I just got back from the 2nd Open Networking Summit (ONS) that took place in Santa Clara. This event was three times bigger than the one held on October last year. Networking innovation was once again the focus of the discussions and demonstrations and it was interesting to see a few examples of production network environments that have fully adopted the SDN (Software Defined Networking) approach and implemented OpenFlow. For example, Google showed that most of its production network is OpenFlow enabled – there’s no better “Proof of Concept” than that.
Over the past 2 years, Google has designed and built its own switches that are OpenFlow supported and has developed a sophisticated Traffic Engineering (TE) controller application that is responsible for all of their advanced dynamic routing decisions, which are adapted automatically thanks to the nature of OpenFlow. You can read more about it at here.
Telcos such as NTT, DT and Verizon talked about the need for WAN SDN and discussed a few other strategies they are undertaking by leveraging OpenFlow. This includes ideas for overlay networks, smart traffic steering that better utilizes network resources, and improved quality of service for mobile devices through a new proposed mobile access point selection mechanism. It was really all about innovation in networking – something we haven’t see for quite a while.
However, the most interesting point for me was the fact that ADC and security vendors will play a very dominant role in this new networking era. The way I see it, this networking revolution is all about making the network an Application Aware Network. The OpenFlow centralistic controller approach allows it to collect application states, analyze them by a business application, make a decision and enforce it at the network level by injecting new or modified network flow rules into the OpenFlow enabled network fabrics.
The obvious question “Who will provide these application states?” and the answer is that ADC and security products, which have L4-L7 visibility and intelligence, are a perfect choice for this. ADC and security elements’ decisions and actions are mostly application aware and therefore are the perfect sources to “signal” to the OpenFlow controller about application aware network actions. And these actions should be taken based on the applications status and business needs, e.g., application’s health, load and response time, threats imposed on the application, application security policies, application resource utilization etc. There is also a value in doing the opposite, i.e., enforcing application level changes based on the network status (status that is visible through the OpenFlow controller).
We introduced and demonstrated some of these concepts in our booth at the ONS event. We showed how Radware’s ADC and security commercial products, together with the service delivery controller application we have developed, “shapes” (or “programs”) the OpenFlow enabled network. We showed the commercial value it brings, including network resource optimization (reduced cost), application aware highly available network, secured software defined network infrastructure and how added value services such as security and application delivery functions, can be automatically provisioned to customers in a cloud MSP environment.
Based on the discussions at the event, all indications are that the network will become more and more application aware and therefore will be led by the application vendors. We are not so far from having a marketplace for “network apps” that will be stacked into the network controller and will “shape” the network per business need.
I have included a diagram of how our demo works:
Avi manages Radware’s security business unit and the security roadmap for the company’s attack mitigation system. This includes defining all product management and product marketing operations, the theoretical basis for current and future security products, and research and design of core product algorithms. He also holds several patents related to network security. Avi writes on a variety of security topics including application security, behavioral analysis, data loss, and wireless/mobile security.