Microsoft’s open approach to networking

Publisert på 3 april, 2017

CVP, Azure Networking

At Microsoft, we’re focused on enabling our customers by supporting all the technologies they depend on, and collaborating across organizational and industrial boundaries to bring the best possible experience to the cloud. Microsoft embraces open source and partner ecosystems to scale our own development efforts and accelerate innovation. Products that include Visual Studio Code, .NET, and ASP.NET are being publicly developed on GitHub with contributions from both Microsoft and non-Microsoft developers. These products are targeting Windows, Mac, and Linux. Microsoft is a contributing member of open source communities, including the Apache Software Foundation, Linux Foundation, R Consortium, and Node.js Foundation.

For the Azure cloud platform, we serve customers on a vast worldwide scale, and they bring a wide range of technology needs with them. We must provide solutions with the unique flexibility to operate seamlessly across on-premises, hybrid, and cloud infrastructure, in an operating system–agnostic environment. Today, Linux virtual machines (VMs) comprise over 33 percent of all VMs running in Azure. Many partners in the Azure Marketplace run their workloads in Linux. Our HDInsight MapReduce service is built on Apache Hadoop and supports Spark, Hive, Apache Kafka, and Apache Storm. Meanwhile, the Azure Container Service (ACS) adopts open source container technologies like Docker, Apache Mesos, and Kubernetes to run both Linux and Windows containers. By doing this, ACS provides container orchestration that’s completely portable, while also being optimized for Azure.

In this blog, I will talk about how Azure network services is extending this commitment to open technologies in containers, switching, and partner ecosystems.

Open source software in Azure Network Services

Azure network services actively look for opportunities to contribute to existing open source projects, as well as open source Azure Networking services. Considering the importance of networking to fully realize the potential of containers, we just announced Microsoft Azure VNet for Containers.

Azure VNet for Containers

Azure VNet for Containers provides the best networking experience for containers that are running in Azure. It‘s an open source project in GitHub that links together open source container orchestrator engines and the Azure network services platform. The code, written in the Go programming language, works for both Linux and Windows. We’re eager to collaborate with developers across the world to improve and advance its capabilities.

Azure VNet for Containers connects the container to your Azure Virtual Network (VNet), thereby making available the rich Azure SDN stack to containers enabling direct connectivity between containers, VMs and other resources in the VNet. Azure networking features such as Network Security Groups, route tables, load balancing, on-premises connectivity etc. are now available to containers. The solution can be plugged into the Azure Container Service for a single click use or deployed manually in individual virtual machines.

The Azure VNet for Containers is composed of a network plug-in that provides the network interface for the containers and an IPAM (IP address management) plug-in that manages the IP addresses from the VNet. There are currently two popular plug-in models for containers: the Container Network Interface (CNI) model, adopted by Kubernetes, Apache Mesos, and others, and the Container Network Model (CNM) model, used by Docker and others. The Azure container network plug-in is implemented for both models. This is also designed to be integrated directly into the open source acs-engine.

ACS

Figure 1. Azure network services support for containers

With the availability of this plug-in, the power and features of Azure network services are natively available to all the major container platforms in an open and portable fashion.
SONiC

Software for Open Networking in the Cloud (SONiC) and Switch Abstraction Interface (SAI) are two contributions that we made to the Open Compute Project (OCP) that focuses on open source datacenter technologies. Like Azure VNet for Containers, SONiC also uses containerization for fast evolution.

SONiC source code, test cases, test bed setup, and builds are fully available on GitHub. SONiC consists of core services developed by Microsoft and the community. It builds on existing open source technologies such as Docker for containers, Redis for key-value database, protocols like Quagga BGP and LLDPD, and Ansible for deployment. We used the best work in the industry to build SONiC. It evolves quickly because we’re building it with existing open source projects. We contributed SONiC back to the community to propel the advance of open networking software in a wonderful, virtuous cycle.

Linux

Figure 2. SONiC is open sourced and is built on open source technologies

SAI provides a simple, consistent, and salable interface across different ASIC chips. With the support from major silicon vendors, the SAI community grew to 77 contributors from 9 companies. Community members actively engage in weekly discussions and workshops. In two years, we had seven releases. Six switch networking stacks(network operating systems), including SONiC, OS10, OPX, FlexSwitch and others, are built on top of SAI, which is starting to become the ASIC API standard.

Learn more by viewing our OCP Summit 2017 talks about SONiC and SAI. You also can learn more about our SAI and SONiC innovations in an earlier blog in this series, SONiC: The networking switch software that powers the Microsoft Global Cloud.

Rich partner ecosystem

Network virtual appliances (NVAs) in Azure support network functionality and services in the form of VMs. NVAs include web application firewall (WAF), firewalls, gateways/routers, application delivery controllers, IDS/IPS, WAN optimizers, SD-WAN solutions, and other network functions. Customers can deploy these NVAs through the Azure Marketplace into their VNets and deployments. Examples of open sourced NVAs include NGINX and pfSense. Over 90 percent of NVAs are based on Linux or FreeBSD.

We also use open source technologies in our own NVAs. We just announced the general availability of Azure Application Gateway WAF to protect applications from the most common web vulnerabilities, as identified by Open Web Application Security Project (OWASP) Top 10 vulnerabilities. Application Gateway WAF uses the OWASP ModSecurity Core Rule Set. These rules, managed and maintained by the open source community, conform to rigorous standards.

Optics

Typically, you don’t think of optical technologies in the context of openness. However, we’ve also innovated at the optical network layer. Microsoft has incorporated new optical technologies into the Azure network. Findings from ACG Research show that the Microsoft metro network solution will result in over 65 percent reduction in total cost of ownership and power savings of over 70 percent over five years. We’ve worked with several of our partners to make available to everyone the building blocks of the Microsoft implementation of open optical systems. Microsoft is working with our partners to bring even more integration, miniaturization, and power savings into future 400 Gbps interconnects that will power our network and benefit the entire industry.

Academic publications

Many of the underlying technical innovations in Azure Networking have their roots in Microsoft Research. We published in top peer reviewed academic forums the internal designs and algorithms of the Azure Networking SDN stack (SIGCOMM 2015), programmable virtual switching (NSDI 2017) , software load balancing (SIGCOMM 2013), network virtualization (SIGCOMM 2009), and innovative diagnostics and monitoring mechanisms. Our Azure networking services team has a deep passion for tackling the hardest networking scale problems in the world. We will continue to share our innovations in academic papers to receive critical feedback about our ideas, as well as to help the network community further advance, which in turn pushes us to be better.

Summary

Over the past few years, Microsoft has embraced, and is fully committed to, open source. Our motivation is simple. We want the best technologies in the world to be available and performant in Azure. We cherish opportunities to contribute to the open source community and to incorporate the communities’ advancements into our services. Considering the scale of the issues that we face daily running one of the world’s largest networks, we are very passionate about advancing state-of-the-art networking. By sharing code via open source projects and ideas via academic forums, we accelerate innovation. We’re a different Microsoft from years past. The cloud and open source are changing the world. This is an exciting time for all of us in networking as we all strive to help customers adapt and take full advantage of the cloud.

Read more

To read more posts from this series please visit: