By John Jason Brzozowski, Mark Brittingham, Chris Luke & Zheng Yin, Comcast
The term “cloud” is practically a household word today. References to “cloud” have matured, in a relatively short period of time, from what was an abstract concept, to infrastructure and resources used widely by consumers. Adoption of cloud infrastructure has obviously surpassed the specialized usage by large enterprise or service provider adopters. While the use of the cloud has evolved, how adopters access and utilize it has remained largely unchanged. In fact, one could argue that classic, aging networking techniques remain pervasively used today to gain access to third party cloud (TPC) resources and infrastructure. The aggressive adoption of cloud technologies seems to be pushing the limits of traditional techniques, not to mention the associated business and cost models.
The approach described in this paper is one that has been developed to modernize how cloud adopters connect to and utilize modern TPC infrastructures. The objective of this approach, which we call the Cloud Overlay (and hereafter referenced as “CLOVER”), is to marry automation, modern networking techniques, and existing, well-known protocols to help maximize how applications and services are securely deployed to third party clouds. Further, many of the techniques outlined in this paper can be extended and utilized within an enterprise or service provider network to enhance how internal users leverage their own private clouds.
CLOVER sets out to leverage more deliberately the concepts of overlay and underlay networking to provide seamless connectivity to cloud resources that are both on and off network. Today, the line is blurred, perhaps even non-existent, between the concepts of overlay and underlay networking, mainly because they often follow the same layer 3 path. For clarification, an underlay is analogous to how atypical Virtual Private Network (VPN) functions, where the VPN connection is the underlay and the overlay includes corporate email or Intranet communications over the VPN. Further, for CLOVER it is essential to clearly and distinctly differentiate between a service or application interface, and a control interface for a host or collection of hosts that have been deployed into TPC provider infrastructure.