Move over, OpenFlow. Network gear-maker Cisco Systems touts its new OpFlex as a better alternative to classic software-defined networking (SDN) that spells fast application deployment and high network uptimes.
Introduced in April, OpFlex is a protocol that promises the easy application-deployment support of SDN without the negatives, namely compromised network resiliency and scalability.
In SDN, the network’s control plane is separated and situated in a controller. This separation simplifies the communication architecture, making it easier for developers to deploy their applications across the network. But the distinct control plane can be a bottleneck. “Scale and resiliency become problems,” says Cisco product development director Michael Cohen in an interview from the Cisco Live! conference in San Francisco. “You have to make sure the controller is always connected to the network; the network is dead without it. And the controller becomes increasingly complex, because it’s managing all these low-level states.”
Like SDN, Cisco’s system separates part of the network infrastructure—but not the entire control plane. Instead, the company’s architecture separates only the application-policy part. The rest of the control-plane infrastructure continues to reside in the various network elements. The result: a network that can scale up as required and stays up if the application policy repository goes offline.
“That’s the right tradeoff,” Cohen says. “It gives you scale and resiliency, but it offers one place to define what you want the network to do.”
Microsoft, IBM and others support OpFlex
OpFlex works with Cisco’s Application Centric Infrastructure (ACI) architecture, which includes the company’s Nexus 9000 Series Switches, an Application Virtual Switch (AVS), and what Cisco calls an Application Policy Infrastructure Controller (APIC), where application policies are centralized. But the company certainly isn’t going it alone. Cisco has submitted OpFlex to the IETF for standardization (read the company’s IETF draft for more details about the technology), where Microsoft, IBM and others work together to ensure OpFlex is interoperable. Cisco is also creating an open-source OpFlex agent that can be embedded in devices to support the new protocol.
OpenDaylight, the collaborative IT industry project to accelerate SDN adoption, has created a Group Policy Plug-in subproject to develop a policy-based API that can work as a standard OpFlex implementation model. Lori MacVittie at Cisco ACI partner F5 Networks describes the benefits compared with traditional SDN policies thus:
“Instead of a policy that’s essentially a bunch of ACLs and routing and switching entries, it’s designed to be more developer and human friendly. So you might say ‘Web server A can speak SQL to Database server 1’ or ‘Let the OpenStack console communicate with App Server B.’” She explains that this setup is less prone to misconfiguration beside typical SDN frameworks because it’s simpler. “No configuration-specific commands are being communicated.”
This kind of group policy think happens to be where network administrators and IT decision makers can start to prepare for the benefits of OpFlex and application-centric infrastructure, according to Cisco’s Cohen. “Start looking at and using the group-based policy approaches,” he says. “This is the new model. If you can directly capture the developers’ intent rather than ask them to translate their plans into a network design, you can create a policy that gives them what they need.”
Cisco only started its OpFlex push a few weeks ago, so these are early days. Still, given the company’s track record for developing and promoting network advancements—and considering the many other communication-technology firms on board with the new protocol—it seems likely that OpFlex will make its mark on the industry.