This blog comments on a variety of technology news, trends, and products and how they connect. I'm in Red Hat's cloud product strategy group in my day job although I cover a broader set of topics here. This is a personal blog; the opinions are mine alone.
Software-defined compute has been around for a while. Software-defined storage is newer but it's gaining visibility and market presence too. Software-defined networking is next in line. Red Hat's Dave Neary talks about what it is and why it's important for delivering capabilities such as VOIP and for replacing expensive single-function boxes.
Haff: Hi everyone. This is Gordon from the floor of OSCON 2014, so if
you hear a little bit of a buzz in the background that's all the people here in
Portland, Oregon at OSCON.
I'm here with my colleague, Dave Neary, who's part of our Open Source and
Standards team. His primary responsibility these days is ManageIQ, which is our
upstream community for CloudForms, our cloud orchestration and hybrid cloud
we talked earlier Dave, we're going to be taking things in a different
direction for this afternoon. You've been spending a lot of time thinking about
networking, which is always the last child, so to speak, to get the shoes when
it comes to new types of functionality.
think about compute, people think about storage, and then people are like,
"Well, maybe we ought to do something about that networking thing,
whatever that networking thing is, exactly.
been spending some time thinking about this, so maybe introduce yourself
briefly, and introduce us a little bit to the context of software-defined
networking and some of the things you been working on and thinking about there.
Neary: Having finished the open sourcing ManageIQ, I'm now looking
more and more at the network. Which is, as you said, the next place where we
need to make some progress.
defined networking, that's really interesting, the separation of the control
plane from the data plane, the ability to define virtual networks inside and
independent of the physical network topology.
been concentrating a lot of network function virtualization, which is taking
these old, not necessarily old but single‑purpose proprietary boxes and turning
them into virtual machines running on standard x86 servers.
of the concerns there, some of the constraints that we're working on in network
function virtualization is that some of the network functions, things like VoIP
services with IMS, or voice, data, video, converged 4G services with services
like EPC, those are very, very sensitive to both latency and bandwidth.
you need to be able to chain these things together. In terms of running them on
an infrastructure as a service, a lot of the things we're looking at
specifically through Red Hat and the NFV group and OpenStack, we're looking at
how to make that possible on top of an infrastructure as a service right now.
Let's back up a moment here, because you've used a lot of acronyms,
you've used a lot of terms.
Oh, yeah. The telco industry...
I think that's only one of the things. I say this only half‑facetiously,
that networking has been slow to permeate compute is because there is a
Very much so.
There are historically a very different set of concerns related to the
telcos and the like.
for our listeners who aren't as immersed in this space, I think they probably
understand you have compute, software‑defined compute. For our purposes here
let's just call it a virtual machine, although obviously things like containers
and the like would accompany it as well. Then you have storage. We can think of
that as a disk and obviously there's block store and there's object, still
fairly simple concepts. Now we need to connect these things to each other and
we need to connect these things to the outside world.
What does that software‑defined defining and connecting look like?
The primitive in the network is a switch. What characterizes a switch is
you have multiple machines that are plugged into the switch in different ports
on the switch.
you create a connection, the first time that you try to communicate between two
machines on that same switch, the switch remembers where the packets ended up
they bypass all of the other ports on that switch, so you don't end up
saturating your network. Now, with virtual machines you've got multiple virtual
machines in each physical host.
need to make connections between virtual machines running on one host and a
virtual machine running on a different host that's potentially plugged into the
same switch or into a different switch.
have additional problems. You need to route the traffic between those. You need
to create virtual switches inside your hypervisor node, so that basically the
traffic from multiple virtual machines are handled separately.
of this adds complexity. It adds complexity in terms of debugging. It adds
complexity in terms of configuration. A software‑defined networking controller,
an SDN controller, is a layer which in some ways abstracts away some of that
abstracts away the network hardware, the virtual switches that you're using,
and it allows you to define your network topology at a higher level, and then
goes away and it programs the switches and it programs the bridges.
does what it's supposed to do to make sure that, in a multi‑tenant environment,
traffic from one group of virtual machines is not seen by traffic from another
group of virtual machines ‑‑ that you're separating that data.
just a very simple description of the software‑defined networking layer. A
network function is a service which is provided on the network or to the
like, for example, a firewall would be a network function or an intrusion
detection system, or, as I said, VoIP services, data services, and broadband
access, for example. These are all network services.
of these are at the control layer and the control layer is where we define
routing on top of your Internet, some of them on top of your network and some
of them are on the data layer. In terms of actually individual packets.
of them are in the application layer. They're providing higher order functions
that are independent of the TCP/IP or even data plane layers of the network
all have special needs. What you need from platform is you need the platform to
provide those special needs and give them away to position themselves in your
physical infrastructure on hosts which have the ability to satisfy those needs
and the quality of service.
Now, you as a system admin, as a system architect, you're interested in
OpenStack. You're interested in essentially the software defined functions,
moving from this, as we put special functions, single function, proprietary
systems into a software defined system running on volume hardware, volume
should I be thinking about now? What should I be getting ready for?
