Muutke küpsiste eelistusi

Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services [Pehme köide]

3.67/5 (6 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 230x180x15 mm, kaal: 480 g
  • Ilmumisaeg: 09-Mar-2020
  • Kirjastus: Addison Wesley
  • ISBN-10: 013662409X
  • ISBN-13: 9780136624097
Teised raamatud teemal:
Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage ServicesSuurem pilt
  • Formaat: Paperback / softback, 272 pages, kõrgus x laius x paksus: 230x180x15 mm, kaal: 480 g
  • Ilmumisaeg: 09-Mar-2020
  • Kirjastus: Addison Wesley
  • ISBN-10: 013662409X
  • ISBN-13: 9780136624097
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780136624097.html
Märksõnad:
Prepare for the future of cloud infrastructure: Distributed Services Platforms

By moving service modules closer to applications, Distributed Services (DS) Platforms will future-proof cloud architecturesimproving performance, responsiveness, observability, and troubleshooting. Network pioneer Silvano Gai demonstrates DS Platforms remarkable capabilities and guides you through implementing them in diverse hardware.

Focusing on business benefits throughout, Gai shows how to provide essential shared services such as segment routing, NAT, firewall, micro-segmentation, load balancing, SSL/TLS termination, VPNs, RDMA, and storageincluding storage compression and encryption. He also compares three leading hardware-based approachesSea of Processors, FPGAs, and ASICspreparing you to evaluate solutions, ask the right questions, and plan strategies for your environment.





Understand the business drivers behind DS Platforms, and the value they offer See how modern network design and virtualization create a foundation for DS Platforms Achieve unprecedented scale through domain-specific hardware, standardized functionalities, and granular distribution Compare advantages and disadvantages of each leading hardware approach to DS Platforms Learn how P4 Domain-Specific Language and architecture enable high-performance, low-power ASICs that are data-plane-programmable at runtime Distribute cloud security services, including firewalls, encryption, key management, and VPNs Implement distributed storage and RDMA services in large-scale cloud networks Utilize Distributed Services Cards to offload networking processing from host CPUs Explore the newest DS Platform management architectures



