Post

What’s A SDN Platform, Really?

Blurred Lines

I’ve managed, marketed, and implemented quite a few application and infrastructure offerings in the course of my career. This varied set of experiences has taught me that the line between a robust product and a true platform can be fuzzy.

For example, it’s frequently difficult to tell if a given offering is a product dressed as a platform or a platform that’s dressed as a product. Similarly, it’s hard to figure out if an offering is a true Software Defined Networking (SDN) approach or just legacy hardware defined networking with some front-end software utilities or interfaces.

So, I look for the “tells” of a real platform in my view:

  • Is the scalability more than “buy a really big server and hope you don’t grow faster than Moore’s Law”?
  • Does it have rich, standard APIs based on something like REST that will enable easy integration with my existing systems hardware and software that I have or plan to have in the near future?
  • Can I Integrate it with applications based on new architectures or only with legacy applications that were developed years ago?
  • Is there a useful and appropriate SDK or does it just have some scripting capabilities?
  • Does it work with other market-leading products and platforms?
  • Can it provide real-time alerts via an API when things go wrong so that it works with my Network Operations Center (NOC) and my customer consoles?
  • Does it provide real-time and historical tracking?
  • Does it support emerging development environments that I might need soon?

If the offering meets my platform criteria, then I look for the specifics of a real SDN offering in my experience:

  • Can I build a complete networking solution with software running on industry-standard silicon (in other words, on a wide variety of “white box” commodity servers) that are evolving per Moore’s Law?
  • Can I run it on my server platforms and virtualization environments of choice?
  • Does it overlay everybody’s network hardware?
  • Can it scale beyond a single datacenter or single WAN?
  • Does it make my network run better by addressing inefficiencies such as tromboning and unicast?
  • Can it provide automated responses to a Cloud Platform (e.g. OpenStack or my custom orchestration platform) request using a rich, industry-standard interface like REST?
  • Can it manage datacenter, WAN, virtualized, and bare metal environments – so that I don’t have to implement four separate approaches?
  • Since hackers are going to break in somewhere in my datacenter, does it address east-west hacking?
  • Can I get started with whatever I have and then swap out gear – for either new hardware or for Anything-as-a-Service (XaaS) – when convenient?
  • Does it leverage Open Source components so that I can leverage the work of 1000’s of people like me?

SDN Lines

When I look at the Nuage Networks Virtualized Services Platform (VSP) from every angle, it meets every definition of a platform and of a real SDN offering. In short, it federates across datacenters to manage any size of environment, including some of the largest environments in the world. I’m pretty sure that my environment won’t get bigger than, say, China Telecom, but it’s good to know that I won’t have to swap out the platform, ever.

Within the platform, each component is either clustered or runs in a distributed manner. Each component can run on an industry-standard x86 box or in a virtual machine (VM). So, when a given datacenter, branch, or workload grows, I can scale-out to meet demand – with whatever hardware I have – instead of calling everywhere in a rush to figure out who’s got the biggest server in stock at the warehouse.

With CloudStack, OpenStack, and Linux support, Open Source options are rich and diverse. I have the freedom to build an all-software networking stack or use my existing legacy networking hardware until it rusts out.

Since I like to hack occasionally, it’s good to know that the platform has a REST API and a real Python SDK, not just some Java script thing. It also supports development environments that I am likely to need soon such as Kubernetes and Mesos.

Most importantly from a “not-enough-time-in-my-day” perspective, a single policy is interpreted intelligently across every datacenter, across WANs to every branch office where my sales teams live – and have been known to complain occasionally about the network (!), across virtualized environments (e.g. Docker, VMware, KVM, Xen), and across the bare metal servers where my business-critical applications such as Oracle run – and are going to run for some time in the future. So, I don’t have to spend all day reading manuals from a whole bunch of vendors – the platform figures out all of that stuff.

When I get a call from a sales team in the branch, Nuage Networks VSAP ensures that I can quickly find and fix whatever is broken between here and there. Nuage Networks VSP has a Hadoop database that stores all the events so I can run real-time and historical analysis using 3rd party tools like Splunk.

The platform also makes my network work better. It eliminates the inefficient network tromboning that’s common in legacy networking environments. It also supports multicast functionality so that the video from the Christmas party doesn’t clog up my whole intranet.

Further, I know from my dark past as a security type that 59-80% of security breaches are due to manual errors. (Not my errors – since I never make any ;>) – but errors that other people make.) The rest are due to hackers that are most likely being paid – and paid well – to get into systems like mine. Either way, I need both built-in and bolt-on security. Nuage Networks VSP provides both built-in security and allows multiple best-of-breed security approaches to be utilized.

Looking at what’s built-in, the platform’s micro-segmentation capabilities protect east-west within the datacenter (see my Docker needs security blog for more info). It has a “bump in the wire” function that provides granular inspection and reaction for each network flow or for each packet. While I’m not going to use that functionality in anything that I do – not enough time in my day – I do know a whole bunch of smart security vendors who have been salivating for that functionality for a very long time. And, many are already integrated and supported with the platform in formal reference architectures.

Outside the Lines

Looking at the broad array of SDN options out there, they do not meet my criteria for a true platform and for a true SDN. In short, they all fail for one or more of the following reasons:

  • Working pretty well inside a single datacenter but not working across datacenters.
  • Scaling well up to a point then breaking hard once some obscure internal product limit is reached.
  • Forcing me to replace every core network box with a single vendor / product line and still not allowing me to leverage the security products that I need NOW.
  • Ignoring the fact that my sales teams are in those branches and so my SDN has to work across the WAN, too.
  • Neglecting to consider that most of my network traffic is in the datacenter these days and so network inefficiencies such as tromboning and unicast have to be addressed
  • Providing a cool component but expecting me to somehow bake it into a complete stack

Stacking Up

In summary, Nuage Networks VSP stacks up to my expectations of a true platform and of a true SDN approach. Further, I have not been able to find any other vendor’s offering that can meet these expectations. So, if you are looking for a real SDN platform, you should contact us.

No Comments

Post a Comment

Comments are moderated and will be published/addressed upon review. Your email address will not be published.

Required fields are marked *