NetEvents Phuket 2013: Day One blog
The 2013 APAC combined press and service provider summit, held in Phuket, Thailand, opened with a keynote from Rick Bauer, Managing Director. Technology, Open Networking Foundation.
Entitled SDN – Insider Insights, Bauer’s address explained why software-defined networking (SDN) has become “a phenomenal wave of change”. The growing volumes of data transiting today’s networks are driving a need for smarter networks, as well as the growth in the number of devices with IP addresses, he said.
Another driver is the growth of cloud computing and virtualisation which mean, Bauer said, that the intelligence needs to move to a more abstract layer.
Additionally, the time for the delivery of projects needs to reduce from 6 months to 2-3 months with success or failure determined within weeks.
“Traditional networking can’t keep up,” Bauer said. “It can’t support scale, performance and time to market. IP is promiscuous, designed for a tree hierarchy. It doesn’t work for a microsecond architecture. The tree-like switch and router architecture doesn’t work any more.”
Networks today consist of custom silicon with merged control and data planes, but SDN is a network architecture that decouples services from the underlying hardware. This means that you don’t have to rip out the network to add a feature or innovation but can add bandwidth as you need new services, Bauer said.
How does it work? It uses primitives – forwarding instructions – that enable equipment manufacturers to put those instructions into silicon.
With SDN to change how a large network installation works there’s no need to re-program every switch. So to add new features, you don’t replace a switch, you flash it with those new features, and this makes the network faster and more reliable.
“OpenFlow won’t be the only instance of SDN – and the ONF is not only SDN body – there will be lots of other protocols to take advantage of the promise of SDN”, he said.
Bauer concluded by highlighting some early real-world deployments of SDN, such as that by AT&T and IBM’s secure cloud service.
He was joined on-stage by NetEvents Editorial Director Manek Dubash, who asked him why SDN needed multiple protocols. Questions from the floor followed.
Debate I: The Quest for Rock Solid Datacentre Solutions
Panellists: Ed Chapman, VP Business Development and Alliances, Arista Networks; Mr Yulianus, Division Head, Indosat; Robert Kuse, MEF Board Member & Director; Nitin M. Jadhav, Associate VP, Trimax IT Infrastructure & Services
The first debate was opened by Camille Mendler, Principal Analyst at Informa. She asked whether, following some recent datacentre disasters, the datacentre industry could do better.
“Why do datacentres fail? Acts of god – such as fire, earthquake, or flood – followed human error such as bringing in a can of coke and spilling it so it shorts out the equipment,” she said.
She said that in the datacentre ecosystem, it’s Darwinian, in that success is not about being the biggest or smartest but being the most adaptable to change.
Ed Chapman said that in the enterprise, it’s about ensuring that running services such as ERP locally is as effective as buying it as a service.
Nitin Jadhav said that datacentre management is as important as datacentre building. We are trying to provide services such as disaster recovery, and our datacentres are properly certified, he said.
Robert Kuse said customers are indifferent to in-source or outsource decisions. Service adoption is growing fast, and enterprises are switching providers quickly. But the transport needs to be secure, and uptime and availability are key.
Yulianos Yhoes said that his company offers datacentre services with other services, such as a network connection. Datacentre location is very important, he said, as “in Indonesia we have limited power, so finding locations with dual power sources is difficult.”
Chapman said that the rapid adoption of virtualisation allows better disaster recovery. “In a multi-tenanted environment customers want dedicated resources, five nines,” he said. The challenge is that virtualisation means orchestration but the end user needs to be unaware that this has happened, so VMs need to keep the same IP address.
Kuse said that customers used to ask for point to point connectivity as recently as two or three years ago but now they ask for multi-point services.
Moving to discuss compliance, Jadhav said in India regulations mandate the adoption of disaster recovery but that most mid-tier customers are not taking it seriously, seeing it purely as a compliance issue.
The panellists discussed which certifications were worth looking at. They included ISO 90001, ISO 20000 and ISO 9000. They then discussed datacentre location, and whether it was smart to build datacentres in geologically active areas. There was general agreement that you need to put the data close to users, and add mitigation for factors such as fault lines and volcanoes. All except Nitin Jadhav agreed that the 100% survivable datacentre could not be built, although you could get close.
Debate II: SDN – A fertile ground for a network applications store?
Panellists: Ed Chapman, VP Business Development and Alliances, Arista Networks; Kash Shaikh, Senior Director, Product & Technical Marketing, HP; Rick Bauer, Managing Director, Technology, Open Networking Foundation
Analyst Dustin Kehoe, Associate Research Director – Telecommunications ANZ, IDC opened the debate by pointing out that today’s networks need to get to a point where they employ one admin for 500 servers or more. There are too many manual processes, he said. For him, SDN could help because it allows faster service provision. SDN will be a $2bn market, he said. And will consist of 35% of network switch shipments. Cisco with 58% market share has the most to lose, HP with 14% market share has most to gain.
Ed Chapman said that Rick Bauer’s opening keynote was very good at describing SDN as a virtualised network. The technology enables service definition on the fly.
