What’s the best approach to building next-generation data center networks?

Experts are in agreement that Software Defined Networking/Network Virtualization will make the network world more efficient and more agile, but opinions vary on the best path forward. We reached out to two of the most prominent players to ask them to spell out why they think their approach is best.

The Experts

Chris King, vice president of product marketing in VMware’s Networking & Security Business Unit, argues that network virtualization – embodied in the company’s NSX product -- is the way to go because it abstracts network control from network hardware while replicating everything the application expects to see, vastly simplifying the task of building and managing complex network environments. View debate

Frank D’Agostino, Director of Technical Marketing at Cisco, says the key is to be able to view/manage all the physical and virtual components that impact application performance, something the company can achieve with its Application Centric Infrastructure (ACI). View debate

Virtualize It! Build a data center that is defined by software not by hardware

The software-defined data center (SDDC) is inevitable, and the next step on the path to the SDDC is to virtualize the network. The vast majority of VMware’s 500,000 customers are exploring, planning or already virtualizing their networks as the next step in their transformation from the client/server era to the mobile/cloud era. Quite simply, the SDDC is more agile, secure and scalable than the new HDDC architecture put forth by the largest network provider today, at one-third the cost.

In a software-defined data center, infrastructure (including the network) is virtualized, delivered as a service and controlled by software. It is a model for running highly agile, flexible, scalable and secure data centers that has been proven out by mega-scale cloud operators such as Google, Facebook and Amazon. Many global mainstream enterprises and service providers are also virtualizing their networks, including China Mobile, China Telecom, Colt, eBay, McKesson, NEXON America, NTTcom, Schuberg Philis, Synergent, USDA and WestJet, to name a few.

The new hardware-defined data center is an attempt to fit an aging model to the new on-demand IT world. The hardware defined-data center stresses tight integration between the applications and hardware, and requires proprietary hardware and custom ASICs from a single vendor. The hardware-defined data center is costly and time-consuming to implement, stifles innovation (according to Gartner), binds organizations to specific hardware, and limits agility and flexibility.

For the software-defined data center, network virtualization provides the fastest, most agile network infrastructure. At the heart of network virtualization is abstraction – the decoupling of software from hardware – while faithfully replicating everything the application expects to see. It is this decoupling that allows organizations to transform business agility, data center economics and IT architecture in areas such as security.

This transformation would be difficult to achieve in a closed, tightly-coupled, hardware-bound environment. Development happens much faster in software than it does in hardware. When you decouple software from hardware, the two layers can evolve independently, giving you better feature velocity in the network.

Perhaps most importantly, network virtualization enables extreme flexibility in geography and sourcing, as well as increased independence. Because software and hardware are decoupled, creative sourcing, and the ability to build to mean capacity and burst for additional capacity without concerns about which hardware is in place are all easily accomplished. Additionally, heterogeneous physical infrastructure from disparate companies brought together through mergers and acquisitions can quickly be utilized in a seamless IT environment.

Network virtualization changes network economics

Business executives are attracted to the time to market improvements delivered by network virtualization. Instead of applications taking 12 weeks to deploy, it takes minutes, with all of the required network capabilities and security policies attached to the application. Fully-automated data center environments, enabled via API-driven virtualization, can deliver full-fledged application environments, complete with associated compute, networking, storage, and security in the same way IT staffs provision virtual compute instances today. So infrastructure teams can deliver not only the self-service rapid provisioning that business users crave, but with the sustainability, efficiency and control that IT can’t live without.

For IT operations, network virtualization brings greater efficiency and reduced risk for change management. When you virtualize your network, you minimize the opportunities for errors through programmatic automation. Organizations can also do 10 times the amount of changes to the infrastructure with the same number of people.

For the infrastructure team, there are three economic arguments:

* First you improve server asset utilization by gaining the ability to securely place workloads on any server, anywhere in the data center.

* Second, you gain flexibility in your physical network plant. Network virtualization can be implemented today using existing network hardware without change. For new data centers, IT gains the ability to change the nature of investment in physical networking to improve the cost model.

* The third comes from improving security. When you virtualize the network and you use distributed firewalling and automation that’s built into the network infrastructure, it’s much less expensive than doing it in hardware, not to mention the fact that doing this in hardware is often operationally infeasible.

Network virtualization also enables simpler transitions to new network topologies. Here again, decoupling and abstraction enables innovation above and below. Integration and provisioning across virtual and physical workloads via hardware (VTEP) and software gateways further speeds transitions to the new model.

Businesses gain the ability to integrate security into the virtualized network “fabric.” Rather than a bolt-on approach involving out-of-band distribution and traffic hair pinning that results in poor performance, organizations that are building software-defined data centers are able to have security bound to specific workloads or applications, with high-performance and built-in automation.

For operations, an SDDC architecture using network virtualization removes the risk of changing the underlying physical network to meet whatever new business requirements arise. The approach also results in more holistic visibility across physical and virtual networking and compute than can be achieved with hardware-bound approaches. This enables faster, more app-centric operations that are not constrained by technology siloes.

History is on software’s side

Looking at the past 12 months, one cannot deny that the world of networking has changed forever. The most recent proof comes from Gartner, which for the first time ever has included a pure-play software vendor—VMware—in the Magic Quadrant for Data Center Networking. This report has traditionally been focused on network hardware only. What’s more, the software company was rated highest on Completeness of Vision.

Why is that do you think?

Because when it comes to solving customers’ most pressing problems with IT, flexibility and agility always win. We believe the power of software, decoupled from hardware, is the way forward. Whether you are building out a new data center, or updating an existing data center, you are making an investment in your business. Your decision is whether or not you want that investment to gain value in time and grow with you, or taxes you with the burden of trying to make the old hardware-centric IT model fit a new era in computing.

Businesses are demanding a change. Virtualization is the enabling technology for a whole new wave of IT innovation. The transformation of the network is inevitable. The only real question is: Why would you entertain an antiquated architecture when so much of your businesses success relies on your ability to deliver more speed and efficiency? Why should agility require a forklift? Virtualizing your network is the next step forward on the path to the software-defined data center.

Chris King is Vice President of Product Marketing for Networking and Security at VMware. Prior to joining VMware, King ran product marketing for Palo Alto Networks and helped grow the company to a $400M+/year business. King spent more than eight years as an information technology analyst for META Group where he consulted with hundreds of large IT organizations, spoken before a variety of audiences, and is often quoted in IT and business press. King holds a B.A. from George Mason University.

Frank D’Agostino

Cisco’s ACI goes beyond SDN with policy-based automation


Applications have become the lifeblood of business, vital to a CIO’s ability to support new products and services, manage compliance and governance, and mitigate risk and security threats. The next generation data center will be defined by its ability to rapidly and cost effectively deliver the applications that drive business results. Data centers should be open, secure, automated and most important: application-relevant.

And in today’s world, data centers must support heterogeneous multi-vendor environments, including multiple hypervisors and both physical and virtual infrastructure. According to IDC, more than 75% of all servers today are physical servers running bare metal applications, and two-thirds of servers will still be physical by 2017.

However, up to now, there has been no way to gain a single view of all the physical and virtual technology components that impact application performance. Designed specifically for applications needs, Cisco Application Centric Infrastructure (ACI) is the industry’s first solution to offer full visibility into and integrated management of both physical and virtual networked IT resources. This visibility enables a real-time view of health, statistics, and troubleshooting across physical and virtual infrastructure, on a per application and per tenant basis. Real-time analytics enable intelligent application placement.

Contrast this approach to first generation SDN LAN Emulation products such as VMware NSX, which decouple the virtual network overlay from the physical infrastructure, creating a serious visibility gap for operations – it is a “Ships Passing in the Night” environment that is complex and difficult to troubleshoot.

ACI is also the industry’s first solution to provide a dynamic, application-aware network policy model that can reduce application deployment time from months to minutes.

Centralized policy control simplifies network operations: the network adapts to application requirements through dynamic insertion and chaining of physical and virtual L4-7 network services including firewalls, application delivery controllers, and intrusion detection systems.

Two very different protocols: OpFlex and OVSDB

ACI is an open architecture with open northbound REST APIs and open southbound APIs that allow the integration of any device. OpFlex, the southbound policy protocol, has been proposed as a standard to the IETF and has the support of Avi Networks, Canonical, Citrix, Embrane, F5, IBM, Microsoft and Red Hat.

ACI’s OpFlex uses a declarative model to enable automation and network virtualization for all devices, which means the controller pushes policies throughout the network to all devices, but allows the devices to choose the best way to implement the policies. Because the network devices are intelligent, they can continue to implement policies, even if the controller fails.

