Since it acquired open-source software developer Isovalent in January 2024, Cisco has been busy integrating its technology into some core products. In particular, Cisco has elevated the use of Isovalent’s core container communications technology, Kubernetes-native networking and security platform eBPF (extended Berkeley Packet Filter).
eBPF is an open-source Linux operating-system kernel technology that lets programs run securely in a sandbox within the kernel of the OS. This allows customers to incorporate security, observability and networking features quickly and easily without requiring them to modify kernel source code or deal with network overlays or other tedious programming tasks. The technology’s open-source development occurs under the Cloud Native Computing Foundation (CNCF) and includes industry input and support from Google, Microsoft, Red Hat, Intel and others.
Isovalent’s technology is being leveraged in a variety of different ways, and it plays a key role in Cisco’s strategy of developing programmable, AI-augmented, cloud-native technologies for enterprise customers, said Thomas Graf, co-founder and CTO of Isovalent at Cisco.
Most recently, at the Cisco Live customer event, Cisco released the Isovalent Load Balancer for customers looking to better manage and control workloads being shared across multiple backend servers.
Isovalent Load Balancer can run in any virtualized environment as well as natively in Kubernetes environments, including OpenShift. It can distribute ingress traffic across multiple backends, enabling health-checking, self-healing, and other configurable traffic-load-balancing patterns, according to Graf.
The package works by load balancing based on IP address, TCP/UDP ports, HTTP headers, cookies, or URLs. It ensures high application availability by enabling traffic to flow, even if communications are lost with a backend server, by distributing the traffic to other servers as per the defined load-balancing algorithm, Graf said.
The customer deploys the Isovalent Load Balancer control plane via automation and configures the desired number of virtual load-balancer appliances, Graf said. “The control plane automatically deploys virtual load-balancing appliances via the virtualization or Kubernetes platform. The load-balancing layer is self-healing and supports auto-scaling, which means that I can replace unhealthy instances and scale out as needed. The load balancer supports powerful L3-L7 load balancing with enterprise capabilities,” he said.
Depending on the infrastructure the load balancer is deployed into, the operator will deploy the load balancer using familiar deployment methods. In a data center, this will be done using a standard virtualization automation installation such as Terraform or Ansible. In the public cloud, the load balancer is deployed as a public cloud service. In Kubernetes and OpenShift, the load balancer is deployed as a Kubernetes Deployment/Operator, Graf said.
“In the future, the Isovalent Load Balancer will also be able to run on top of Cisco Nexus smart switches,” Graf said. “This means that the Isovalent Load Balancer can run in any environment, from data center, public cloud, to Kubernetes while providing a consistent load-balancing layer with a frictionless cloud-native developer experience.”
Cisco has announced a variety of smart switches over the past couple of months on the vendor’s 4.8T capacity Silicon One chip. But the N9300, where Isovalent would run, includes a built-in programmable data processing unit (DPU) from AMD to offload complex data processing work and free up the switches for AI and large workload processing.
For customers, the Isovalent Load Balancer provides consistent load balancing across infrastructure while being aligned with Kubernetes as the future for infrastructure. “A single load-balancing solution that can run in the data center, in public cloud, and modern Kubernetes environments. This removes operational complexity, lowers cost, while modernizing the load-balancing infrastructure in preparation for cloud native and AI,” Graf said.
In addition, it’s aligned with modern application development principles. “It removes ‘ticket ops’ style load-balancing configuration where application teams have to file tickets to get a load-balancing service. Instead, it allows application teams to leverage modern CI/CD deployment practices and accelerates deployment and time to market for new applications,” Graf said.
The package can also be targeted at those customers looking to move on from VMware.
“Load balancing is a crucial requirement for customers that are looking to shift their virtualization stack to a new virtualization platform. For example, from VMware to Nutanix or from VMware to OpenShift virtualization,” Graf said.
Beyond load balancing
In addition to the load balancer, Isovalent’s technology is being used in a variety of other capacities within the Cisco portfolio. For example, also at Cisco Live, the vendor announced a real-time, live patching system that applies security controls at the kernel level to defend against newly spotted CVEs without requiring switch or router reboots. The Cisco Live Protect feature bring a significant improvement to the reliability of switching infrastructure, Graf said.
“Customers no longer have to apply software patches and restart switches in order to address new security vulnerabilities. Instead a compensating control is deployed without requiring a restart of the switch. This capability is coming to Cisco Nexus switches first and is then expanded onto more and more Cisco device categories,” Graf said.
Isovalent’s technology is also part of Cisco’s Hypershield platform, which supports automated microsegmentation, distributed exploit protection and zone-firewalling based on smart switches all controlled using a single control plane that can span infrastructure from data center, cloud, to modern Kubernetes environments, Graf said.
In addition, Isovalent’s eBPF technology will become a highly efficient and optimized data collection mechanism for Cisco’s Splunk, providing customers with better control of what data is being fed into Splunk.
“eBPF’s capabilities allow for the ideal combination of deeper observability while providing better aggregation and summarization leading to a much-improved signal to noise ratio. Less data in Splunk but with an increased information density,” Graf said.
Source:: Network World