VMware's Nicira Emphasizing Virtual Switches Over OpenFlow for SDN

By Jeffrey Burt  |  Posted 2012-12-29

VMware’s Nicira Emphasizing Virtual Switches Over OpenFlow for SDN

BOSTON—Martin Casado was at the ground floor in the development of OpenFlow, the protocol that has become a cornerstone of the burgeoning software-defined networking trend that promises to gain steam in data centers as the industry moves into 2013.

Casado—now the CTO of Nicira, an SDN pioneer that earlier this year was bought by virtualization technology vendor VMware for $1.26 billion—was a doctoral student at Stanford in 2007 when, looking to address the problematic automation issues in data center networking, saw a way of moving the networking functions, such as security, billing, quality of service and inventory, from traditional networking hardware and putting it into OpenFlow-based controllers in hopes of creating more flexible, scalable and cost-efficient networking infrastructures.

OpenFlow was born, and is now being embraced by established networking vendors and SDN startups alike as a key enabler of SDN. At the same time, Casado now looks at OpenFlow and says he was all wrong about the protocol and its approach to more flexible, programmable networking.

During a recent whiteboard meeting with journalists at VMware’s offices here, Casado talked about the development of OpenFlow, and his eventual belief that it was the virtual switches in hypervisors—particularly the vSwitches in VMware’s offerings—that offered the best solution for greater automation and programmability of data center networking infrastructures. Nicira executives switched their focus away from OpenFlow and to the virtual networking capabilities found in VMware’s virtualization platform.

He also mentioned that Nicira next year will roll out an SDN offering that will be independent of the virtualization hypervisor, enabling it to work not only with VMware’s virtualization technology, but also with virtualization platforms from other vendors. Casado didn’t go into any detail about the product, but said it would come to the market by mid- to late-2013.

SDNs and network virtualization have become the key drivers behind changes in networking infrastructures that for the past several years have been the bottleneck in data centers that have been rapidly transformed by server and storage virtualization. Enterprises and service providers are pushing vendors to offer networks that are more flexible and scalable, and better able to meet the demands of more dynamic applications and services.

“SDN has already had a major impact on the communications industry by providing a focal point for a revitalized interest in networking,”  David Krozier, principal analyst in market research firm Ovum’s Network Infrastructure Telecoms unit, said in a recent report. “SDN provides an opportunity to completely reexamine network architectures, introduce virtualization, and provide truly innovative solutions.”

Ovum’s report focuses on more than three dozen vendors offering SDN technologies and the transformation going on in the industry. It’s a movement that is only in the beginning stages, according to Krozier.

“It’s too early in the evolution of SDN to draw conclusions about which approach will win or the exact architecture of future networks as there is too much innovation yet to happen, and vendors and their customers have yet to reach a common agenda,” he said. “But the search by vendors and network operators to find a better approach will eventually produce networks that are much more flexible in providing new services (monetizing the network) and more efficient in their use of resources (cost-effective).”

VMware's Nicira Emphasizing Virtual Switches Over OpenFlow for SDN

Analysts at IDC said in a Dec. 19 report that SDN revenues will hit $360 million in 2013, and reach $3.7 billion by 2016.

"SDN's ability to decouple network logic and policies from the underlying network equipment allows for a more programmable network," Rohit Mehra, vice president of network infrastructure at IDC, said in a statement. "Providing better alignment with the underlying applications, this programmability allows for greater levels of flexibility, innovation, and control in the network. Logic and policies that can be defined, changed and modified result in a more dynamic network, providing the scale network administrators so desperately crave."

Nicira’s Casado said that while at Stanford, he created OpenFlow to take the networking intelligence found in expensive, complex switches and put it into a software controller—a “brain” to control everything in the network. This way, network could be more dynamic, flexible and responsive to the needs of the applications and services in the data center. A wide range of vendors—from established players like Cisco Systems and Hewlett-Packard to startups like Big Switch Networks—have embraced OpenFlow in their SDN solutions.

“The problem is, we actually got it wrong,” he said.

