OpenFlow: Actually on the Ascent
I've been hearing it and you probably have been too: people questioning the future of the OpenFlow protocol or even proclaiming (perhaps wishfully so) its demise.
I would like to provide evidence to the contrary. While some industry players continue to argue over alternatives to OpenFlow, a wide range of network operators -- including major service providers, Internet companies and enterprises -- currently benefit from the control and vendor independence this open protocol provides. I've thought for some time that the industry needs to shift its attention from the southbound side (of the control plane) to the northbound (application) side, where SDN touches real business value, and now it is.
OpenFlow is the standard southbound protocol designed for SDN and it's vendor neutral. Nothing else is. It's now appearing in chipsets, white-box switches and branded switches, in addition to the hypervisor switches where it's been pervasive. With forwarding and control separate, OpenFlow-based switches offer amazing price-performance, while separate control software allows operators to tailor the network's behavior to their business priorities. This, of course, is the goal of SDN.
I can talk all day long about vendors implementing OpenFlow, but hearing from organizations that are buying and using it more strongly counters the contention that it's going away. At the Open Networking Summit (ONS) in June, four of them -- Alibaba Group , Google (Nasdaq: GOOG), AT&T Inc. (NYSE: T) and the US National Security Agency (NSA) -- revealed their reliance on OpenFlow; further evidence appeared at the OpenDaylight Summit in July.
For the most part, the point was not, "Hey, we're using OpenFlow!" Rather, it was, "Look at this amazing network we're building with SDN, and oh, by the way, how we do it is with OpenFlow" (and other things too, of course).
Scale and the white box revolution
At Google and Alibaba, the sheer size of their networks poses significant scale, cost and availability challenges. As Google Fellow and Technical Lead for Networking Amin Vahdat has noted: "We couldn't buy the hardware we needed to build a network of the size and speed we needed to build. It just didn't exist."
Consequently, Google has been building its own distributed computing and networking infrastructures. Three years ago at ONS, Senior Vice President of Technical Infrastructure Urs Hölzle disclosed that Google had converted its worldwide data-center interconnection network to a pure OpenFlow network. What they were doing inside their data centers, however, remained an object of speculation.
Last month, Amin Vahdat disclosed what many of us suspected -- that Google is using OpenFlow within the data center, too. The company is now on its fifth generation of a homegrown data center network, known as Jupiter, which utilizes an SDN architecture and OpenFlow, along with a centralized software control stack. OpenFlow provides a convenient abstraction to express remote procedure calls for programming forwarding table entries in these switches, Amin says, and gives Google the flexibility to swap in a range of hardware.
AT&T's universal customer premises equipment (CPE), meanwhile, is based on an x86 server with a virtualization layer that includes Open vSwitch (OVS) and hosts a number of virtual network functions. The carrier uses OpenFlow to configure OVS to service chain the appropriate flows among functions. As they convert more and more hardware-based functions to virtualized network functions in software, service chaining will be pervasive. At the OpenDaylight Summit, VMware's Director of Switching Technology and Leading OVS Developer Justin Pettit said that OVS implements OpenFlow and always has. VMware continues to be a major contributor to the evolution of OpenFlow in ONF.
Alibaba, the Chinese e-commerce giant, operates on a scale few of us can imagine. Digital Marketing Ramblings reported in April that Alibaba had 350 million active users, and its business exceeds the combined total of all the big US e-commerce companies. As Alibaba's participation in ONF (including significant leadership roles) has ramped up, we’re starting to gain some insight into how they handle such volume.
At ONS, senior networking architect Kitty Pang took the big stage to discuss Alibaba's hybrid SDN cloud network, which is built on OpenFlow (and VxLAN). Kitty explains that OpenFlow is simple, agile, well supported by vendors and better than the alternatives, like BGP and I2RS. Its use has also led to rapid development time of less than six months.
It's all about control
OpenFlow is flow-based, allowing individual flows to be treated precisely and uniquely. Thus it has been particularly appealing to the National Security Agency (NSA). The agency is currently using OpenFlow-based SDN in several small-scale deployments in its data center and branch office networks and is planning several major deployments during the next 12 months, according to Bryan Larish, NSA technical director for enterprise connectivity and specialized IT services.
I have visited NSA's extremely knowledgeable staff, and Bryan participated in ONF's Appfest in May in San Jose, Calif. At ONS, Bryan made some pretty blunt statements expressly about OpenFlow, such as, "Centralized control via OpenFlow is key," and "We are all in on OpenFlow."
I asked him, "Why OpenFlow?" Bryan responded: "We want a centralized control plane; we want that control plane to have predictable, fine-grained control over device behavior (ie. control at the flow level); we want to do all of that in a multi-vendor way. OpenFlow is the only protocol I'm aware of that meets these requirements. My intent is to make the OpenFlow/SDN/centralized control model our default solution."
I've heard many well-known enterprises -- and some smaller ones too -- express the same satisfaction with OpenFlow.
The new norm
I’m frankly a little surprised that the debate about the southbound protocol has gone on so long. After all, OpenFlow represents a vendor-neutral standard that does just what SDN is supposed to do. The alternatives are either not standard, vendor-specific, designed for some other purpose and not an ideal fit to the requirements, or artifacts of hardware-defined networking that fail to yield the value of SDN.
Business transformation is the most important benefit of SDN, not OpenFlow. But OpenFlow is the key to what network operators are looking for: freedom to build best-of-breed networks that can be uniquely programmed to meet their specific needs. I know of major, even incumbent, vendors that incorporate OpenFlow in their products but advertise the business benefit of their solutions, not the technology under the covers.
I challenge the promoters of southbound alternatives to demonstrate a superior overall means of delivering SDN's benefits. Hearing from bellwether operators that OpenFlow is their choice should be impetus enough for the industry to focus on system performance, interoperability, operational ease, effective management and application and service integration, which have greater direct impact on the bottom and top lines of businesses. Bickering over alternatives on the southbound side only delays these positive impacts.
— Dan Pitt, Executive Director, Open Networking Foundation