Lippis Report 219: What Is Happening to Open Networking?
It was so simple; the separation of network hardware from software through a protocol called OpenFlow would open up the networking industry by injecting innovation into a vertically integrated industry. Specialized network hardware, called routers and switches, would give way to low cost white box alternatives, built in Asia, that were centrally controlled by software running on x86 commodity hardware. The networking industry would split into three parts: those that sold data forwarding gear, controller software and network applications. Well, that was 2010, and the reality is that this model of Open Networking has not materialized in the enterprise market—perhaps in a few operator and hyperscale networks, but not the real markets: the enterprise and public sector environments. Open Networking has taken on a life of its own. Overlays or virtualized networking are coming into their own; white box solutions without OpenFlow are being piloted in the enterprise and deployed in select cloud providers and operator networks; Linux is being considered as a network operating system to enable automation and normalize management tools across compute, storage and networking. The wide area, and in particular, branch office networking is about to undergo a fundamental change, thanks to new open networking solutions entering the market that promise radically lower cost, centralized policy provisioning control and service enablement. Hardware appliances are under attack in both branch office and data centers as vendors start to offer network service virtualization or NSV. Open networking security, or the lack thereof, is now coming into focus as is the killer SDN application: IP storage. In this Lippis Report Research Note, we provide a snapshot of the fast-pace changes occurring in Open Networking.
Open Industry Network Performance & Power Test for Cloud Networks Evaluating 10/40 GbE Switches
Fundamentally, open networking is about providing choice. Yes, open standards and open source code facilitate choice, and they are important, but IT business leaders are focused on capex and opex relief plus on-demand service enablement for business unit managers and their teams. Granted, we’re early in the open networking movement, and this is a long-term play. But along the way toward open networking, vendors will offer solutions that address capex and opex relief plus on-demand service enablement that may not be that open. But if they address the fundamental problem, they could very well be deployed en masse.
Arista 7500E Software-Defined Cloud Network Switch Performance Test
Budget and Head Count Reductions Accelerate
Let me give you an example. So many ONUG community members have expressed the following scenario—taking place during annual budget exercises. During normal years, executive management may demand that networking spend be reduced by 10 to 15%, which is easily done by pressuring the vendor community to sharpen its pencils. To keep the business, the vendors reduce their proposals near the desired goal to close the gap. But we are entering abnormal budget years. Many are being asked to radically reduce network spend on the order of 90%; while extreme, it’s reality for some. The networking vendor community cannot respond to this level of change with existing solutions, so the IT business leader is forced to look at radically different solutions. Now if there was a networking solution that addresses the business need but was not based upon open standards, what do you think IT business leaders would do? Yes, they would deploy.
Brocade VDXTM 6740 Top-of-Rack Switch Performance and Power Test
While 90% reduction in network spend sounds outlandish, consider that white box cost is about a tenth of existing switches, albeit without the functions and features of established providers. Companies, such as Cumulus, Big Switch Networks and Pica8, are building these low-cost switches by adding software to ODM providers, such as Quanta, Foxxcon, Delta, Penguin, et al. Others, such as Adara Network and Pluribus, offer white box switches but with integrated servers that enable a much larger software stack which provide layer 4-7 services, visualization and more, offering both low cost and greater design options.
Arista EOS: Smart System Upgrade
Control Plane Moves to Software
Also consider that automated orchestration is built into network virtualization controller solutions from vendors such as VMware, Nuage Networks, HP, Cisco, NEC, etc., which is forcing many IT business leaders to start deployments that shift the control plane from network hardware to software while dumbing down the underlay.
Could IP Storage be SDN’s Killer App?
Consider further that Ethernet switching performance is in parity with, and will soon exceed that of, Fibre Channel. Leaf Ethernet switches that we have recently tested at iSimCity have latency in the sub 500ns range with delay variation in the 1 to 5 ns range. Spine switches are now sub 2 microseconds with delay variation in the 1 to 5 ns range too. So between servers, in a leaf-spine underlay, latency can be designed for under 5 microseconds, which is forcing many to consider IP storage over a two-tier leaf-spine underlay that has been championed by Arista for some time now. There are other drivers forcing IP storage deployments, but displacing SANs (storage area networks) and the separate network for storage provides huge capex plus opex relief so much that open networking projects are now being justified based upon IP storage. Companies, such as SageCloud, are driving the change to IP storage; also driving the change are: Nexenta, Maxta, Cleversafe, Coho Data, Actifio, Caringo, Hedvig, Inktank, Pure Storage, Scality, Tintri, Skyera, Nimbus, Nimble Storage and Zadara Storage.
Transforming the Mobile Experience with Cisco Wireless Location Services
The Lack of Open Networking Security
As the early adopters have been experimenting with various open networking solutions, one systemic theme has come front and center, and that’s the lack of open networks security. Now it’s not all open networking’s fault, but if the industry is reviewing how networking is done, then network security should be in the narrative, but it is not. The issue is this: application deployment is accelerating faster than security technology can keep up. Also, network services, such as firewalls, IPS (intrusion prevention system), etc., take weeks to configure frustrating Chief Marketing Officers (CMOs) who are charted to deploy revenue-generating applications, such as a bank’s new mobile payment system. Another interesting fact is that CMOs’ budgets are much bigger and getting even bigger than Chief Information Security Officers (CISOs) which will only aggravate the problem as the application backlog increases.
To respond and close the gap, IT business leaders are pressed to deploy on-demand IT service delivery on par with public cloud providers that spin up applications, VMs, networks and network services with a few clicks of a mouse. In addition to on-demand IT service delivery, the huge growth in east-west flows that stems from servers-server data exchange has not even been secured. But once mitigation and legal departments start to get involved, the response has been “hold on—how are these automated configuration systems being secured, and is each automated step being authenticated?” “How do I report conformance to various regulators?” “How do I show conformance to regulators that still live in a north-south flow two-factor authentication world?” “How do I avoid a denial of service attack that takes over my entire infrastructure by spinning up random applications?” Well vArmour’s fabric, F5 Synthesis and VMware’s trusted zones have started to offer solutions to these security problems for both overlay and underlay flows.
Software-Defined Wide Area Networking
But open networking is expanded well beyond data center network design. In the wide area, branch office networks have been static, fixed and inflexible, while mobile and cloud computing has shifted where applications reside and thus how traffic needs to flow. Branch office employees need access to public and private cloud-hosted applications over broadband, MPLS, 3G/4G, etc., WAN links, but security concerns and lack of being able to use these links as a flexible resource pool has caused traffic flow to be contorted into hair-pinning and tromboning flows. To secure and optimize application performance, stacks of appliances have been placed in both the branch office and data center, such as firewalls, IPS, load balances, WAN optimization, VPN termination routers, etc., that increase cost and complexity. Using Open Networking principles, a set of new vendors, such as Glue Networks, vIPtela, Pertino and others, are offering a new approach to branch office networking that automates configuration, centralizes policy and enables the WAN resource to be managed as a secure resource pool that, by the way, radically provides capex plus opex relief and rapid service enablement. I call this new open networking space “the software-defined WAN.”
Open networking is very much alive and well; it’s just moving from concept phase to reality-based solutions. ONUG is the only conference where you’ll learn through networking with IT business leaders who have deployed open networking solutions. There’s no better way to get a dose of reality than by talking with those who have done what you’re planning on doing.
To register for ONUG Spring 2014, click here.