Building a Future-Proof Cloud Architecture is for network, cloud, application, and storage engineers, security experts, and every technology professional who wants to succeed with tomorrows most advanced service architectures.
Preface xix
Chapter 1 Introduction to Distributed Platforms 2(8)
1.1 The Need for a Distributed Services Platform
3(1)
1.2 The Precious CPU Cycles
4(1)
1.3 The Case for Domain-Specific Hardware
4(1)
1.4 Using Appliances
5(1)
1.5 Attempts at Defining a Distributed Services Platform
6(1)
1.6 Requirements for a Distributed Services Platform
7(2)
1.7 Summary
9(1)
Chapter 2 Network Design 10(24)
2.1 Bridging and Routing
11(3)
2.1.1 L2 Forwarding
12(1)
2.1.2 L3 Forwarding
12(1)
2.1.3 LPM Forwarding in Hardware
13(1)
2.1.4 VRF
14(1)
2.2 Clos Topology
14(2)
2.3 Overlays
16(6)
2.3.1 IP in IP
18(1)
2.3.2 GRE
18(1)
2.3.3 Modern Encapsulations
19(1)
2.3.4 VXLAN
19(3)
2.3.5 MTU Considerations
22(1)
2.4 Secure Tunnels
22(1)
2.5 Where to Terminate the Encapsulation
23(1)
2.6 Segment Routing
23(2)
2.7 Using Discrete Appliance for Services
25(2)
2.7.1 Tromboning with VXLAN
25(1)
2.7.2 Tromboning with VRF
26(1)
2.7.3 Hybrid Tromboning
27(1)
2.8 Cache-Based Forwarding
27(2)
2.9 Generic Forwarding Table
29(1)
2.10 Summary
30(1)
2.11 Bibliography
30(4)
Chapter 3 Virtualization 34(28)
3.1 Virtualization and Clouds
35(2)
3.2 Virtual Machines and Hypervisors
37(10)
3.2.1 VMware ESXi
40(1)
3.2.2 Hyper-V
41(2)
3.2.3 QEMU
43(1)
3.2.4 KVM
43(3)
3.2.5 XEN
46(1)
3.3 Containers
47(5)
3.3.1 Docker and Friends
48(1)
3.3.2 Kata Containers
49(1)
3.3.3 Container Network Interface
49(1)
3.3.4 Kubernetes
50(2)
3.4 The Microservice Architecture
52(3)
3.4.1 REST API
54(1)
3.4.2 gRPC
54(1)
3.5 OpenStack
55(2)
3.6 NFV
57(1)
3.7 Summary
58(1)
3.8 Bibliography
58(4)
Chapter 4 Network Virtualization Services 62(22)
4.1 Introduction to Networking Services
62(1)
4.2 Software-Defined Networking
63(6)
4.2.1 OpenFlow
64(2)
4.2.2 SD-WAN
66(1)
4.2.3 gRIBI
67(1)
4.2.4 Data Plane Development Kit (DPDK)
68(1)
4.3 Virtual Switches
69(10)
4.3.1 Open vSwitch (OVS)
70(3)
4.3.2 tc-flower
73(1)
4.3.3 DPDK RTE Flow Filtering
74(1)
4.3.4 VPP (Vector Packet Processing)
75(1)
4.3.5 BPF and eBPF
76(1)
4.3.6 XDP
76(2)
4.3.7 Summary on Virtual Switches
78(1)
4.4 Stateful NAT
79(1)
4.5 Load Balancing
79(1)
4.6 Troubleshooting and Telemetry
80(2)
4.7 Summary
82(1)
4.8 Bibliography
82(2)
Chapter 5 Security Services 84(16)
5.1 Distributed Firewalls
85(1)
5.2 Microsegmentation
86(1)
5.3 TLS Everywhere
87(2)
5.4 Symmetric Encryption
89(1)
5.5 Asymmetric Encryption
89(1)
5.6 Digital Certificates
90(1)
5.7 Hashing
90(1)
5.8 Secure Key Storage
90(1)
5.9 PUF
91(1)
5.10 TCP/TLS/HTTP Implementation
91(1)
5.11 Secure Tunnels
92(2)
5.11.1 IPsec
92(1)
5.11.2 TLS
93(1)
5.11.3 DTLS
94(1)
5.12 VPNs
94(3)
5.13 Secure Boot
97(1)
5.14 Summary
97(1)
5.15 Bibliography
98(2)
Chapter 6 Distributed Storage and RDMA Services 100(30)
6.1 RDMA and RoCE
103(16)
6.1.1 RDMA Architecture Overview
106(2)
6.1.2 RDMA Transport Services
108(1)
6.1.3 RDMA Operations
108(1)
6.1.4 RDMA Scalability
109(1)
6.1.5 RoCE
109(1)
6.1.6 RoCE vs iWARP
110(1)
6.1.7 RDMA Deployments
110(2)
6.1.8 RoCEv2 and Lossy Networks
112(5)
6.1.9 Continued Evolution of RDMA
117(2)
6.2 Storage
119(9)
6.2.1 The Advent of SSDs
119(1)
6.2.2 NVMe over Fabrics
120(1)
6.2.3 Data Plane Model of Storage Protocols
120(2)
6.2.4 Remote Storage Meets Virtualization
122(2)
6.2.5 Distributed Storages Services
124(1)
6.2.6 Storage Security
125(1)
6.2.7 Storage Efficiency
125(1)
6.2.8 Storage Reliability
126(1)
6.2.9 Offloading and Distributing Storage Services
126(1)
6.2.10 Persistent Memory as a New Storage Tier
127(1)
6.3 Summary
128(1)
6.4 Bibliography
128(2)
Chapter 7 CPUs and Domain-Specific Hardware 130(12)
7.1 42 Years of Microprocessor Trend Data
131(1)
7.2 Moore's Law
132(2)
7.3 Dennard Scaling
134(1)
7.4 Amdahl's Law
135(1)
7.5 Other Technical Factors
136(1)
7.6 Putting It All Together
137(1)
7.7 Is Moore's Law Dead or Not?
138(1)
7.8 Domain-specific Hardware
139(1)
7.9 Economics of the Server
139(1)
7.10 Summary
140(1)
7.11 Bibliography
140(2)
Chapter 8 NIC Evolution 142(14)