Looking at VMware’s virtualization platform, Nicira officials realized that the first piece of network intelligence was in the hypervisor of the virtualization technology that had changed the way servers were used. VMware’s platform included vSwitch—essentially virtual switches in the hypervisors, which already were at the edge of the network. Seeing that, the need for OpenFlow to control switches was greatly reduced, Casado said.

Virtual switches already were at the edge of the network and on the servers themselves, and they run on the common—and flexible—x86 architecture. They didn’t require any new algorithm in a proprietary ASIC chip, and the “level of visibility you have is like a networking [administrator’s] dream."

“We had this ‘aha’ moment,” Casado said during the whiteboard session, noting that Nicira officials, during the first year of the company’s existence, “realized that something really important was happening” with virtualization technology.

OpenFlow still has some uses, particularly in directing traffic across the network, he said. But all the other functions—from quality of service, billing and inventory to service-level agreements (SLAs), security and network isolation—can be controlled via virtual switches.

Through its Network Virtualization Platform (NVP), Nicira has created a virtual network overlay that is managed by a controller system that essentially takes the physical network and creates a virtual pool of network capacity that is easy to program and to manage, and can create tens of thousands of isolated virtual networks to meet the demands of disparate and dynamic workloads.

It includes the Open vSwitch—software in the server hypervisor that offers remote network control—that can work with existing XenServer, Xen, KVM or VMware ESX hypervisors, or as an NVP Gateway in a virtual or physical appliance. Casado said Nicira next year will release a controller that will integrate into the hypervisor that will be vendor-agnostic and hypervisor-neutral, and work with any cloud management platform. One version will be integrated into VMware’s platform, working with such solutions as vCloud Director, ESX and vSphere, and another that will work with other hypervisors and cloud platforms, such as XenServer and OpenStack, he said.

VMware's Nicira Emphasizing Virtual Switches Over OpenFlow for SDN

Casado said such a virtual network overlay solution offers greater upside than OpenFlow, which is being used by networking hardware makers in their switches and as the basis for software controllers. While hardware vendors are enabling their products to work with OpenFlow, there is little incentive to push for the protocol’s acceptance, he said. Doing so reduces the value the vendors get from their switches, and there is a chance that many will create OpenFlow-based switches and controllers that will tie customers to their technologies, according to Casado.

“I'm certain they will use their controller and their switches in a way that binds them together so they can maintain control” of the solutions customers use, he said.

Leveraging virtual switches offers a wide variety of advantages, according to Casado, from quick provisioning and real mobility to faster software innovation and decoupling of the hardware from the control and data planes.

“I don’t see any real reason to deploy OpenFlow switches,” he said.

Not everyone agrees with Casado. Infoblox , which offers network automation solutions as part of its larger SDN vision, is one of more than 80 members of the Open Networking Foundation, the key organization driving the development of software-defined networking and the OpenFlow protocol. In an email to eWEEK, Infoblox founder and CTO Stu Bailey disputed Casado’s conviction that the bulk of the answers to the issues dogging networks is in virtual switches as opposed to OpenFlow-based controllers and switches.

"For certain hypervisor rich workloads (e.g. scaling web servers), virtual switches at the network edge terminating in the datacenter make total sense,” Bailey said. "An organization's entire network (what is connected and how those things relate to each other throughout the day and night) is ultimately and directly accountable to the business. If the entire network cannot scale at cost, many modern organizations are limited or even crippled with respect to the business they are in. In the datacenter, the network is just one piece of the puzzle. Even in the datacenter, there are virtualization workloads which are hypervisor rich and cloud workloads like Big Data which may be closer to the bare metal. It's not clear whether virtual switches are optimized for all kinds of workloads emerging in the data center."

He also questioned whether “moving from lots of physical boxes to lots of virtual boxes” solves configuration and management issues that are found in hardware-based networking environments. OpenFlow enables the “box functions” (such as load balancing, routing, switching and firewalls) to become programmed behaviors in software, which is key to driving the SDN model.

“Virtual switches are positioned to address a particular problem emerging in the data center,” Bailey said. “Comparing OpenFlow and virtual switches is comparing apples and oranges and probably adds to the confusion of the consumer. Martin [Casado] seems to be confusing the values of virtual switches in a hypervisor rich datacenter and software defined networking (SDN)."

Rocket Fuel