Hri_1212 SDN Controllers

Report Highlights ONF and SDN have spawned software startups looking to cash in with controllers, switches and applications

Equipment vendors are scrambling to articulate a clear SDN message, with the products to back it up

OpenFlow may not be the de facto protocol for controlling software to communicate with networking elements in an SDN, but it has momentum

OpenFlow and SDN will remain center stage during the coming year

By incorporating the controller and v-switch into data centers, operators can begin to deliver services more quickly and efficiently, while cutting capex and opex

Data center operators should expect to see plenty of activity in the controller market in the coming year, including M&A activity as vendors pursue the missing pieces of the SDN puzzle

VOL. 12, NO. 11, DECEMBER 2012

OpenFlow Controllers: Implementing SDN in the Data Center TABLE OF CONTENTS I. Introduction

II. What Is the Role of the Controller in the Data Center?

· How Does a Controller Work?

· Switch Vendor Support for OpenFlow

· How Data Center Operators Are Using OpenFlow

· The Future of OpenFlow

III. The Controller Vendors

· Big Switch Networks

· HP

· IBM

· NEC

· Nicira/VMware

· Open-Source Controllers & Other Potential Controller Vendors

IV. Conclusion

Use of this PDF file is governed by the terms and conditions stated in the Subscriber License Agreement included in this file. Any violation of the terms of this Agreement, including unauthorized distribution of this file to third parties, is considered a breach of copyright. UBM will pursue such breaches to the full extent of the law. Such acts are punishable in court by fines of up to $100,000 for each infringement.

HEAVY READING INSIDER | VOL. 12, NO. 11, DECEMBER 2012 | © HEAVY READING 2

I. Introduction Google's April announcement that it built OpenFlow Ethernet switches to overhaul its internal backbone and VMware's shocking $1.26 billion buyout of controller vendor Nicira in July made 2012 the year of software-defined networking (SDN), validating SDN as a technology and OpenFlow as a protocol. Now software startups and incumbent hardware vendors alike are trying to stake claims in the sizzling SDN space, and one of the first concrete market opportunities lies with that centralized programmable network controller VMware paid such a hefty premium for. If you ask 10 different networking experts to define SDN, you'll likely get 10 different answers, but all of them will tell you two things: You can't have a software-defined network without some kind of centralized control, and OpenFlow does not equal SDN. The whole point of SDN is to help service providers and enterprises accomplish tasks such as network configuration and provisioning, load balancing and security policy enforcement more quickly, more efficiently and less expensively through automation. The goal is to get away from having to program all the switches and routers in a network manually, and that means centralized software control is necessary. The controller may well be the least sexy element of an SDN, but it's important because it is how applications – the more exciting part of SDN – communicate with the distributed hardware in a network. Think of the controller as a kind of network-wide operating system that can be used, for example, to create virtual networks on top of physical infrastructure, which is what the SDN hype is really about from a data center operator's perspective. "The controller combined with the virtual switch is kind of like an app store," said Steve Garrison, VP of marketing at Pica8, a startup switch vendor. "We are at the early stages of creating a new platform that lets network operators build or choose the apps they need." Another critical distinction to make when talking SDN is that the terms OpenFlow and SDN are not interchangeable. OpenFlow is just one networking protocol among many that can be used to communicate between a centralized controller and the network infrastructure, but it is important because huge data center and network operators are driving its development. The Open Networking Foundation (ONF), the group credited with coining the term SDN and responsible for continuing development of the OpenFlow protocol, is run by some of the world's largest data center operators, including Deutsche Telekom, Facebook, Goldman Sachs Group, Google, Microsoft, NTT Communications, Verizon Communications and Yahoo!. Together they make up the ONF governing board, and while technology vendors can be ONF members, they are not allowed to sit on the board. The ONF has about 80 corporate members today. "Our board members will give many justifications for supporting ONF, but the common denominator is that they want to control what the network does for them rather than being limited to what the vendors can supply on their time table," said Dan Pitt, executive director of the ONF. Some service providers feel so strongly about this that they are working on their own controllers. NTT Communications, for example, is planning to build its own even though it already uses controllers from NEC and Nicira/VMware to build virtual networks in its data centers. The rise of the ONF and SDN not only has spawned software startups looking to cash in with controllers, switches and applications (see SDN Startups: 10 Companies That Matter), it also has incumbent equipment vendors scrambling to articulate a clear SDN message with products to back it up. Toward that end, hardware vendors have started upgrading their gear with the OpenFlow protocol (see Figure 2: Commercially Available OpenFlow Hardware, page 8), and in some cases they are building controllers and developing applications.

http://www.heavyreading.com/insider/details.asp?sku_id=2922&skuitem_itemid=1453&promo_code=&aff_code=&next_url=%2Finsider%2Fsearch.asp%3F


Among incumbent hardware vendors, NEC got a jump on the competition when it launched an OpenFlow controller in 2011, while HP and IBM announced controllers in October. Most other switch and router vendors say publicly that they intend to rely on open-source controllers or partner with a startup such as Big Switch Networks, but in reality many of them are likely working on controllers themselves, or they are considering acquiring controller functionality. It's too early to say that the market for a stand-alone SDN controller will be profitable. Controller functionality could end up getting bundled in with the applications themselves, which is how some software startups are approaching the space. And apps such as virtualization, load balancing, network management, firewalls and intrusion detection are likely where the real money lies anyway. But the necessity of controller functionality somewhere in the software-defined network is what's behind this initial SDN battle of the OpenFlow controllers. It is also premature to say that OpenFlow will be the de facto protocol for controlling software to communicate with networking elements in an SDN, but it clearly has early momentum. And it is simply impossible to ignore the fact that OpenFlow controllers are being used today in production environments to build virtual networks inside data centers. That alone makes them worth evaluating. This report examines the OpenFlow protocol, how it works, what's driving its adoption and where it's headed. It also compares controllers from five vendors, all of which would like to see their technology become the preferred platform for developing SDN applications like the data center's first killer app: virtual networks. Companies profiled in this report include Big Switch Networks Inc.; Hewlett-Packard Co. (HP) (NYSE: HPQ); International Business Machines Corp. (IBM) (NYSE: IBM); NEC Corp. (TYO: 6701); and Nicira Inc., recently acquired by VMware Inc. (NYSE: VMW).


