Sunday, June 7, 2015

ONOS Advances its SDN Operating System with 3rd Release

A third version of the Open Network Operating System (ONOS), named Cardinal, has been released, adding several significant enhancements in the areas of Application Intent Framework, southbound interfaces and new distributed core features and capabilities.

ONOS, which was first released in December 2014, is currently deployed live in three research and education networks worldwide with more to come in Europe and Asia. These include SDN-IP peering application deployments at Internet2 in the U.S. and FIU/AmLight to South America as well as a BGP Peering Router deployment at CSIRO, Australia. It is also being used to enable proof-of-concept (PoCs) of multi-layer IP/optical networks and for the migration to SDN using the SDN-IP peering application.

Some Cardinal highlights:

  • Improves performance for flow operations, application intent processing and network topology maintenance by more than 25 percent.
  • Creates several new uses by enabling the central office to be re-architected as a data center (CORD).
  • Cardinal’s Application Intent Framework supports all the key solution POCs that will be demonstrated at the Open Networking Summit (ONS2015) conference with extensions such as MPLS and tunnel support added to the framework to support a wide variety of SDN applications.
  • A new flow-objective subsystem in the distributed core enables device agnostic SDN deployment. It allows apps to use a variety of OpenFlow switches with support for multiple tables without being concerned about the device specific details. It is definitely a big step forward towards the inter-operability and elimination of the solution silos that exist today.
  • At the southbound, NETCONF and PCEP interfaces are now available, and the TL1 interface will be used by two vendors for a few solution POCs although TL1 is not yet available from ONOS for open source distribution.

“The ONOS team has been running on all cylinders and continues to increase momentum with the help from the community,” said Bill Snow, vice president of Engineering at ON.Lab. ”The code base continues to add functionality, while keeping code quality high and continually improving performance. ONOS’ use cases really show its unique capabilities to transform service provider and mission critical networks.”

Download is available here:

Intel Security and VMware Introduce SDN-powered IPS

Intel Security and VMware introduced an SDN-based Intrusion Prevention services (IPS) solution for the protection of east-west traffic within the data center.  The security solution leverages the VMware NSX network virtualization platform to automate the distribution and enforcement of Intel Security’s McAfee Network Security Platform (NSP), providing Intelligent.

The idea is to extend the services inside the data center that Intel Security provides for north-south traffic at the perimeter of the data center.

The new integrated solution includes the McAfee NSP IPS-VM100-VSS (a new IPS-VM Series model designed for interoperability with VMware NSX), McAfee Network Security Manager, Intel Security Controller and VMware NSX network virtualization platform. The Intel Security Controller transparently runs as a broker between the VMware NSX infrastructure and the Intel Security’s McAfee NSP.  IPS protection can be dynamically and automatically provisioned to help protect intra-VM traffic based on the defined policies and requirements

“The McAfee NSP takes advantage of the VMware NSX platform’s distributed micro-segmentation enforcement and simplified automated provisioning, creating a zero-trust environment to automatically help protect organizations’ assets against advanced threats,” said Raja Patel, General Manager for the Network Security Business Unit, Intel Security.

"The tight integration between VMware NSX and Intel Security’s McAfee NSP means security controls follow application workloads, allowing customers to dynamically scale security services,” said Tom Corn, Senior Vice President, Security Products, VMware.

Friday, June 5, 2015

Update on OPNFV and the Arno Release with Prodip Sen

OPNFV is an open source project under The Linux Foundation aimed at accelerating the introduction of NFV products and services. Prodip Sen, CTO of Network Functions Virtualization at HP and Chair of the OPNFV Project, provides a quick update of the community and its first release -- "Arno".

Arno provides an initial build of the NFV Infrastructure (NFVI) and Virtual Infrastructure Manager (VIM) components of ETSI NFV architecture. The baseline release enables continuous integration, automated deployment and testing of components from upstream projects such as Ceph, KVM, OpenDaylight, OpenStack and Open vSwitch.

See video:

Massive Data Breach Raises Questions about Perimeter Defense

The U.S. Office of Personnel Management (OPM) confirmed details of a massive data breach potentially impacting the personal records of 4 million current and past employees of the U.S. government.

OPM said it became aware of a cybersecurity intrusion affecting its information technology (IT) systems and data in April 2015 while it was in the process of updating its cybersecurity posture, adding tools and capabilities to its various networks.

Media reports attributed the attack to a Chinese state-backed hacker group known as “Deep Panda”, although both the OPM and FBI declined to comment on the specifics. Media reports also suggest that the stolen data was not encrypted.

