Feeds

Big Switch uncloaks, fires virty network wares at VMware/Nicira

'Our OpenFlow is more open than your OpenFlow'

Top three mobile application threats

Big Switch Networks, the stealthy startup spun out of the Stanford University labs that developed the OpenFlow software-defined networking protocol that's reshaping the stodgy and crufty networking business, has uncloaked – and it's taking direct aim at VMware's Nicira acquisition, which also spun out of Stanford.

Speaking to El Reg ahead of Big Switch's uncloaking, company CEO Guido Appenzeller said that Nicira was spun out of the lab a little too early and therefore its vision of networking was not as complete.

"They are adamant that the physical network is just a forwarding plane," Appenzeller said of the Nicira approach, adding that Nicira's definition of virtual networking it to only do an OpenFlow overlay on top of physical networks and to use virtual switches – specifically, at the moment only its own Open vSwitch virtual switch.

Appenzeller's criticism carries some weight, since he is still a consulting professor at Stanford and was head of the Clean Slate Lab that created the OpenFlow standards.

Appenzeller cofounded Big Switch in March 2010, and got angel funding from Charlie Giancarlo, a former chief development officer at Cisco. Big Switch raised $13.75m in venture funding from Index Ventures and Khosla Ventures in April 2011, and two weeks ago announced its Series B round of $25m, which was led by Redpoint Ventures with contributions from Goldman Sachs, Index Ventures, and Khosla Ventures.

Flush with cash and with products ready for sale, Big Switch is ready, willing, and able to get into a technical argument with VMware/Nicira about who has the more complete vision of SDN. But what Big Switch really wants to do is let everyone know that after nearly three years of development, it has a commercial-grade version of its Floodlight OpenFlow controller ready for sale, as well as some add-on applications that ride on top of it.

Inflexible networks cost money

The issue that both Nicira and Big Switch are wrestling with – and that Cisco, HP, and other established network hardware and management software providers are reacting to with a mix of their own code and OpenFlow support – is that servers and storage have evolved into the 21st century cloudy era, but networking has not.

"As the evolution of servers shows, when open architectures are adopted, they drive all kinds of value-add," says Jason Matlof, vice president of marketing at Big Switch, who was hired last month ahead of the launch of the company.

Matlof ran product management for the fixed configuration Catalyst switches at Cisco in the mid-1990s, worked at a bunch of network startups, and was a partner at venture capitalist Battery Ventures, managing early-stage network startups.

"The problem is that today's networking infrastructure is stuck in the 1970s mainframe era," he says. "It is a vertically integrated stack that is brittle and inflexible."

Traditional networks married to virtual servers are too static

Traditional networks married to virtual servers are too static

At every layer in the network today, you have to manage different sets of rules, tables, and lists, and you generally have to use a different management console at each level. You have rules in the firewall, access control lists in Layer 3 switches and routers, forwarding tables and VLANs in Layer 2 switches, and port groups in virtual switches embedded inside of server virtualization hypervisors.

This is a pain in the neck.

Big Switch wants to make networking more malleable – which is the same goal that Nicira has – but the company is also committed to providing a set of open APIs coming northbound out of its OpenFlow controller that will allow third parties to create network applications that can plug into Big Switch's Floodlight OpenFlow network controller, which is itself open source and which uses OpenFlow protocols to talk down to both virtual and, in the Big Switch world, physical switches.

The OpenFlow protocols are driven by a user-based standards group, called the Open Networking Foundation, a group that is not dominated by vendors like the IEEE and IETF is, according to Appenzeller, but a mix of users and vendors.

At the center of Big Switch's product line is the commercial version of the Floodlight controller, which is called the Big Network Controller. This OpenFlow controller is an offshoot of the open source Beacon OpenFlow controller created by Stanford PhD student David Erickson.

Floodlight is distributed under an Apache 2.0 license, which is important because it is compatible with OpenStack, CloudStack, and Hadoop. The Floodlight code was released in January, and through the end of August had over 10,000 downloads.

It stands to reason that more than a few of those downloads were by IT vendors trying to figure out if they should acquire Big Switch before it came out of stealth, much as VMware splurged $1.26bn to acquire Nicira back in July before it uncloaked.

