Evolved on-prem networking with Netris

Network engineers, even those that have adopted a developer mentality, often struggle with getting to that next evolution of self-service in on-premises data centers. We have automation set up to deploy network services like VLANs and VRFs, our code is version controlled, we have integrations with ServiceNow, and even some ChatOps to boot. Yet tickets still hit the queue from application developers trying to deploy apps in the data center, and network engineers are still involved with creating subnets, providing segmented isolation, trunking VLANs to servers, assigning IP addresses, the list goes on. On top of that, it takes a while to get the app owner what they need.

In the Cloud, you don’t need to know anything about the underlying infrastructure. App developers can fire up a VPC, spin up instances on subnets to their hearts desire, and be up and running in no time. The fundamental network constructs are so abstracted that what used to take weeks to deploy takes seconds, and anyone who can microwave a burrito can figure it out.

However, for on-premises data centers, self-service networking is nowhere near as capable as the cloud. App owners might need to know where their app is physically being deployed, which networks to use, what VLANs need to be trunked to what servers, and so on.  There isn’t really cloud-like user experience for on-prem data centers today. This is one of the primary problems Netris is trying to solve.

Netris recently presented at Networking Field Day 28, showcasing a cloud-like interface for your on-prem data center. In this interface, you can deploy a Virtual Private Cloud (VPC) networks with subnets and all, just like you do in AWS, in seconds. Behind the scenes, your infrastructure is running Netris agents that communicate with a controller using gRPC to build the topology and capabilities necessary to automate your data center network much like a cloud. Network constructs like switching, routing, firewall, load-balancing become services within the Netris UI.

The whole platform is built on Kubernetes (k8s) and leverages open source software like Free Range Routing (FRR), Nftables, and other common Linux packages for robust capabilities. SmartNIC and Data Plane Development Kit (DPDK) are leveraged to achieve performance and network functionality on par with proprietary and specialized hardware – turning normal linux servers into powerful, feature-rich nodes. Netris has packaged all of this into a network gateway called SoftGate that is your highly available, horizontally scalable, cloud-like gateway for your on-prem private data center.

A cloud-like user experience is achieved by the NetOps model Netris has built around Kubernetes. Grabbing an external IP address, handling NAT, building load-balancing rules, creating Access Control Lists, and much more is handled in the back-end by things like Kubernetes custom resource definitions (CDR), which are easily configurable within the Netris Operator via YAML. What this means is that when a user deploys an application, they no longer have to worry about the physical network since that is taken care of automatically, as well as the common logical routing and security constructs necessary to operate the application.

Take a look at the screenshots below – a dashboard similar to the one you’d see when logging into the AWS, Azure, or GCP console. It’s clean. And creating a VPC/VNET is just as simple as other familiar cloud-native interfaces. This is exactly what Netris is after and it’s super interesting.

Another thing like about this solution is the fact you can use cloud-management tools like Kubernetes, Terraform, and Ansible to manage your infrastructure. The Terraform provider is available and well-documented, providing a similar Infrastructure-as-Code experience on-prem much as you do in the cloud.

This is such a daunting endeavor that I’m just blown away that Netris has come this far and is building something entirely unique in the network space. Alex Saroyan proclaimed in his presentation, “DevOps doesn’t need an API — they need VPC-type networking for on-prem.” He might be right!

Make sure to check out the presentations here:

I’ll be keeping any eye on them, and you should too.

David Varnum


You may also like...

3 Responses

  1. Raj says:

    Hi Dave,

    Excellent information and write-up as always, keep up the good work!


  2. Hayk says:

    Why would a k8s admin ever want to configure VLANs/VRFs? This makes no sense.

    • David Varnum says:

      Hi Hayk – The issue here isn’t with the k8s admin – it’s with the end-user experience. K8s alone doesn’t provide a cloud-like UI with abstractions to deploy VPCs and other familiar concepts leveraging network infrastructure and architecture common to on-prem data center fabrics.

Leave a Reply

%d bloggers like this: