Wednesday, April 2, 2014

Cisco's OpFlex Protocol Offers Distributed Policy Control for SDN

Cisco introduced OpFlex - a new networking protocol designed to open up its vision of Application Centric Infrastructure (ACI) in the data center for automated applications and interoperability with other software-defined networking (SDN) elements.


OpFlex is a southbound protocol that is co-authored by Citrix, IBM, Microsoft, and Sungard Availability Services. It provides a mechanism that enables a network controller to transfer abstract policy to a set of “smart” devices capable of directly rendering rich network policy on the device.  OpFlex will enable leading hypervisors, switches and network services (layer 4-layer 7) to self-configure driven by application policy.

Cisco is submitting to the IETF for standardization. It is also an open source Contribution that Cisco is making to OpenDaylight in partnership with IBM, Plexxi and Midokura.  Other companies that are supporting OpFlex include Microsoft, RedHat, F5, Citrix, Canonical, and Embrane.  Hypervisor and software vendors will support OpFlex-enabled virtual switches and extend the Cisco ACI policy framework in their virtual environments. Network services vendors like Avi Networks, Citrix, Embrane, and F5 Networks will be shipping an OpFlex agent with their appliances.

In addition, Cisco is working with OpenDaylight to create a 100 percent open source, ACI-compatible policy model and OpFlex reference architecture.

Compared to the current SDN model, Cisco said its Application Centric Infrastructure avoids the scalability/resiliency challenge of having a single SDN controller managing the state of the network. Its ACI approach is to distribute complexity to the edges and operate disconnected from a central policy manager.  It also would not require application developers to describe their requirements with low level constructs.

Cisco is planning to support the OpFlex Protocol on the following Cisco products:

  • Cisco Application Centric Infrastructure, Nexus 9000 Series
  • Cisco Nexus 1000V
  • Cisco ASR 9000 Series
  • Cisco Nexus 7000 Series
  • Cisco ASA
  • Cisco SourceFire

http://www.cisco.com

In January, as part of its recently launched Application Centric Infrastructure (ACI) initiative, Cisco introduced an Application Policy Infrastructure Controller (APIC) Enterprise Module for extending
high-performing applications from the data center to wide-area networks (WAN) and local access networks (LAN). The goal is to provide enterprises with complete visibility into their networks, automating network and policy configuration while managing applications across the WAN and access networks.

The Cisco APIC serves as the single point of automation and fabric element management in
both physical and virtual environments.

The Cisco APIC Enterprise Module is constructed of three elements: a consolidated network information database, policy infrastructure and automation.

To address security concerns, Cisco APIC automates network-wide rapid threat detection and mitigation by integrating and automating Cisco Sourcefire  security solutions.  For compliance management across branches and headquarters, Cisco APIC also provides network-wide Quality of Service (QoS), and accelerates Intelligent WAN (IWAN) deployments. It can also be used with third-party solutions to provide an end-to-end WAN orchestration and management.

In November 2013, Cisco unveiled its Application Centric Infrastructure for data centers and clouds. ACI is a step beyond virtualization and software-defined networks (SDN), said Chambers, because it brings agility and automation with full visibility and integrated management of both physical and virtual networked IT resources at the system, tenant, and application levels.  The architecture promises a pay-as-you-grow mode scaling to over 100,000 switch ports and capable of supporting more than one million IP end points in a data center spine with 60 Tbps capacity.  A key premise is that the network should adapt to application requirements through dynamic insertion and chaining of physical and virtual L4-7 network services including firewalls, application delivery controllers, and intrusion detection systems.  The new architecture is designed for multi-tenant cloud environments by providing real-time view of per tenant and per application health, statistics, and troubleshooting.  Real-time analytics will be used to drive intelligent application placement decisions.

The foundation for ACI is an Application Policy Infrastructure Controller (APIC), enhanced versions of the NX-OS data center switching operating system, and a new line of Nexus 9000 data center switches based on technology from Insieme Networks, the Cisco spin-in start-up that is being acquired and re-integrated into the company.