The OPM network is believed to have been protected by the second generation intrusion detection and prevention system, known as EINSTEIN 2. A planned upgrade to EINSTEIN 3, which will be integrated as a Managed Security Service with leading Internet Service Providers (ISP), is being accelerated so as to cover all government network by the end of 2016.

Outside commentators noted that relying on a perimeter IDS, even one benefiting from signatures captured by national security agencies, may be an insufficient strategy for 2015 and beyond, compared to other solutions emphasizing network visibility for advanced persistent threats. A Bloomberg story posted Michael A Riley quotes a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington as saying Einstein 3 is already obsolete and that the commercial security industry moving away from this type of perimeter defense.

HP to Resell ALU's IP+Optical for DCI

Alcatel-Lucent and HP are expanding their long-running alliance to now deliver enterprise data center networking, data replication and new storage architectures connected with IP and optical backbones.

The solutions, which are offered as part of the HP Complete Program in the Americas and EMEA, include Alcatel-Lucent’s IP edge platform, the Alcatel-Lucent 7750 Service Router and the Alcatel-Lucent 1830 Photonic Service Switch (PSS) family of optical products.

The companies said the combination of the 1830 PSS optical platform with the HP 3PAR Remote Copy software can deliver synchronous replication over fiber up to 130 kilometers with encryption to reduce business risk. This solution further expands the HP and Alcatel-Lucent collaboration in Data Center solutions, after the recent launch of HP Distributed Cloud Networking (DCN) platform, which leverages the Virtualized Services Platform (VSP) from Alcatel-Lucent’s Nuage Networks SDN venture.

Ciena Sees Sales Momentum in Q2

Ciena reported fiscal second quarter 2015 revenue of $621.6 million as compared to $560.1 million for the fiscal second quarter 2014. Net income (GAAP) was $20.7 million, or $0.17 per diluted common share, which compares to a GAAP net loss of $(10.2) million, or $(0.10) per diluted common share, for the fiscal second quarter 2014.

"We delivered outstanding second quarter results that, when combined with our strong financial performance during the past several quarters, demonstrate increased operating leverage and sustained momentum in our business," said Gary B. Smith, president and CEO, Ciena. “This performance also reflects our industry-leading ability to deliver open, on-demand, software-driven networks for an increasingly diverse set of customers across the globe.”

Some highlights:

  • U.S. customers contributed 59.1% of total revenue
  • One customer accounted for greater than 10% of revenue and represented 19% of total revenue
  • Cash and investments totaled $816.7 million
  • Cash flow from operations totaled $37.8 million
  • Average days' sales outstanding (DSOs) were 80
  • Accounts receivable balance was $553.3 million
  • Inventories totaled $214.6 million
  • Product inventory turns were 5.3
  • Headcount totaled 5,108

Thursday, June 4, 2015

OPNFV Community Delivers Arno, its First Release

The OPNFV Project, which is the community based effort sponsored by the Linux Foundation to develop an open source platform to accelerate the introduction of Network Functions Virtualization (NFV), announced the availability of OPNFV Arno, its first software release.

Arno provides an initial build of the NFV Infrastructure (NFVI) and Virtual Infrastructure Manager (VIM) components of ETSI NFV architecture.

Key capabilities of OPNFV Arno:

Availability of baseline platform: Arno enables continuous integration, automated deployment and testing of components from upstream projects such as Ceph, KVM, OpenDaylight, OpenStack and Open vSwitch. It allows developers and users to automatically install and explore the platform.

Ability to deploy and test various VNFs: End users and developers can deploy their own or third party VNFs on Arno to test its functionality and performance in various traffic scenarios and use cases.

Availability of test infrastructure in community-hosted labs: Agile testing plays a crucial role in the OPNFV platform. With Arno, the project is unveiling a community test labs infrastructure where users can test the platform in different environments and on different hardware. This test labs infrastructure enables the platform to be exercised in different NFV scenarios to ensure that the various open source components come together to meet vendor and end user needs.

Allows automatic continuous integration of specific components: As upstream projects are developed independently they require testing of various OPNFV use cases to ensure seamless integration and interworking within the platform. OPNFV’s automated toolchain allows continuous automatic builds and verification.

“Only eight months after its formation, OPNFV has met one of its major goals by creating an integrated build, deployment and testing environment that accelerates NFV implementation and interoperability,” said Prodip Sen, chairman of the OPNFV board of directors. “With Arno, we now have a solid foundation for testing some of the key resource orchestration and network control components for NFV. This is great a testament to the power of an open source collaborative model and the strength of the NFV ecosystem.”

