SDN

August 22, 2018 Cisco

Software Defined, Cisco, and DevNet

Reading Time: 3 minutes

It has been said that software is eating the world. In the world of networking, however, the food has been slow to digest. Network engineers can be a stodgy bunch, and change is not only slow to come but fast to be bludgeoned angrily. If this year’s Cisco Live conference is any indication, however, software, it seems, has started bludgeoning back.

Hardware has remained king for decades, with the software operating systems taking second position in the dance of features and functionality. Purchasers of network gear would base their decisions almost exclusively on hardware capabilities while accepting whatever software came on the box as just the way things were. Buy speeds and feeds, and you hoped that the software was up to snuff.

Network engineers considered–many still consider–that the software was difficult to master as a badge of honor; if you wanted to call yourself a network engineer it was not enough to understand protocols and architectures, you had to master painful operating systems, arcane syntax, and often contradictory configurations as well. Industries were born to train and certify engineers on network operating systems, and those engineers would then go on with biases toward the gear with which they had familiarity. And the cycle of life rolled onward.

With the advent of the hackneyed software defined movement a few years ago, this all began to slowly change. The focus started shifting towards the software as the driver of features and functionality, with the hardware increasingly seen as fulfilling a supporting role in pushing data around our insular connected worlds. The hardware was beginning to be seen as good enough so as to not require a particular badge or pedigree. The purveyors of pedigreed hardware were looking at an uncertain future.

The software defined movement came from a place of optimism, of a legitimate desire to make things better and to put the world of networking back on the right tracks that were seen as long ago abandoned. The way had been lost, and software defined was going to lead the industry out of the dark. Large and established companies, however, did not get that way by accident and, though initially slow to react, pivoted and began to embrace and extend, some would say co-opt, the fledgling movement. Soon, everyone was leading with software.

Nowhere was this pivot so jarring as with Cisco, a stalwart, dominant, market-leading behemoth of the networking equipment world. And as with other industry shifts before (VoIP, computing hardware), Cisco quickly (or, as quickly as they could given their size) adapted themselves to the new world order. They began rolling out application programming interfaces, a kind of inside-baseball way of making hardware do what you want while bypassing the traditional, company-written, software operating system. They started opening up more and more of their hardware, and they began contributing to various open-source software projects ostensibly designed to marginalize their very same hardware.

It is in this climate that Cisco established their developer network, DevNet, as a place for code-exchange among software developers. They published more and more APIs, more documentation, and began to dip a proverbial toe in the waters of more formalized training, inculcating engineers into the software defined mentality as seen through Cisco’s eyes. They started a specialized DevNet conference called DevNet Create, and they began bringing DevNet wherever they went. And it grew, and it grew, and it kept growing.

According to Cisco DevNet now has over 500,000 registered developers, over 38,000 contributing companies, 72,500 learning labs, and over 60,000 regular active users. There are reservable sandboxes for testing and development, almost all Cisco hardware as well as Kubernetes clusters, and multiple code repositories with code curated exchanges open to any developers to use. This entire ecosystem is separate from Cisco’s existing D‑Cloud demo environment, and doesn’t depend on any particular relationship with Cisco or third-party resellers. Those numbers are impressive by anyone’s standards, especially for something which has only existed for a few short years. It truly is an example of build it and they will come.

This year at the annual Cisco Live conference, held in lovely summertime Orlando, the DevNet portion of the show was the most impressive piece of the conference. And not just the raw numbers, which were impressive on their own, but in the acreage the DevNet zone consumed on the World of Solutions show floor as well as the excitement and buzz surrounding the thing. The most difficult classes and sessions to get into were all within the DevNet sphere, and it wouldn’t surprise me if next year’s conference saw the DevNet ecosystem called out with a separate fee structure from the rest of the conference.

Cisco’s evolution is just one example–perhaps the biggest–of the changes occurring in the networking industry. New businesses coming out of the Valley and other places with new notions of what networking can and should be is one thing, watching the industry giants pivot in that same direction brings a level of validation that we would be remiss to overlook or discount. Change is not just coming, it’s already here, and if you’re looking at your career thinking it’s only a fad, you are running out of time to stay ahead of, or even keep up with, the monumental changes still to come.