The Cisco APIC is a centralized clustered controller that is responsible for tasks ranging from fabric activation, maintenance of switch firmware, network policy configuration and instantiation. Cisco APIC is
completely removed from the data path.  The APIC exposes a northbound API through XML and JSON and provides both a command-line interface (CLI) and GUI that use this API to manage the
fabric. It will be delivered as an appliance.

The new Nexus 9000 platforms will be able to run both optimized NX-OS and an ACI-mode of NX-OS via the addition of APIC.  Cisco said this dual capability provides investment protection and a migration path to ACI though a software upgrade.

The new switches will use custom ASICs for scalable and merchant silicon for addressing time to market issues.  Cisco said its platforms will support 1/10/40G ports with support for future 100G transitions in existing and next generation data centers.  Another innovation in the Nexus 9000 portfolio is a backplane-free modular switch design that promises more efficient power and cooling.  Both the Cisco Nexus 9500 and 9300 platforms support VXLAN and NVGRE bridging and routing functions in hardware.

Google Activates Andromeda Virtualization in Cloud Data Centers

Google’s "Andromeda" network virtualization stack is now powering two of its Google Compute Engine zones: us-central1-b and europe-west1-a. The company will be migrating its other data centers to Andromeda in the coming months.

Google describes Andromeda as a Software Defined Networking (SDN)-based substrate that serves as  the orchestration point for provisioning, configuring, and managing virtual networks and in-network packet processing. The goal is to expose the raw performance of the underlying network while simultaneously exposing network function virtualization (NFV), including distributed denial of service (DDoS) protection, transparent service load balancing, access control lists, and firewalls.

Google reports a significant performance gain in throughput for customers in the data centers running Andromeda, with TCP throughput for 200 streams soaring from under 2 Gbps (baseline) to 5 Gbps (powered by Andromeda).

http://googlecloudplatform.blogspot.com/2014/04/enter-andromeda-zone-google-cloud-platforms-latest-networking-stack.html

Gigamon Announces Multi-Purpose Visibility Fabric Node for Big Data

Gigamon is preparing to release the  GigaVUE-HC2 fabric node for the Services Layer of its Visibility Fabric architecture.

The GigaVUE-HC2 is a modular platform that combines multiple external functions such as compute for stateful and intelligent traffic correlation, secure in-band TAPs to prevent unauthorized access to traffic data, and sophisticated filtering, replication and aggregation, all in a single, compact modular form factor thereby eliminating the need for service chaining multiple external nodes. The GigaVUE-HC2 will launch with seven optional modules including 10Gb and 40Gb modules, GigaSMART intelligence as well as copper and fiber TAPs. The optional GigaSMART capabilities include packet slicing, masking, source port labeling, tunneling, header stripping and Layer 7 load balancing.

Visibility Fabric Applications provide stateful packet correlation capabilities that enable de-duplication, provide session awareness for enhanced visibility, insight and control over data traffic flows, as well as the ability to summarize and generate NetFlow statistics from incoming traffic streams.

“The GigaVUE-HC2 provides a versatile multi-purpose platform that addresses the needs of a broad variety of tools. Its  performance and GigaSMART intelligence addresses not only the monitoring needs of today, but scales to meet the needs of the future,” said Shehzad Merchant, Chief Strategy Officer at Gigamon. “ Big Data traffic intelligence requires compute elasticity to meet the dynamic needs of today’s organizations.  Gigamon’s architecture supports distributed intelligence, centralized intelligence, or a hybrid of the two and ensures that multiple H-Series platforms can be managed as a single virtual chassis in a cluster.  GigaVUE-HC2 offers traffic intelligence at the right place in the network for the right price.”

http://www.gigamon.com/visibility-fabric-architecture

Skype App for Windows Phone 8.1 Allows In-Call Switch to Video

A new Skype app for Windows Phone 8.1 promises tight integration of Skype on mobile devices.  Windows Phone users will be able to easily "upgrade" a regular mobile calls to a Skype video call.

