in

Cisco returns to load balancing market as it chases VMware refugees

Cisco returns to load balancing market as it chases VMware refugees

Cisco Live Cisco has returned to the load balancing market using open-source software proven at scale by both Google and Meta.

The networking giant quit load balancers in 2012 when it decided to stop work on its Application Control Engine load balancers. Its return is being handled by the team from Isovalent – the company behind the Cilium networking and security tool – which Cisco acquired in 2023.

Isovalent co-founder and CTO Thomas Graf, now a vice president in Cisco’s security business, said Cisco customers asked it to develop a load balancer that could run in Kubernetes containers, VMs, and on existing infrastructure. Plenty of those inquiries came from VMware customers who used its virtual load balancers and sought alternatives after Broadcom changed VMware licenses in ways that nearly always increased costs.

Cilium runs as a program in eBPF, an open-source tech derived from the extended Berkeley Packet Filter that effectively allows the creation of plugins to the Linux kernel. Graf told The Register that eBPF will also be central to the new project, which is being dubbed the Isovalent Load Balancer.

“eBPF can process ten million packets per second on a single Intel core,” Graf said, and that’s comfortable enough for most applications. The Isovalent team’s work in Cilium meant they already had experience building networking workloads on eBPF.

Cilium also used the eBPF-based Maglev load balancer that Google developed for its own use and later open-sourced. Meta, too, open-sourced a load balancer that used eBPF, and the team has incorporated some of that tech as well.

The result of those decisions is a load balancer using tech that both Google and Meta have proven can run at scale, and can now run in a Kubernetes environment, a VM, or a virtual appliance that runs alongside a cloudy VM.

Whatever packaging users choose to deploy, they can manage all instances of the load balancer centrally.

eBPF. It doesn’t stand for anything. But it might mean bank

Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet

Linux kernel’s eBPF feature put to unexpected new uses

CrowdStrike’s Blue Screen blunder: Could eBPF have saved the day?

Graf said Cisco intends to bring the software into networking hardware in two ways.

First, Cisco will take advantage of the fact that many networking devices run a custom Linux. If that cut of Linux supports eBPF – and the Linux in Cisco’s switches does – the load balancer will happily run there.

Second, Cisco will target switches that include data processing units, also known as smart NICs – network cards that include computing capacity so the devices can run networking and security workloads in isolation and relieve a CPU of some work.

Cisco will sell the Isovalent Load Balancer as a standalone product for now. Future releases will integrate with Cisco’s Cloud Operations control plane and Nexus dashboard.

Graf told The Register that over time he wants this tech to become “The Nexus of cloud-native” – which is to say a cloud-native equivalent of Cisco’s Nexus datacenter switches.

More eBPF at Cisco
The load balancer was not the only eBPF action at Cisco Live this week.

The company also introduced a tool called Live Protect that uses eBPF to reconfigure networks, so they implement “compensating controls” that protect against known vulnerabilities in software or hardware without having to install patches.

One example of a compensating control is a network microsegment – a virtual network used only for certain traffic and walled off from the wider network. When organizations know a vulnerability could mean attackers access their network, a microsegment would mean the intruder is trapped inside a controlled corner. The vulnerability remains present, but exploits will fail. And the user buys time to patch at a non-disruptive moment of their choosing.

Cisco president Jeetu Patel said organizations typically take 45 days to patch newly announced vulnerabilities, but crooks exploit them in three days. Live Protect means organizations can mitigate attacks while they prepare to patch and without needing to restart devices and endure the resulting service disruptions. Provided they’re running Nexus switches, of course. ®

Report

What do you think?

Newbie

Written by Mr Viral

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

65525

NASA to silence Voyager’s social media accounts

NASA to silence Voyager’s social media accounts

W. Africa Crude-Nigerian market finds support

W. Africa Crude-Nigerian market finds support