Skip Links

Cisco on why OpenFlow alone doesn't cut it

Going southbound doesn't return what northbound can deliver

By Jim Duffy on Fri, 06/15/12 - 4:56pm.

The rationale for opening up more layers than just the control and forwarding planes in network programmability is to glean as much statistical and analytical information as possible from the router or switch so the programming application can make more specific decisions on network behavior and customization. That's how Cisco's Open Network Environment (ONE) programmability strategy was explained by David Ward, chief architect and CTO of Cisco's Service Provider division.

Key to making this happen, as reported previously, is the northbound API in Cisco ONE that shuttles counters, and analytics, and statistics from the routers to the programming applications. And OpenFlow alone is just not up to the task.

RELATED: SDN/OpenFlow has Cisco jumping

Cisco ends the SDN suspense

"Northbound APIs are going to be critical because that's what people are going to end up writing to," Ward said.

And it's the focus of SDN discussions at the IETF and ITU standards bodies. At the Open Networking Foundation, which is focused exclusively on SDNs? Not so much. They're focused on bulking up the southbound OpenFlow API and protocol, Ward said.

But information delivered to management applications by the northbound interface is vital to maintaining the stability and resiliency of large routers networks - like the Internet. It's vital today and it's been vital since ever before the Internet became a mainstream personal and commercial information and communications tool.

"We need to find a way for the Internet, which has been successful, to be augmented by these," Ward said.

"The thing I'm really trying to do with SDN vs. just OpenFlow is integrate it directly into the router control forwarding, all the different layers," he said. "I just don't see the Internet being replaced. I certainly don't see it being replaced by that architecture. OpenFlow has no ability to do topology discovery. It's Ethernet-based only. In straight switch-to-controller, there's no horizontal communication between switches, there's no horizontal communication in the forwarding plane, there's no horizontal communications between controllers; that's exactly what I'm doing day in, day out with dynamic routing protocols, OA&M and the rest in the control plane of the Internet today.

"OpenFlow's mostly being used as a remote procedure call," Ward said. "The controller calculates something or somebody wants to program something, the protocol itself is a carrier to bring that down to the router or switch. The architecture in OpenFlow today is directly analogous to permanent virtual circuits in ATM. You go link-by-link, hop-by-hop all the way across the network. You know exactly how that's going to scale, you know exactly what those problems are going to be - we lived through that 10-15 years ago."

That's not to say OpenFlow does not have use cases. OpenFlow purists like NEC and Big Switch Networks say they have found demand for its in financial and technology companies as a way to extend VLANs and increase the scale of virtualized data centers.

And Cisco, which demonstrated its proof-of-concept OpenFlow controller at this week's CiscoLive! conference, said the technology has found a home in academia and research as a way to conduct network 'slicing,' in which a shared infrastructure is segmented to contain traffic to certain segments.

Network programmability in general though, and Cisco ONE's onePK API kit has broader applicability, according to Cisco. For enterprises, a couple of benefits could be realized in VPNs and data centers with low latency switches, Ward said.

"(onePK) was demanded on the Nexus 3000 because people don't want to run ARP when there's a lot of VMs in motion," Ward said. "You can overcome the deficiencies in ARP and the stale data that's in ARP by just programming (VM-to-MAC/IP addressing) directly to the switch. It's a really straightforward and extremely useful reason to want to have SDN."

It can also reduce the time it takes for a service provider to provision a VPN to an enterprise, he said.