Big Switch uncloaks, fires virty network wares at VMware/Nicira
'Our OpenFlow is more open than your OpenFlow'
Big Switch Networks, the stealthy startup spun out of the Stanford University labs that developed the OpenFlow software-defined networking protocol that's reshaping the stodgy and crufty networking business, has uncloaked – and it's taking direct aim at VMware's Nicira acquisition, which also spun out of Stanford.
Speaking to El Reg ahead of Big Switch's uncloaking, company CEO Guido Appenzeller said that Nicira was spun out of the lab a little too early and therefore its vision of networking was not as complete.
"They are adamant that the physical network is just a forwarding plane," Appenzeller said of the Nicira approach, adding that Nicira's definition of virtual networking it to only do an OpenFlow overlay on top of physical networks and to use virtual switches – specifically, at the moment only its own Open vSwitch virtual switch.
Appenzeller's criticism carries some weight, since he is still a consulting professor at Stanford and was head of the Clean Slate Lab that created the OpenFlow standards.
Appenzeller cofounded Big Switch in March 2010, and got angel funding from Charlie Giancarlo, a former chief development officer at Cisco. Big Switch raised $13.75m in venture funding from Index Ventures and Khosla Ventures in April 2011, and two weeks ago announced its Series B round of $25m, which was led by Redpoint Ventures with contributions from Goldman Sachs, Index Ventures, and Khosla Ventures.
Flush with cash and with products ready for sale, Big Switch is ready, willing, and able to get into a technical argument with VMware/Nicira about who has the more complete vision of SDN. But what Big Switch really wants to do is let everyone know that after nearly three years of development, it has a commercial-grade version of its Floodlight OpenFlow controller ready for sale, as well as some add-on applications that ride on top of it.
Inflexible networks cost money
The issue that both Nicira and Big Switch are wrestling with – and that Cisco, HP, and other established network hardware and management software providers are reacting to with a mix of their own code and OpenFlow support – is that servers and storage have evolved into the 21st century cloudy era, but networking has not.
"As the evolution of servers shows, when open architectures are adopted, they drive all kinds of value-add," says Jason Matlof, vice president of marketing at Big Switch, who was hired last month ahead of the launch of the company.
Matlof ran product management for the fixed configuration Catalyst switches at Cisco in the mid-1990s, worked at a bunch of network startups, and was a partner at venture capitalist Battery Ventures, managing early-stage network startups.
"The problem is that today's networking infrastructure is stuck in the 1970s mainframe era," he says. "It is a vertically integrated stack that is brittle and inflexible."
Traditional networks married to virtual servers are too static
At every layer in the network today, you have to manage different sets of rules, tables, and lists, and you generally have to use a different management console at each level. You have rules in the firewall, access control lists in Layer 3 switches and routers, forwarding tables and VLANs in Layer 2 switches, and port groups in virtual switches embedded inside of server virtualization hypervisors.
This is a pain in the neck.
Big Switch wants to make networking more malleable – which is the same goal that Nicira has – but the company is also committed to providing a set of open APIs coming northbound out of its OpenFlow controller that will allow third parties to create network applications that can plug into Big Switch's Floodlight OpenFlow network controller, which is itself open source and which uses OpenFlow protocols to talk down to both virtual and, in the Big Switch world, physical switches.
The OpenFlow protocols are driven by a user-based standards group, called the Open Networking Foundation, a group that is not dominated by vendors like the IEEE and IETF is, according to Appenzeller, but a mix of users and vendors.
At the center of Big Switch's product line is the commercial version of the Floodlight controller, which is called the Big Network Controller. This OpenFlow controller is an offshoot of the open source Beacon OpenFlow controller created by Stanford PhD student David Erickson.
Floodlight is distributed under an Apache 2.0 license, which is important because it is compatible with OpenStack, CloudStack, and Hadoop. The Floodlight code was released in January, and through the end of August had over 10,000 downloads.
It stands to reason that more than a few of those downloads were by IT vendors trying to figure out if they should acquire Big Switch before it came out of stealth, much as VMware splurged $1.26bn to acquire Nicira back in July before it uncloaked.
How Big Switch Networks plugs together a software-defined network
As with other OpenFlow setups, the Big Network Controller is, as the name suggests, managing the control plane of the network, while physical and virtual switches supporting the OpenFlow protocol have their data plane stored locally in the virtual and physical switches (as they were in the past), but with the ability to update them on the fly rather than by hand, instantly as network and application conditions change.
Perhaps more importantly, it can be done programmatically by the controller itself once it is equipped with applications, much as control-freak software from VMware and others can be used to manage how virtual machines are spun up and down or live-migrated around a server cluster automagically.
Big Switch may have come up with its own controller, but it is not developing its own virtual switch. Rather, it is using the Open vSwitch created by Nicira and that presumably will be adopted by VMware inside of its ESXi hypervisor.
Citrix Systems adopted Open vSwitch years ago and embedded it inside of its XenServer commercial-grade hypervisor, and Canonical Ubuntu Server 12.04 and Red Hat Enterprise Linux 6.3 have Open vSwitch tucked up inside as well. VMware has its own proprietary and closed vSwitch for ESXi, and Cisco has its own Nexus 1000V virtual switch as well, which has some of its APIs exposed – but not all of them, according to Matlof. Microsoft's Hyper-V has its own virtual switch, too, and the APIs are opened up.
Big Switch says you can save big bucks by taking your network virtual
At the moment, Big Switch's Floodlight-based controller only talks to Open vSwitch and the unnamed virtual switch inside of Hyper-V. It can support up to 250,000 new host connections per second and talk to over 1,000 physical or virtual switches on a single two-socket x86 server. Arista Networks, Dell, Brocade, Juniper Networks, Brocade Communications, and Extreme Networks have all partnered with Big Switch, and their OpenFlow-enabled switches are certified to be control-freaked by Big Network Controller. Switches from IBM and HP have been tested for interoperability, but there are no formal partnerships.
Appenzeller says that the controller has built-in, low-level clustering software so you can hook two controllers together for redundancy. A controller failure would not take the network down, but it would lock it into its then-current state, much as a hypervisor controller failure would. Any applications relying on the OpenFlow controller would fail if the controller went down, obviously. So you really want to double up.
The commercial Big Network Controller takes the open source Floodlight and adds various enterprise services to it, including selective broadcast, topology management, high availability and performance scalability from that clustering software, and statistics, analysis, tracing, and troubleshooting tools. It costs $20,400 per year to license Big Network Controller.
It is not clear if Big Switch is offering a commercially supported edition of Open vSwitch, but obviously it should do so.
The various ways of deploying SDN. VMware does the left scenario, Big Switch does them all.
In addition to the controller, Big Switch is rolling out two of its own applications that ride on top of its OpenFlow controller. The first is called Big Virtual Switch, and is the control freak that rides atop the OpenFlow controller to automatically and dynamically provision Layer 2 and 3 of the network. Because static networks bar VM mobility, Big Switch says that this basically locks down virtual machine workloads on servers in places they might not otherwise remain.
By making the network segmentation dynamic, the server workloads can be more dynamic, and the upshot of using the Big Virtual Switch application is that you can cram anywhere from 25 to 50 per cent more VMs onto a cluster of physical servers.
Big Virtual Switch is also where the OpenStack plug-in that was announced back in July lives in the Big Switch stack.
Big Virtual Switch can manage up to 32,000 virtual network segments (the analogy to a VLAN in an SDN world) from a standard two-socket server that is also running the Big Network Controller. A license to Big Virtual Switch Network Controller costs $50,400 a year for a setup that has 25 physical switches, 25 virtual network segments, or some combination of the two.
The second application that Big Network has created for its Floodlight-based controller is called Big Tap, an enterprise-wide network monitoring tool that pulls all of the data out of the Big Network Controller and filters it intelligently so your network admins don't go nuts trying to manage these virtual and physical networks. Big Tap is also used to pipe network information to third party security, monitoring, and network packet broker tools. It costs $500 per feed out of the controller and into those tools. ®
Sponsored: Benefits from the lessons learned in HPC