After our Open Network Environment (Cisco ONE) announcement at Cisco live!, where we unveiled our strategy for network programmability, Jim Duffy at NetworkWorld had a very interesting article that asks a key question, “What are the killer apps for software defined networks?” While SDN technology is very exciting and holds a great deal of promise, the answer to that question will ultimately determine how quickly it is adopted and by who. The consensus is that network virtualization or virtual network overlays are one of the early killer apps that software defined networks can certainly enable (when coupled with other technologies), which is exactly why Cisco made virtual overlays one of the three solution pillars of its ONE announcement. As I mentioned in my TechwiseTV video on virtual overlays, the primary use case for SDN/OpenFlow research in universities is also campus network slicing or creating virtual network partitions for test and production environments, e.g., to share a physical network. As noted in Duffy’s article, virtual overlays can be done with or without OpenFlow.

In the aftermath of a major launch, after reading the press and analyst coverage of the news, I always ask what we could have made clearer, what could have been highlighted better, or how could we have made the complexity of some of the details easier to understand. One such point that probably could have been clarified is just how “open” the Open Network Environment (what’s in a name anyway?). Specifically, regarding our Nexus 1000V virtual overlay framework, there were some comments and questions about how open and interoperable this overlay framework was, especially compared to other vendors touting programmable overlays. One financial analyst firm even stated that our overlay networks had some great advantages, but only worked with Cisco switches.  Read More »

Tags: Cisco ONE, network slicing, Nexus 1000v, Nexus 1010, Open Network Environment, OpenFlow, OpenStack, SDN, SDN controller, virtual overlay networks, virtual overlays, vPath, VXLAN

For the most part, my last post was concerned about what Cisco ONE was, so explore a little more into the why. I am going to assume you read my last post, so let’s dig in.  One of the fundamental concepts behind ONE is illustrated below--the idea of exposing the network in a highly granular way and emphasizing the ability to not only exert programmatic control over switch behavior, but the ability of the network to present interesting and useful information back up to the applications.

Read More »

Tags: Cisco ONE, Network programmability, onePK, OpenStack, SDN

Last week at Cisco Live, Cisco unveiled the Cisco ONE strategy. I won’t go into detail on Cisco ONE in this blog post, there has been plenty of blog and analyst coverage of this elsewhere. One piece of the announcement I would like to talk about is the Nexus 1000V and it’s move to running on Open Source hypervisors, along with OpenStack Quantum integration.

Nexus 1000V on KVM With OpenStack: The Cisco Live Demo

At Cisco Live, we demonstrated the Nexus 1000V on KVM with integration into OpenStack. The demo included both the Nexus 1000V Virtual Supervisor Module (VSM), as well as the Virtual Ethernet Module (VEM). The VSM is a virtual machine running Cisco NX-OS software. For the demo, the VSM was running on a Nexus 1010 physical appliance. The VEM was running on the Linux host itself, which was running Fedora Linux, version 16. The OpenStack version we demoed was OpenStack Essex. We were running Nova, Glance, Keystone, Horizon and Quantum. We also wrote a Nexus 1000V Quantum plugin which handles interaction between Quantum and the Nexus 1000V VSM. This is done via a REST API on the Nexus 1000V VSM.

What we demonstrated was the ability for providers to create networks using the standard “nova-manage” CLI in OpenStack. These networks were then mapped to port-profiles on the Nexus 1000V VSM. When a tenant then powered up a VM, the VM was placed on the provider network, and ultimately had it’s VIF attached to the port-profile associated with the provider network. The network administrator, through the VSM, is now able to see the virtual interfaces attached to veth ports, and can apply policies on them. We demoed ACLs on the virtual ports, to demonstrate a Nexus 1000V feature in use with OpenStack. What the demo ultimately showed was the Nexus 1000V operational model separating network and server administrator in an OpenStack deployment.

Where To Go From Here

One thing we are planning to do around our Quantum plugin is to expose the port-profile concept as an extension to the standard Quantum API. This allows profiles to be managed by our Quantum plugin, and allows for us to provide the ability to expose profiles to users of Quantum via the extension API. One immediate benefit this allows for is a GUI such as Horizon to expose port-profile information back into their UI, allowing tenants to select port-profiles to map to virtual interfaces when powering up virtual machines. Effectively, this would allow for providers to create port-profiles and make them available for their tenants to select when powering up virtual machines. Providers can then control policy on the virtual interfaces on their networks.

The End Result

The result of integrating Nexus 1000V with Open Source hypervisors is allowing for the continued evolution of advanced virtual machine networking onto these platforms. OpenStack Quantum integration allows for the integration of the concept of network and server administrator separation into the OpenStack deployment model. Both of these are ultimately about providing more control, visibility, and programmability for customers. I think this is something customers will be excited about, just as we are excited about driving to deliver this to those same customers.

