Cisco, VMware take SDN battle to policy arena

Cisco ACI and OpenStack/VMware's upcoming 'Congress' intended to keep customers in the fold


As more software-defined networking moves to open source software and bare metal switching based on merchant silicon, major vendors are taking the game to a higher level than configuration management of forwarding devices through a decoupled controller. Application policy is an area where they can continue to influence customer deployments and seed them with custom ASICs and interdependent software, bypassing the disaggregated hardware/software mode SDNs encourage.

“Application infrastructure policy becomes the next battlefield,” said IDC analyst Brad Casemore at the Interop trade show and conference. “Open systems as a competitive proxy is not present here. It’s vendor value-add.”

Cisco, perhaps the vendor with the most to lose from the decoupled, disaggregated SDN model, is leading the charge towards application policy infrastructures with its Application Centric Infrastructure (ACI) fabric, Nexus 9000 switching line and OpFlex policy protocol. ACI is intended to maintain network intelligence in the switches and routers themselves by abstracting application policy instead of network infrastructure, and allowing the network to self-configure to adhere to and enforce those policies.

Implementation of the full ACI fabric depends on custom Cisco ASICs in the Nexus 9000 switches – Cisco also uses Broadcom Trident II merchant silicon in them – for VXLAN routing, and the OpFlex protocol is the southbound mechanism by which those policies are delivered to the infrastructure. In the application policy context, OpFlex is analogous to the open source-based OpenFlow protocol in the decoupled control/forwarding SDN architecture embraced by much of the networking industry.

But to acknowledge industry appetite for SDN openness, Cisco is submitting OpFlex to the IETF and the OpenDaylight open source SDN consortium, and is also contributing to the ACI Group Policy model and northbound API to OpenDaylight.

“Open source is a competitive advantage now,” said Lauren Cooney, Cisco senior director of software strategy in the Chief Technology and Architecture Office. “It’s a great way to interoperate among vendors and extend contributed code."

“Innovative and open companies make more money,” Cooney said.

But Cisco is a founder of OpenDaylight, and many consider the vendor to be influencing the direction OpenDaylight takes so it’s aligned with Cisco’s own product development objectives. Indeed, OpenDaylight co-founder IBM, which is endorsing OpFlex along with Microsoft, F5, Citrix, Red Hat and Canonical, appears to be following Cisco’s lead rather than co-piloting the consortium as it wrestles with its own SDN strategy. Observers have noted that reports surfaced earlier this year that IBM is shopping around its SDN business.

“IBM and Cisco don’t share the same objectives in OpenDaylight,” said IDC’s Casemore during a breakfast briefing hosted by the market research firm. “Various vendors are jockeying for position in submissions and product roadmaps.”

IBM says any sense that it is taking a back seat to Cisco in OpenDaylight is off target.

“We are actually increasing our involvement and have many new IBM engineers on the project,” says Inder Gopal, vice president, networking development and technical strategy at IBM, and an OpenDaylight board member. “The total number of IBM engineers involved with (OpenDaylight) is larger than it has ever been. The SDN work in IBM is now closely aligned with our cloud systems work, making it central to IBM strategy. And the (OpenDaylight Technical Steering Committee) is very much a meritocracy. New elections will shortly open up TSC seats that will be directly elected by community members. And many other platinum members such as Brocade and Red Hat have stepped up their engagement in a major way. To portray this as a parochial Cisco effort is quite unfair and does not do justice to the dedication and passion of the hundreds of engineers who are working to create a true open source platform that can be of immense value to the industry.”

VMware is also a member of OpenDaylight but a rival of Cisco’s in SDNs, network virtualization and now, application policy infrastructure. VMware and its partners are spearheading an OpenStack project called “Congress” that is focused on declaring, auditing and enforcing policy in heterogeneous cloud environments.

Congress is intended to provide policy as a service across any collection of cloud services in order to offer governance and compliance of those services with business-level policies. Even though Congress is an OpenStack effort, vendors will compete to add value on the open-system model by developing the application policy engine and how it defines relevant communication with and instruction to the infrastructure, Casemore said.

Congress is expected to be explained further at theMay 12-16 in Atlanta. VMware plans to use it as a base for its policy engine and analytics, sources say.

Once Congress is launched, the table will be set for an application policy infrastructure showdown between Cisco and VMware, raising the stakes from network virtualization for configuration management to automating the infrastructure for business policy.

“Once you own policy you own the account,” said one VMware source.

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022