Contrast this approach with the imperative model of OVSDB, the protocol used by VMware NSX. OVSDB deploys a strict set of objects and tables developed from Open vSwitch, which means that all devices are forced to look like an Open vSwitch to the network -- in other words, devices with little intelligence. If the VMware NSX controller fails, the network fails, because the devices must continually receive instructions from the controller to implement policy.

What’s more, with VMware NSX for vSphere you are required to use their controller, their vSwitch, all within a VMware environment. And you must deploy a different VMware product to get an open hypervisor implementation. In either model, you are locked into VMware’s proprietary architecture for network virtualization. With Cisco, the Nexus 9000 platform supports any choice of controller and vSwitch, programmed with Linux tools, OpenFlow, or APIC.

Why ACI?

IT organizations are embracing ACI because they need to flexibly and securely place any workload anywhere within environments that combine physical and virtual servers and include multiple hypervisors. With ACI, customers also can continue to have 40G and 100G wire-rate forwarding with packet-by-packet and real time telemetry. Through the use of Cisco’s BiDirectional optics, customers can deploy 40G and 100G speeds without having to upgrade their existing cabling, which provides enormous savings in capital expenditure.

Further, Cisco builds on its long track record of investment protection by extending its policy model to physical and virtual workloads connected to existing traditional Nexus networks. This is accomplished for virtual workloads through the Cisco Application Virtual Switch (AVS), and through the support of a remote leaf for bare metal applications.

ACI and the open community

Cisco is committed to working with leading vendors and the open source community to drive both a common application-relevant policy model and the open southbound protocol Opflex. We are also collaborating in popular open source projects such as OpenStack, OpenDaylight and Open vSwitch to achieve these ends.

Cisco has, for example, integrated ACI with OpenStack through the Application Policy Infrastructure Controller (APIC) Plugin for Neutron. That means customers, through OpenStack, can automate the creation of application network profiles. ACI will be supported on partner OpenStack distributions from Red Hat, Canonical and Mirantis.

We are also working with a broad community of contributors, including Big Switch, IBM, Juniper, Midokura, Nuage, One Convergence and Red Hat, to create Group-Based Policy APIs for Neutron, which can be used to expose the ACI policy model directly through OpenStack. These changes have been approved for inclusion in the “Juno” OpenStack release (September 2014).

The application policy model is extended throughout the enterprise so the same policy, security, operational efficiencies, automation, and visibility are extended beyond the data center into the campus and WAN.

And on the OpenDaylight front, Cisco, HP, IBM, Midokura, One Convergence, Plexxi and Red Hat have started a formal project to build Group-Based Policy in OpenDaylight. This will offer a fully open source implementation of the application-centric model used by Cisco ACI.

With the Cisco Nexus 9000 platform and ACI customers are:

* Open to choose any application delivery platform including legacy, bare metal, clustered, Linux containers with SR-IOV, any hypervisor, and have automation, consistent policy, network virtualization, integrated security and services, and hop-by-hop visibility and latency, in real time for all workloads. This applies within pods, between pods, between data centers, and between public and private clouds.

* Open to integrate any hypervisor vSwitch with the ACI policy model, including VMware standard vSwitch, vDS, NSX vSwitch, Nexus 1000v, and Open vSwitch (the "open" version of OVS and not the version you have to download from VMware).

* Open to embrace any Layer 4 through Layer 7 security, load balancing, or other appliance strategy desired for physical and virtual appliances. Leveraging APIC’s centralized and scalable scripting engine enables development of open device packages that absorb any open Layer 4 through Layer 7 platform into the automation and security model. The value of this open programmability is evident in the breadth of our partner ecosystem, which encompasses both cooperative and competitive platforms. The value of ACI moving forward is open programmability to enable customer choice.

* Open to choose any application deployment model that makes sense for the business, while enabling a multivendor ecosystem to include industry leaders such as Microsoft, RedHat, Citrix, F5, Embrane, Palo Alto, and VMware.

At the end of the day, Cisco believes ACI is the best solution because it allows organizations to focus on what counts for their business: applications, operational efficiency, business innovation and value.

D’Agostino leads the development and technical go to market for Cisco’s ACI, Nicira Networks NVP, SDN, Cloud, and Data Center Networking

Want more Tech Debates? Check out our archive page

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022