August 22, 2016 Uncategorized

Glue Networks Changes the Automation Game

Reading Time: 3 minutes

“Simplicity is the ultimate sophistication.”

Clare Boothe Luce

According to a recently published survey by Cisco Systems, Inc., IT organizations spend 67% of their budgets on operational expense, and consume 80% of their time in the process. That is a staggering amount of time and money spent on simply managing the technology infrastructure of an enterprise. It comes as no surprise, then, that so many people are focused on reducing those numbers, and on increasing time-to value of new technology in the process.

Glue Networks is one of the companies trying to solve this problem by bringing automation to the network. Jeff Gray, CEO of Glue Networks, claims that they have built the “first model driven, multi-vendor, software defined network, orchestration platform that allows organizations to control their networks in a new way.” That’s a lot of words, and a bold claim, to be certain, but there’s many a slip twixt the cup and the lip, and claims are easy to make. Proving them out is more difficult.

One of the challenges in today’s networks, particularly when speaking about automation, is the wide variety of products, platforms, hardware, circuits, etc., that exist and need to be controlled. If I want to make a change in my QoS policy across a specific path in my network, for instance, I may have to touch several brands of gear, as well as several different models within one vendor’s product line. Automating any kind of task, let alone a complex change, has historically been extremely difficult. Even with great scripting, it’s difficult to make changes everywhere at once.

Glue has taken a unique approach to this problem by creating data-driven models based on intent. In other words, their Glueware Control platform looks at what the intent of the operator is in requesting a change. You’re operating at a higher level of abstraction from the raw gear to be changed, and letting the control platform figure out how to execute the changes needed in order to fulfil your intent. You tell the system what hardware you have, and it uses its knowledge of that hardware to execute changes.

Whenever you abstract another layer above a hardware change, you rely more and more on the accuracy of your models and formulas to tell the hardware what needs to happen. If your automation engine can only talk to three models of switches, it is not going to be spectacularly useful. Currently the Glueware Control platform comes with models for 13 different multi-vendor packages and operating systems, with many more on the way. These are the recipes for how the system talks to your gear, so more is always better. The current goal, according to Gray, is to release a new vendor package every three weeks.

Glue also announced the release of the Glueware Community, which is what they’re calling their user-driven, online, ecosystem for collaborating with fellow users. Here is where a robust community of users exchanges recipes and formulas that they have written, which may not be something that Glue has released themselves. In other words, maybe you have a somewhat rare device that few people have, and no one has written a model for it yet. You wrote a model (there are plenty of examples and instructions on the community site) to support your unique device, put it into the community repository, and now other users can benefit from your solution. This is quite a good way to both encourage community participation, and to rapidly increase adoption by growing the models and formulas repository in leaps and bounds.

Responding to customers, Glue has also taken their traditionally cloud-based platform and extended it into an on-premises solution, saying that many customers needed a “behind the firewall” solution. They have also expanded from a purely WAN-based solution, into both LAN and datacenter environments, extending their usefulness across the whole of the enterprise, rather than simply running as a point solution.

Another feature that is extremely promising is the ability for the platform to dynamically create models, based on your gear, in a brownfield environment. You can install this product, and based on what it knows, it will model your network devices and pull them into the system. This shortens the time to value equation by allowing users to immediately derive value from the product, something which helps to prevent an expensive purchase from becoming shelf-ware.

All in all, I’d say that Glue has made great strides in this release, and definitely is at the forefront of vendors providing solutions to one of the most pressing issues of the day. While many other products and solutions purport to solve the automation problem, reducing operational expenses and staff utilization, far too many require large investments in what are ultimately non-vendor agnostic ecosystems. These latter systems tend to move the problem from OPEX to CAPEX, while introducing tremendous amounts of complexity. Glue offers a solution that is both simple and powerful, and should definitely be something you take a look at implementing.

