Implementing security policies into the network based on identity and other application and user awareness parameters will drive network programmability, with network-based APIs and customer-specific algorithms, Cisco CTO Padmasree Warrior said last week during her Interop keynote address. That's the same keynote where Warrior briefly discussed the Cisco Open Programmable Environment (COPE), the company's SDN architecture that it will apparently discuss in more detail at next month's CiscoLive conference.
Below is an excerpt from Warrior's keynote in which she discusses network programmability, SDNs and Cisco COPE, which, she says, is intended to open up the network with APIs at layers other than just the data and control plane:
The convergence between security, policy and identity... All of this means we have to be able to program the network and create network programmable interfaces, which we tend to think of as a set of protocols that are modular, that can be specifically tuned for different applications and capabilities that we are deriving from the network. The network, of course, has to be agile and has to drive scale with respect to delivering better economics. And it needs to be manageable and have the right kind of automation capabilities, because one of the constraints or one of the requirements is IT productivity. And we need to have the network provide or improve that productivity by enabling better management.
This is our vision for the future of the network to address some of those trends and transitions we are seeing that are actually impacting the network both from the consumer space as well as from the business application space. There's a lot of discussion in the industry around software defined networking driven primarily by new business problems that we have to solve. Cisco is investing significantly and will continue to innovate in the area of SDN, working with industry partners. However, we want everyone to think more broadly and holistically about SDN, and what do I mean by that? When we look at the network architecture and how we can extract value from the network it exists at multiple levels. We have to create APIs and have access to programmability not just at the control plane and data plane; but at multiple levels in the architecture. We call that the Cisco Open Programmable Environment. And the Cisco Open Programmable Environment allows us to provide access at multiple layers in the stack. And of course, OpenFlow is an example of where you can separate the control plane and the data plane and create access to both of those.
Cisco has been participating in and implemented what we call the Nexus 1KV about three years ago and we have about 5,000 customers in this space, which is the first instantiation of SDN. So we believe there will be a particular use case that will require us to focus primarily on the openness between the control plane and the data plane but there will be other use cases where we have to provide access to the different layers in the network, and what we are focusing on is providing those API capabilities at multiple layers in the stack.
This is indeed what Cisco Distinguished Engineer David Meyer is proposing in a charter he's reportedly drafted for an Internet Research Task Force group to investigate software defined networking -- a development covered here by Brad Casemore.
The schematic Warrior showed for COPE, for what it's worth, consisted of three layers: network elements at the bottom; analysis and monitoring, performance and security in the middle; and application developer environment at the top. In between the network elements and analysis layers were three sub-layers - transport, forwarding plane and control plane. And in between the analysis and application layers were sub-layers network services and orchestration.
Cisco was shown to be involved at all layers of the COPE model but the application developer environment layer. Network intelligence harvested at the bottom layer was shown to be delivered to the top application layer, and then a "program for optimized experience" function was shown to be cycled back to the network element layer from the application developer environment layer:
More from Cisco Subnet:
The Cisco Subnet blog is written by Network World managing editor Jim Duffy Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
Follow Jim Duffy on Twitter