II. What Is the Role of the Controller in the Data Center? The controller is basically centralized intelligence in a software-defined network. It acts as a kind of external operating system for a network of switches and routers and serves to decouple control plane functionality from data plane functionality. The control plane is the part of the switch or router that's in charge of the logic behind mapping network topology, running network protocols and ultimately instructing the data plane, or the switching fabric and port processors of a device. In a traditional network, control plane functionality is embedded in the operating system of the network device. But in a virtual network, the control plane can be a hypervisor on a server. For years, networks have been distributed by design to ensure there is no single point of failure. But the rise of virtual machines (VMs) in the data center and subsequently virtual local area networks (VLANs) connecting them has brought the need for centralized control of the network front and center. "In a modern data center, the servers are virtualized and that means having a hypervisor," said Keith Stewart, senior director of product management at Brocade Communications Systems Inc., a maker of data center networking gear. "By definition that means you have some form of centralized virtual machine management. The network has never had that; the network was always designed to survive disconnect from a central management system." For data center operators it comes down to the issue of being able to scale the network to support not only private customer clouds of virtualized resources but public clouds, as well. In the past, data center operators simply loaded application servers and databases that likely would need to communicate with each other into the same rack, but with server virtualization the number of servers and databases has increased exponentially and those VMs might be anywhere in the data center or even in a second data center and connected through VLANs. The problem is there is a limit to the number of VLANs that can be supported by a switch. The Institute of Electrical and Electronics Engineers (IEEE) specification for VLANs allows for 4,096 VLANs per switch, but today a typical top-of-rack Ethernet switch in a data center is connected to dozens of physical servers supporting thousands or tens of thousands of VMs. "What we've typically done in managed hosting or dedicated hosting is to give each customer a unique VLAN," explained Toby Owen, solution line leader for hybrid clouds at Rackspace Hosting. "But we're starting to get to the point where that won't work because of the VLAN limit. In a public cloud environment we're already at the point where VLANs don't work anymore." Newer encapsulation and tunneling protocols such as Virtual Extensible LAN (VXLAN) and Network Virtualization using Generic Routing Encapsulation (NVGRE) help solve the problem by grouping VLANs together and thus extending the number of individual VLANs supported into the millions, but you still need some kind of controller to manage the tunnels effectively. "Having a more scalable software-based solution that's actually got centralized control and is implemented through distributed switches allows you to envision, at least in theory, infinitely scalable virtual networks because you can build them and rebuild them as you need from a central point of control," Owen said. A. How Does a Controller Work? A controller can be software running on standard X86 servers in the data center, typically deployed in clusters or nodes, or it can be a specialized hardware appliance that includes controller software. The controller or controller cluster communicates with virtual and/or physical switches through what's known as a "southbound" interface. Multiple protocols, including proprietary ones, can be used for the southbound interface, but OpenFlow is used in all the controllers profiled in this report.


Applications for accomplishing tasks such as building virtual networks in a multi-tenant environment, monitoring the state of the network, load balancing or implementing security policies communicate with the controller through a "northbound" interface. There are no standard protocols for the northbound interface right now, although the ONF is looking into whether they are needed. There is also discussion about whether standard "east-to-west" interfaces between controllers from different vendors are needed. We'll talk more about the future of the protocol later in this section. Figure 1: Where the Controller Fits

Source: ONF The biggest debate among controller vendors lies in how the virtualization application should be delivered. Nicira/VMware advocates an architecture using a controller coupled with a v-switch (Nicira created the open-source Open vSwitch to work with its controller) running in a server hypervisor to create an overlay network where traffic is encapsulated and transported via tunnels across the physical network. In this setup, the virtual network overlay is completely independent of the physical infrastructure in the network. Nicira contends that if you have a virtualized network you can use software to programmatically create network environments with distributed Layer 2 and Layer 3 connectivity plus Layer 4-7 services such as firewall and load balancing. "You can do this for tens of thousands of overlapping, but isolated virtual networks, and that solves the problems data center operators face as they move to a true cloud operations model," said Rod Stuhlmuller, director of product marketing for Nicira/VMware's Network Virtualization Platform (NVP) controller. "It's all completely decoupled and independent from the underlying network hardware like VMs are decoupled from and independent of the underlying X86 hardware." At the other end of the spectrum you have controller vendor NEC advocating a pure OpenFlow environment where the controller programs the forwarding tables of switches to create virtual networks. "The overwhelming requirement we get from data center network administrators is to reduce complexity and increase automation," said Don Clark, director of the ProgrammableFlow


controller at NEC. "An overlay approach increases complexity by increasing administration required on the physical network and decreasing visibility when something goes wrong." The other controller vendors' strategies fall somewhere in between, with Big Switch Networks and HP advocating a hybrid approach that uses an overlay for virtualization but OpenFlow switches for other applications such as security and load balancing. IBM's initial entry into the controller space takes a pure OpenFlow approach, but the company is working on overlay technology for virtualization as well, which it says will be launched later in 2013. You will find a more detailed discussion of each vendor's approach in Section III. B. Switch Vendor Support for OpenFlow The goal of this report is to provide a detailed comparison of OpenFlow controllers not of OpenFlow-enabled switching and routing gear, but it is important to note where equipment vendors stand on incorporating OpenFlow into their products. If a data center operator chooses to go with a pure overlay solution, it may not matter whether switching equipment is upgraded with the OpenFlow protocol, but for an operator opting for a hybrid or a pure OpenFlow approach, the availability of OpenFlow-enabled switching and routing equipment is an important consideration. Most vendors say they support OpenFlow, but their level of commitment to incorporating the protocol varies. OpenFlow and SDN represent a sea change for hardware vendors. An approach like Nicira's could effectively turn their equipment into dumb workhorses operating in the background, and hardware vendors are not going to give up the businesses they've worked decades to create. That said, equipment vendors such as Brocade Communications Systems, HP, IBM and NEC are aggressive in embracing SDN and OpenFlow. They were among the first vendors to come out with OpenFlow-enabled hardware, and HP gets kudos for supporting the protocol on 25 of its switches, more than any other vendor. Brocade, which first announced support for OpenFlow two and half years ago, supports OpenFlow on its MLX and NetIron CES 2000 series switches and on its XMR and NetIron CER 2000 series routers. The company, which has controller partnerships with Big Switch and NEC, also announced last month that it is acquiring virtual router startup Vyatta Inc. "We think the long-term value in SDN is in getting all of these different Layer 2 segments in virtual networks to communicate, and that's where Vyatta comes in," Brocade's Stewart explained. In today's data centers, every application has a Web front end and application servers and database servers running in the background, and they all exist in different Layer 2 domains. They must communicate either through bridging, which isn't secure, or through physical routers, which is inefficient. A virtual routing and firewall platform gives the data center operator more control. Vyatta has done tight integration with VMware's vCloud orchestration system and with OpenStack, so it is feasible that a combined Brocade/Vyatta solution could bypass the OpenFlow controller all together in a virtual network application, Stewart said. But it can also work with OpenFlow if the data center operator is using OpenFlow to build virtual networks, he added. Arista Networks also has a partnership with Big Switch and works with other controller vendors, as well. "We advocate broad support for multiple controller vendors to give our customers freedom of choice," said Douglas Gourlay VP of marketing for the switch maker. "We're also going to give our customers the ability to program our infrastructure themselves whether via OpenFlow as a protocol or via published full-coverage external APIs [application programming interfaces] for our equipment." Cisco Systems has the most to lose in the push toward SDN, and it's definitely behaving that way. The company declined repeated requests to participate in this report but from what it has said publicly, it appears the company is banking for now on the open API approach to SDN.


