Wireless Access

Reply
ckd
New Contributor

vmware controller?

Hello,

are there any plans about a virtual controller using an existing vmware environment?
With all functions nothing like iAP with limited functions.

Regards

CKD

Re: vmware controller?

At the moment there is nothing like that.  I would definately like to see it though.  Not necessarily to terminate real APs, but more to test command syntax for pasting in a page of new config, or testing an upgrade for a customer.....that sort of thing.  sounds like a feature request though.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Re: vmware controller?

There's certainly not anything on the horizon, where we're looking at a Virtual Controller to terminate APs. It's just not tenable to look at the virtualized platform as having enough CPU/processing power to act as a controller to terminate APs, do the WIDS and security, etc. The AOS requires customized processors to handle those tasks. 

Jerrod Howard
Sr. Techical Marketing Engineer
Frequent Contributor II

Re: vmware controller?

I was really surpised to read this.  Isn't processor speed and memory are often the limitations of the platform hosting the VMs, not the fact that it is a VM itself?  Can't some blade systems house 3TB of RAM on a single blade?  Multiple sockets with multiple cores on each blade?  With regard to requiring specialist processors I was also surprised to hear this, I was under the impression custom/ merchant silicon was used in the APs of course, but isn't the contoller run off standard x64 architectures - and even if it wasn't why can't it be?  The speed and quality of modern day processors is so good now I was really shocked that this was not the case.  Also given the modern trends towards virtualisation I am quite worried there are no plans for virtual options given trends in NFV and SDN.  I'd like to know where the innovation is going here - this concerns me, greatly.  Aren't other vendors are manufactring virtual controllers?  Is aruba sticking with the buy another box approach?  If Cisco can bring out a software router in the CSR1000v , I am amazed Aruba do not even have plans for a asoftware based controller!  I did not even think manufacturers had an option to think like this anymore!  Couldn't AOS be rewritten to support x64?  Or will other vendors start supporting software based controllers with migration strategies supporting Aruba APs?

Guru Elite

Re: vmware controller?

It would take an incredibly robust virtual infrastructure to handle what goes on in an Aruba controller that terminates user traffic. Deep packet inspection is the biggest one. It is cheaper to buy a controller than to build the processing power in a virtual environment.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: vmware controller?

ArubaOS is built on the MIPS64 platform, it takes quite some effort to port it to x86...

 

They can probably port it to x86, but then they will probably need to drop support for termination of crypto on the controller. Currently the default forward-mode is "tunnel", meaning termination of crypto on the controller. The controllers use hardware-based crypto acceleration to handle this. On a VM-based controller this performance will probably be poor, thus the default forward-mode should be "decrypt-tunnel" for this controller, terminating all of the crypto on the AP itself.

 

Furthermore, the Aruba controllers also have a lot of features for hardware-offloading for the stateful firewall.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Super Contributor I

Re: vmware controller?

 

I was really surpised to read this.  Isn't processor speed and memory are often the limitations of the platform hosting the VMs, not the fact that it is a VM itself?  Can't some blade systems house 3TB of RAM on a single blade?  Multiple sockets with multiple cores on each blade?

 

Looking at some debug from my 7200, it has 32 MIPS cores running.  You'd have to have quite the blade system to be able to run the equivalent generic CPU capacity and also run something else, especially given that the controller is doing things that are very highly latency sensitive.

 

 With regard to requiring specialist processors I was also surprised to hear this, I was under the impression custom/ merchant silicon was used in the APs of course, but isn't the contoller run off standard x64 architectures - and even if it wasn't why can't it be?  The speed and quality of modern day processors is so good now I was really shocked that this was not the case.

 

Whenever technology evolves to produce better General purpose CPUs, it also evolves application-specific circuits, so there will always be application-specific circuits better than general purpose CPUs at some tasks.  There is so much unmet feature demand in the network space that vendors will always reach to the superior capabilities of network-specialized silicon to get ahead of the competition and provide these features.

 

Also given the modern trends towards virtualisation I am quite worried there are no plans for virtual options given trends in NFV and SDN.  

 

My personal opinion is that SDN is a pipe dream until the SDN people start to adequately enumerate the capabilities of the ASICs in network equipment.  No system can make intellegent decisions about capacity planning if it doesn't know the capacity of CAMs, crypto modules, flow processors,. and other details, and I've seen no indication that SDN will ever be aware of these details.  Right now they have essentially implemented a glorified GVRP that can do QoS too, so long as you don't actually utilize more than a small percent of the logic capacity of the underlying network or are running a homogenous network plant.  Any mixing of vendors or attempts to truly tap the forwarding plane's abilities will fail because SDN does not actually have a handle on what those abilities are

 

The presence of the OPNVF initiative highlights the challenges in the VM area.  The whole initiative exists because people were trying to run services on VMs that were not capable of meeting even the low-level latency demands of some of the lighter forwarding plane tasks, and of course failing miserably at it.

.

I'd like to know where the innovation is going here - this concerns me, greatly.  Aren't other vendors are manufactring virtual controllers?  

 

Every one I have seen has been for a lab-level client quantity, nothing approaching a real campus, and usually has many features disabled.

 

Is aruba sticking with the buy another box approach?  If Cisco can bring out a software router in the CSR1000v

 

In addition to offering these, CISCO continues to employ flow processors and other network-specialized hardware in their current and roadmapped products.  So does just about every vendor out there, even some of the smaller ones.  We're not a huge campus and all of our firewall, IPS, and packet shaper devices have custom silicon in them.  It will always be faster and being faster, will always enable more features to be implemented than general purpose CPU.  SDN needs to catch up to custom silicon, not the other way around.

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: