vRack: an insight into the OVH.com private network
With the vRack (virtual rack), OVH.com offers its clients the possibility to interconnect all their IT infrastructure components, located all over the world, via a private network. This is a huge innovation that meets the growing need amongst companies* to deploy hybrid architectures combining different types of resources - physical, virtual, external or internal. Already awarded the "Best of IT innovation award 2014" prize by Initiative Mittelstand in Germany (April 2014), the vRack confirms that the ability of the leading European web hosting provider to invent the future of web hosting and networks.
“Three years ago, our information flows were pretty much vertical. In other words, they flowed from within our datacentres outside our datacentres, to the internet”, Octave Klaba explained. “Now, an increasing part of these flows is horizontal; machines need to rapidly and securely exchange data between themselves.” This is the case with e-commerce websites’ n-tier infrastructures that operate a pool of VPSs and physical servers (some used for the front-end, others used to house databases isolated from the public internet), or even Big Data platforms. “A few years ago, the web was static. The user connected to machines to receive standard content. Then, the web became dynamic with applications generating content based on the user’s requests, requiring more powerful servers. Now, connected devices, from PCs to smartphones, are empty shells with very limited resources. All intelligence has been transferred to the datacentres. The servers work in clusters to generate and process huge volumes of data before sending the result back to the user’s workstation.” OVH revealed this major change well ahead of anyone else. “OVH’s strength lies in our many highly-skilled users throughout the world”, Octave continued. “The needs expressed by a few very innovative startups a few years ago heralded the most common needs of today.”
vRack 1.5: a private multi-datacentre network for interconnecting servers and dedicated clouds
In 2009, OVH.com launched the vRack 1.0 to respond to the need to connect machines within a private network. Why? To make it possible for users to consolidate several dedicated servers on one virtual rack. This feature was only available then if the different machines were hosted on the same site, Roubaix in our case.
Since then, OVH.com has expanded its datacentre portfolio by setting up datacentres in Strasbourg and Gravelines[url/] in France, and [url="http://www.ovh.com/ca/fr/blog/a1530.ovh-accelere-implentation-nord-americaine"]Beauharnois in Canada. OVH’s line of services has also significantly grown with the arrival of storage servers, VPS, public (RunAbove) and private (Dedicated Cloud) cloud solutions, Big Data clusters, etc. “Clients have spread their machines over several datacentres, and then created more complex infrastructures by combining their physical resources with cloud resources. Naturally, they called for a way to interconnect their different services via a private network”, explained Mehdi Bekkai, Product Manager for dedicated servers. This was a challenge for the OVH engineers - “We consulted suppliers, and not just the ones we already worked with. They hadn’t anticipated this new need, or rather complete paradigm shift in network design. It was not an option for us to wait for suppliers to complete their research and development; we had to offer our clients immediately workable solutions”, recalled Guillaume Delabre of the OVH.com network team. “In particular, we had to work out how to transport our clients’ vRacks from one datacentre to another. To do this, we combined several technologies, using some for different purposes from what they were originally designed for. The whole thing materialized in the summer of 2013 when we deployed a network that was parallel to the one that connected our datacentres to the net. To connect the machines to this private network, we integrated a second network card into the new server lines that were eligible for vRack, and the whole second network was wired.” Working like ants, the datacentre technicians rolled out nearly 2000 kilometers of cables in under three months. “We believe that the vRack is indispensable for all the clients who have a number of OVH’s services,” Mehdi explained. “This is why we’ve deployed it on a huge scale; it’s now included in a large number of our offers.”
Responding to today’s and tomorrow’s usages
The vRack 1.5 is the possibility to interconnect different OVH.com services within one or more private secured networks (VLAN), for example, Infrastructure line servers, Dedicated Cloud (Enterprise and Infrastructure ranges), storage servers, and Big Data servers. All of this is immediately available in a few clicks via the Control Panel or OVH API. Connected in this way, physical and virtual servers and VMs exchange data more quickly between each other without passing via the public network, in total security. Depending on their machines and their network card, the vRack user benefits from 1, 10, or 40 Gbps capacity. Mehdi Bekkai, Product Manager for dedicated servers, took stock of vRack’s current uses: “The vRack is most obviously used to isolate critical web servers, and therefore attacks and intrusions. N-tier architecture - now the norm for large projects (e-commerce, intranet, etc.) and ensuring performance and security - is nowadays easier to deploy. As the vRack enables data to be transmitted more quickly and securely, it also benefits users that operate a redundant infrastructure, or one that’s divided between several faraway datacentres. This could be as part of a DRP or BCP, or for organizing the load balance based on where their users’ are located. In such cases, the vRack makes it possible to synchronize all the components of an infrastructure. For the same reasons, businesses praise the vRack for its critical data backup on storage servers, or even for its ability to couple their Dedicated Cloud - hosting multiple front-end web applications – with dedicated servers designed to maximize their SQL databases’ performances. Finally, users no longer have to design an often complex and time-consuming IP addressing plan for the different components of their infrastructure. You can attach an IP block to a VLAN and root it within a private network using ARP protocol. You no longer need to amend firewall settings to authorize new hardware’s private IPs. It’s easier to manage load peaks and extend an infrastructure horizontally.