Cisco's unveiled its Open Network Environment (ONE) in June, which includes a set of platform APIs, agents and controllers (including an OpenFlow controller that Cisco says is aimed only at campus and research environments) and overlay networking technology. The most important piece of the ONE announcement is Cisco's ONE Platform Kit (onePK), which provides APIs for developers across the Cisco IOS, IOS-XR and NX-OS operating systems. Cisco told Light Reading's Craig Matsumoto in June that ONE goes beyond SDN and OpenFlow because it not only involves the control and forwarding planes but also can program the transport, services, management and orchestration layers through its APIs. Cisco is countering Nicira/VMware's overlay strategy by enabling virtual overlay networks for multi-tenant cloud deployments via the Cisco Nexus 1000v v-switch to which it's adding OpenStack support, programmability, multi-hypervisor capability and VXLAN gateway functionality to support VM mobility. The vendor also recently announced that it has acquired cloud-computing startup vCider, which could give it another way to come at Nicira/VMware. Cisco describes vCider's technology as a "multi-tenant distributed virtual network controller" that can build overlays on top of physical infrastructure. Publicly, Cisco's commitment to OpenFlow has been lukewarm at best. The company participates in the ONF, but beyond announcing an OpenFlow controller and agent for two Catalyst switches to be used in campus networks for proof-of-concept demonstrations, the company does not sell an OpenFlow controller or include OpenFlow on switches. The rumor mill, however, suggests that Cisco may be working on controller technology and OpenFlow switches inside a spin-in company called Insieme, which Cisco will not comment on. ONF's Pitt questions approaches like Cisco's, which appears to be trying to deliver SDN without embracing OpenFlow. "I don't believe the argument that says we do SDN but we don't use OpenFlow," he said. "Either it means that you've got some proprietary alternative to OpenFlow, or it means you really haven't separated the control and you're still living with the problems of distributed control, lack of a global viewpoint and lack of place to program the network." Cisco rival Juniper Networks also declined to be interviewed for this report but said via an email statement that it sees SDN as "a huge opportunity for network infrastructure vendors." The company supports OpenFlow 1.0 on its EX and MX product lines, which it has demonstrated at multiple industry events with the Big Switch controller and with open-source controllers Floodlight and Trema. Support for OpenFlow 1.3 for the EX, QFX and MX platforms is on the company's "short-term roadmap." Startup switch vendor Pica8 – the only company supporting OpenFlow Version 1.2 in a commercial switch – has a unique approach. The company adopted a strategy similar to Arista's in that it puts its software on merchant silicon from Broadcom, Marvell Technology Group and Fulcrum Microsystems, but the difference is that Pica8 has built an abstraction layer that allows it to bypass the long development cycles typically associated with adopting new application-specific integrated circuits (ASICs), said VP of product marketing, Steve Garrison. "In a sense, Pica8 is the first to achieve a pure software model for switching," he said, adding that Pica8's go-to-market strategy in targeting data center operators is to drive an open network framework and work with multiple OpenFlow controller vendors. Other switch vendors are working on adding OpenFlow support, but they are not listed in the chart because they do not have commercially-available switches. Dell Force 10 Networks, for example, is beta testing OpenFlow on several switch models and plans to make them commercially available during the first quarter of 2013. Virtual switches are a bit of a different animal. They are software deployed in hypervisors on servers, and a controller communicates with them via OpenFlow or some other protocol. Nicira developed Open vSwitch, which uses OpenFlow, as an open-source v-switch to communicate

http://www.cisco.com/en/US/products/ps9902/index.html?CAMPAIGN=Cisco+Open+Network+Environment&COUNTRY_SITE=us&POSITION=link&REFERRING_SITE=cisco&CREATIVE=press%5Frelease


with its controller for its network virtualization application. Big Switch also uses Open vSwitch for its Big Virtual Switch application. HP, which interestingly does not have its own v-switch and has not announced intent to develop one, will not say which v-switch it is using for its virtualization app, but it is likely Open vSwitch. IBM is using its own Distributed Virtual Switch 5000v, which does not support OpenFlow. Cisco, Microsoft and VMware also have their own v-switches, and NEC has announced it is developing one. Like IBM, Cisco and VMware use proprietary communication protocols, while Microsoft supports OpenFlow as will NEC. Figure 2: Commercially Available OpenFlow Hardware

Vendor Switch/Router OpenFlow Version

Arista Networks 7050 Series switches and Arista EOS 1.0

Brocade Communications

Systems

MLX and NetIron CES 2000 Series switches

XMR and NetIron CER 2000 Series routers 1.0 (1.3 in 2013)

Extreme Networks BlackDiamond X8 switches 1.0

HP HP 3500, 3800, 5400, 6600 and 8200 Series switches 1.0 (1.3 in 2013)

IBM G8264 and G8264T (promised in December) 1.0 (1.3 in 2013)

Juniper Networks EX and MX Series switches and routers 1.0 (1.3 on "short-term roadmap")

NEC PF5240 and PF 5820 switches 1.0 (1.3 in 2013)

Netgear GSM7352Sv2 1.0

Pica8 P-3290, P-3295, P-3780 and P-3920 switches 1.2 (1.3 in 2013)

Source: Heavy Reading Insider C. How Data Center Operators Are Using OpenFlow Google gave OpenFlow a big boost in April when Urz Hölzle, the company's senior vice president of technical infrastructure, announced in his keynote address at the Open Networking Summit that the company had overhauled its internal G-scale backbone that carries traffic between data centers using homegrown, purpose-built 10-Gigabit Ethernet OpenFlow-enabled switches. Google is notoriously tight-lipped about its network (the company declined a request to participate in this report), but what we do know from its published information that when it decided to undertake overhauling the G-scale network, there was no network device available that had OpenFlow support and could meet Google's scale requirements. Google built its own switches using merchant silicon and open-source routing stacks with OpenFlow support, and the company used multiple controllers (Nicira's technology) to communicate via OpenFlow with the switches. On top of its new wide-area network fabric, Google built a centralized traffic engineering service that collects real-time network utilization and topology data, computes path assignments for traffic flows and then programs the paths into the switches using OpenFlow. Japanese telecom giant NTT Communications launched the first commercial OpenFlow-based cloud service in June when it rolled out an infrastructure-as-a-service (IaaS) offering called Enterprise Cloud in two data centers, one in Tokyo and one in Hong Kong. The company plans to expand the private cloud service to additional data centers before the end of the year. NTT Communications has been a strong proponent of OpenFlow. The company uses NEC products to deliver Enterprise Cloud and is evaluating Nicira products, as well, said Ichiro Fukuda, senior network architect at NTT Multimedia Communications Laboratories, the R&D arm


of NTT Communications. But the company is also going a step further by developing its own controller. NTT Laboratories, a sister company to NTT Communications, developed an open-source controller called Ryu that NTT Communications is working to modify for its own use. "Ryu is open source, and from the service provider perspective we want to see a more open, innovative approach," explained Kenji Takahashi, president and CEO of NTT Multimedia Communications Labs. "We'd like to be able to use commoditized hardware with an open-source controller rather than the current black box type of network equipment. That's why we're working on our own controller to establish a kind of open and innovative ecosystem for applications." Deutsche Telekom is eager to see what NTT comes up with, said Srini Seetharaman, senior research scientist at Deutsche Telekom Laboratories, the R&D arm of DT. Right now, DT is experimenting with OpenFlow in its lab but does not have plans to use it any time soon in a production environment, according to Seetharaman. "NTT is a big carrier like we are, so what they're doing with Ryu is of interest to us," Seetharaman said. He shares Takahashi's point of view that the more service providers can get away from proprietary vendor solutions the better. "We are not looking at buying a controller and switch and applications from the same vendor," he said. "We don't want to be locked in." For many data center operators, building a controller may not be an option. They either can't or don't want to invest the money and the time necessary so they will go with a commercial option. Rackspace Hosting is a good example of a company that wanted to get to market quickly with multi-tenant virtual networking capabilities. Back in April, Rackspace announced it was upgrading its Rackspace Cloud public service with OpenStack – the open-source cloud orchestration system that Rackspace and NASA pioneered. Specifically, Rackspace is using Nicira controllers and OVS virtual switches (open v-switch), which end users will be able to access through OpenStack. "We are giving users the basic building blocks to create a network and add a server to that network." Rackspace's Owen said. "That's pretty huge in and of itself and it lays the groundwork for a more complete security story." Rackspace's Cloud Network service gives users the ability to create their own virtual networks in the cloud through an OpenStack API called Quantum, which allows users to interface with the controller and v-switch indirectly. "The abstraction of Quantum gives us the ability to control access via a separate authentication service and maintain security in a multi-tenant environment," Owen said. Plus supporting the open Quantum standard gives end customers the ability to develop code and apps for use in any Openstack deployment, whether at Rackspace or on their own premise. D. The Future of OpenFlow Nearly all of the commercially available OpenFlow controllers and switches support Version 1.0 of OpenFlow. Pica8, which supports Version 1.2, is the exception. Most controller and switch vendors say they will move to OpenFlow Version 1.3 in 2013, which adds support for Internet Protocol Version 6 (IPv6). Because the 1.0 spec does not support IPv6, companies such as Nicira have had to build proprietary extensions to controllers and v-switches to support it. "The ONF was on a three-times-per-year release schedule, but it got to be a little much for the implementers, especially hardware companies," Pitt said. Those companies asked the group to slow down and provide more stable implementation targets, so this year it has been focusing on the 1.3.X version, where the Xs are minor tweaks to the standard. ONF hosts periodic "plugfests" at the University of Indiana where controller and switch vendors meet to test how their products work together. The most recent plugfest held in October tested mostly products equipped with OpenFlow Version 1.0; a plugfest in the spring will likely focus on Version 1.3 products. After that, the ONF will determine when the industry might be ready for Version 1.4, which could improve tunneling capabilities and support for OpenFlow in optical and wireless networks.


