I’m often asked how the OpenContrail vrouter differs from other approaches such as OVS. The answer is that the vrouter is designed to accomplish different goals and such the approach taken is quite different.
As Parantap Lahiri so clearly explains, traditional data-center designs use the aggregation layer as the cornerstone of the network. The aggregation was traditional the L2 to L3 boundary providing the levers that manage the network: inter-subnet routing, access-control-lists, service insertion and traffic monitoring capabilities. This design works until the point where the aggregate bandwidth requirements change drastically.
Traditional data-center networks rely on I/O locality; data and storage traffic is contained within a rack as much as possible using the fact that within the rack there is no oversubscription, while there is often a 20:1 or 10:1 oversubscription factor from the rack to aggregation. This reduces the cost of the network.
The problem is that in a modern data-center, servers, power and cooling drive approximately 80% of the cost. And I/O locality is in inverse relationship with server utilization. It is intuitive that if one can distribute compute load arbitrarily to a larger pool of machines then a much high utilization can be achieved. This requires that the network must never be the bottleneck.
I’ve been asked in the past whether there is a size of a cluster that is large enough such that beyond it no more efficient can be achieved. It may be the case but to my knowledge no has yet built one. The people that have 10,000 machine clusters are busy trying to grow them by an order of magnitude to improve utilization and avoid resource fragmentation.
Back to networking: In a CLOS fabric design there is no aggregation layer. That is the mission of the OpenContrail vrouter. Provide the ability to route traffic between networks with the necessary levels of policy control, in a distributed way.
This is a very different application than way OVS is typically used for. The typical OVS deployment is designed to provide the L2 service that brings traffic from the server to the L2/L3 boundary. This is typically a virtual machine that uses the Linux kernel capabilities to forward traffic between networks.
The OpenContrail vrouter looks at the virtual machine interface as the L2 domain. It then associates that virtual interface with an instance-specific routing table. For then on it uses a standards based approach to provide virtual-networks. This allows it to interoperate directly with existing network equipment and forward traffic across networks without the need to intermediate gateways.
I believe that the OpenContrail vrouter represents the happy marriage of zero though provisioning that is required in a modern data-center with the accumulated learnings of how to implement network virtualization at scale. BGP L3VPNs have been deployed in both some of the larger service provider networks as well as large scale enterprises. The resiliency, power and scalability of this approach has been proven beyond any doubt in many multivendor networks.