For more information on the platform, how it works, and what problems it solves, take a look at this presentation by Olivier Huynh Van, CTO and Co-founder of Glue Networks:

November 16, 2013 Network

Ruminations on Software Programming

Reading Time: 4 minutes

Software programming is a challenging endeavor. I know, because it’s how I started my career, and it’s still something I do for fun and to keep my network engineering skills sharp. Writing software is also very tedious, which is why I quickly moved on to other things and now haven’t written code professionally for over 18 years or so. It takes a particular kind of person who wants to really learn the syntax and thought process needed to be truly skilled at coding.

It is also a particular type of person who wants to know the level of detail in how a large-scale network operates. Most IT professionals are content to know the basics of networking—enough to do their day jobs—and leave the hard-core network knowledge to that special sort of masochist breed known as network engineers. The hardcore network folks who are obsessed with performance tuning even the smallest details of how packets move around and between datacenters, the intricate differences between routing protocols, tunnels, underlays and overlays, and bit-twiddling for fun and profit.

In the past, those two sides of what I’ll loosely call the IT world have typically been different functions. The software types write the code for the systems, the systems people deliver the services, and the network folks tie it all together. From the outsiders’ point of view looking in, we’re all “computer nerds” and any differences between us are largely semantic at best. But peel back the vale and you’ll see that we’ve all decamped to our respective corners of the playroom and started our own little fiefdoms.

To hear some tell the tale the loose alliances and unsteady truces that have kept us functioning for so long are about to collapse under the weight of a new technology paradigm: Software Defined Networking. While I hope the current crop of shrill screeds about network engineers dying off if they don’t learn to program will slowly start to fade away as the reality of things sets in, I’m not holding my breath. SDN brings changes to the playroom of IT, for sure, but as I’ve written many times before, it is incremental, not wholly disruptive, change that’s coming on the back of SDN.

We only have to look to the changes that have happened in the systems space over the last 8–10 years or so to see what the future looks like. When the first wave of system virtualization started to make inroads, there was a tremendous amount of pushback from all corners of the IT establishment. Vendors refusing to support anything installed on a virtualized OS was the norm, and there were all sorts of opined pieces floating around the trade magazine circuit, bemoaning the death of the systems and applications folks.

In this brave new virtualized world, so went the reasoning, there would be no need for systems administrators. They would all go away in favor of this new specialty. In reality what happened was that the systems people kept right on doing what they’d always done, which was to learn the new technology… incremental change prevailed. Now any self-respecting systems admin knows and understands at least one hypervisor system at a pretty solid level. The tools changed, the paradigm shifted, and the systems administrators changed in parallel.

Did everyone suddenly become software programmers? Nope. They just kept on adapting with the times and instead of using the tools they had been using, or perhaps in addition to those tools, they started using new tools like Microsoft’s PowerShell. Now most big appliances in the systems world are accessible via PowerShell commands and the systems people can do more than ever. In fact, they can do it more quickly and accurately than in years past.

The same thing is going to happen on the network side. Instead of being confined to a pre-built OS, purpose built for one device, we’ll be able to access all of our devices using various new methods. Some of us will use off-the shelf solutions wrapped up as management packages—does anyone doubt that the big-boys of the network world will come out with software for SDN controllers that is pre-built, pre-packaged, and ready to use with no programming knowledge required? Others will use more advanced techniques and script our own tools to do specialized tasks as we need.

Given the changes coming in the next few years, I will say that any network engineers out there who haven’t been exposed to basic programming precepts; things like loops and basic logic flow, algorithms, and generalized problem solving using a programming-like syntax, should probably pick up a book and start playing around a little. PowerShell is a good place to start, as would Unix shell scripting (start with bash), but if you really want to learn a programming language, and you want something that will be useful in the networking world over the next few years, I’d highly recommend starting with Python. It’s easy to learn, easy to use, easy to get things done, and you get some immediate gratification. Also, outside of pure scripting languages, Python really seems to be where everyone seems to be coalescing when it comes to SDN controllers and APIs for network programming. Jennifer Rexford writes about the Frenetic Project and Pyretic in this article at Tech Target and it is well worth a read.

