At QCon, Anna Berenberg, an engineering fellow at Google Cloud, discussed One Network, a cloud-agnostic networking architecture designed to unify and simplify the increasingly complex world of interconnected systems.
One Network provides a service- and policy-oriented framework that bridges the gaps between public and private clouds, diverse runtimes, and varying traffic patterns. It responds to the challenges posed by Google Cloud’s organically evolved network infrastructure, which spans more than 300 products. Over the years, this growth led to a fragmented system where different environments—ranging from Kubernetes and serverless to VM-based runtimes—often operated under disparate policies and lacked seamless interoperability. This fragmentation resulted in slower development velocity and increased operational complexity for developers and enterprises.
To address these issues, Google Cloud embarked on a multi-year journey to create One Network. This architecture unifies network paths, control planes, and data planes under a cohesive framework. One Network ensures consistency across environments by leveraging open-source technologies such as Envoy proxies and xDS APIs. The initiative is designed to enforce uniform security and operational policies while integrating seamlessly with third-party traffic management and security tools.
Central to One Network is its reliance on foundational open-source technologies. Envoy, a sidecar proxy developed by Lyft and widely adopted in the industry, plays a critical role as the data plane for this architecture. Combined with Google’s Traffic Director control plane, these components manage traffic distribution, enforce policies, and optimize server capacity across global deployments. This setup simplifies operations and ensures secure-by-default application deployments, a critical requirement in today’s threat-laden digital landscape.
Berenberg emphasized that One Network enables developers to view applications as service endpoints, eliminating the need for extensive refactoring while applying uniform policies. This approach extends across Google’s diverse runtime environments, including VMs, containers, and serverless platforms, ensuring that policies are consistent regardless of where applications are deployed. This unification allows centralized policy creation and enforcement, which the Traffic Director disseminates efficiently to the appropriate endpoints.
The project’s open architecture is a key differentiator, enabling third-party integrations via a flexible extension system. Developers can use WebAssembly (WASM) for customizations, such as advanced policies, security configurations, and observability enhancements. This extensibility empowers organizations to tailor One Network to their unique requirements while aligning with industry standards.
Lastly, Berenberg stated that while One Network has already transformed much of Google Cloud’s infrastructure, its journey is far from over. Upcoming enhancements include support for mobile devices, federation across control planes, and expanded SaaS integration.