The other big question for the OpenFlow protocol centers around whether to develop a standard protocol for the controller's northbound APIs. Some vendors are pushing for standardization, but Pitt said he worries that standardizing northbound APIs so soon could suppress innovation. "We do need some base standardization for northbound APIs," HP's Stiekes said. "Everyone should have the freedom to extend them and provide added value, but the goal is to develop a vibrant ecosystem of SDN applications beyond just virtualization, and we are going to need some core standardization for that." There is some talk about the possibility of lifting the Quantam API out of OpenStack and turning it into a standard northbound API for the controller, but a significant amount of work might have to be done to make the cloud orchestration protocol applicable in a campus or WAN environment. Work on SDN protocols is also happening in other standards bodies such as the IETF, but service providers seem to be most interested in what's happening in the ONF because they have more weight to affect the changes they want to see there. "In my opinion, the IETF is heavily dominated by vendors like Cisco and Juniper," said NTT Communication's Takahashi. "We believe SDN protocols should be defined by service providers, not by large vendors."


III. The Controller Vendors

When it comes to comparing and contrasting the controller vendors, there are several key criteria for a data center operator to consider: Is the product a hardware appliance or is it available only as software? Some data center operators may prefer to purchase a hardware controller that they can just plug into an OpenFlow network, while others will want software they can install on their own servers. Not surprisingly, hardware vendors HP and NEC offer their OpenFlow controllers as an appliance or as software only. Interestingly, IBM offers its controller only as software, but the company does recommend that buyers using it a production environment use two redundant servers for failover. The Big Switch and Nicira controllers are software only and they run on X86 servers. Does the product offer a virtualization application and does it do so through an overlay or with OpenFlow switches? Virtualization is the first killer SDN app, especially for the data center, and a controller vendor has to offer it to be competitive. All the controller vendors covered in this report deliver network virtualization, but how they do it differs dramatically. Nicira takes the overlay-only approach, meaning the controller does not talk directly to OpenFlow switches in the physical network. Instead a logical abstraction is created so that the entire physical network becomes one big pool of resources, and it doesn't matter whether the physical switches in the network are OpenFlow-capable or not. At the other end of the spectrum is a pure OpenFlow approach where the controller communicates with top-of-rack OpenFlow-enabled switches and a virtual networking application runs on top. This is how NEC and IBM do it, although IBM is working on its own virtual networking platform to compete more directly with the Nicira approach. Big Switch says it can do all three and supports a hybrid model that allows terminations in the physical network so that specialized hardware and resources that haven't been virtualized can be incorporated. HP also plans to offer a hybrid model with its virtualization application working as an overlay but other apps running over OpenFlow. The key questions for data center operators to ask an overlay-only vendor are whether the overlay approach allows them to incorporate all of their resources and whether it adds to the network management load by essentially giving them two networks, virtual and physical, to manage. By the same token, operators should ask OpenFlow-only vendors how many virtual network segments their products can support and whether the vendor has a solution if it's not in the budget to upgrade all data center switches with OpenFlow. "As an engineer, I would always prefer a pure OpenFlow SDN solution," said Rackspace's Owen. "However, no one, short of a brand new data center operator or enterprise looking at a major networking overhaul, would be able to accomplish this, since most legacy switching gear won't support SDN with just a code upgrade. What's important for most users is the ability to build new space with SDN and still retain current investments and architectures – thus, a hybrid environment." Is the product generally available? Big Switch, Nicira and NEC offer solutions today. HP and IBM are relative newcomers to the controller party, both having announced their plans this fall. IBM says it will ship before the end of the year. (Data center operators should note that multiple sources say IBM is simply reselling NEC's controller. IBM would not confirm or deny that, but since the company is also working on its own network virtualization technology, it's likely we will see another controller product coming from the company next year.) At first glance, HP seems to be lagging behind since it says its controller won't be generally available until the second half of next year, but with 25 OpenFlow-capable switches now in its portfolio and large beta customers including its own public cloud service having success with the controller, the company can't be discounted.


How much does it cost and is there any special pricing consideration for service providers? All the vendors say they offer discounted pricing for large data center implementations of their controllers. The list prices for the controllers vary widely because not everyone uses the same pricing model. Big Switch, for example, charges a monthly subscription fee for its controller, while Nicira offers usage-based pricing. IBM and NEC offer a more standard licensing model but what's included varies. For example, NEC sells a one-time perpetual license, but additional fees are charged for per-switch connection licenses and for service and support. IBM provides 1-year and 3-year licensing options that include service and support, and switch connection fees are also extra with IBM's controller. HP is still working on its pricing. Does the vendor have partnerships with third-party app providers? Big Switch is the winner in this category if a data center operator is looking for a wide variety of apps on the northbound side as it has announced 20 partners ranging from open-source cloud orchestration systems to network monitoring and security appliance vendors. Being open is a big part of Big Switch's go-to-market strategy, and the number of application providers its working with is a testament to that. NEC has a relationship with security vendor Radware, and HP's load balancing app was developed in conjunction with CERN, but beyond that none of the other vendors has announced any third-party deals besides commitments to work with specific cloud orchestration systems. For its part, Nicira contends that third-party deals aren't really necessary because virtualization allows companies to move their existing apps in to the network without any modification. Does the vendor have any data center operator reference customers? Nicira wins here. Not only did data center giant Google use the company's technology to overhaul its backbone network, the company also counts AT&T, DreamHost, NTT Communications and RackSpace Hosting among its customers. AT&T, DreamHost and Rackspace are using NVP in production environments, while NTT Communications says it is testing the product. NTT is using NEC controllers in a production environment to offer its IaaS service, and Genesis Hosting uses NEC controllers, as well. Figure 3: Controller Vendor Comparison

Vendor/ Product

Appliance or Software?

Overlay or OpenFlow?

Avail-able Price Third-Party Apps & Cloud

Orchestration Support

Big Switch

Big Network Controller

Software Both Now Subscription-

based starting at $1,700 a month

Cloud orchestration partners: Canonical, Citrix,

Cloudscaling, Mirantis, Nebula, Piston StackOps

Network monitoring: Endance, Gigamon

ADCs and Security: A10 Networks, F5, Fortinet,

Infoblox, Palo Alto Networks, Radware

Appliances: Armour, Cariden, Coraid, ThreatStop

Cloud systems supported: OpenStack and limited

vCloud support

HP

Virtual Applications

Network SDN Controller

Both Both 2H13 Not available yet

Load balancing partner: CERN

Cloud systems supported: OpenStack


Vendor/ Product

Appliance or Software?

