Back in June at a user conference in Orlando, Cisco Systems Inc. executives faced a roomful of media with a promise of frank answers in a wide-open Q&A session. A question arose about software defined networking: While every networking vendor, Cisco included, had trumpeted an SDN strategy, where were the enterprise users?
“I think the construct of software defined networking is a very appealing concept,” said Robert Lloyd, Cisco’s president of development and sales. “Very few customers aside from the large-scale Web and content providers are building around this construct today. But it’s an appealing construct if we can simplify.”
Given the promise of software defined networking – lightning-fast virtual network provisioning, centralized policy management, administration without touching individual switches – enterprises aren’t using it up to its potential, says Mark Tauschek, principal consulting analyst at Info-Tech Research Group.
“We’re in the nascent, early stages right now,” Tauschek said. While vendors are behind it to a man – “I can’t think of one off the top of my head who’s not getting in SDN in some way, shape or form,” Tauschek says — customers don’t know much about it, so they’re not asking for it. “And they’re not sure what to ask for,” Tauschek said.
Add to that the fact that the definition of SDN changes depending on whom you’re talking to, and you have a recipe for user confusion.
“We joke that if you go to any show in the industry and go to all 1,000 booths, you’ll get about 3,000 different answers about what SDN is,” said Randy Cross, director for infrastructure and fabric technologies with Avaya Networking.
Broadly, SDN is about separating the data plane – the lower level layers in the Open Systems Interconnection networking model – from the control plane that makes the decisions about where and how packets are sent. But there are two camps in the SDN market: an infrastructure-centric camp, which distributes centrally controlled intelligence throughout the network hardware, and a software-centric camp, which maintains all the necessary network intelligence can be abstracted into a software layer, leaving commodity, x86-based switches at the Layer 2 level to shift the packets.
At the extremes are Cisco’s application-centric infrastructure model and VMware Inc.’s network virtualization model. Most other networking vendors fall somewhere in between.
It’s all in the software
The concept of SDN grew out of work done at the University of California at Berkeley and Stanford University in 2008. A mechanism is needed for the control plane to communicate with the data plane, and OpenFlow was the protocol the universities devised, creating the Open Network Foundadtion to promote SDN and OpenFlow.
“SDN originally, when it was coined out of the ONF, was about having an OpenFlow controller that talked to OpenFlow-based switches and gave you the ability to control flow tables and so forth in the switches,” said Rod Stuhlmuller, director of product marketing for VMware’s network and security business group. But a couple of things happened. That control protocol wasn’t necessarily OpenFlow in the SDN model, so hardware vendors created proprietary protocols to talk to their hardware. And then there was “SDN-washing,” Stuhlmuller said; in much the same way existing products were repositioned to take advantage of the hype surrounding cloud computing, products that existed before SDN were being branded as SDN solutions.
“You’ve got people that say, ‘We’ve been using software to talk to our hardware forever, and that’s SDN, so we have SDN,’” Stuhlmuller said.
Stuhlmuller called VMware’s approach “completely different.” It’s analogous to server virtualization. Server virtualization creates a software container that, to an application, looks like a collection of hardware compute resources, memory, disk space, etc. Network virtualization creates a software container that, to a connected workload, looks, feels and acts like a physical network.
“But you’re not actually connected to the physical network, or the workload doesn’t believe it’s connected to the physical network,” Stuhlmuller said. “Ultimately, you use the physical network to move packets around, but the construct that the workload is connected to is a software container.”
The implication? A lot of traffic that would normally have to go north-south – from one device, through a switch, to a core router, back through another switch, to another device – can go east-west instead, directly from device to device on the same virtual switch.
With the Layer 3 routing logic pushed down to a virtual switch, the physical network becomes the equivalent of the backplane of a hardware switch, Stuhlmuller said.
That virtualization model is a threat to hardware-heavy networking models like Cisco’s, Tauschek said.