I think the first thing you want to do is be conscious of the fact that
in a data center the network’s important. I think we're aware of that.
as a service oftentimes is added to an existing data center in an ad hoc
manner. You set aside a few machines and you run Open Stack on them and you see
how it works, and then you maybe allocate more machines.
you know it, there's a problem and that problem is probably going to be
somewhere in your network. You're going to have a virtual machine that isn't
getting an IP address from the DHCP server which is running on an agent
somewhere on another host.
that problem, if you haven't thought about your network and planned for how do
you architect your network and what are you using there? What are the tools
that are available to you in the network space?
going to be harder to make that transition when you want to you roll out
infrastructure as a service into production. I think that's at the very highest
terms of for specific verticals, specifically around telecoms, where network
functions are vital that's the core competency of the teleco industry.
seeing several initiatives coming through ETSI, which is the European
Telecommunications Standards Institute, I believe. The Linux Foundation, and
OpenStack, as I mentioned, where we're really creating a world where adding
features to the platform, which enable these network functions to be
virtualized, which is going to enable the rapid addition of new services in
that teleco vertical.
going to enable the reduction of costs, simplicity of management in those
verticals, it's going to be really a game changer, I think in what's available
in terms of telecommunications, VoIP, video streaming, all of these kinds of
going to see very, very rapid progress in the coming years because of this move
If I can summarize what I've been seeing out there; all this software
defined everything is really is incredibly powerful idea both from an economics
point of view and just from a flexibility point of view.
the same time, to be realistic, as you say, there are complexities. We haven't
even gotten into some of the complexities of the different types of network
configurations you might have to set up there especially in the context of
existing legacy data centers.
can't just come in and throw away all your existing switches overnight someday
because all of your applications, data centers are architected around this. So
there's certainly a lot of learning and a lot of complexities associated there.
the same time, you really can't just half way software define things. If you only
use software defined compute, or you only use software defined storage, or some
combination thereof, and just say we'll keep on doing networking the way we
always have, you'll still get some benefit, but you don't get nearly the
benefit if you do the whole thing.
I think what it comes down to is, why did we move to software defined
compute, software defined storage in the first place? And it's because, what
were we doing before?
you wanted to provision a host, if you wanted to provision a computer, it took
hours, days, weeks.
move to automation, the move to scripting, the move to statelessness, the move
to defining the process by which you create an environment allowed you to go
allowed you to innovate faster because you are no longer in the situation where
every time you wanted to deploy a new version, you cross your fingers and you
tell the team that they're not going home that weekend because they're going to
spend three days in the office making sure the thing works.
you make your deployment cycle shorter, you increase innovation. You allow
yourself to adapt faster to market needs.
you want to add a switch, or if you want to add a host to the network, that's
the bottleneck. That's the place for you actually have to pick up a phone and
call somebody, and have that done manually. And all of the scripts are custom
scripts, and all of the switches are configured in a very particular way.
that is going to bring the same benefits to the network engineers that it
brought to operations engineers over the last five years, and which is now
becoming a mainstream operation as you want to reduce your deployment cycles to
the minimum possible.
can concentrate on innovating in your development, and concentrate on high
quality operations at high availability, high visibility, situational
want the same kind of thing in the network, and that's what this moved to
software defined network promises.
I think you probably allude to some of the organizational changes that
this will require in many cases as well, because I've seen similarities before,
for instance with some of the Blades first came into data centers.
was a naive assumption that these separate groups could just come together in a
single, in this case server converged hardware platform, and it would all work
course, that doesn't just automatically happen, so that's something that CIOs
and their organizations need to think about in the context of this software
defined networking as well.
Sure. One of the four legs of the DevOps movement is culture. It's the
most important one, and really, if you're trying to develop, if you're a web
application developer and you're moving to the web, you're moving to the cloud,
there is a cultural change.
are a number of things that you have to do differently. It's not just an
operations problem, it's also a development problem.
the same way, network operations, by moving to software defined networking is
not just the network engineer's problem. It's also going to be part of the
development problem, it's also going to require cultural change throughout the
It's not that it's meaning "Oh, we don't need people who understand
networks any longer." Anything but, because you can't just say "Well,
the networking is Joe's problem, and I don't need to worry about it."
Storage, compute and networking become everybody's problem.
Right. And in the same way that DevOps has not gotten rid of operations
people. Good operations people are more valuable now than they have ever been.
defined networking is not going to get rid of good network engineers. Good
network engineers are just going to spend all of their time doing value‑add
work instead of undifferentiated heavy lifting.
That's probably a good point to leave off on. I think one of the lessons
here is, software defined everything really brings everything together in a
we're talking about hybrid cloud management, whether we're talking about
organizations and cultures within IT organizations, it's going to be harder as
we move forward to treat things like these little islands that don't need to
worry about what everyone else is doing.
as we talk about things like micro services and so forth, which aim to isolate
things to a certain degree, there's still a certain common culture and a common
set of responsibilities that people need to think about.
I'm in the cloud product strategy group at Red Hat. Prior to Red Hat, I wrote hundreds of research notes, was frequently quoted in publications like The New York Times on a wide range of IT topics, and advised clients on product and marketing strategies. Earlier in my career, I was responsible for bringing a wide range of computer systems, from minicomputers to large UNIX servers, to market while at Data General. Among other hobbies, I do a lot of photography and enjoy the outdoors.