Even before the cloud came along, there was considerable interest in the idea that networks should treat every application differently because each has unique needs -- a concept known as application awareness or application-aware networking.
With its potential to host applications on the network, the cloud is especially sensitive to application performance issues caused by network irregularities. The cloud demands a more sophisticated approach to application awareness, as users' quality of experience will depend as much on delivery as on application performance itself.
For the most part,
OpenStack Quantum: A start for cloud application awareness
The OpenStack cloud software links applications to the cloud through a series of virtual interfaces -- one for storage, one for compute services and one for network services. The virtual networking interface, Quantum, is the first abstraction of network behavior that's designed for applications to use to describe what they expect from network services. That makes it a useful place to start a discussion on cloud application awareness.
Virtual networking in the cloud is a path to application awareness in the network, but it's not a complete route.
Quantum currently defines "virtual networks" as Layer 2 structures like local area networks (LANs) and virtual LANs (VLANs). There's nothing to prevent the abstraction from being extended to Layer 3, however, which Quantum achieves by incorporating features like DNS and DHCP that enable applications to participate in IP networks. Similarly, a is considered a Quantum multipoint Layer 2 network; the addition of DHCP services could enable providers to obtain IP addresses as well as gateway services for exiting the LAN and entering an IP domain such as the Internet. There have been several proposals to expand Quantum to include other network services, and it's likely that eventually Quantum will fully support both Layer 2 and Layer 3 services.
The network structures Quantum defines are likely to be "virtual," meaning that they are segments of the full network connectivity via Ethernet or IP. This is an essential feature for cloud providers because users are tenants in a shared structure but must be isolated from each other for security and performance management reasons. That isolation must comprise all of the cloud resources, including the network. Quantum's is significant for application-aware networking, as this virtualization-based isolation could also be applied to applications.
Software as a Service and other higher-layer cloud services are already application-specific, and so further segmenting the cloud by user would also tend to separate applications. If an application is presented through an API with an IP address, it can be easily identified and its traffic could in theory be handled separately. Virtual networking in the cloud is thus a path to application awareness in the network.
It is a path, yes, but not a complete route. Virtual networks can be built in many ways, but they all can be classified as being overlay or inlay technologies. Overlay virtual networks operate on top of the network through standard application interfaces; as a result, they cannot affect the behavior of the network's devices or routes. Inlay technologies are implemented by the network nodes themselves, and because of this they can apply various, recognizable priorities and routing decisions to application traffic. Inlay virtual networks include VLANs and MPLS.
Application-aware networking: Pros and cons of SDN, virtual networks
There is another potential method for achieving application awareness in cloud networks. Software-defined networking (SDN) could be used to create inlay virtual networks, which could offer each application a different QoS based on its needs.
But here's the problem: As of September 2012, there is no universal definition of SDN and thus no firm technological blueprint for creating one. There are implementations of SDN that create virtual networks for cloud data centers and even for the IP core, but these are often based on research prototypes and provisional software offered on traditional routers and switches. It's very likely that future application awareness in networks will be built increasingly on SDN principles, but cloud providers would be well advised to take care and to pilot test their concepts thoroughly before committing them to a customer application.
More on application awareness
What is application-aware storage?
Next-generation firewalls not ready to replace all legacy firewalls
The promise of application-aware SSL VPNs
Another issue with using cloud-based virtual networks as a path toward application awareness is the fact that network controls focus on the cloud data center -- not the wide area network (WAN). Applications can be given their own local virtual network, and user data would enter it through a gateway, such as a router. But outside that virtual network -- the path between the user and the gateway -- the applications' traffic is harder to segregate and manage without employing the same techniques used in the pre-cloud era, meaning deep packet inspection.
Security policies and access rights determine the level of access that users have to applications and that applications have to WAN QoS features. This suggests that one way to extend application awareness from the cloud data center to the cloud edge is to integrate application performance management tools and firewall capabilities with virtual networking at the branch or user side of the WAN. This integration is already being built into some products, and as the cloud and cloud virtual networking evolve, it's likely that edge devices will eventually become "cloud edge devices" that incorporate firewall, SDN and virtual networking features.
Another point for cloud providers to consider is that extending application awareness to the WAN may collide with public policy goals on Net neutrality. The Internet is best-effort service, and some countries, including the United States, have imposed regulations that limit providers' ability to offer Internet QoS or support inter-carrier settlement for premium handling.
Business cloud services that are based on provisioned IP virtual private networks (VPNs) are not subject to these regulations, so cloud services delivered over VPNs are more likely to evolve quickly to application awareness. If providers move the edge of the cloud closer to the edge of the network -- that is, closer to the user -- then traffic traverses less external infrastructure to reach the application. As a result, QoS could be improved without violating Net neutrality rules.. This notion of the extended cloud may, in the long run, be the path to true application-aware networking.
About the author: Tom Nolle is president of CIMI Corporation, a strategic consulting firm specializing in telecom and data communications since 1982. He is the publisher of Netwatcher, a journal addressing advanced telecom strategy issues.
This was first published in September 2012