Overlay or OpenFlow?

Avail-able Price Third-Party Apps & Cloud

Orchestration Support

IBM

Programmable Network

Controller

Software OpenFlow 4Q12

Varies based on whether controlled

switch licenses are included, but a

1-year license without switch is

$87,500

No third-party apps announced

Cloud systems supported: OpenStack

NEC

Programmable-Flow Controller

Both OpenFlow Now $75,000 for a

license for up to 100 switches

Security relationship with Radware

Cloud systems supported: vCloud

Nicira/ VMware

Network Virtualization

Platform Controller

Software Overlay Now

Declined to provide specific

pricing, but licensing fee is usage-based

No third-party apps announced

Cloud systems supported: CloudStack, OpenStack

Source: Heavy Reading Insider A. Big Switch Networks In the nascent SDN controller market, no product announcement from a startup has been more eagerly anticipated than that of Big Switch. After operating for two and a half years in stealth mode, Big Switch finally launched its commercial controller, Big Network Controller, in November along with two applications including a virtual networking app to compete with archrival Nicira. Big Switch was co-founded in March 2010 by Guido Appenzeller and Kyle Forster. Appenzeller is a serial entrepreneur who was head of the Clean Slate Lab at Stanford where he led the research team that developed the OpenFlow 1.0 standard, and Forster is a former product manager at Cisco. Big Switch, which has raised $39 million to date, also recently scored a management coup by luring Howie Xu away from VMware. Xu worked at VMware for nine years, leading the company's R&D team for five, and is credited with co-inventing and helping to launch VMware's virtual switch. Big Switch is hoping to give Nicira a run for its money in the virtual networking space by delivering the same kind of functionality in a more open environment, said Andrew Harding, senior director of product marketing. "We are unique in having an open platform since Nicira's controller is now a tightly coupled network virtualization system for VMware." Indeed, Big Switch's big announcement included dozens of partnerships both on the northbound and southbound sides of the controller. On the southbound side, Big Switch revealed formal partnerships with Citrix, Canonical, Microsoft and Redhat related to virtual switch and cloud orchestration, as well as partnerships with physical switch vendors Arista, Brocade, Dell, Extreme Networks and Juniper. The company also has completed interoperability testing with VMware's virtual switch and with physical switches from IBM and HP. Northbound Big Switch has formal cloud orchestration partnerships including Citrix (for the CloudStack platform), Cloudscaling, Mirantis, Nebula, Piston and StackOps (for the OpenStack platform). It also announced partnerships in monitoring with Endance and Gigamon; deals in the ADC and Security space with A10 Networks, F5, Fortinet, Infoblox, Palo Alto Networks and Radware; and joint SDN application solutions with vArmour, Cariden, Coraid and ThreatStop.


Big Switch's Big Network Controller is a commercial controller that uses the open-source controller, Floodlight, as its core. Many research institutions and data center operators have already downloaded Floodlight for experimentation with OpenFlow and SDN. Big Network Controller beefs up Floodlight by adding failover capabilities and multi-tenancy support. It also offers integration with existing network management tools, delivers statistics, analysis, tracing and troubleshooting, and provides topology and end point management. And perhaps most importantly, companies that purchase Big Network Controller get a level of customer support for the product that does not come with Floodlight. The commercial controller is sold as a subscription and starts under $1,700 a month, or about $20,000 per controller node. Big Network Controller supports 1,000 switches per node. But Big Switch isn't really counting on BNC to be the company's big money-maker. "The real value in SDN lies in the applications," Appenzeller said. "Think of our control platform like an operating system. Having an OS is great, but by itself it's entirely useless," he explained. "Having an application running on it that solves a real problem, on the other hand, is very useful." Figure 4: Big Switch Networks 3-Pronged Approach

Source: Big Switch Networks Big Switch is placing its first app bet on data center network virtualization. The company's Big Virtual Switch (BVS) running on BNC competes head to head with Nicira. BVS is designed to help data center operators create virtual network segments rapidly, making their network as dynamic as the rest of the cloud infrastructure. Using BVS, customers can create up to 32,000 virtual network segments per controller, and Big Switch claims operators can expect to see a 25-50


percent improvement in VM density. Based on several analysts' data center cost models, Big Switch says that at the 50 percent improvement mark, operators could expect to save $500,000 per rack per year in capex and another $30,000 per rack per year in opex. BVS is compatible with OpenStack today and will support CloudStack and Microsoft Hyper-V Cloud early next year. At present BVS has limited support for VMware's vCloud orchestration system, which Big Switch says is because VMware's closed virtual switch implementation provides limited interoperability with SDN solutions, but Big Switch hopes to deliver "more scalable" vCloud support next year, said Jason Matlof, VP of marketing. A second application from Big Switch called Big Tap builds an overlay for network monitoring. It essentially delivers unified network monitoring by programming OpenFlow-enabled Ethernet switches to filter and direct traffic to and from various analytical tools based on specific protocols. The application was developed in response to a specific data center customer request and offers operators a way to test the SDN waters without plunging in headfirst, Matlof explained. Besides its commitment to being open and partnering, another Big Switch strength may lie in its ability to be flexible in terms of deployment scenarios. The company claims its controller and BVS can be deployed as a pure overlay network, in a pure OpenFlow environment or in a hybrid environment that uses both overlays and OpenFlow. Harding argues that a hybrid model is necessary where virtual networks need to incorporate specialized hardware and legacy servers and databases. "In the hybrid model you have the agility to insert the physical OpenFlow switch in coordination with the hypervisor switch," Harding explained. "That allows you to terminate tunnels in an OpenFlow environment and integrate the physical and bare-metal devices that need to be incorporated." Big Switch is targeting large enterprise data centers with its products, and as part of its announcement revealed that ONF board member Goldman Sachs, and Fidelity Investments are customers. There's no question that Big Switch is a contender to become a leading force in the controller and SDN application markets. The company has done an excellent job of articulating its strategy in its initial product launch, but time and customer feedback will tell whether it can really deliver. Data center operators would do well to evaluate Big Switch's products while keeping in mind that the company is a ripe takeover target. Big Switch claims its goal is to build a company, not to get bought, but even its execs admit that every company has its price. Big Switch says its commitment to openness will protect both vendors and customers if the company is acquired. We just may get the chance to see if that's the case. Customers: Goldman Sachs, Fidelity Investments. B. HP HP revealed details of its overall SDN strategy in October, saying it is developing an OpenFlow controller and will deliver three applications, including network virtualization, during the second half of 2013. HP lags a bit behind the other vendors in getting its Virtual Applications Network SDN Controller to market, but the company has an overall strategy that is aimed not only at the data center operator early adopters but also at driving SDN down into the campus and branch environments of enterprise customers. To date, HP has made 25 of its switches OpenFlow-capable, far more than any other vendor, and the company's controller and network virtualization application are being developed in conjunction with its public cloud service, HP Cloud Services, which gives it a good customer reference when selling to data center operators. Like Big Switch, HP is evangelizing a hybrid approach to SDN that uses an overlay for virtualization and OpenFlow for other applications. "Overlays have value when customers don't


have a critical mass of OpenFlow switches installed," said Bryan Stiekes, chief technologist for SDN and cloud at HP Networking, who was also responsible for HP Cloud Services' network strategy. "But obviously we're a hardware vendor, so we're not going to advocate a pure overlay approach that says the network has no value," he said. "We think it does." Specifically, HP believes that an overlay-only approach that just moves intelligence into software end points and encapsulates traffic between them doesn't really take full advantage of the promise of SDN. "With that approach I have to keep scaling my service nodes and I stay stuck in this world where my switching fabric is underutilized," Stiekes said. "We think there's a lot of advantage to separating the policy decision point and placing it in a controller so that you can use the capacity of the switching fabric to your advantage." Figure 5: HP's SDN Vision

