Cisco Takes Open Source Route to Policy Revamp
Cisco is developing open source tools designed to allow network operators to describe policy in more meaningful terms.
The Noiro Networks team inside Cisco Systems Inc. (Nasdaq: CSCO) is trying to solve the problem of network policy that doesn't make sense in an application-centric world. Typical networking policy uses networking language -- describing traffic flows or or whether specific ports are allowed to connect with each other. Instead, the Noiro Networks team is looking to describe policies in terms of how applications are allowed to interoperate, says Thomas Graf, a principal software engineer at Cisco working on Noiro Networks.
"We want to give the user the ability to say what the policy result should look like," says Graf. "We want to decouple policy from specific infrastructure. And we want to achieve that with open source software."
The goal is to create a policy framework that works with OpenStack and OpenDaylight, for cloud applications. "They do not want vendor-specific code in an open source cloud."
Within Cisco, the Noiro Networks work would be incorporated into Cisco's SDN architecture, the Application Centric Infrastructure (ACI). "We want to bring the same concept, thinking about applications instead of infrastructure, to the open source world," Graf says.
If these goals sound familiar, then your memory is sharp. It's similar to OpFlex, a group-based policy that Cisco is working on, and which has been submitted to the Internet Engineering Task Force as a proposed standard. Cisco unveiled OpFlex at the Interop conference in the spring but hasn't talked much about it since. Cisco is also working with OpenDaylight on OpFlex interoperability. (See Goin' South: Cisco Offers 'OpFlex' as Alternative to OpenFlow .)
"There are lots of really interesting things happening in the policy world," says Nicolas Jacques, executive director of the OpenDaylight Project. "I think this is going to be a major area of focus for us and for any project."
The Noiro Networks team, now totaling 16 people, is maintaining a "Chinese wall" between itself and Cisco proper, says Graf. "We want to go all in on open source," Graf says.
"You cannot do open source with traditional software development methodology," Graf says. For example, open source is unfriendly to deadlines. "If the community gives you feedback, you have to react to that."
"We would be excited to work with anybody in the industry, and especially in the open source world, to get policy moving forward," Graf says. "We don't care what it's called."
So is Noiro Networks an independent business -- even a "spin-in," like Insieme Networks was? Insieme was a startup fully funded by Cisco that Cisco then acquired in 2013, at the same time as Cisco launched ACI, which Insieme developed. (See Cisco's ACI Gets Physical With SDN.)
That's not what's going on here, Graf says. "Legally it's Cisco. We get payroll from Cisco. We get badges and directory from Cisco. Everyone is aware we're Cisco. When we talk at conferences we say it's Noiro-Cisco." But the Noiro group isn't subject to Cisco's development cycles and roadmaps -- it has its own roadmap and objectives.
Mike Cohen, a director of product management at Cisco who works with the Noiro team, says: "We just thought it would be cool to have a separate email address. There is no deeper meaning here. It's a team morale thing. We're all strongly part of Cisco, but the team is focused on outbound community efforts." Noiro is part of the Nexus 9000 business unit at Cisco, Cohen says.