By Lionel Snell
Is SDN riding the wave of a perfect storm, and does it help commoditize existing technologies?
Some vital questions raised at NetEvents 2013 Global Press & Analyst Summit
The famous “perfect storm” that hit Boston was a concatenation of three weather phenomena: a hurricane bringing tropical moisture laden air, meeting warm air from a low-pressure system from one direction and cool, dry air driven by high-pressure from another direction.
For Dan Pitt, executive director, Open Networking Foundation, the perfect storm driving the uptake of Software-Defined Networking (SDN) is a combination of: massive scale in data centers using commercial, off-the-shelf, technologies for storage: distributed system software allowing unbelievable scale with high reliability; the emergence of merchant silicone with much higher speed X86 processors for rapid packet processing… Then, into that mix comes: “The audacity of some university researchers to define an open interface into networking equipment, one that allows you to move the control function out of every box into a central location. It is that separation that makes this different from what has come before”.
He was speaking on a panel at NetEvents Ethernet Innovation Summit Day 2. The discussion: SDN is not the future – it’s NOW! was led by Rohit Mehra, VP, Network Infrastructure, IDC, and the other panelists were: Arpit Joshipura, VP of product marketing, Dell; Dave Larson, CTO and VP, HP; Mike Marcellin, SVP, Juniper; and Sunil Khandekar, president and CEO, Nuage Networks.
Introducing the session – Rohit gave his version of the perfect storm weather conditions: cloud applications; big data analytics, scale-out applications needing scale-out networking; mobility; and social business increasing server-to-server and cloud volumes. He showed the results of an IDC survey asking: “why are you re-architecting your network to support private cloud?” By far the biggest answer was to ensure security between virtual servers. The second one was to increase bandwidth to support virtual applications. The third one was to ease the bottleneck to new service provisioning – Figure 1.
For Rohit, the term SDN meant an architectural model that leads to network virtualisation via separation of the control and forwarding functions, and IDC’s forecast is for $3.7b worldwide revenue by 2016 – Figure 2. This figure is an “in-use” forecast that includes existing network infrastructure, making roughly half the market. So, as Rohit explains: “What’s the net new market that SDN will create in the next four years that are on this chart? It is about $1b. Still very, very fast rapid growth, not seen in many other industries, even relating to IT, not seen for a long, long time”.
“What is driving this growth?” he asked the panel. For Juniper’s Mike Marcellin the most exciting uses are in the cloud: “Whether enterprises building their own private clouds and giving them a much more flexible and mobilised infrastructure, or service providers trying to extend their network proposition to the cloud… If our customer conversations are any indication, there’s a lot of interest.” For Sunil Khandekar from Nuage Networks SDN is all about bridging the gap between applications and network: “to allow rapid consumption of network by applications and by providing them visibility and control”. In other words: “The perfect use case for SDN is in cloud data centers”.
According to HP’s Dave Larson: “Networks today are configured exactly the same way as 30 years ago: with a command line, with scripts and then provisioned by humans. That will not scale in a cloud world, nor is it scaling to the needs of the data centers today, which is why companies like the ones up here in the panel are developing automated network virtualization capability on top of the network to meet that need”. Dan Pitt pointed out that centralized control is not such a revolutionary concept: “ it has been around in the circuit switching world and the telephony world for almost 100 years. So it can be done”.
Commoditization?
A second question from Rohit Mehra addressed the fear that SDN would commoditize networking solutions and products: “Are we going to commoditize the Ethernet switch and router markets, at least in the next foreseeable future, the next five to seven years?”
According to Dave Larson: “changing the model to a central policy control, using a logical, physical or distributed controller environment actually opens up new avenues for innovation, particularly around things like security. We do not do security well in large-scale networks today. As you dissolve some of that functionality into the fabric itself, in the form of innovation in the hardware, you’ll be able to overcome of those barriers and derive new value for our users” For Sunil Khandekar the real issue was in the software: “There is a tremendous amount of investment already by enterprises, by service providers, in building these large-scale data centers. What about providing automation to the existing investment? A software-defined solution that allows us to virtualize and automate data centers in a way that the network is not as rigid, but rather as dynamic and as responsive as the computer has become: that’s the challenge to us as an industry, to provide that high degree of automation and responsiveness in the network”.