“NFV has gone from idea to reality so quickly. I am hearing from every major operator their plans to deploy SDN and NFV and see the OPNFV project as playing a critical role in this vision becoming a reality. It's great to see the OPNFV community has chosen OpenDaylight as a key component of their project and the Arno release,” said Neela Jacques, executive director, OpenDaylight.

“Delivering Arno in a short amount of time shows the potential of open source collaboration,” said Jonathan Bryce, executive director, OpenStack Foundation. “The OpenStack community looks forward to working closely with OPNFV and accelerating the evolution of NFV.”

“We are very happy to see the adoption of components of ETSI NFV architecture in Arno. This is a major milestone for OPNFV and the NFV ecosystem in building the integrated open source NFV platform. We congratulate the community and are looking forward to future releases,” said Dr. Steven Wright (AT&T), chairman of ETSI NFV ISG.

Equinix to Provide Direct Connect to Aliyun Cloud Services

Equinix signed an agreement with Aliyun, Alibaba Group's cloud computing arm, to provide direct access to Aliyun's cloud platform via the Equinix Cloud Exchange in Hong Kong and Silicon Valley. Aliyun is the largest public cloud service provider in China and operates the country's largest content delivery network.

This will provide multinational, Chinese, and North American enterprises with dedicated and secure access to the full suite of Aliyun's cloud services. In addition to the Aliyun cloud platform, Equinix will also offer direct access to additional cloud-based services from Aliyun, including SaaS-based applications.  Expansion to other Equinix facilities in Asia and North America is anticipated.

"Our multi-national enterprise customers are increasingly asking for access to the Aliyun cloud platform, as they deploy cloud-based applications across Asia. By providing this access in two strategic markets, we're empowering businesses to build secure, private clouds, without compromising network and application performance," said Chris Sharp, vice president, cloud innovation, Equinix.

"Aliyun is very excited about our global partnership with Equinix, who not only has a global footprint of cutting-edge data centers, but has also brought together the most abundant cloud players and tenants in the cloud computing ecosystem on its Equinix Cloud Exchange platform.  Connecting the Equinix ecosystem with our Aliyun cloud services on Cloud Exchange will provide customers with the best-of-breed choices and flexibility," said Sicheng Yu, vice president, Aliyun.

Avi Networks Integrates Cloud ADC with Cisco ACI

Avi Networks, a start-up based in Sunnyvale, California, has integrated its Cloud Application Delivery Controller with Cisco's Application Centric Infrastructure (ACI).

Avi Networks, which was founded by key engineers behind Cisco's Nexus data center platforms, offers a software-only load balancer that adopts the same approach taken by large cloud service providers, such as Amazon, Facebook and Google, in that it runs entirely on x86.  The hyperscale ADC separates the control plane from the data plane.  Avi is also bringing traffic analytics into its Layer 7 switching, enabling application flows to dynamically adapt to traffic conditions..

The newly announced integration with Cisco ACI establishes interoperability with the Cisco Application Policy Infrastructure Controller (APIC) using RESTful APIs. Avi use a common architecture as Cisco, including unified management and control planes, as well as the ability to scale data plane resources elastically, on-demand as application requirements dictate. The company says this approach provides end-users with better application delivery, security and load balancing, in addition to real-time visibility, monitoring, and integrated (inline) analytics of their on-premise and cloud-based applications.

“We are excited to announce the availability of the integration with Cisco ACI, which is one of the most important data center and cloud networking solutions,” said Umesh Mahajan, CEO of Avi Networks. “The Cisco ACI is a true application driven environment and it requires a complementary approach to application delivery to guarantee the proper end-user experience and application performance, which are fundamental for success in today’s era of cloud, mobile and virtualization technologies.”

“Cisco ACI has been built with a broad and deep ecosystem of partners to give our customers freedom of choice among vendors,” said Ish Limkakeng, VP, Cisco. “We are pleased to have Avi Networks join our ecosystem and to have them share our vision for automation and agility in the data center.”

Avi also cites its Inline Analytics capability as a key differentiator.  An inline analytics module integrated within the company's ADC aligns with the centralized and deep network infrastructure visibility available through the Cisco APIC solution.