How Big Switch Networks plugs together a software-defined network

How Big Switch Networks plugs together a software-defined network

As with other OpenFlow setups, the Big Network Controller is, as the name suggests, managing the control plane of the network, while physical and virtual switches supporting the OpenFlow protocol have their data plane stored locally in the virtual and physical switches (as they were in the past), but with the ability to update them on the fly rather than by hand, instantly as network and application conditions change.

Perhaps more importantly, it can be done programmatically by the controller itself once it is equipped with applications, much as control-freak software from VMware and others can be used to manage how virtual machines are spun up and down or live-migrated around a server cluster automagically.

Big Switch may have come up with its own controller, but it is not developing its own virtual switch. Rather, it is using the Open vSwitch created by Nicira and that presumably will be adopted by VMware inside of its ESXi hypervisor.

Citrix Systems adopted Open vSwitch years ago and embedded it inside of its XenServer commercial-grade hypervisor, and Canonical Ubuntu Server 12.04 and Red Hat Enterprise Linux 6.3 have Open vSwitch tucked up inside as well. VMware has its own proprietary and closed vSwitch for ESXi, and Cisco has its own Nexus 1000V virtual switch as well, which has some of its APIs exposed – but not all of them, according to Matlof. Microsoft's Hyper-V has its own virtual switch, too, and the APIs are opened up.

Big Switch says you can save big bucks by taking your network virtual

Big Switch says you can save big bucks by taking your network virtual

At the moment, Big Switch's Floodlight-based controller only talks to Open vSwitch and the unnamed virtual switch inside of Hyper-V. It can support up to 250,000 new host connections per second and talk to over 1,000 physical or virtual switches on a single two-socket x86 server. Arista Networks, Dell, Brocade, Juniper Networks, Brocade Communications, and Extreme Networks have all partnered with Big Switch, and their OpenFlow-enabled switches are certified to be control-freaked by Big Network Controller. Switches from IBM and HP have been tested for interoperability, but there are no formal partnerships.

Appenzeller says that the controller has built-in, low-level clustering software so you can hook two controllers together for redundancy. A controller failure would not take the network down, but it would lock it into its then-current state, much as a hypervisor controller failure would. Any applications relying on the OpenFlow controller would fail if the controller went down, obviously. So you really want to double up.

The commercial Big Network Controller takes the open source Floodlight and adds various enterprise services to it, including selective broadcast, topology management, high availability and performance scalability from that clustering software, and statistics, analysis, tracing, and troubleshooting tools. It costs $20,400 per year to license Big Network Controller.

It is not clear if Big Switch is offering a commercially supported edition of Open vSwitch, but obviously it should do so.

The various ways of deploying SDN

The various ways of deploying SDN. VMware does the left scenario, Big Switch does them all.

In addition to the controller, Big Switch is rolling out two of its own applications that ride on top of its OpenFlow controller. The first is called Big Virtual Switch, and is the control freak that rides atop the OpenFlow controller to automatically and dynamically provision Layer 2 and 3 of the network. Because static networks bar VM mobility, Big Switch says that this basically locks down virtual machine workloads on servers in places they might not otherwise remain.

By making the network segmentation dynamic, the server workloads can be more dynamic, and the upshot of using the Big Virtual Switch application is that you can cram anywhere from 25 to 50 per cent more VMs onto a cluster of physical servers.

Big Virtual Switch is also where the OpenStack plug-in that was announced back in July lives in the Big Switch stack.

Big Virtual Switch can manage up to 32,000 virtual network segments (the analogy to a VLAN in an SDN world) from a standard two-socket server that is also running the Big Network Controller. A license to Big Virtual Switch Network Controller costs $50,400 a year for a setup that has 25 physical switches, 25 virtual network segments, or some combination of the two.

The second application that Big Network has created for its Floodlight-based controller is called Big Tap, an enterprise-wide network monitoring tool that pulls all of the data out of the Big Network Controller and filters it intelligently so your network admins don't go nuts trying to manage these virtual and physical networks. Big Tap is also used to pipe network information to third party security, monitoring, and network packet broker tools. It costs $500 per feed out of the controller and into those tools. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.