Tags: KVM, Nexus 1000v, open source, OpenStack, Xen

There’s an incredible amount of hype and excitement these days around Software Defined Networking (SDN), which promises to herald in a new age of flexibility, business agility and automation to our existing data center and campus networks. Since there are very few, if any, SDN networks in production environments today, though, we know there are a lot of implementation details to work out before the industry achieves the lofty benefits of network programmability. Cisco opened its kimono this week on its strategy around programmable networks (an even broader concept than what we believe the traditional definition of SDN is), called Cisco Open Network Environment. (Get Omar’s take on Cisco ONE).

If you are like a lot of people, you might think that SDN is synonymous with OpenFlow, the leading standards-based approach for SDN today. However, we are already seeing folks across the industry extending the SDN vision beyond what OpenFlow is currently envisioned to do, so we think the definition of SDN will probably evolve over the next year or so to include additional programming models and protocols. Cisco ONE, for example, includes three approaches to network programmability: 1) our own onePK set of API’s to Cisco network operation systems and devices, 2) a portfolio of agents and controllers that will support OpenFlow, among other things, and 3) our Nexus 1000V-based portfolio for building virtual network overlays.

Read More »

Tags: ASA 1000V, Imperva, Nexus 1000v, onePK, Open Network Environment, OpenFlow, OpenStack, REST, SDN, software defined networks, virtual overlays, VXLAN

It’s been a few weeks since the Spring 2012 OpenStack Conference took place in San Francisco. The semi-annual event allows developers to get together and plan for the upcoming OpenStack release. It also allows for OpenStack users to show how they deploy the software in production. Given that a year ago was when Quantum, the networking component of OpenStack, was born, I thought it was a good time to reflect back on Cisco’s contribution to the 2012 OpenStack Summit. Cisco was a very active participatant at the event, both in the Design Summit as well as the conference. The OpenStack Foundations 19 members were announced just prior to the event, and Cisco is a Gold level contributor.

In the Design Summit, Cisco OpenStack Engineers made the following contributions:

• Debo Dutta lead sessions on Quantum System Test as well as Scaling OpenStack. The session on scaling was particularly interesting, as it highlighted the gap in understanding what the current scaling limits of OpenStack really are. It also was a forum for some organizations to discuss how far they are scaling OpenStack in production, and for the developers to try and come to an agreement on what scale to shoot for in the Folsom timeframe.
• Edgar Magana Perdomo lead a track on L2 & L3 Network Services Insertion. The key takeaway from this session is that Edgar was not proposing adding new APIs at this point in time, but rather allowing for a CLI to assist with stitching in network services.
• Sumit Naiksatam lead a track on L3 topics. The session was called “IPAM/L3-fwding/NAT/Floating IPs II“, and given the name, was a continuing session on discussing how Quantum can provide L3 services. Getting everyone on the same page was the key for both of these sessions.
• Soren Hansen was responsible for organizing all sessions in the Nova hypervisors track. Soren is a long time OpenStack contributor who recently joined Cisco’s OpenStack team.
• On top of actively leading the above sessions, Cisco’s OpenStack engineering team were active participants in all of the Quantum related sessions, as well as sessions around scaling OpenStack and Horizon integration with Quantum.

As OpenStack continues to mature, the interest in Quantum providing the correct network abstractions is very real. An entire track on day 2 was dedicated to Quantum in fact, and all of the sessions had a large number of attendees. The goal for Quantum in the Folsom timeframe is to hit parity with the existing nova-networking, such that Quantum can become the standard networking environment when people deploy OpenStack.

During the conference Cisco participated in the following ways:

• Lew Tucker, Cisco’s CTO of Cloud and the face of Cisco’s OpenStack participation, gave a keynote at the conference portion of the event. Lew’s slides are available on slideshare here.
• As a Gold Level sponsor, Cisco had a booth in the main exhibit area not far from the conference entrance. We distributed t-shirts with the “OpenStack@Cisco” logo on them. We were able to engage with fellow OpenStack developers, partners, and customers the entire week.
• Cisco was a sponsor of both the conference and the summit.

The key take away from the event was around the production deployments of OpenStack announced around the conference timeframe. OpenStack continues to have a lot of momentum going forward, and the announcements by places like Rackspace show the technology is already being deployed at scale in production.  Cisco is actively working with the OpenStack community to help shape the development of Quantum, Nova, Horizon, and other parts of OpenStack. If you are interested in joining the OpenStack@Cisco team, the team is hiring. Please contact Murali Raju (murraju at cisco dot com) for more information about joining the team!

Tags: OpenStack