  • Prior to co-founding Avi Networks in November 2012, Umesh Mahajan was VP/GM of Data Center Switching at Cisco, responsible for the Nexus 7000, MDS, NX-OS and DCNM families. Before that, he was Senior Director of Software Engineering at Andiamo, which was acquired by Cisco.  Avi's team also includes Murali Basavaiah (co-founder and Engineering Lead), who previously was VP Engineering at Cisco for NX-OS Software and Nexus 7000/MDS product; and Ranga Rajagopalan (Cheif Architect and CTO), who previously was Sr. Director of Engineering at Cisco and responsible for NX-OS systems/platform software for the Cisco Nexus 7000.

NTT Com Develops Multi-homed anti-DDoS

NTT Communications is testing an enhanced DDoS orchestrator system to detect, analyze and defend against distributed denial of service (DDoS) attacks. The pilot system was constructed by multiple security companies, including Arbor Networks, A10 Networks, and Radware Ltd. The user organizations include EHIME CATV Inc., INTERNET MULTIFEED Co., Interop Tokyo 2015 ShowNet, mixi Inc. and OKIT CORPORATION, among others.

NTT Com said its trial will test the operability of unique channel-control technology developed by NTT Com to minimize the negative effects, such as delays in normal communications, of implementing a DDoS defense. The testing environment incorporates NTT Com's unique channel-control technology (patent pending), which reports the Internet routes used by specific traffic and enabling traffic from a DDoS attack to be routed to optimized points in NTT Com's Global IP (GIP) and domestic OCN networks for Internet connection. The attacker's specific traffic is drawn to the system's DDoS defense devices, whereas normal communications experience only minimal delays.

NTT Com is Japan's first communications provider to conduct a multihomed anti-DDoS service that would be available to all companies using or providing Internet services.

HP and Arista Offer Data Center Reference Architectures

HP announced a new partnership with Arista Networks to provide verified reference architectures for data centers.

The HP Converged Architecture with Arista is designed to support private, public and hybrid cloud applications across compute and storage, including all-flash solutions with HP 3PAR StoreServ. The companies said their open and flexible solutions deliver simplified provisioning and ongoing maintenance, via the application of Arista Extensible Operating System (EOS) and network programmable platforms, with HP OneView integration at its core.

“The joint reference architectures from HP and Arista will deliver a dramatically simplified path to convergence and cloud-efficiency for our joint customers,” said Ed Chapman, vice president of business development and alliances, Arista Networks, Inc. “This will allow customers to rapidly realize the benefits of a converged infrastructure to accelerate their business and improve time to value while remaining flexible for future business needs.”

In addition, HP announced enhancements to its OneView 2.0 management platform, which unifies processes, user interfaces (UI’s) and the application programming interfaces (APIs) across HP server, storage, and Virtual Connect networking devices. The enhancements include new server automation tools for defining firmware and driver baselines as well as server, LAN and SAN settings in one place and consistently provision or update those settings multiple times. Additionally, new profile mobility makes it possible to migrate and recover of workloads across server platform types, configurations, and generations.

NTT Com and Carrier Partners Aim for Improved Network Quality

NTT Communications and 22 of its global telecommunications-carrier partners agreed on a number of policies aimed at improving global network service quality.

During the Arcstar Carrier Forum 2015, which took place in Tokyo on June 2 and 3, the parties agreed to increase availability, decrease failure rates and strive for a number of other improvements measured by key performance indicators (KPI). These include:

  • Increase availability
  • Decrease failure rates
  • Reduce instances of long-term failure
  • Improve rate of determining reason for outage as failure occurs
  • Improve rate of on-time delivery to customer
  • Decrease lead time for line delivery

The Arcstar Carrier Forum is an international conference organized by NTT Com to consider strategies for strengthening Arcstar-branded managed network services for multinational corporations.

NTT Com Partner Carriers that Attended Arcstar Carrier Forum 2015

China: China Telecom Global Limited
Korea: KT Corporation
Hong Kong: Hutchison Global Communications Limited
Hong Kong: Wharf T&T Limited
Taiwan: Chunghwa Telecom Co., Ltd.
Philippines: Philippine Long Distance Telephone Company
Indonesia: PT Indosat tbk
Indonesia: PT. Telekomunikasi Indonesia International
Vietnam: Vietnam Datacommunication
Malaysia: Telekom Malaysia Berhad
Thailand: CAT Telecom Public Company Limited
India: Tata Communications Ltd.
India: Bharti Airtel Limited
Australia: Telstra Japan K.K.
Australia: Singtel Optus Pty Limited
France: Orange Business Services
UK: Colt Technology Services
UK: Interoute Communications Limited
South Africa: Internet Solutions a division of Dimension Data
USA: Verizon Communications Inc.
USA: XO Communications
South America: Neutrona Networks

BroadSoft Acquires mPortal for Mobile UC Design

BroadSoft announced its acquisition of mPortal, a privately-held firm that offers mobile-centric design and development capabilities.  mPortal’s mobile-centric design and development capabilities will provide the foundation for BroadSoft Design – which allows service providers and enterprises to customize and differentiate UC solutions built around BroadSoft’s UC-One solution. mPortal is based in McLean, Virginia. Financial terms were not disclosed.