Source: HP HP's initial virtualization application will use an overlay but the company isn't giving a lot of details about it yet. Stiekes did say he expects customers to deploy clusters or multiple clusters of controllers and while he couldn't share how many virtual network segments the HP controller will support, it will be more than the 4,000 supported by VLANs today. "If you can't get past today's hardware limitations, there's really no point in doing it," he said. HP declined to specify which v-switch it's using for the virtualization app, saying only that it is "targeting different environments" with the solution. The company does not have its own v-switch and has not announced any intent to deliver one, but it has strong partnerships with VMware and Microsoft in its other lines of business so their v-switches could be possibilities. The same goes for cloud orchestration. HP's virtual networking app supports only OpenStack, but the company insists it is committed to being open so likely will add support for others. Two other HP applications, one for security and another for load-balancing, will use OpenFlow rather than an overlay. HP will offer a distributed intrusion detection application called HP Sentinel Security, which was originally developed for Home Box Office (HBO). Based on HP's TippingPoint security appliances, Security Sentinel works by sending DNS requests to the controller, which queries an HP TippingPoint database to make sure the URL is okay. The other application is a distributed load-balancing app that HP is developing in conjunction with CERN, the European Organization for Nuclear Research.


The Virtual Applications Network SDN Controller will be available as software or as an appliance, but pricing hasn't been determined yet. "We are investigating pricing," said Steve Brar, global product marketing manager at HP Networking. "Ultimately, I think the value will be in the applications rather than the controller," he said. "That's not to say the controller will be free but we are looking into how to price it with the applications." HP has not announced any third-party partnerships, but the company is open to them. "That is part of our vision and strategy, and we will look to grow with partners as we go along," Brar said. Customers: CERN, HBO, HP Cloud Services. C. IBM IBM unveiled its Programmable Network Controller (PNC) in October just one day after HP made its big SDN splash, but IBM says it will ship its controller by the end of this year while HP's won't be ready until the second half of 2013. To be fair, multiple sources say IBM is simply reselling NEC's ProgrammableFlow controller. While neither IBM nor NEC would confirm or deny that, it does make sense. IBM and NEC already had a deal, inked back in January, for IBM to market its top-of-rack G8264 OpenFlow switch in conjunction with NEC's ProgrammableFlow controller. And the description of the IBM PNC virtual networking application uses the same "Virtual Tenant Network" terminology that NEC uses to describe how its ProgrammableFlow controller accomplishes virtualization. If IBM is reselling the NEC controller, that signals just how important the company feels it is to have a controller in its product portfolio at this early juncture in the development of SDN. IBM could have waited; the company is working on its own virtual networking technology called Distributed Overlay Virtual Ethernet (DOVE), which will include controller functionality. But DOVE won't be ready until the middle of next year, and it will be an overlay solution. PNC gives IBM a way to target data center operator accounts now, and gives it the company an OpenFlow strategy to complement overlay virtualization. IBM's DOVE virtual networking technology is similar to Nicira's in that OpenFlow switches aren't needed for it to work. It is hardware agnostic and can run over traditional or OpenFlow networks. In the case of DOVE, centralized controlling software communicates with distributed v-switches – IBM's Distributed Virtual Switch 5000v in this case – running on server hypervisors and sets up tunnels connecting end points across the physical infrastructure. DOVE uses a proprietary tunneling protocol similar to VXLAN to accomplish this. It uses VXLAN header format but also uses an address dissemination mechanism analogous to the function domain name servers perform for mapping domain names into IP addresses. IBM plans to offer DOVE on multiple server platforms including IBM's System x and Power servers, so IBM customers will have the option of deploying uniform network virtualization across multiple server platforms. Many data center operators need to provide virtualization on existing Layer 2 and Layer 3 networks, but they may not necessarily want to invest right away in an OpenFlow network. "DOVE provides network virtualization for existing Layer 2 and Layer 3 networks without the need to change the network," said Rakesh Saha, director of product management for system networking in the Systems and Technology Group at IBM. But if an operator does opt to deploy OpenFlow, DOVE will be able to run on top of it in a hybrid environment too, he added. Meantime, IBM's PNC delivers virtual networking through the VTN technology, which provides an abstraction of the virtual Layer 2 or 3 network. Users can either use a Web-based interface or a command line interface to build virtual networks, which are then set up through switches using the OpenFlow controller. In its current version, IBM PNC is capable of supporting up to 1,000 virtual tenant networks simultaneously, which is significantly fewer than the 32,000 virtual network segments Big Switch promises or the "tens of thousands" Nicira says it can support. It's also fewer than the hardware limit of 4,000 VLANs per switch, but IBM says it has plans to support up to 10,000 virtual networks in upcoming releases of PNC.


Figure 6: IBM's Programmable Network Controller Architecture

Source: IBM As far as compatibility with cloud orchestration systems goes, IBM provides RESTful APIs that allow PNC to be programmed by any orchestration system, Saha said. The company supports OpenStack through a beta version of a Quantam API and will add support for more orchestration systems next year, he said. IBM offers some of the most detailed list pricing available from a controller vendor. A one-year license for the PNC controller software lists for $87,500. A single switch connection license adds $4,500 to the price, while a 10-switch license adds $27,500 and a 50-switch license adds $85,000. A three-year license for the PNC controller lists for $122,500 with a one-switch connection license adding $6,300 to the price, a 10-switch license adding $38,500 and a 50-switch license adding $119,000. IBM's pricing includes service and support. By contrast, NEC's list price for a perpetual license for its controller is $75,000 with a 10-switch connection license adding $22,000 to the price, but NEC sells support and service separately, which may make the IBM solution more competitive with NEC's total cost. IBM hasn't announced third-party application partnerships for PNC, but it is open to them for applications such as firewall and intrusion detection. PNC is available only as software, and IBM recommends that operators using it in a production environment run it on two servers with an Intel Xeon E5-2600 series processor with at least eight cores and in a redundant configuration. IBM has not announced any data center operator customer wins, but it has revealed that message switch vendor Tervela, which provides a distributed data fabric for global trading, risk analysis, e-commerce and big data applications, has beta-tested PNC. Overall, IBM has an SDN strategy very similar to HP's: Provide a controller and OpenFlow-enabled switches plus an overlay strategy for customers who don't want to do OpenFlow or who want to run hybrid networks. Both companies are also providing integration services for SDN. HP


and IBM are looking beyond the large data center market with their real focus being on driving SDN adoption in enterprises, and for enterprise customers a total end-to-end solution will be attractive. But large data center operators and telecom carriers are seeking to get away from one-stop shopping, so it is doubtful a single vendor SDN solution will play well in that market. Customers: Tervela. D. NEC If there is such a thing as an incumbent in the emerging OpenFlow controller market, NEC is it. The company became the first hardware vendor to deliver on an OpenFlow strategy when it announced general availability of its ProgrammableFlow Controller and two OpenFlow-enabled switches, the PF5240 and PF5820, in May 2011, well ahead of its competitors. NEC offers the ProgrammableFlow controller as a network appliance or as software that runs on a standard Intel Xeon server. This spring NEC released a second version of ProgrammableFlow, including an improved interface for its Virtual Tenant Network (VTN) technology to make it easier for data center operators to create virtual networks in a multi-tenant environment. Whereas previously a data center operator would have had to use scripting to create a virtual network with ProgrammableFlow, a VTN Web-based interface delivers a simpler point-and-click system. VTN is a logical abstraction plane that can sit on top of any underlying physical network topology. When a data center operator creates a virtual network using VTN, it is mapped into the physical network through a top-of-rack OpenFlow-enabled switch such as the PF5820. (NEC also has demonstrated interoperability of its controller with OpenFlow-enabled switches from other vendors such as Brocade and IBM.) This approach to virtualization is in contrast to Nicira's overlay where the controller does not talk directly to physical switches. "With our model, customers only have to manage one network instead of an overlay and physical network," said Don Clark, director of the ProgrammableFlow controller at NEC. "And because ProgrammableFlow provides control over the physical network, physical appliances can be integrated into virtual networks, and QoS policies can be applied on a per-flow basis." Figure 7: NEC's ProgrammableFlow Controller Virtual Tenant Network