In addition, people with a Windows Phone 8.1 device can use Microsoft's new "Cortana" virtual digital assistant to quickly and easily start Skype calls: for example, just say "Skype, get Lara Kingwell on video".  Cortana will be included in a Skype for Windows Phone 8.1 update.

http://blogs.skype.com/2014/04/02/introducing-the-new-skype-for-windows-phone-8-1-and-improved-skype-for-windows-8-1
/

ALU Enterprise Debuts SDN-enabled OmniSwitch 6860

Alcatel-Lucent's Enterprise division unveiled its new OmniSwitch 6860 (OS6860) family featuring gigabit access speeds coupled with embedded analytics and programmability. Highlights include:

  • Powered by a custom ASIC and coprocessor providing wire-rate deep packet inspection (DPI) and policy enforcement right at the edge of the network. 
  • SDN-enabled with the support of OpenFlow and OpenStack.
  • Four unique 1G PoE ports that offer up to 60W Power over Ethernet (PoE) to support next generation devices that require high power, such as small cells that combine cellular and Wi-Fi, and high definition video surveillance cameras.
  • Data center and IT friendly: all ports are in the front, with front-to-back cooling and an innovative Bluetooth management connection so smart devices can be used to manage the switch. In addition, it can be used in the data center as a 1GbE top-of-rack switch.

Alcatel-Lucent Enterprise said it is adding deep packet inspection at the wired and wireless access layer to advance its Application Fluent Network capabilities. It can now consolidate this information with network analytics tools that help IT teams gain improved visibility into the applications, and also create policies and enforce them at the edge of the network to secure and optimize delivery of applications to employees and customers.

Additionally, Alcatel-Lucent Enterprise's entire portfolio now has Software Defined Networking (SDN) capabilities -- extending across the access, to the core and into the data center. The SDN capabilities include REST API’s, OpenFlow 1.0/1.3 and the ability to leverage OpenStack plug-ins for full orchestration across the entire network.

http://www.alcatel-lucent.com

Alcatel-Lucent Completes Sale of LGS Innovations

Alcatel-Lucent completed its previously announced sale of its subsidiary LGS Innovations LLC to a US-based company owned by a Madison Dearborn Partners-led investor group that includes CoVant.

LGS Innovations LLC provides secure networking, satellite communications, VoIP, optical routers and other solutions for the US national security, defense, and advanced research communities, and has a heritage as a trusted partner of the US Federal Government extending back over 60 years.  The company is based in Herndon, Virginia.

The sale price was $200 million, of which 50% is paid at closing.

http://www.alcatel-lucent.com

NTT Data Opens R&D Labs in China, Singapore, Indonesia

NTT DATA has established an R&D Lab with the Institute of Software at the Chinese Academy of Sciences in Beijing.  The two organizations will collaborate on solutions for social networking services and healthcare.

NTT DATA also announced the opening of R&D Labs in Singapore and in Bandung, Indonesia.

http://www.nttdata.com/

ADTRAN Trims Q1 Financial Guidance

ADTRAN trimmed its revenue and earnings estimates for the first quarter ending March 31, 2014, saying it now expects revenue to range from $146.0 million to $147.0 million. GAAP earnings per share for the quarter, assuming dilution, are expected to range from $0.16 to $0.17. Non-GAAP earnings per share for the quarter are expected to range from $0.20 to $0.21. Non-GAAP earnings per share exclude the effect of acquisition related expenses, amortizations and adjustments, and stock compensation expense.

ADTRAN Chief Executive Officer Tom Stanton stated, “Although revenue for the quarter came in lower than expected, operating income increased approximately 74% over the same period last year driven by significant improvements in gross margin. Our domestic revenues were negatively impacted by a slower start to spending with our tier 2 and tier 3 service provider customers. International revenues were strong for the quarter, increasing approximately 56% over the same period last year. We saw a notable acceleration in bookings later in the quarter, but the timing precluded us from meeting our prior revenue expectations. The significant acceleration we saw in bookings exiting the quarter leads us to anticipate revenue in the second quarter of 2014 to be in the range of $172 million to $180 million.”

http://www.adtran.com

See also