For Arpit Joshipura, it appears that one man’s feast is another man’s commoditization: “It could be commoditisation to a vendor; it could be opportunity to the rest of us. When we had mainframes with monolithic systems, Dell and HP came in with an X86 server. You could call it commoditization, but we saw the growth in the data center and in the infrastructure.” That recalled a comment by Bob Metcalfe in another session, saying he was warned when setting up 3Com that he was risking commoditizing Ethernet – whereas in fact it generated a highly lucrative mass market. Dan Pitt reminded the panel about the Raspberry Pi that Stu Bailey showed them yesterday: “that little red thing which was a server and a switch for $35. This is going to actually expand the market for switching and computing, especially in the machine to machine environments”. Also he added: “I think most enterprises that I talk to, whether they be service providers or traditional enterprises, are looking at SDN as an opportunity more to reduce OpEx than CapEx”.
Continuity in revolution
Next Rohit Mehra wondered what learnings we could bring from existing networking technologies to a SDN-enabled eco-system: “Over the last few decades we built a wealth of knowledge: a lot of intellectual property, a lot of protocols and capabilities and functionality, including all the network solutions that are deployed today. How can we ensure that as we move and transition to this new SDN era we don’t lose that intellectual property and capability that we have built?”
Dan Pitt had a short answer: “Some of it we should lose”. For Sunil Khandekar there were clear lessons not to be forgotten: “From building the internet we’ve learned that we need to keep the core very simple and push the service state to the edge of the network. The second is the way we have approached mobile networks: when you arrive at airports and switch on your mobile device, you are instantly connected and able to do voice and data simultaneously”. Compare that to the data center when it can take weeks for network connectivity to be established.
For Mike Marcellin, the physical property was as important as the intellectual property: “It’s just as important to think about how someone bridges to SDN from the investments they’ve already made. Back in 2009 we launched a programmable chip set whose network instruction set was optimized for forwarding, which means it can bring in new protocols in a relatively unlimited fashion. You’ve invested in the router or the silicone enabled device and, as a new protocol comes out, like OpenFlow, or whatever comes next, you can rapidly introduce that without having to throw your hardware out”.
Dell’s Arpit Joshipura gave his own analysis, suggesting that the SDN movement was fragmented into three camps. The first contains those who take their legacy infrastructure, open up its interfaces, make it programmable, and call the result SDN even though it drags in a pile of legacy problems. Then there’s the hypervisor camp who work with the overlay model: “don’t even touch the physical layer”. Thirdly you have the purist camp advocating an OpenFlow based or a very clean implementation of SDN – fine for a greenfield deployment but daunting for the customer already invested in the previous approaches. So: “They need a transition? We’ll give them transition. They need clean slate? We’ll give them one. They need to tie in better with overlay? We will do that”.
Rohit Mehra took that as a cue for his next issue: “There’s another silo out there where a number of server and storage vendors are saying that, to help facilitate this automation and provisioning, we’re going to start shipping integrated systems with server, storage, network and a systems management layer all bundled in. Where do you see that integration going? And how do we really connect it with SDN? Will these emerge as separate camps, separate domains?”
Speaking for HP, Dave Larson answered: “No, I don’t think so. I would say that software defined networking is central to the value proposition of a converged infrastructure. Just because we are combining server, storage and networking within a single enclosure doesn’t mean that we no longer need the flexibility of policy control over that environment – or over the end-to-end network instantiation from the end users accessing the applications and the data in that environment… So, at HP, we consider SDN to be just a component of our virtual application networking architecture delivering this value across SDN networks, non-SDN HP networks, physical networks, virtual networks, heterogeneous networks”.
Arpit Joshipura added: “From a Dell perspective I think I would agree… What you can do is eliminate boundaries, not just packaging boundaries, but eliminate technology boundaries; a boundary between a server and a networking, a NIC, or a boundary between a storage array and a network. These are all artificial boundaries from a technology perspective, and that’s I think where the convergence is heading”.
What about the enterprise campus?
Rohit Mehra’s next theme was to move the SDN discussion on from its major focus on data centers and the cloud: “Let’s talk about the enterprise campus. Is there a value of SDN in the broader enterprise campus?”
Dave Larson and Mike Marcellin were quick to claim value. Dave said: “Absolutely, in fact we’re delivering that value now: a security application called Sentinel that dissolves IP reputation capability from Tipping Point into the controller, to do real network access security at the Ethernet access layer”. Mike added: “In fact I would argue that SDN has different types of applicability in almost all parts of the network. Relative to the campus: one is around that unified policy, as we think about the entire infrastructure and managing policy from a security perspective. The other big thing in the campus is BYOD: as you start to virtualise the control functions of the wireless infrastructure and integrate those with the control and management functions of the physical infrastructure, then it starts to look a whole lot like an opportunity for SDN”.