Source: NEC


The fact that NEC's ProgrammableFlow controller has been on the market for a year and a half gives the company a leg up on most of the competition because customers are using the product in commercial deployments. NTT Communications, for example, launched an IaaS service in April using ProgrammableFlow. Genesis Hosting and Nippon Express are ProgrammableFlow customers. If IBM is, indeed, reselling NEC's controller, that's a stamp of approval, as well. When it comes to third-party relationships, NEC is working with security vendor Radware on a way to integrate the Radware Attack Mitigation System into NEC's ProgrammableFlow product line. The joint solution will provide a network and application security-aware network that dynamically assigns security protection resources that can be customized based on levels of detected threats and traffic volumes. Clark said he expect to have more to announce regarding the co-marketing relationship early next year. NEC will also have some news early next year regarding cloud orchestration system compatibility, Clark added. The company is compatible with VMware's vCloud and has demonstrated interoperability with OpenStack and Hyper-V, as well. The ProgrammableFlow Controller lists for $75,000. That is a one-time perpetual license; Additional fees are charged for per switch connection licenses and for support and service with a 10-switch connection license adding $22,000. NEC declined to specify what it charges for support and service but said its typical service contract is competitive with those of other hardware manufacturers. IBM's list pricing is quite a bit higher than NEC's when you consider that IBM only sells one-year or three-year licenses, but IBM also includes support and service in its price, which could make it a little more competitive with NECs overall cost. Customers: Genesis Hosting, Nippon Express, NTT Communications, Shuberg Philis. E. Nicira/VMware Like NEC, Nicira gets to claim "veteran" status relative to the other players because even though the five-year-old company did not come out of stealth mode until February, when it did it offered up customer references such as AT&T, eBay, Fidelity Investments and Rackspace Hosting. Google also used an early version of NVP to create its OpenFlow network. And then came VMware's game-changing $1.26 billion purchase of the company, which certainly validated Nicira's technology. Nicira cofounder Martin Casado is widely credited as one of OpenFlow's inventors, and the NVP controller does use OpenFlow for its southbound interface. But you won't hear Nicira talking much about the protocol, or even SDN for that matter; it prefers to talk network virtualization. "OpenFlow is not a solution; it's just a protocol," said Rod Stuhlmuller, director of product marketing for NVP. "Even the term SDN has gotten a lot of credit it doesn't deserve. This is really about network virtualization that is being deployed in production environments." Nicira/VMware describes its approach to network virtualization in detail on its Website. It is different from a pure OpenFlow approach in that the controller does not talk directly to OpenFlow switches in the physical network. Instead an overlay is created with a cluster of NVP controllers managing an abstraction layer between end hosts and the physical network. The NVP cluster communicates with Open vSwitch software deployed in server hypervisors, which are connected to the physical network, and it automatically updates the state of OVS tunnel connections in the physical network. These tunnels allow virtual networks to span the data center or even run between data centers, and communication between workloads connected to the virtual networks is encapsulated and carried across the physical network, which is what enables VM mobility. "We're creating virtual networks that are independent and completely decoupled from the underlying physical infrastructure," Stuhlmuller said. "It's just like server virtualization, and with it you have all kinds of operational flexibility you didn't have before."


Figure 8: Nicira/VMware Virtual Network Application

Source: Nicira/VMware Not only can a data center operator spin up a virtual network in seconds instead of weeks, the potential capex savings on servers and network infrastructure is also compelling, Stuhlmuller said. Nicira estimates that its large data center customers can save $15-$30 million per data center in server and network infrastructure by using network virtualization, and that doesn't include potential operational savings. Nicira contends that concerns about an overlay causing performance delays are unwarranted. "That was the big question early on," Stuhlmuller said, "but we've had NTT, eBay, Rackspace and AT&T hammering on the performance and they aren't having any problems. They are all scaling up deployments." To address the issue of including non-OpenFlow gear, Nicira provides a software gateway product that allows legacy VLANs with multiple physical machines to be mapped into a virtual network so that the workloads look as though they are on the same network. It also supports VXLAN tunneling so that any third-party physical device supporting VXLAN can be directly connected to the network. "It's not about overlay versus non-overlay or hybrid," Stuhlmuller said. "The difference is whether you end up with a virtualized network or not. By definition, if workloads are bound to underlying hardware meaning you must have a particular vendor's switch that supports OpenFlow, or a specific version of OpenFlow supported on the switches, you do not have a virtualized network. You have better network management." Nicira has not announced any third-party application partnerships but it contends that's the beauty of network virtualization: They aren't needed. "Applications see the virtual network exactly the same as they used to see the physical network without modification," Stuhlmuller explained.


"This is what allows internal departments for private clouds or external tenants in public clouds to let customers move applications as they are unmodified into the cloud environment. It's a major change from 'clouds' that are bound to the capabilities of the underlying network." Stuhlmuller declined to provide specific pricing information for NVP saying only that it's a usage-based licensing model typically priced per VM per month. The wild card for Nicira (and its customers), of course, is what the VMware purchase means for the controller. Contrary to competitors' claims that NVP is now just a tightly coupled network virtualization system for VMware, Stuhlmuller said that is not the case explaining that the company supports multiple hypervisor environments, not just VMware, and will continue to do so. NVP supports both KVM and XenServer hypervisors and is compatible with OpenStack and CloudStack orchestration systems. Integration between VMware and Nicira is happening now and will continue through next year, according to Stuhlmuller. "VMware has a robust Layer 4-7 solution, and we're really excited about what they're doing in the 5.1 (vCloud) product to take advantage of our distributed model," he said. "They will be able to take advantage of our scale and distribution, and we will be able to take advantage of what they are doing in network security." That doesn't exactly translate to details about how VMware intends to use Nicira, but VMware has said that its plans for the controller are part of an overall strategy to support non-VMware clouds. Perhaps the Nicira deal along with the company's recent $200,000 gold membership investment in the OpenStack Foundation are evidence that VMware does, indeed, intend to become more open. We will have to wait and see. One thing is clear: VMware with Nicira is a formidable competitor and has the early lead in the SDN race whether they want to call it that or not. Then again, this is a marathon that's barely started. Customers: AT&T, Calligo, Dreamhost, eBay, Fidelity Investments, NTT Communications, Rackspace Hosting. F. Open-Source Controllers & Other Potential Controller Vendors While we've opted to profile only commercial OpenFlow controllers in this report, our coverage wouldn't be complete without a brief discussion of open-source controllers and application vendors that could end up bundling controller functionality into their products. There are several open-source controllers available that a network operator or equipment vendor could use to build its own fully featured controller similar to the way NTT Communications is developing a controller using Ryu as its base. Big Switch Networks' open-source controller Floodlight is one of the most popular. The company said it has delivered more than 10,000 downloads of it to date to companies such as Arista, Brocade, Citrix, Dell, Extreme Networks, Fujitsu, Google, HP, IBM, Intel, Juniper and Microsoft. Floodlight is based on another open-source controller developed at Stanford called Beacon. A consortium called ON.Lab, the open-source arm of the Open Networking Research Center (ONRC), which is a partnership between Stanford and the University of California, Berkeley, also has two open-source controllers called NOX and POX. And Cisco backs an open-source controller called NodeFlow, while NEC supports one called Trema. "There is a big difference in functionality between most open-source controllers and commercial controllers," said Matthew Davy, executive director of the Indiana Center for Network Translational Research and Education (InCNTRE) at Indiana University. InCNTRE is the SDN testing and interoperability lab where the ONF holds its plugfests. "Open-source controllers typically come with basic functionality like topology discovery and learning switch functionality, and they do not usually offer high-availability which will be a requirement for most deployments," he explained. A company then has to create software code to run on top of the base platform or


