Nicira peels back the curtain on the future of networking - Interview with Nicira CTO Martin Casado

Stealth networking startup Nicira Networks issued their first press release this week, I sat down with Nicira co-founder Martin Casado to discuss

Openflow and software-defined networking are being considered by many to be the architecture that will define the future of networking, and nobody is closer to the center of this technology movement than Nicira's Marin Casado, who is considered by many to be the father of OpenFlow. Nicira has been operating in stealth mode, but this week Nicira issued its first press release, providing insight into what it is that they have been up to. One of the things I am most excited about with the press release is the announcement of some of Nicira's customers which include industry giant's AT&T, EBAY, Fidelity Investments,NTT and Rackspace. This will be a huge boon for the progress of OpenFlow and software defined networking as much of the networking community has questioned how quickly the technology will mature, particularly in large scale environments. Martin addressed this in his presentation at last October's Open Networking Summit, where he essentially said that OpenFlow was more mature than many people realize, and that if he could only share details on some othe huge behind-the-scenes projects he was working on it would adress much of the concern in the industry. And I couldnt have been more pleased seeing the quality of the roster that Nicira has in its customer base. For those that don't think SDN is mature enough ... watch out, it's coming fast.

Background: Click here to see Nicira's video on how their solution works

Art: Regarding your  press release today, you definitely peeled back the cloak of secrecy some and I know the market is excited to hear more about your announcement. Could you give us an overview of what it was you announced today?

Martin: Actually at Nicira in the four plus years we've been working on this stuff we've never issued a press release other than some real vague statements on the website. The reason for this is, it's honestly a personal thing with Steve and myself, I hate talking about stuff before you do it, so we wanted to make sure before we told people we would have customers using a working system in production. What happened last night was our first press release which highlights a select group of our customers with some examples of the technology we are providing. So that's what happened, and it turned into a much bigger press story than we expected. I think I counted like 23 articles now, my inbox is totally full, twitter's gone crazy, but it was a fairly straightforward press release.

Art: That must be very exciting for you, I know that you know there have been a lot of people watching Nicira, but it must be a nice validation to see this type of response from the media.

Martin: Yes it has been amazing, I think it's so important for those of us in the tech sector, our job is to solve problems and build technology, I think we get so caught up in talking about it.  The articles have been an amazing show of support and validation of our efforts. I do view them as sort of window dressing though, we are really about product, customers and solving tough technical challenges, and that is where I try to keep my focus. 

Art: So now that Nicira is starting to peel back the cloak, how do you plan to attack the market, and how do you see the SDN market evolving?

Martin: We've been very happy with our customer traction to date, the reason for the press release was not to gain more customer traction, but rather for a couple reasons. First, there has been a lot of speculation about what our products are and our strategy, so we wanted to get something official out there to help control the conversation & speculation, and so that the rest of the Valley knows what we are working on. Otherwise it's going to become like an ongoing joke that Nicira isn't talking. I think we are going to continue to do what we've been doing with customer engagements, we generally focus on virtualized data centers, we have a lot of enterprise customers, we have a lot of service provider customers, and we are going to keep growing organically. We are fairly opportunistic on how we expand as we tend to work with larger companies.

Background: OpenFlow, Merchant Silicon, and the Future of Networking

Art: Most of what was shared today appeared to be around an OpenFlow controller working with open vswitch ... given that you have the controller, it seems that there is at least the potential to expand your solution to be inclusive of physical OpenFlow switches. Is that the direction Nicira is moving toward?

Martin: This is actually part of what we're doing that we are not talking about, but you're right what we launched pretty much says that from the soft switch at the edge of the network you can virtualize away the physical fabric, which means that you can have a virtualized data center where you can virtualized networks such that the network has the operational model of a virtual machine. You can create networks dynamically, you can move them anywhere, they can support L2, L3,  security, all of that good stuff. We support federation between data centers, moving between data centers and we can do that on any type of physical fabric whether it's L2 or L3, whether it's over the top of a proprietary vendor model or whether it's a cost-effective L3 solution. That is what we announced.

Art: One of the other things I noticed about the solution is that, as a software solution residing primarily in the hypervisor, this is definitely something that I think application developers and server administrators could pull the trigger on without necessarily requiring the approval of the networking team. That is something I wanted to bring the attention to the NetworkWorld audience … I have observed that while many traditional network engineers are hesitant when thinking about software defined networks, application architects generally understand the appeal immediately. The features that SDN provides seems to really resonate with them, which makes sense when you see that so many major application developers are pushing for OpenFlow based solutions. Your press release highlights exactly why, your solution allows application teams to get access to features that are either incredibly cumbersome or impossible to provide with traditional network solutions, and it does so seamlessly and in a way that gets past the dreaded "now I have to open a trouble ticket with another team" for every step of application deployment and maintenance. This is something that could be an incredibly positive feature that could demonstrate how the network team is responding to business pressures and providing features that enable significantly greater business agility. So network teams now have the option to embrace software defined networks, but your architecture should also serve as a cautionary tale: if the network team does not provide this much needed functionality to the application team, the application and server teams can move forward without them.

