The successful Infrastructure as a Service (IaaS) cloud providers (for example, Amazon) carefully hide the implementation details, for obvious reasons. Design guides published by various networking vendors usually use VLAN-based approach or hypervisor-based firewalls. Hierarchical VPLS combined with Q-in-Q encapsulation or Provider Backbone Bridging (PBB) would be ideal technologies if you want to implement per-tenant Layer 2 domains; MPLS/VPN would be the technology to use if you need Layer 3 isolation. Unfortunately, major networking vendors haven't started combining their data center and service provider expertise yet; anyone trying to build very-large-scale infrastructure cloud service is still on their own.
Have a question for Ivan Pepelnjak? Send an e-mail to firstname.lastname@example.org.
This was first published in May 2011