Kash Shaikh said that his company’s definition of SDN is the same as that of the Open Networking Foundation. There’s confusion in the market, he said, but one benefit of SDN is a single point of control over the network. “Openness is key”, he said, “and SDN is about delivering applications and solving business challenges.” Its key benefits for him are simplicity, scalability and automation.
Rick Bauer said that the challenge for the ONF is to develop recipes and white papers showing use cases.
The panel was asked about the security of a software-defined network.
Bauer said that “any exploit will try to attack the weak spots.” he pointed out that default passwords still left active in many pieces of equipment, and that any centralised infrastructure or storage makes it a bigger target. However, he said that there’s no need to flash 300 routers to fix a vulnerability, instead it can be done from a central point.
Shaikh said that you can provide applications to prevent attacks such as DDOS – he cited his company’s Sentinel application. So SDN allows you to provision applications to protect the network.
Chapman said that customer concerns include programmatic vulnerability to redirect resources or packets if hackers access of the SDN controller.
Bauer responded that, like PKI, you need to protect against man in the middle attacks. “We are working on that in the ONF,” he said.
In terms of competitive developments, Shaikh said that he saw interest across the board, from service providers and enterprises. “People want to see applications that solve problems,” he said, “and we have had more interest than we expected especially for campus deployments.”
The panel was asked about tap aggregation – using existing network infrastructure to redirect particular flows of data to devices that can analyse it, such as Gigamon’s traffic visibility solutions.
Bauer said: “This is about the confluence of big data and analytics – now data can be captured and analysed. Some really interesting things are happening.”
Asked about commoditisation of the network, Chapman and Shaikh took differing attitudes. For Shaikh, intelligence in hardware is as important as software. “In the days of software routing the challenge was performance – we don’t want to go back to that so hardware remains important,” he said.
Chapman said: “We use merchant silicon – software is very important, so our Arista EOS will operate across different hardware.”
Debate III: Bring Your Own Disaster?
Panellists: Adam Kelly, Account Executive, Australia/New Zealand, AirWatch; Neeraj Khandelwal, Product Manager, Barracuda Networks; Dino Soepono, Director of Products, Asia Pacific, Citrix; Michael Kiss, Senior Consultant, Verizon Enterprise Solutions, Verizon
Analyst Ajay Sunder, Senior Director – Telecoms, Asia Pacific, Frost & Sullivan, opened the debate by pointing out that the individual’s role in the enterprise has changed. Devices are mobile, chosen by users, and users have control. The problem is how to secure a dynamic network. People work before going to work, on their way to work, and at home in the evening.
The question, Sunder said, is how to manage this situation? How to manage the data and avoid leakage. Who owns the device? If it’s my device, can the company put Websense on it?
Enterprises need to define the line between personal and corporate applications, how to balance risks versus benefits, and how to ensure visibility, he said.
Adam Kelly said that there were two security perspectives – that of the employee and of the enterprise. With Airwatch’s products, during enrolment, user can authenticate using either a personal or an enterprise device and based on ownership, they get different security policies applied.
Dino Soepono said his company has had BYOD internally since 2008. You need to define security policies that define which applications can access what data. “We can sandbox applications so if a device is lost you can wipe or encrypt it,” he said.
For Neeraj Khandelwal, one of the challenges of BYOD is snooping tools that can access other’s emails, and “use social engineering to get you to a malware site.” His solution has been to move solutions to the cloud so that all activity is redirected there, allowing access to compromised websites to be blocked.
For Michael Kiss, BYOD presents challenges. “Most organisations need to use their existing controls, don’t try to manage the devices as that way lies pain,” he said. “The devices change very quickly so it’s a losing battle. Instead, ask what do you want to protect?” This means looking at a sandbox approach, and tying data to the user not the device. You also need to “play nice with personal data” on the devices, he said.
A question from the floor pointed out that BYOD is not new as monks used to smuggle papyrus into monasteries.
Special guest speaker presentation by Kash Shaikh, Senior Director, Product & Technical Marketing, HP
Demystifying SDN – an SDN leader sums it up
Shaikh presented HP’s view of SDN.
We started working on OpenFlow in 2007, demoed an OpenFlow enabled switch in 2008, had 60 customers by 2010, and introduced commercially available OpenFlow in 2011. A complete solution was delivered in 2012, he said.
Research from Gartner shows that by 2020, there will be 50 billion devices on wireless networks, and the SDN market will be worth $2bn by 2016.
He said automation and SDN were key for tomorrow’s networks as the amount of manual admin they will need is not feasible, so there was a need to “eliminate human middleware”.
He said HP was unique in selling a complete SDN solution. “We have customers already using SDN for public cloud provision. CERN is a customer and is developing its own load balancing applications”, he said.
“We have 29 SDN switches but Cisco has zero, Juniper has zero, and Brocade has zero,” he said. “People buy for investment protection – our hardware is SDN / OpenFlow capable. That’s the benefit of a complete solution.”
How to start with SDN? “It’s a journey, and it’s evolution not revolution,” he said. “We will introduce a new enterprise controller in 2H13, and will eventually enable end-to-end SDN.” This will take time he said, but promised the elimination of vendor lock-in and human middleware.