Martin: That is really well put and I'd like to make one point that may not be so clear which is, it looks like we are entering an era of overlays. If you look at how, for example, a large web giant builds their data center, often they just have a layer 3 fabric which they've built with a vendor, and all of the application functionality on top of that resides on a virtual overlay of some sort, that could be an HTTP overlay, it could use the intelligence of a load balancer, it could be a distributed compute harness for things like doing analytics and so we are just effectively another overlay, but we are one that reproduces the network again by virtualizing it. Because we are entering an era of overlays, and this is true in nearly every data center I have seen, you can almost think of there being in the future two types of networks: you have your physical network that can be Dell, Cisco or whoever, and then you're going to have your virtual network, and that's going to be some overlay construct. To your point, I think it's the wrong thing to do today to go in and say we're going to fix your physical network. The physical networks are great today and there are great options out there. What you can't do well with networks today is the operational portion, how do you have flexibility and the dynamic response that you need to support virtualization? And this to me belongs not in the physical part, but in the overlay part.

Art: One of the things about this that does scare me is that, this reminds me in some ways of Cisco's entrance into the telephony market. Their strategy, as it should have been, was not to go after the PBX engineers that were in love with Avaya & Nortel, but to go around them higher up the chain of comand. And in the process, what I saw happen frequently was that very intelligent and seasoned PBX engineers got completely trampled and thrown under the bus. So a big part of the reason why I focus on SDN is because I really think it is important to raise awareness within the network engineering community, because, mark my words, if the network team doesnt raise this, the application teams will, and it could result of the network teams severely limiting their ability to provide this tremendous value to the business.

Art: What I saw today in your press release looks like it involves a large amount of tunneling. What is Nicira doing to address the scalability and performance challenges with tunneling as well as the common concerns that many engineers have with tunnel-based solutions

Martin: That is actually a really good question that probably deserves a long answer, but I'm going to give you a short answer. A lot of the scalability concerns have to do with hardware, and in software you don't have a lot of the same bottlenecks. For example there is no maximum number of tunnels that you can really do in software, thye just use ram and is not very much of it. And generally you only need the tunnels to exist between hypervisor's, but even if it's tens of thousands of tunnels, this is really not difficult to achieve. You don't have any state issues at all, the next concern is performance, but if you know what you're doing, you can tunnel at 10Gbps using less than 50 percent of one core, and so the performance is not an issue as well. So without these two things being a problem, you can very practically do tunneling, and that's why the two most salient network virtualization proposals today, VXLAN and NVGRE,  are built using tunnels, it is the right way to do it.

Art: Are you planning any public demonstrations or have other demos that you plan to share?

Martin: We haven't been a demo centric company, I don't know of any plans of going into conferences to show off functionality. Of course we are very happy to show the product to interested parties, but a lot of conferences are primarily vendors talking to vendors. We don't avoid these for ideological reasons, we just have been more focused on customer engagement. We have some extremely cool functionality that we are very close to being finished with, but we are going to announce that until we have customers using it in production environments.

Art: There has been a lot of interest in industry in virtualized network services that can do things like provide advanced network services on a per VM basis or  between virtual machines ... solutions similar to Vshieldl. How does Nicira approach advanced network services in your SDN framework?

Martin: Our core competency is virtualizing fabric, so we can virtualize L2 and L3, add scale, solve all of the federation, mobility, management, billing, all of those issues, that's our core competency. When it comes to higher-level services, we actually already have some, and whenever we implement them it's not something that creates a chokepoint somewhere the network, it's purely distributed on the edge, or done in a distributed fashion. We are not going to be in the game of re-implementing all of these higher-level services. So for some of the more foundational services like stateful firewall and load-balancing we will implement, but we expect many of the advanced services to come through the growing ecosystem and third-party integration. We don't intend to change our core competency, for example we will never be a firewall company, so for those sorts of advanced features we will go with the ecosystem.

Art: As you know the ability for deep ecosystem integration into traditional networking solutions is pretty pathetic. In contrast the x86 environment has provided a robust development environment to third-party developers, but this is never happened in the networking industry. To me this is one of the most exciting things about OpenFlow, where we can see with applications such as RouteFlow that third-party development capabilities allow for a substantially deep level of integration, and I think it is amazing that this deep integration can be accomplished all via API without requiring on-box integration or exposing the kernel. To me this clearly paves the way for a more robust networking ecosystem then I think we've ever been able to see the industry.

Martin: That's exactly right, and I think that's the right way to articulate it. We do some higher-level services where it makes sense but were not going to do all of them. I think there will be a very rich ecosystem develop around virtual networking and I expect to see a lot of growth in this area. 

Art: Is there anything else that I missed that you would like to Share? 

Martin: Just to summarize, Nicira is announcing some of the work that they've been doing which is in production with some key customers. We are doing virtualization of the fabric from the edge and of course we have other exciting features coming that we are not quite ready to talk about, and I think that's a good spot to be in.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT