All White Papers

White Paper

The Programmable Network

Updated June 01, 2013

Introduction

IT organizations are continuing to adopt technologies like cloud computing in an effort to realize the operational benefits of economies of scale and more effectively manage the explosive growth of data, devices, and applications. As they undertake the transformation required to support the more fluid and agile environment associated with the cloud, they are finding that current data center networking architectures are a limiting factor. Traditional network architecture is static and requires significant operational investment to manage.

Emerging software-defined data center architectures attempt to address these challenges with technology such as software-defined networks (SDNs). An SDN decouples the network's traditional management, control, and data planes and provides strategic points at which the network can dynamically adapt to changing business and traffic patterns. This strategic location is also expected to be the point at which services can be injected into the network to address more application- specific challenges such as security, scalability, and optimization.

Injection of services and adaptability are enabled by adding programmability to the network. Programmability ensures that network solutions addressing specific pain points can be added to the architecture—seamlessly and transparently—through SDN application services that extend the capabilities of the centralized SDN controller.

This programmability results in greater agility and operational improvements that can dramatically impact the responsiveness and effectiveness of IT. Programmability is a key enabler of operational automation, which is a cornerstone of DevOps and cloud computing. While most DevOps initiatives tend to focus on automation of the infrastructure supporting application deployments, there is significant value in automating the network services, such as DNS and load balancing, that directly impact the ability to continuously deploy applications. Thus programmability is a key enabler of automation in the infrastructure, too, particularly when application network services are critical to a successful deployment.

As the network becomes more programmable, the organization can achieve greater automation and agility, which lead to a more dynamic and reliable network, increased operational efficiency, and more consistent, successful application deployments. It is programmability that yields many of the benefits of next-generation data center networks.

High performing organizations deploy code 30 times more often and 8000 times faster than their peers, deploying multiple times a day, versus an average of once a month. They also have double the change success rate and restore service 12 times faster than their peers. The net results are lower business risk and more operational agility.

2013 State of DevOps Report, Puppet Labs

Programmability in the Network

SDNs, cloud computing, and emerging next-generation data center network models all share a key characteristic: programmability.

To enable programmability and extensibility, SDNs challenge the core design principles of data center networks by decoupling the control and data planes. Cloud computing enables a second form of programmability in the network through DevOps initiatives that automate and orchestrate operational tasks and processes to improve operations and reduce time to deployment. Application delivery supports a third form of programmability: the ability to programmatically inspect and transform traffic in real time.

In all its forms, programmability in the network enables agility, reduces operational costs, and increases the success rate of application deployments.

F5 supports programmability in the network across all three models, enabling agility and extensibility in the application network service fabric. In the same way that SDNs decouple the control and data planes in the network fabric, F5 products decouple their control and data planes so functionality can be extended through plug-in modules as well as programmatic control over real-time traffic on the data plane.

diagram
Figure 1: The F5 architecture supports key requirements of SDNs and software-defined data centers.

Additionally, F5 supports an architecture that includes a flexible and programmable management plane. This management plane enables integration with data center automation and orchestration solutions and virtualization management platforms. It also provides for a programmatic method of managing the entire application network service lifecycle.

Control Plane

The word "agility" is used to describe technologies that range from SDNs and the cloud to virtualization. It is used so often and so broadly as to become nearly meaningless.

Yet the concept of agility, of being able to react to changing business and operational conditions, represents a very real benefit to organizations. Agility describes the ability of a business to quickly take advantage of conditions in the marketplace by launching a new campaign or reaching out to customers. Agility describes the ability of operations to react to failure or sudden demand for additional capacity. Agility means being able to turn on a dime when necessary.

Being able to respond quickly is one thing, but what gets overlooked is how an organization becomes aware of the conditions that require a reaction. The answer is actionable data. Actionable data is an event trigger that starts an operational or business chain reaction, ultimately resulting in action being taken either to resolve or address a problem or to take advantage of some situation.

Because of its strategic location in data center architecture, an F5 BIG-IP Application Delivery Controller (ADC) has the visibility necessary to recognize actionable data and not only share that data with collaborative systems but act on it directly.

F5 iCall

The powerful F5 iCall scripting framework provides the ability to define data plane events such as threshold breaches and adjust the BIG-IP ADC accordingly when they happen. This BIG-IP control plane scripting capability can perform operational tasks in response to a triggered event, on a periodic basis, or as a perpetual, daemon- like service. iCall enables administrators to react to specified data plane events by executing services on the management plane, such as logging a full TCP stack dump on a failure, executing a specific F5 iApps Template to reconfigure application network service settings, or adjusting the weighting of application services based on a change in health-monitoring data.

iCall can be used to periodically manage backups or repopulate DNS. Additionally, perpetual services such as configuration audits can be managed simply using iCall.