“It is increasingly clear that a ‘one size fits all’ strategy for delivering unified communications is insufficient for meeting the superior and differentiated end-user experiences that businesses demand,” said Scott Hoffpauir, chief technology officer, BroadSoft. “The mPortal acquisition and launch of BroadSoft Design reaffirms our commitment of simplifying how our customers sell, deliver and support UC services, innovating to give service providers a competitive market advantage and accelerating market adoption of unified communications through a superior end-user experience.”

Cisco Names New Leadership Team

Cisco's incoming CEO Chuck Robbins announced his executive leadership team:

  • Pankaj Patel, Executive Vice President, Chief Development Officer
  • Kelly Kramer, Executive Vice President and Chief Financial Officer
  • Rebecca Jacoby, Senior Vice President, Operations
  • Guillermo Diaz has been promoted to CIO
  • Francine Katsoudas, Senior Vice President and Chief People Officer
  • Hilton Romanski, Senior Vice President, Chief Technology and Strategy Officer
  • Karen Walker, Senior Vice President, Chief Marketing Officer
  • Chris Dedicoat, Senior Vice President, Worldwide Sales
  • Joe Cozzolino, Senior Vice President, Services
  • Mark Chandler, Senior Vice President and General Counsel
  • Dr. Ruba Borno, Vice President, Growth Initiatives and Chief of Staff

Dell'Oro: Cisco Gains Share in L2-3 Ethernet Switch Market

The Layer 2-3 Ethernet Switch market declined nearly $1 billion in the first quarter 2015 to slightly more than $5.5 billion, according to a new report from Dell'Oro Group.

"Seasonality, especially since China has become a larger part of the market caused Ethernet Switch revenues to be down significantly in 1Q15. Despite the strong sequential market decline, Cisco gained revenue share year-over-year," said Alan Weckel, Vice President of Ethernet Switch market research at Dell'Oro Group. "Campus switching has begun an upgrade cycle to support next generation wireless LAN access points using new Multi-Gigabit technology as a catalyst. Campus switching will also get a boost from E-Rate during the summer. As we transition to the end of 2015, the data center will begin an upgrade cycle to 25 GE for server access with 100 GE starting to ramp to significant volumes. The market will also be absorbing both HP's announcement to divest H3C and Avago's announcement to acquire Broadcom. It has been almost a decade since we have seen so much vendor repositioning in the market," stated Weckel.

The report also indicates that Cisco Systems, Huawei Technologies, and Hewlett-Packard (H3C) were the top three vendors in revenue rank in China during the first quarter 2015.

Wednesday, June 3, 2015

Blueprint: Enabling Smart Software Defined Networks

by Seong Kim, System Architect in AMD’s Embedded Networking Division

The networking and communications industry is at a critical inflection point as it looks to embrace new technologies such as software-defined networking (SDN) and network function virtualization (NFV). While there are significant advantages to deploying a software-defined network, there are challenges as well. The implementation of SDN and NFV requires revamping network components and structures, and adopting new approaches to writing software for network management function.

The hosting of SDN and NFV middleware and network management software on industry-standard processors is now being handled by modern multi-processor heterogeneous system architectures that incorporate both CPU and GPU resources within a single SOC.

What’s been missing until recently is a holistic view of networks and the technology providing a standardized separation of the control and data planes. SDN provides this capability, and can efficiently enable data center and service providers to manage network configuration, management, routing and policy enforcement for their evolving multi-tenant heterogeneous networks.

As defined by the Open Networking Foundation, SDN decouples the network control and forwarding functions, enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services.
Unlike server virtualization, which enables sharing of a single physical resource by many users or entities, virtualizing network resources enables a consolidation of different physical resources by overlaying virtual layers of networks on heterogeneous networks, resulting in a unified, logically homogenous network. Figure 1 describes three requirements that commonly define SDN architecture.

SDN Trends and Challenges

There are several different SDN deployment scenarios in the industry, although the original SDN concept proposes to have a centralized control plane with only the data plane remaining in the network.