find other open-source software modules in order to deliver features such as load-balancing or an application for multi-tenant network virtualization. The difficulty of developing the code that rides on top of the base controller is what's driving a market for commercial options, and in a lot of cases the controller functionality could end up getting bundled with applications higher up the stack in Layers 4-7. Many of the startups covered in our recent Heavy Reading Insider, SDN Startups: 10 Companies That Matter, incorporate centralized control functionality into their products. Most of them insist they can work with the controllers profiled in this report (indeed, Big Switch announced some of them as partners), but there is also the possibility their solutions could bypass the controller as Brocade suggests it will be able to do with Vyatta. "Control software and functions can be implemented in so many ways that it's hard to say what a controller is now," said ONF"s Dan Pitt. "One of the terms I like to use when we talk about the northbound API is 'latitude'," he said. "You want to define the API? What latitude is it? How far north is it? If you draw a controller on a blackboard, what's above it and what's below it?" Those are questions the industry will be working to sort out in the coming months and years.

http://www.heavyreading.com/insider/details.asp?sku_id=2922&skuitem_itemid=1453&promo_code=&aff_code=&next_url=%2Finsider%2Fsearch.asp%3F


IV. Conclusion With many of the world's largest data center operators already using OpenFlow in production environments, the protocol and SDN technology will remain center stage during the coming year. Perhaps the most exciting and encouraging thing about SDN is the fact that through the ONF network operators and service providers are finally in the driver's seat and not dependent only on vendors for innovation. That's a place they've longed to be for decades. "We feel like we are part of an open movement that democratizes information technology," ONF's Pitt said. A lot of work lies ahead to make the promise of SDN a reality. Network operators will not rip out and replace all their legacy networking equipment with OpenFlow switches overnight, of course. But by incorporating technology such as the controller and v-switch into their data centers, they can begin to deliver services more quickly and efficiently, and they will be able to reduce their own capex and opex in doing so. Data center operators should expect to see plenty of activity in the controller market during the coming year. There will be more mergers and acquisitions as hardware vendors look to acquire the pieces of the SDN puzzle they don't have. Startups will also come out of stealth to explain in detail where they fit in an OpenFlow environment, and incumbent equipment vendors likely will be forced to incorporate OpenFlow into their product portfolios whether they want to or not. We may still be a long way from the day when network operators and their customers can simply visit an app store to turn up services, but the promise of that kind of rich ecosystem of applications that can help businesses operate more efficiently is finally in sight.

Editor: Dennis Mendyk ([email protected]) Research Analyst: Dawn Bushaus ([email protected]) Support: www.heavyreading.com/research ([email protected])

mailto:[email protected]


http://www.heavyreading.com/research



SUBSCRIBER LICENSE AGREEMENT Any Heavy Reading Insider report ("Report") and the information therein are the property of or licensed to United Business Media LLC ("UBM") and permission to use the same is granted to annual or single-report subscribers ("Subscribers") under the terms of this Subscriber License Agreement ("Agreement") which may be amended from time to time without notice. When requesting a Report, Subscriber acknowledges that it is bound by the terms and conditions of this Agreement and any amendments thereto. UBM therefore recommends that you review this page for amendments to this Agreement prior to requesting any additional Reports. SUBSCRIPTION RENEWAL For convenience, subscriptions purchased by credit card will be auto-renewed at the end of the subscription term. Prior to that auto-renewal you will receive a notice that will include instructions for updating your subscription or payment information and for opting out of the auto-renewal process. OWNERSHIP RIGHTS All Reports are owned by UBM and protected by United States Copyright and international copyright/intellectual property laws under applicable treaties and/or conventions. Subscriber agrees not to export any Report into a country that does not have copyright/intellectual property laws that will protect UBM's rights therein. GRANT OF LICENSE RIGHTS UBM hereby grants Subscriber a personal, non-exclusive, non-refundable, non-transferable license to use the Report for research purposes only pursuant to the terms and conditions of this Agreement. UBM retains exclusive and sole ownership of each Report disseminated under this Agreement. Subscriber agrees not to permit any unauthorized use, reproduction, distribution, publication or electronic transmission of any Report or the information/forecasts therein without the express written permission of UBM. Subscribers purchasing site licenses may make a Report available to other persons from their organization at the specific physical site covered by the agreement, but are prohibited from distributing the report to people outside the organization, or to other sites within the organization. Enterprise Level Subscribers, however, may make a Report available for access on computer intranets or closed computer systems for internal use under their service agreements with UBM. DISCLAIMER OF WARRANTY AND LIABILITY UBM has used its best efforts in collecting and preparing each Report. UBM, ITS EMPLOYEES, AFFILIATES, AGENTS, AND LICENSORS DO NOT WARRANT THE ACCURACY, COMPLETENESS, CURRENTNESS, NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE OF ANY REPORTS COVERED BY THIS AGREEMENT. UBM, ITS EMPLOYEES, AFFILIATES, AGENTS, OR LICENSORS SHALL NOT BE LIABLE TO SUBSCRIBER OR ANY THIRD PARTY FOR LOSSES OR INJURY CAUSED IN WHOLE OR PART BY OUR NEGLIGENCE OR CONTINGENCIES BEYOND UBM'S CONTROL IN COMPILING, PREPARING OR DISSEMINATING ANY REPORT OR FOR ANY DECISION MADE OR ACTION TAKEN BY SUBSCRIBER OR ANY THIRD PARTY IN RELIANCE ON SUCH INFORMATION OR FOR ANY CONSEQUENTIAL, SPECIAL, INDIRECT OR SIMILAR DAMAGES, EVEN IF UBM WAS ADVISED OF THE POSSIBILITY OF THE SAME. SUBSCRIBER AGREES THAT THE LIABILITY OF UBM, ITS EMPLOYEES, AFFILIATES, AGENTS AND LICENSORS, IF ANY, ARISING OUT OF ANY KIND OF LEGAL CLAIM (WHETHER IN CONTRACT, TORT OR OTHERWISE) IN CONNECTION WITH ITS GOODS/SERVICES UNDER THIS AGREEMENT SHALL NOT EXCEED THE AMOUNT YOU PAID TO UBM FOR USE OF THE REPORT IN QUESTION.

Hri_1212 SDN Controllers

Documents

Transcript of Hri_1212 SDN Controllers