Nicira and Programmable Networking… a Juniper Perspective
Feb 6, 2012
Today the networking world has been all ‘a-twitter’ about Nicira; the networking start up who earlier this morning unveiled its network virtualization solution. Based on some of the analysis I’ve read, you’d think a gaping hole has opened up underneath Mathilda Ave. and Tasman Drive, destined to swallow the fortunes of network infrastructure vendors. But fear not; the reality is far more interesting -- and exciting.
Network Virtualization shines a light on the deep, dark underbelly of network infrastructure today. For too many years, we’ve treated it as plumbing: a service that needs to be ultimately reliable, infinitely scalable, and as close to zero-cost as possible. But the more we’ve driven cost out of the system, the less attention we’ve paid to our customers needs - flexibility and dynamic control which is where the real value lies..
The unfortunate truth is:today’s networks are static and brittle. They’re far too big and complicated to run by hand and are therefore operated by a maze of management, provisioning and OSS/BSS systems.Complex change management procedures use process to drive out operational errors, but they push the network further away from being able to adapt to the business. They’re also as blind to the applications running on them, as the applications are to the network itself.
Juniper and Nicira share a vision: a future of dynamic, adaptive networks. Over the past three years Juniper has led the charge for the industry – developing and embracing programmable interfaces at multiple levels – including support for protocols like ALTO (Application Layer Traffic Optimization), PCE (Path Computation Element) and BGP-TE (Traffic Engineering data in BGP) – all of which enable externally visible and signaled connectivity.
Juniper also plays a leading role in demonstrating OpenFlow as an interface to granular control of application forwarding in the network, highlighting how programmability is about adding value to network control, rather than a threat of commoditization. Network-centric APIs come in many flavors, operate at many layers of abstraction, and enable powerful new capabilities for carriers and enterprise networks alike.
Network Programmability seeks to bring networking back into the fold of orchestration; to rejoin a pool of resources that scales and adapts to the needs of the business. Service Oriented Architectures teaches us that a network must enable and protect dynamic conversations between multiple endpoints (and not just in cardinal compass directions). Now, more than ever, the network is the fundamental glue between users, endpoints and services. But somehow it’s not part of the orchestra today.
Abstraction and integration
As you dig into the technology, you’ll find that Nicira delivers two critical pieces to network programmability: flexible communications between endpoints, and a critical northbound API to higher-layer provisioning systems that harmonize the server, storage and communications resources.
Nicira’s solution enables communications between virtual machines by creating an overlay. It leverages GRE, and is similar to other tunneling protocols (like VXLAN or L2TP) that tunnel communications between network endpoints – but it adds a crucial element: information andcontrol. Instead of flooding the traffic, it maps connections between endpoints, based on input from the orchestration tools above. This is how the company proposes to deliver dynamic, custom communications paths between virtual endpoints – and deal with the inherent mobility of nodes in a dynamic datacenter.
This network abstraction layer is designed to make the virtualized network operate over any type of underlying physical infrastructure, and is a splendid first-step in adding networking to the pantheon of virtualized resources. But with great flexibility comes a lot of stretching. In this case, it means overlooking one of the primary values of network architectures today: the detailed understanding, and efficient use of the underlying network topology. As long as applications demand consistent throughput, and timely delivery of packets (read: bandwidth and latency guarantees), you can’t over-simplify the transport through virtualization.
Here at Juniper, our experience in global network infrastructure has taught us that network abstraction is important, but represents only half of the problem. Awareness and control of the underlying topology is fundamental to deliver flexible services at scale. As virtual overlay networks seek to extend outside the datacenter, it’s critical that these systems interact with the underlying network in order to deliver the service levels demanded by real-time business communications.
The second value proposition is Nicira’s integration with the orchestration layer. This shows the true value of Network Programmability: the ability to add the network back into the business value chain. It’s what closes the gap in today’s networks and the applications that dynamically traverse them – and where we as an industry must advance.
So, how do you get there? As with any new architecture, the devil is in the details. To make the network programmable, you need to have pervasive interfaces to the orchestrators above and the underlying topology below. This support for APIs has to span multiple device types and must be consistent and relevant to the problems our users are trying to solve. The challenge in enabling this end-to-end dynamic communications is to program conversations traversing the LAN, WAN, Datacenter, and even intermediate security enforcement nodes. Matching these network flows to services (like security) is one of the toughest network engineering tasks today – and dynamic services integration is ripe for integrating into an orchestration solution. But building a system like this across multiple operating systems means taking on the task of translating multiple dialects of lower-level programming interfaces. As a vendor, Juniper has built a solid foundation of One Junos as a common control plane for our routing, switching and security products. This puts us is in a unique position to deliver consistent and useful topology-aware APIs across the network and its service-enabling nodes.
It’s all about workflow
When I ask myself what has happened in networking in the past decade, the biggest shift has been from treating it as connectivity (read: plumbing) to communication. It sounds like semantics, but there’s a crucial difference. The workflow of running a network has traditionally centered around the task of “keeping the lights on” – in other words, keeping the infrastructure available, stable and secure. This results in highly static, deterministic networks, with careful change controls and stacks of best-practices and operations procedures designed to keep accidental keystrokes from violating SLAs. The server world was here just a few years ago. Server virtualization taught us a valuable lesson: if you run a utility with a mindset centered on eliminating operational issues and downtime, you stifle innovation. When you make the system more intelligent and adaptive, you can start to reap the rewards from all your resources. But this means re-evaluating how you deliver and support production resources.
The world of IT and network communication works faster now. It’s not about servers, links and connectivity anymore; it’s about capitalizing physical resources through dynamic workflows. It’s also not about servers, or network links anymore; it’s about workloads and communication paths.
Juniper has always been cognizant of how our users run their networks. We built our business not only on highly-available, high-performance networking – but also in better understanding how our users run their networks. For a vendor, making networks run efficiently should be about understanding a customer’s business and the workflows they use to run their networks. Sometimes it means getting legacy details out of the way for better network operations: an efficient command line – for example transactional configuration models have long been a hallmark of Junos. But to add real value, you have to integrate with your customer’s business by being a programmable resource. Junos has delivered intelligent network APIs at multiple levels for years. From our XML API that led to an industry-wide NETCONF standard, to advanced SDK tools now available in our network OS.
Programmable Networking is the new frontier. It means providing best-in-class performance at the data plane, but also best-in-class intelligence, programmability and workflow integration in the control plane. Most importantly, this new level of network intelligence means becoming a part of the dynamic resource provisioning chain – and adding crucial value in the process. This means integrating with business workflows, and not running the network as a mysterious set of pipes hidden deep underground.
Networks aren’t valuable because they forward packets reliably and quickly, they’re a critical infrastructure for communications. The more networking vendors can do to deliver dynamic, real-time infrastructure to enable end-to-end communications, the more value we can help build and grow effective network-based businesses and services.
In the end, Programmable Networks are good for our customers, our industry, and (we think) for us. Nicira’s solution demonstrates that as an industry we should be adding value with the network, by becoming more dynamic and integrated with the overarching service that pays for the pipes – that said this abstraction is not a license to gloss over the details of packet delivery. As this marketplace evolves, it’s important to make sure that we close the information gap between the orchestrated services and the detailed knowledge and experience of guaranteed connectivity delivery. Like Nicira, we at Juniper believe that increased intelligence in the network coupled with the exchange of information between applications and the underlying infrastructure is the right way forward.