Up to 4,000 VLAN to isolate every client and interconnect applications
“Some clients, impressed by the vRack, asked us to go even further. Resellers, for example, would like to isolate every one of their clients who rents out a number of virtual servers. Large businesses would like to compartmentalize their infrastructure by applying strict access filters.” It was clear that we needed to push the limits of isolation within the physical private network that linked up one user’s different services. “We’ve opted for a technology that makes it possible to encapsulate VLAN within a VLAN”, added Guillaume. In concrete terms, a vRack is deployed between the clients’ various services, meaning a physical connection between the various machine ports. And, within this vRack, the client can add up to 4000 VLAN. The traffic in each VLAN is tagged so that it can be encapsulated and decapsulated at any point in the private network that’s configured by the user. A small yet important detail – the user can tag each of their VLANs themselves, in other words, they can choose the number of each of the sub-networks that will link the services of their choice.” Today, Dedicated Cloud clients already benefit from this increased number of available VLAN (vRack 2.0). In a few weeks from now, users with eligible dedicated servers will also get a vRack that can hold up to 4000 VLAN. “The possibilities to combine physical and virtual resources within the vRack, and to multiply VLAN are all the more interesting as, thanks to load balancing IP, it will soon be possible to spread the load between different services interconnected by a VLAN,” Mehdi added.
Dedicated Connect: Interconnect your internal datacentre to the OVH datacentres to create hybrid clouds
“Businesses want to outsource all or part of their IT system, by isolating it within a private network. For them, the best solution is a private connection that connects to our datacentres directly from their offices or datacentres, and that doesn’t pass through the notoriously untrustworthy public network”, Mehdi explained. The OVH.com teams have therefore deployed new routers to receive its clients’ fiber connections directly from the various points of presence (PoPs) in the OVH.com network. Currently, a bunch of clients benefit from the Dedicated Connect service - a 100% private direct connection with no bandwidth or traffic limitations - which passes via one or two 1 or 10 Gbps ports, between their internal IT system and its extension within the OVH.com infrastructures.
The vRack adapts to the changes of the application hosting market, from LaaS to PaaS.
“Our clients realized that they were spending more time setting up applications than coding them - incredible!” adds Mehdi. This explains the growing success of software container technology (LXC), in which the developer loads an application and its dependencies so that it works on any type of resource. “Creating a container is quasi-instantaneous, whereas a VM can take a few minutes to boot. This technology, supported by projects such as Docker, is ideal for spreading distributed systems over new resources (horizontal scalability). These containers can equally be added to a bare machine and a VM, the advantage being that you can switch the VM from one server to another to increase availability.” Going back to the vRack, it’s an essential component of this type of architecture. Every one of the 4000 VLANs available in the vRack can support the creation of 16 million VXLANs. This can be done easily by the user. “vRack’s complexity is masked by the API - the developer programs and automates the creation of these private networks with simple requests. Technically, it doesn’t make a difference to them if the VLAN deployed is an encapsulated VLAN or even a VXLAN. They just see that it works straightaway.” Developers become DevOps wizzes, without necessarily needing advanced network skills. “We’ve entered the era of Software-defined networking”, Octave concluded, “but suppliers haven’t yet caught up with us. As they lack the adequate hardware, these days we design our own virtual router so that, in the mid-term, each user can manage even more precisely this multi-layered network, and add features and services. This router - or in reality, software developed by our engineers which will run on a standard server – makes it possible for example to interconnect servers and dedicated clouds with new services, VPSs, public cloud resources (RunAbove), and VPNs via the vRack. But that’s not all. This router - a convergence point of all a user’s private networks - will also be able perform load balancing at Layer 7 (http), 3 and 4 (IP).” Watch this space.