Nicira uncloaked

Nicira, the OpenFlow startup behind the Open vSwitch, has finally dropped the stealthy cloak. Congratulations!!! Their web site is still pretty sparse on details, but you can get an initial impression of what they’re doing from a number of white papers describing Network Virtualization Platform and DVNI architecture. Short summary: I was almost right, but being a routing-and-switching bloke missed a few interesting bits – OpenFlow (and Open vSwitch) can easily combine security and forwarding functionality.

Captain, a new startup has just uncloaked!
(and why cloaking doesn't work too well in space)

Does it matter to you? It depends on what you’re doing. If you have only a few hundred servers, you’ll do just fine with VLANs. NVP/OpenvSwitch combo with L2/L3-over-IP tunneling is ideal for very large data centers building IaaS infrastructure with Linux-based servers (Xen/KVM/OpenStack). They do mention ESX in their NVP architecture diagram, but unless they used the same API as Nexus 1000V (which would be really cool ... and somewhat improbable), Open vSwitch on ESX would be a total kludge.

2012-02-06 10:00 GMT - based on a presentation one of my readers shared with me (thank you!), it looks like Open vSwitch on ESX (actually NVP OVS Appliance) uses very interesting properties of statically bound distributed ports on vDS switches. All the VM traffic has to pass through the OVS Appliance, so don't expect more than a few Gbps of throughput (the setup is similar to a dvFilter-based firewall operating in slow path), but it's definitely a cool trick.

If you're not sure whether you should be interested in OpenFlow, join us in a free OpenFlow/SDN webinar sponsored by BigSwitch Networks.

On the Virtual or Physical Appliance side of the same diagram, you’ll probably notice they rely on Open vSwitch running in that appliance (because they need their proprietary extensions and/or OVSDB to get it all working – OpenFlow 1.0 is simply not rich enough). Start googling for vendors implementing OpenFlow with Open vSwitch to get the whole picture: here’s an interesting one. Anyone else? Write a comment!


  1. I am wondering how much Nicira would impact the network appliance business (ADC, firewalls, security gateways, etc...)
    Theoricallly, Nicira could trigger their transformation into basic silicon chip foundries :-D
    Or give the business hand to new players in the data path only...

    Or is that just apply to router/switch?
  2. From the NVP solutions white paper: "First, and most widely deployed is OVS in the server hypervisor, a complete software solution that works with .. ESX." How?
Add comment