On the controller implementation, three basic topologies are being considered in the industry. The first is a centralized topology where one SDN controller controls all the switches in the network. This approach, however, incurs a higher risk of failure since it makes the central controller a single point of failure for the network. The second topology being investigated is the so-called distributed-centralized architecture. In this approach multiple “regional” SDN controllers, each controlling a subset of the network, communicate with the (global) central controller. This architecture eliminates single points of failure since one controller can take over the function of a failed controller. Finally, Orion  proposes a hierarchical topology that may provide better network scalability.

Apart from the controller, the data plane can also become a challenge with the transition to SDN, because traditional switching and/or forwarding devices/ASICs will not be able to easily support SDN traffic due to evolving standards. Hence the need to have a hybrid approach. Specifically, a portion of the network (e.g., the access network) can be SDN enabled while the other portion (e.g., the core network) can remain as a ‘traditional’ network . Thus traditional platforms are located in the intermediate nodes, acting as a big pipe, and SDN-enabled platforms serve as the switch and routing platforms. With this approach, an SDN network may be enabled immediately without requiring the overhaul of the entire network.

Challenges in SDN are still emerging, as the definition of SDN continues to evolve. The scale-out network paradigm is evolving as well. Due to these uncertainties, abstraction mechanisms from different vendors will compete or co-exist. In addition, creation of SDN controllers and switches requires resolution of design challenges in many hardware platforms.

The data center environment is the most common use case for SDN. In the traditional data center network, there are ToR (Top of Rack), EoR (End of Row), aggregation and core switches. Multi-tier networking is a common configuration. To increase data center network manageability, SDN can abstract physical elements and represent them as logical elements using software. It treats all network elements as one large resource across multiple network segments. Therefore it can provide complete visibility of the network and manage policies across network nodes connected to virtual and physical switches.

Figure 2 shows a traditional multi-tier data center network and how an SDN controller can manage the entire network from a centralized location.

SDN’s basic tenet is to remove vendor-specific dependencies, reduce complexity and improve control, allowing the network to quickly adapt to changes in business needs. Other key SDN requirements are the disaggregation of control and data planes, and the integration of strong compute and packet processing capabilities. Companies are now collaborating to demonstrate the feasibility of a complete SDN solution utilizing the unique compute capabilities and power efficiency of heterogeneous, general purpose processors.

Software Enablement for SDN

One such demonstration of the integration needed to enable SDN is an ETSI NFV proof-of-concept. In this proof of concept, several companies demonstrated the integration of a Data Plane Development Kit (DPDK) on an x86 platform and Open Data Plane (ODP) on an ARM-based platform running OpenStack. The DPDK and ODP middleware enables fast packet I/O for general purpose CPU platforms eliminating the typical bottleneck in the data path when there is no user space pass-through enablement. This middleware software is a must-have to enable an SDN solution, providing a unified interface to various platforms including x86 and ARM64 platforms.

High Compute Power at a Low Power Envelope

An SDN controller needs to have strong compute capability to handle large amounts of control traffic coming from many SDN switches – each individual flow needs handling by the central SDN controller. This brings concerns regarding the SDN controller in terms of performance and single point of failure.

There are different architectures proposed in the industry to mitigate the load on the central controller. One example is a distributed-centralized controller which has several SDN controllers, each managing a subsection of the network, with an additional control layer managing these regional controllers. This architecture requires smart, distributed and powerful compute capabilities throughout the entire network of SDN controllers. Different nodes, including SDN switch nodes, require different levels of performance and power. SDN implementations benefit from vendor platforms that offer a range of performance capabilities, matching the appropriate level of resources at the necessary point in the network design.

Security Enhancements

There is a growing need for security, and as the amount of control traffic increases, the needs of crypto acceleration or offload increase together. By offloading crypto operation to acceleration engines such as CCP (Crypto Co-processor) on a CPU or GPU, the system level performance can be maintained without compromising compute performance.

Deep Packet Inspection (DPI) - Understanting Network Traffic Flow

In order for an SDN controller to manage the network and associated policies, it requires a good ‘understanding’ of networking traffic. Centralized or distributed SDN architectures can support a deep understanding of traffic by collecting sets of packets from a traffic flow and analyzing them. There are two different ways to support this requirement.

Option 1—Based on the assumption of having a big pipe/channel between SDN switches and SDN controller, all of the deep packet inspection or application recognition can be done in the central controller with a powerful DPI engine.