At the end of the day, the IT game is one where the rules are always changing, the skillsets always evolving, and quite honestly if you’re still doing the same thing you learned 5 years ago you’re already behind the curve. SDN may shake up the world of network engineering in a way we haven’t seen in a while, but it is nothing more than the continued march of progress. If you’re not reading at least one whitepaper or book on a new technology at all times, I personally don’t see how you’ve stayed in the game this long. SDN is just more of the same. Adapt or quit now.

Software programming is always going to be a specialized skillset, as is network engineering—at least at the highest levels. That doesn’t mean that you shouldn’t embrace the coming change and learn to play with the kids on the other side of the playroom a bit, though. If you venture over to the other side, you might find that some of the toys they have are the missing pieces from your play set, and that you have more in common with one another than you originally thought.

August 11, 2013 SDN

SDN Myths

Reading Time: 6 minutes

In 1876, an internal memo at Western Union is reported to have read: “This ‘telephone’ has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us.” At the time, Western Union was the Microsoft of its day–a behemoth company that touched everyone’s lives. While the veracity of that quote is questionable, the fact remains that after losing a patent lawsuit to Bell Telephone in 1879, the Western Union shifted its focus to money transfers. To put it another way, the entire business model upon which Western Union was predicated, collapsed to a new, disruptive technology that the leaders of the business failed to capitalize on.

While this has important lessons for business leaders today, we often see an almost reflexive reaction to new technologies in the other direction. We get in such a bother trying to divine the “next big thing” that we almost entirely fail to qualify the claims that are being made and end up betting the bank on unproven or half-baked concepts.

I’m certainly not saying that SDN is any of these things, but rather that there are a lot of myths and marketing fogging up the landscape. I actually believe that SDN–in at least some of its purported definitions–will most definitely make it into the networks of tomorrow, and further that several things will change as a result. I don’t, however, buy into a lot of the myths that seem to have developed suddenly, out of the ether, around the technology.

I should also point out that the myths below are some of the more common ones I hear, but taken in totality don’t necessarily represent any one company’s vision of SDN. There are many competing technologies and companies claiming the mantle of SDN which, in many cases, are completely at odds with one another. Is SDN the abstraction of the forwarding plane from the control plane? Is it programmatic access to network devices? Is it automagical definition of policy across abstracted forwarding planes–boxes of dumb pipes manipulated by controllers? The answer is, it depends on who you ask and what they’re selling. Myths abound, no matter from which perspective you look, and we’re going to debunk a few now.

SDN is a Useful Term — I don’t think so, no. I think the term is “marketecture” and is largely meaningless beyond very high-level discussions. There are so many competing visions of not only how to “do” SDN, but of what it even means that largely the catch-all term has lost its usefulness for an engineering-level discussion. Established companies are competing with start-ups, with one another, and in some cases internally to define what SDN is and what it is not. A lot of these ideas will end up in products and technology that will eventually be for sale, while many will fade or become nothing more than slight business differentiators in incrementally improved hardware. As it stands today, SDN as a term is nothing more than the cloud of this year–the thing-du-jour that every company can’t wait to shoe-horn into every marketing slide and product-line they have. It is itself devoid of meaning or usefulness. That’s not to say that the component pieces of any of the amalgamations of definitions aren’t themselves extremely useful–they are–but rather that the term is not useful.

SDN reduces complexity — For those preaching the “less complexity” variant of SDN, I’d say that you need to look at history. Did the advent of virtualization increase or decrease overall complexity in the compute space? It increased it, of course, by several orders of magnitude. The same goes for storage abstraction, and the same will happen with SDN. We may or may not gain efficiencies and flexibility, but we most assuredly will not gain simplicity.

SDN eliminates Network Engineers - This is patently silly on multiple fronts, but let’s just go with the easily picked and obvious nit to begin with: SDN is predicated on having a robust network architecture underpinning it. In other words, you can’t have software-defined anything until you have an infrastructure in place to build on. That infrastructure is going to be complex, highly specialized, and not at all simple to design, build, or maintain. Day-to-day change management will likely be done by less qualified folks, but you’ll still have a place for skilled engineers in the same place where they operate today: design, build-out, and troubleshooting complex environments.