Management Plane

A key benefit of an SDN and a cloud computing architecture is increased efficiency. Whether judged by a measure of virtual machine density, the ratio of administrators to virtual machines, or the time required to move an application to production, efficiency is a goal of next-generation data center networks.

One way of enabling organizations to achieve higher efficiency, particularly as measured by an application's time to market, is to automate and orchestrate as many operational tasks and processes as possible. An August 2012 survey1 conducted on behalf of Redwood Software found that 63 percent of enterprises that have implemented cloud solutions report an improvement in agility for supporting the needs of the business. The same survey found that 79 percent of enterprises implementing process automation experienced time savings, while 69 percent claimed improved productivity.

F5 iControl

The management plane of the BIG-IP platform offers a comprehensive management API, F5 iControl, enabling integration with data center management frameworks and stacks such as VMware vCloud Director, Puppet, Chef, OpenStack, and solutions from HP, IBM, and Microsoft. As an open, standards-based API, iControl can be used by customers to automate or interconnect with custom systems and scripts.

iControl also supports an event-based model, allowing applications and frameworks to subscribe to BIG-IP system events such as the change in status from up to down for a given application node. iControl is fully documented and supported by the F5 DevCentral™ community, with over 100,000 active members discussing, contributing to, and documenting the API. A variety of language-specific libraries and assemblies are freely available on DevCentral to assist with development efforts.

iApps

F5 iApps Templates are customizable operational templates that enable simplified and automatic configuration of application network services across BIG-IP systems. These executable templates encapsulate all the necessary configuration of objects required by an application deployment to ensure availability, security, and optimization of the application.

iApps Templates are an integral component of BIG-IP application lifecycle management solutions. The iApps technology supports multi-tenancy and role-based access to eliminate traditional barriers in the data center that impede time-to-market for applications and services. iApps enhances visibility for operations and application owners by providing deep insight into the performance and health of all components comprising an application deployment. This visibility enables the collection of statistics, which can be used to determine specific thresholds that generate the events iCall executes against.

iApps Templates, like iControl, are also community distributed and supported by F5 DevCentral.

Data Plane

A key differentiation between F5 and current SDN solutions is the ability to programmatically modify traffic crossing the data plane. This capability is critical to maintaining agility with respect to security and to addressing application- specific requirements such as persistence and application layer routing. Zero-day application layer exploits, for example, can quickly be mitigated programmatically by a system capable of not only inspecting but modifying traffic crossing the data plane. Similarly, scaling stateful systems like virtual desktop infrastructures (VDI) and enterprise-class applications often requires persistence (also known as sticky sessions or affinity) that can only be enabled by inspecting and often modifying application-layer requests and responses.

The F5 iRules scripting language enables this breadth and depth of interaction with any IP-based data crossing the data plane.

iRules

Based on Tcl, iRules is the F5 data plane scripting language that enables a broad range of functionality to be programmatically inserted into the network. F5 customers routinely implement security mitigation rules, support new protocols, and fix application-related errors in real time using iRules. The iRules language is powerful and flexible, supporting parameterization that encourages reuse across applications. This capability allows for the rapid development of solutions that can be deployed across multiple applications with confidence.

Like iCall, iRules can be executed in response to an event in the data plane. Unlike iCall, iRules can also be triggered based on content or a specific command execution. iRules is the most mature, robust programmable rules engine available for programming the network without requiring additional point solutions or external frameworks.

iRules is fully supported by DevCentral, with both F5 and community- developed iRules available encompassing a broad range of application and network functionality.

Conclusion

Programmability in the network has long been cited as the means to offer the extensibility and agility necessary for data center networks to support the increasingly dynamic requirements of modern applications and business stakeholders. No single programmatic approach alone is enough to satisfy these requirements. Agility requires programmability not only of the system via APIs, but of the system itself and, more importantly, the data flowing through the system on the data plane.

A comprehensive approach to programmability in the network is necessary to enable operations to truly react on demand to operational and business events and opportunities. The F5 portfolio of products delivering network programmability equips organizations to automate and orchestrate for efficiency gains while also providing access to the data and control planes. As a result, organizations can achieve unprecedented levels of agility and extensibility.

Automating also requires discovering and streamlining the operational processes used to manage the deployment lifecycle. This management improvement can result in the elimination of significant operational bottlenecks to increase the efficiency of operations and reduce deployment times. Such improvements enable operations to realize cost reductions in administrative overhead and mitigate a potential source of downtime by eliminating manual, error-prone processes.

With iCall, iRules, iApps, and iControl, organizations can ensure that operations are agile, no matter how they define and measure agility.