Option 2—A small DPI engine can be implemented in the distributed SDN switches. These switches perform a basic deep packet inspection, then report the results or send only streams of important traffic. As we have seen, the latter case requires cheaper and simpler implementation to meet the basic SDN tenet.

Low cost and low power processors can be used for DPI applications. The combination of CPUs and GPUs as found in heterogeneous architectures, the latter being highly optimized for highly parallel programmable applications, provides a significant performance advantage.

I/O Integration

The main processor for SDN requires high speed I/O interfaces, for example, embedded network interfaces such as 1G, 10GE, and PCIe. This can lower system cost and ease system design complexity.


Complicating the development of new SDN solutions is the continuing evolution of standards. Throughout the industry, there are different approaches to enabling network virtualization (for example, VXLAN and NVGRE), and these standards continue to evolve as they move to the next phases. In order to meet the requirements of these evolving standards – and any emerging network overlaying protocols – platforms must be able to provide flexibility and ease of programmability. As an example, the transition from the OpenFlow1.0 spec to the OpenFlow revision 1.3 significantly increased complexity as it aimed to support many types of networking functions and protocols.

Platform Needs

Modern heterogeneous compute platforms contain the following three major function blocks:
General purpose, programmable scalar (CPU) and vector processing cores (GPU)
High-performance bus
Common, low-latency memory model

Leading heterogeneous designs are critical to maximizing throughput. For example, on AMD platforms incorporating Heterogeneous Systems Architecture (HSA), the CPU hands over only the pointers of the data blocks to the GPU. The GPU takes the pointers and processes the data block in the specific memory location and hands them back to the CPU. HSA ensures cache coherency between the CPU and the GPU. Figure 3 depicts an overview of this architecture.

 GPUs are extremely efficient for parallel processing applications, and they can also be used for crypto operations, DPI, classification, compression and other applications. In the case of crypto operations, the CPU doesn’t have to get involved in the data plane crypto operation directly. With this architecture, the system level performance can be maintained even when the amount of traffic needing encryption or decryption increases. In a heterogeneous capable processor, software can selectively accelerate or offload CPU compute-intensive operations to the GPU. Here are a few additional functions that can be accelerated or offloaded to the GPU:

DPI: Implement RegEx engine
Security (such as IPSec) operations: RSA, crypto operation
Compression operation for distributed storage applications

 Figure  4 shows a number of different networking use cases and examples of where different levels of embedded processors integrate into the solution.


SDN introduces a new approach to network resource utilization and management, and each networking vendor in the market is looking for its own way to build SDN solutions. One key action that needs to be taken to enable SDN is to open up the intelligence of switches and routers to enable the abstraction of proprietary vendor technologies.

Mega data center players (Amazon, Google, Facebook and the like) are implementing technologies that will allow them to enable greater flexibility and lower costs. Amazon and Google are building their own networking (white box) switches so that they don’t have to rely on the platforms produced by OEM vendors. Facebook is driving the Open Compute Platform (OCP) to develop specifications for open architecture switches that will be manufactured by low-cost original design manufacturers (ODMs) . The open architecture approach from Facebook is creating an ecosystem where standard, high volume commodity platforms could be used to minimize CAPEX and OPEX costs.

SDN will drive the industry toward a more software-centric architecture and implementation. Thus, in this environment, OEMs find it more difficult to provide platform differentiators. With SDN, the need for less expensive and easy-to-access hardware becomes paramount, and platform-specific, value-added services is deprioritized.

About the Author

Seong Kim is currently a system architect in AMD’s Embedded Networking Division. He has more than 15 years of experience in networking systems architecture and technical marketing. His recent initiatives include NFV, SDN, Server virtualization, wireless communication networking, and security and threat management solutions. Dr. Kim’s work has been published in numerous publications including IEEE communications and Elsevier magazines, and has presented at several industry conferences and webinars. He has several US patents and US patents pending in the field of networking. Kim holds a Ph.D. in Electrical Engineering from State University of New York (SBU) and an M.B.A degree from Lehigh University.

Got an idea for a Blueprint column?  We welcome your ideas on next gen network architecture.
See our guidelines.

Cisco to Acquire Piston Cloud for OpenStack

Cisco agreed to acquire Piston Cloud Computing, a start-up based in San Francisco, for its enterprise OpenStack solutions. Financial terms were not disclosed.

Piston Enterprise OpenStack is designed for building, scaling and managing a private Infrastructure-as-a-Service (IaaS) cloud on bare-metal, converged commodity hardware.  Piston Cloud enables Cloud Foundry's Platform-as-a-Service (PaaS) offering to run on OpenStack. It also supports leading automation solutions, including Opscode, Puppet Labs and RightScale.

