Nicira uncloaked

Nicira, the OpenFlow startup behind the Open vSwitch, has finally dropped the stealthy cloak. Congratulations!!! Their web site is still pretty sparse on details, but you can get an initial impression of what they’re doing from a number of white papers describing Network Virtualization Platform and DVNI architecture. Short summary: I was almost right, but being a routing-and-switching bloke missed a few interesting bits – OpenFlow (and Open vSwitch) can easily combine security and forwarding functionality.


Captain, a new startup has just uncloaked!
(and why cloaking doesn't work too well in space)

Does it matter to you? It depends on what you’re doing. If you have only a few hundred servers, you’ll do just fine with VLANs. NVP/OpenvSwitch combo with L2/L3-over-IP tunneling is ideal for very large data centers building IaaS infrastructure with Linux-based servers (Xen/KVM/OpenStack). They do mention ESX in their NVP architecture diagram, but unless they used the same API as Nexus 1000V (which would be really cool ... and somewhat improbable), Open vSwitch on ESX would be a total kludge.

2012-02-06 10:00 GMT - based on a presentation one of my readers shared with me (thank you!), it looks like Open vSwitch on ESX (actually NVP OVS Appliance) uses very interesting properties of statically bound distributed ports on vDS switches. All the VM traffic has to pass through the OVS Appliance, so don't expect more than a few Gbps of throughput (the setup is similar to a dvFilter-based firewall operating in slow path), but it's definitely a cool trick.

If you're not sure whether you should be interested in OpenFlow, join us in a free OpenFlow/SDN webinar sponsored by BigSwitch Networks.

On the Virtual or Physical Appliance side of the same diagram, you’ll probably notice they rely on Open vSwitch running in that appliance (because they need their proprietary extensions and/or OVSDB to get it all working – OpenFlow 1.0 is simply not rich enough). Start googling for vendors implementing OpenFlow with Open vSwitch to get the whole picture: here’s an interesting one. Anyone else? Write a comment!

2 comments:

  1. I am wondering how much Nicira would impact the network appliance business (ADC, firewalls, security gateways, etc...)
    Theoricallly, Nicira could trigger their transformation into basic silicon chip foundries :-D
    Or give the business hand to new players in the data path only...

    Or is that just apply to router/switch?

    ReplyDelete
  2. From the NVP solutions white paper: "First, and most widely deployed is OVS in the server hypervisor, a complete software solution that works with .. ESX." How?

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.