According to Gartner, client interest in cloud networking has increased dramatically (nearly 6X) in the past 12 months. It is been shown in their reports as below:
One of the reasons for this is that the native networking capabilities of public cloud providers are insufficient for some production enterprise workloads. Similarly, the virtual routers offered by established vendors don’t often meet requirements of cloud and DevOps teams, particularly around programmability, integration, or licensing. Further, the networking features and operational approaches vary widely across public cloud providers, which creates management challenges, particularly in multicloud deployments.
This market is heavily driven and influenced by non-networking teams. Over the past 6 months, Gartner analysts have received more calls from Enterprise Architecture/Technology Innovation teams on the topic of cloud networking than from IT Infrastructure & Operations. We believe this is a new market, emerging separate and distinct from data center networking/switching and routing/SDWAN.
Most established network and L4-7 appliance vendors offer virtual versions of their products that can be installed in multiple cloud environments, including on-premises and also within public cloud environments. These virtual routers are often used by clients for basic VPN connectivity from on-premises to a public cloud environment. When the clients try to extend these vRouters beyond basic VPN use cases to support broader networking requirements, they rarely meet their needs. Clients relate that they are not “cloudlike,” which is due to several factors including:
- Lack of cloud awareness/integration — The products aren’t aware of native cloud functionality, such as services, regions or availability zones. They reside in a public cloud environment but do not dynamically interact with surrounding services.
- Limited programmability — While there may be an API, the usability, support, documentation or functionality falls short of what cloud teams need from an automation/orchestration perspective.
- Licensing — The products’ costs, licensing models and/or commercial terms don’t align with cloud teams’ desire for low-friction access, variable and unpredictable consumption, or self-service.
- Limited experience — The vendors’ sales teams, channels, technical support teams and/or technical documentation lack reference customers and/or experience regarding usage in a true cloud environment.
- There are performance limitations such as bandwidth or throughput.
There are a bunch of vendors doing interesting and cool things in this space including Alkira, Arista, Arrcus, Aviatrix, Cisco, Isovalent, Prosimo, Tigera, VMware as well as multiple Open-source projects (Calico, Cilium). Few recommendations are as follows:
- Use a short-term planning horizon by signing contracts of 1-3 years in length (or using consumption-based options), as we expect the market to be dynamic with new entrants and a high level of innovation.
- Don’t forklift or replicate traditional data center networking strategies into the public cloud, as it will lead to integration and cost inefficiencies.
- Prefer the native capabilities of the cloud providers when starting out, and when there is a single-provider strategy.
- Invest in third-party cloud networking software when advanced networking features or consistency across clouds is critical.
- Prefer vendors that offer fully documented, public, open APIs, with a track record of reverse compatibility.
Their reports simplify that networking coolness is about solving customer’s challenges in new and innovative ways. They identified the cool vendors report profiles Infiot, Isovalent, Traefik Labs, and Valtix as below:
- Isovalent helps to improve the performance, visibility, security and scale of Kubernetes networking, by injecting security and logging capabilities directly into low levels of the Kubernetes stack. This is enabled by eBPF (a blog for another day…) which Isovalent is helping to drive.
- Infiot combines “thin-branch” SD-WAN and ZTNA to support multiple remote access scenarios, with a disruptive pricing model. The vendor has broad coverage for IoT, edge, branch and remote-first usage scenarios.
- Traefik Labs (Formerly known as Containous) combines several networking capabilities designed for cloud-native environments that customers would otherwise have to integrate from a varied set of open-source and/or commercial options (i.e., API management, ingress control and service mesh as a unified proxy).
- Valtix provides comprehensive network security for workloads in the public cloud (AWS, Google and Azure), including inbound/.outbound, east/west and as a reverse proxy for application protection).