years happened at a cadence of ten years. If you rewind the clock back to 1990, this was the era of first-generation datacenters. Flat networks and layer 2 switches made the basic construct.
Cut to 2010, datacenters have entered the third generation, which is characterized by hardware appliance and software agent-based security, emergence of spine-leaf architecture with its twin layers of access switches, and microservices applications, among other things. The legacy architecture did not lend well to this wave of modernization.
Although the third generation is a gigantic leap forward, the design has several drawbacks. The way that third-generation datacenters are built is a combination of units of compute – the racks – and a spine-leaf topology that houses bolt-on applications like firewall and load balancers, that are added on an ad-hoc basis.
As microservices causes containers to talk to each other, the usual north-south traffic – that simply enters and exits the network – is now joined by a rush of east-west traffic that move laterally from server to server. This causes enterprises to use a technique called hairpinning in which packets make multiple hops and traverse the network twice, to get security checked.
“It’s a really inefficient use of this very elegant scale up, scale out spine-leaf architecture,” pointed Mr. McDole.
More hops introduce latency, and takes a heavy toll on performance, making the design inefficient, and complex, not to mention costly.
A Different Path
HPE Aruba is doing things differently. In 2021, Aruba started a new category of distributed services switching. The architecture takes bolt-on services from the service leaf, and places them in their logical place in the network – inside the rack itself.
“You already need a leaf switch within every rack. So why not logically move these services into that top-of-rack switch? We’re essentially providing a firewall behind every port on the switch,” said Mr. McDole.
Aruba CX 10000 Series
Shipping since 2022, the CX 10000 resembles a typical top-of-rack switch, but has a major point of difference. The new architecture allows services to be applied where the workload is running.
It provides 800G of stateful layer 4 through 7 packet processing. Software-defined stateful services such as firewall, DDoS, telemetry, encryption services and network address translation (NAT) can be deployed inline, as and when the services are required.
The racks can be scaled linearly to match the growing capacity, as opposed to adding a new firewall every time capacity is exceeded, thus saving cost and administrative burden.
The CX 10000 uses the Pensando Elba P4 DPU. “It’s a fully programmable pipeline. It has lots of additional capabilities that can be added over time directly into the switch through software, instead of adding in additional appliances dedicated to a singular function in the network,” says Mr. McDole.
By enforcing security at the network access layer edge, the CX 10000 enables security implementation within the rack, saving traffic multiple hops and significantly improving latency. Services are delivered inline across all ports.
In many scenarios, customers are “seeing an 83% decrease in cost versus how they’re doing things today with the traditional 3rd generation model,” says Mr. McDole.
The CX 10000 platform is managed centrally via the Aruba Fabric Composer. The orchestration layer provides automated configuration and unified security policy management across the fabric.
The platform integrates with a broad ecosystem of security and network performance solutions like the GitHub Advanced Security.
The CX 10000 Series mounts in any EIA standard 19-inch rack or cabinet, on horizontal surfaces only. 2 and 4-post mounting kits are sold separately.
Wrapping Up
The CX 10000 pioneers a new era of switching that elevates the present-day architecture by defeating its limitations. Cut for the changing network topology, it unlocks new levels of performance and efficiency. Most importantly, it fuels a new generation of datacenter fabrics that can support modern applications infinitely more efficiently and cost-effectively.
For more information on the Aruba CX 10000, be sure to watch the full presentation from the recent Networking Field Day Experience at Aruba Atmosphere 2023.