“There’s potential for commoditization of the physical hardware, the switches, where you’ll see inexpensive Asian manufacturers making high-capacity, high-density switches — both edge, top-of-rack or even core — that are basically dumb, Layer 2 devices that take all their policy and management information from an SDN controller,” Tauschek said. “If you have been listening to some of the things (Cisco CEO John) Chambers has been talking about, he’s really playing up the differentiation in Cisco’s hardware, proprietary or custom ASICs, custom silicon, for switching packets faster and more efficiently, and the idea that commodity processors aren’t really as well suited as the custom silicon that they’re using in their equipment.
“That’s a really a defensive stance on Cisco’s part.”
Those in the Cisco camp argue that rather than simply layering software over commodity hardware, integrating an overlay that unites virtual and physical networks through intelligent switches is a more effective approach.
“SDN done right integrates physical and virtual networks, and allows customers to deploy applications in a way that unifies the network, but also security policies and service policies,” said Kumar Reddy, senior manager of technical marketing engineering at Cisco. “That’s been very fragmented today. “
Cisco has a lot of industry backers in its corner. At the recent launch of new Nexus 9000 series data centre switches and an application policy infrastructure controller (APIC) appliance, Cisco claimed support from Microsoft, IBM, SAP, CA Technologies, Oracle and, ironically enough, VMware [NYSE: VMW], among others, as supporters of its ACI model.
“There’s a need for open interfaces and in our approach we’re providing multiple layers of open interfaces so that people can automate the setup, they can automate the control of the network through software,” Reddy said.
The integrated model is more effective when it comes to managing applications, he said.
“Let’s take in this case some sort of application deployment, Reddy said. “Having the integrated physical and virtual approach allows you to gather a lot more telemetry to know exactly what the application’s performance is at any point of the deployment of the IT infrastructure. You can see, for example, whether there are problems with latency or jitter or some characteristics that are going to cause application issues. Today it’s really, really hard to get to, and if you maintain separation of application and network, it remains hard to get to.”
Zeus Kerravala, principal analyst at ZK Research, said Cisco’s architecture makes sense. It will appeal most to organizations that want to automate the provisioning of IT services, he said. “This is Cisco’s larger data centre play,” he added, “their first step to their stated goal of becoming the No. 1 IT vendor.”
A lot of vendors tout SDN as a way of cutting the cost of buying network equipment. But, he added, networking gear generally is less than five per cent of data centre expenditure. On the other hand operations (people) are 40 per cent of the cost. Cisco [Nasadq: CSCO] , he believes, would argue the cost of its solution pays off in operational savings.
Avaya’s somewhere on the continuum between the two extremes, though closer to Cisco’s model, Cross said.
“We take a little different approach in what we’re building,” Cross said. “It’s not an observe-react, it’s more of a feedback loop. It’s true integration between application and infrastructure. So if the application sends certain messages, then the infrastructure can react, and if the infrastructure sends messages, the application can react, and you have more of a peered relationship rather than the application just being aware that it’s running on the infrastructure.”
And Cross said it’s unlikely IT shops will be running one model or the other exclusively. Taking a hard line one way or the other does a disservice to the technology.
“The federation capability really comes down to whose APIs are you willing to adopt and how are you willing to play in those environments, if you are able to be at the top level manager of managers or if you’re also willing to provide someone else the ability to drive direction through you,” Cross said. “So while our controller functionality can sit at the top and do everything itself, it can also sit in the middle.
“The infrastructure could literally become subservient to the software level. It just depends on what you want.”
It’s about the application
One thing all camps in the SDN market agree on is that it’s all about the application.
“There’s no denying that application-centricity is where all of the infrastructure is going,” Tauschek said. “It’s not just the network. That’s on your compute infrastructure, that’s on your storage infrastructure, it’s all about the applications.”
“Customers are trying to get at three things in terms of value,” said Reddy. “They’re trying to get more agility, they’re trying to drive to simplicity, and to do this in the context of lower cost of ownership or flat IT budgets. And the reason they need these attributes is because the overall IT environment is changing to one that’s much more application-centric.”
— With files from
Securing the healthcare enterprise
With data breaches making headlines far too often, healthcare executives need to re-think the dangers of today’s digital environment. Keeping one step ahead of attackers will require a combination of measures, including robust system defenses, analytics to spot intruders fast and the ability to react quickly whenever an intrusion occurs.