Cisco said the acquisition will help advance its Intercloud, which is a globally connected network of clouds being built with its partners.

"The acquisition of Piston will complement our Intercloud strategy by bringing additional operational experience on the underlying infrastructure that powers Cisco OpenStack Private Cloud. Additionally, Piston’s deep knowledge of distributed systems and automated deployment will help further enhance our delivery capabilities for customers and partners," stated Cisco's Hilton Romanski in a blog posting.

IBM Acquires Blue Box for OpenStack Cloud Migration

IBM has acquired Blue Box Group, a managed private cloud provider built on OpenStack. Financial terms were not disclosed.

Blue Box, which is based in Seattle, provides a private cloud as a service platform designed to enable easier deployment of workloads across hybrid cloud environments.

IBM said the acquisition reinforces its commitment to deliver flexible cloud computing models that make it easier for customers to move to data and applications across clouds and meets their needs across public, private and hybrid cloud environments. Blue Box also strengthens IBM Cloud’s existing OpenStack portfolio, with the introduction of a remotely managed OpenStack offering to provide clients with a local cloud and increased visibility, control and security.

“IBM is dedicated to helping our clients migrate to the cloud in an open, secure, data rich environment that meet their current and future business needs,” said IBM General Manager of Cloud Services Jim Comfort. “The acquisition of Blue Box accelerates IBM’s open cloud strategy making it easier for our clients to move to data and applications across clouds and adopt hybrid cloud environments."

HP Advances its Helion CloudSystem for Multiple Clouds

HP rolled out the latest version of its flagship integrated enterprise cloud solution, Helion CloudSystem 9.0, expanding support for multiple hypervisors and multiple clouds.

HP Helion CloudSystem 9.0 integrates HP Helion OpenStack and the HP Helion Development Platform to provide customers an enterprise grade open source platform for cloud native application development and infrastructure. Some highlights of HP Helion CloudSystem 9.0:

  • Simultaneous support for multiple cloud environments, including Amazon Web Services (AWS), Microsoft Azure, HP Helion Public Cloud, OpenStack technology and VMware, with the ability to fully control where workloads reside
  • The latest release of HP Helion OpenStack, exposing OpenStack software APIs to simplify and speed development and integration with other clouds and offering developer-friendly add-ons with the HP Helion Development Platform based on Cloud Foundry
  • Support for multiple hypervisors, now including Microsoft Hyper-V, Red Hat KVM, VMware vSphere, as well as bare metal deployments, offering customers additional choice and avoiding vendor lock-in
  • Support for AWS-compatible private clouds through integration with HP Helion Eucalyptus, giving customers the flexibility to deploy existing AWS workloads onto clouds they control
  • Support for unstructured data through the Swift OpenStack Object Storage project

"Enterprise customers have a range of needs in moving to the cloud -- some need to cloud-enable traditional workloads, while others seek to build next generation 'cloud native' apps using modern technologies like OpenStack, Cloud Foundry and Docker," said Bill Hilf, senior vice president, HP Helion Product and Service Management. "The expanded support for multiple hypervisors and cloud environments in HP Helion CloudSystem 9.0 gives enterprises and service providers added flexibility to gain cloud benefits for their existing and new applications."

  • HP is currently operating 85 data centers worldwide.

DE-CIX Notes Upturn in 100G Internet Exchange Connections

DE-CIX, which recently recorded an all-time record peak throughput volume of 4 Terabit/s on its Internet Exchange in Frankfurt, is seeing customers upgrade their port size and capacity.  The company reports that during the first quarter of 2015, customers ordered the same number of 100 Gigabit Ethernet (100 GE) ports as they did in all of 2014.

As an example, Akamai, the global leader in Content Delivery Network (CDN) services, has upgraded its capacity at DE-CIX in Frankfurt to 12x100 GE connections. Delivering 1.2 Terabits per second, this is the largest service provider bandwidth at any Internet exchange worldwide.

“Our goal is for our customers’ content to arrive as quickly as possible at its final destination, no matter where in the world the end user is,” says Noam Freedman, Senior Vice President, Networks and Chief Network Architect at Akamai Technologies. “With more than 700 Internet service providers worldwide, DE-CIX is one of our most important Internet exchange providers. With the 2013  implementation of its DE-CIX Apollon technology platform to easily handle 100 GE demands, DE-CIX has made it very easy for us to expand our capacity there. In this way, we’re well-positioned for the growing IP traffic volumes around the world.”