SDN lowers costs — Based on past experience, I don’t think this will ever be true either. People will conflate the downward pressure on pricing and the further commoditization of all aspects of hardware with a lowering of costs directly because of SDN, but this is incorrect. It is incorrect in the same way it would be wrong to say that the abstraction of compute and storage in any way lowered overall costs.

To make sense of this you really have to start looking at 5 and 10 year historical costs (or even 15) to see what has happened. And what that looks like is a similar cost profile as a component of operating profit, but with a large increase in efficiency. I’ll say that another way, you’re not lowering your true IT costs over time… you’re increasing your efficiencies.

Why does increasing efficiency not lower overall costs? Because you rapidly fill the gap with new capabilities. Anyone who has seen a transition from bare-metal servers and storage to virtualized workloads, servers, and SANs has also seen the corollary of server sprawl. How many of us have collapsed thousands of bare-metal servers only to see the total number of VMs increase eventually?

Oh, and now you have a team of storage engineers, and a team of virtualization engineers, and you still have the server, network, DBA, ERP, help-desk, etc. from before you virtualized.

There are a lot of ways to frame or quantify the cost-savings claims in SDN, but I think a better and more accurate description might be that SDN will likely increase efficiencies. You’ll be able to do more with less, but you’ll fill the gap so quickly that any cost savings you think you’ll get will get eaten before one budget cycle is up. Likely you’ll have a large CapEx spend to do a fork-lift upgrade, and that will take 3 years to balance out and come off the books. In the mean time, you’re going to increase OpEx because of training, initial development, network redesign, etc. By the time your feet are firmly planted, you’re comfortable with the new look of things, and you’re ready to start counting the pennies “sprawl” of a new type (development costs most likely) will eat any savings. That’s a 3 to 5‑year cycle just there.

SDN mitigates change management risk - This one is only partially a myth. For the bulk of change management, I’d say that this is quite likely completely true. Day-to-day port changes, routing changes, and provisioning (to name a few) are easily screwed up by the less experienced folks likely making those changes today. Having a system that can make the changes with less manual input is going to probably save a lot of the little ticky-tack problems that crop up from someone fat-fingering a configuration command.

Larger changes to a network are likely going to fall outside of the scope of what SDN brings to the table, especially in multi-tenant or highly complex environments. These are the types of changes you still are going to need a highly skilled team to implement, and I don’t see a point coming soon where I’d really feel comfortable trusting large-scale changes to an automagical, largely self-driven system. Even today, how many of us trust the software “wizards” built into any commercially available product? How many of us make wholesale, system-wide network changes using a wizard? Simply changing the name to SDN doesn’t change anything.

SDN is disruptive technology — IT is, almost by definition, filled with people who take a “down in the weeds” view of everything. It has to be. But sometimes this leads to a kind of unique myopia in viewing changes in technology. When Multi-protocol Label Switching (MPLS) was introduced, it was as disruptive to the status quo as anything, but it was adopted slowly, people adapted, nobody lost their jobs and whole industries weren’t eradicated. Why? Because from the business point of view it was just a more efficient way of solving the same old problems. It was better than what it replaced, but it was incrementally better. In other words, it wasn’t the telephone to Western Union’s telegraph.

SDN in all its myriad visions, and as evangelized by all of its newly christened champions, is fascinating, eminently useful on some levels, and maddeningly silly in others. At the end of the day, however, it’s critical that we don’t get so involved in the excitement, promise, and religious fervor of new technology that we lose sight of what is real, what is useful, and what is “marketecture”. Magic beans may have worked for Jack, but I’m not buying any for my network. Yet.

August 1, 2013 Uncategorized

SDN in the Enterprise

Reading Time: 1 minute

I recently wrote a multi-part blog series for Cisco and, as we know, while it may seem like the writing is all of the work, getting the word out is at least as hard. So, for those of you who have already seen this, I apologize. For the rest of you, I have included a link below.

This first part largely sets the stage, while the second part (coming on August 14t) will draw more conclusions. Comments are welcome, as is word-of-mouth advertising. 🙂

Thanks, everyone!

SDN in the Enterprise