8.1 Understanding Server Buses
143(1)
8.2 Comparing NIC Form Factors
144(5)
8.2.1 PCI Plugin Cards
144(2)
8.2.2 Proprietary Mezzanine Cards
146(1)
8.2.3 OCP Mezzanine Cards
147(1)
8.2.4 Lan On Motherboard
148(1)
8.3 Looking at the NIC Evolution
149(3)
8.4 Using Single Root Input/Output Virtualization
152(1)
8.5 Using Virtual I/O
153(1)
8.6 Defining "SmartNIC"
154(1)
8.7 Summary
155(1)
8.8 Bibliography
155(1)
Chapter 9 Implementing a DS Platform 156(18)
9.1 Analyzing the Goals for a Distributed Services Platform
157(4)
9.1.1 Services Everywhere
157(1)
9.1.2 Scaling
157(1)
9.1.3 Speed
158(1)
9.1.4 Low Latency
158(1)
9.1.5 Low Jitter
158(1)
9.1.6 Minimal CPU Load
159(1)
9.1.7 Observability and Troubleshooting Capability
159(1)
9.1.8 Manageability
160(1)
9.1.9 Host Mode versus Network Mode
160(1)
9.1.10 PCIe Firewall
161(1)
9.2 Understanding Constraints
161(2)
9.2.1 Virtualized versus Bare-metal Servers
161(1)
9.2.2 Greenfield versus Brownfield Deployment
162(1)
9.2.3 The Drivers
162(1)
9.2.4 PCIe-only Services
162(1)
9.2.5 Power Budget
163(1)
9.3 Determining the Target User
163(1)
9.3.1 Enterprise Data Centers
163(1)
9.3.2 Cloud Providers and Service Providers
164(1)
9.4 Understanding DSN Implementations
164(8)
9.4.1 DSN in Software
164(2)
9.4.2 DSN Adapter
166(2)
9.4.3 DSN Bump-in-the-Wire
168(1)
9.4.4 DSN in Switch
169(2)
9.4.5 DSNs in an Appliance
171(1)
9.5 Summary
172(1)
9.6 Bibliography
173(1)
Chapter 10 DSN Hardware Architectures 174(16)
10.1 The Main Building Blocks of a DSN
174(2)
10.2 Identifying the Silicon Sweet Spot
176(2)
10.2.1 The 16 nm Process
177(1)
10.2.2 The 7 nm Process
178(1)
10.3 Choosing an Architecture
178(1)
10.4 Having a Sea of CPU Cores
179(2)
10.5 Understanding Field-Programmable Gate Arrays
181(2)
10.6 Using Application-Specific Integrated Circuits
183(1)
10.7 Determining DSN Power Consumption
184(1)
10.8 Determining Memory Needs
185(2)
10.8.1 Host Memory
185(1)
10.8.2 External DRAM
186(1)
10.8.3 On-chip DRAM
186(1)
10.8.4 Memory Bandwidth Requirements
186(1)
10.9 Summary
187(1)
10.10 Bibliography
187(3)
Chapter 11 The P4 Domain-Specific Language 190(14)
11.1 P4 Version 16
192(1)
11.2 Using the P4 Language
193(1)
11.3 Getting to Know the Portable Switch Architecture
194(1)
11.4 Looking at a P4 Example
195(4)
11.5 Implementing the P4Runtime API
199(2)
11.6 Understanding the P4 INT
201(1)
11.7 Extending P4
201(1)
11.7.1 Portable NIC Architecture
201(1)
11.7.2 Language Composability
201(1)
11.7.3 Better Programming and Development Tools
202(1)
11.8 Summary
202(1)
11.9 Bibliography
203(1)
Chapter 12 Management Architectures for DS Platforms 204(26)
12.1 Architectural Traits of a Management Control Plane
205(1)
12.2 Declarative Configuration
206(1)
12.3 Building a Distributed Control Plane as a Cloud-Native Application
207(2)
12.4 Monitoring and Troubleshooting
209(1)
12.5 Securing the Management Control Plane
210(1)
12.6 Ease of Deployment
211(1)
12.7 Performance and Scale
212(2)
12.8 Failure Handling
214(1)
12.9 API Architecture
215(3)
12.10 Federation
218(5)
12.10.1 Scaling a Single SDSP
219(1)
12.10.2 Distributed Multiple SDSPs
220(1)
12.10.3 Federation of Multiple SDSPs
220(3)
12.11 Scale and Performance Testing
223(4)
12.12 Summary
227(1)
12.13 Bibliography
227(3)
Index 230
Silvano Gai, who grew up in a small village near Asti, Italy, has more than 35 years of experience in computer engineering and computer networks. He is the author of several books and technical publications on computer networking as well as multiple Internet Drafts and RFCs. He is responsible for 50 issued patents. His background includes seven years as a full professor of Computer Engineering, tenure track, at Politecnico di Torino, Italy, and seven years as a researcher at the CNR (Italian National Council for Scientific Research). For the past 20 years, he has been in Silicon Valley where, in the position of Cisco Fellow, he was an architect of the Cisco Catalyst family of network switches, of the Cisco MDS family of storage networking switches, of the Nexus family of data center switches, and the Cisco Unified Computing System (UCS). Silvano is currently a Fellow with Pensando Systems.