For Dan Pitt the biggest difference between enterprise applications and carrier applications was that in the enterprise the network is a cost center, and in the carrier space it’s a profit centre: “So the enterprises are always looking to reduce cost, and I think SDN will enable gradual migration to the cloud, to public clouds, to reduce the networking staff requirements in the enterprises”.
Sunil Khandekar, reminded us that the IDC survey showed security as the top requirement. So enterprises are very concerned about maintaining the fidelity and security of that particular workload they are moving into the cloud – because for the foreseeable future we’re going to see hybrid cloud deployment. “So SDN plays a very important role, and there it depends upon how you are able to integrate the control plane in a seamless manner, such that if the VPN that the service provider is providing to the enterprise is the VPN that extends seamlessly into the slice of the data center that the service provider is providing to the enterprise, then enterprises and their security concerns are mitigated, because they are already trusting the VPN security”.
SDN in action
Rohit had kept his favorite question for the last: “What are the most significant or compelling use cases for SDN that in your customer interactions you have seen in the last six to nine months?”
Arpit Joshipura said that it depends on the market segment, but the most popular one is multi-tenancy, also: “Service chaining keeps coming up; a layer four through seven secured wired/wire line policy into an end price keeps coming up, most importantly for a mid-market customer with a server in a wiring closet or a land connection with a set of servers – so there’s no real distinction between a campus and a data center, and that’s a large portion of the market that we address”.
Dave Larson agreed that multi-tenancy network virtualization orchestration was the near-term revenue driver, but: “Longer-term I think security is the real opportunity; the ability to use centralized policy and control to instantiate security in economic ways and in locations in the network that have hereto for been impossible”.
Mike Marcellin said that we had, quite rightly, spoken a lot about the cloud, whether public or enterprise, but we’d not said much about services virtualization, especially in the service provider space, where they are looking to bring you services to market quickly, monetize their network: “I think SDN and NFV as a corollary have the potential to deliver significant benefits to service providers as well”.
For Sunil Khandekar: “Two use cases, one is programmability and automation in public and private data centres, with a high degree of multi-tenancy. Second is the evolution of software-defined VPNs, where you can very quickly deploy VPNs for customers and provide them additional value added services on top of that. Software-defined VPNs doing service chaining”.
Dan Pitt, invited to conclude the discussion, said: “I think the overriding use case or justification for SDN is to directly tie the network to business priorities, whether they be security, whether they be traffic engineering, whether they be virtualization, whether they be compliance. It is being able to program the network the way you already program the servers to meet business priorities”.
All that remained was to answer questions from the floor. First from Angus Robertson of Spirent Communications: “Do you feel that the network infrastructure market is growing overall? Or that customer CapEx is being allocated to newer, more disruptive technologies like SDN?” To that the general consensus was “yes” to both cases.
Secondly there was a request for clarification of the term “service chaining”.
Mike Marcellin invited us to think about the fundamental things that a network needs to do to a given packet: maybe some security policy, maybe a firewall, maybe deep packet inspection, maybe some load balancing and so on. Typically, in the past, those have been performed by separate physical devices and the packet would have to flow through each of them. In an SDN context, service chaining says: “If I can build logical service chains, virtualise all of those elements of the network and perform those functions in a way that’s managed by a centralized element, it can be done more intelligently”.
Arpit Joshipura treated us to a bed-time story: “Think of yourself as a packet, you come in a data centre, what happens? WAN router, you get pushed to a core router, then you get a bump in a wire, you go to a load balancer, you come back. On a GigE port you go back to a security firewall, then you do some policy then you come back in, then on to the aggregation switches, then a top of rack switches. Then you ultimately head to your VM and you’ve got this ping-pong, ping-pong… So if you can do all of this and chain it, then you can do it, simply, easily and only once”.
Sunil Khandekar put it this way: “Think of policy based routing, which has been around for years. Applied it to virtualised appliances using centralized control – that’s service chaining for you”.
Following all these invitations for us to think, Rohit decided to wrap up what had been a most stimulating discussion. The full transcript together with Rohit’s IDC presentation slides and video can be freely downloaded:
Transcript: http://www.netevents.org.uk/wp-content/uploads/2013/05/Session6.pdf
Presentation: http://www.netevents.org.uk/wp-content/uploads/2013/05/SDN-is-not-the-Future-IDC.pdf
Video: http://www.netevents.org.uk/celebrating-40-years-of-ethernet-innovation-session-6
All content from the Ethernet Innovation Summit can be viewed, downloaded and embedded from the Press Resources Tab: http://www.netevents.org.uk/portfolio/global-summit
