Now that things have settled down since we launched Floodlight several weeks ago, I finally had a moment to step back and reflect on the state of the open source ecosystem for Software-Defined Networks (SDN). It struck me that with Floodlight and open vSwitch (ovs), a multi-layer virtual switch, developers and network administrators have all the tools they need to build an SDN for virtual machines based purely on open, Apache-licensed, production quality components. In fact, we just completed a full battery of integration tests between floodlight and open vswitch to make sure this is possible.Why am I so excited by this? That question probably requires a bit of background. One potential architecture for an SDN involves a central controller managing a number of open vswitch’s (1 or more per virtualized host), allowing them to transmit traffic over a physical network using various tunneling technologies. With a handful of caveats, this architecture can enable the kind of flexibility SDN requires and support a wide range of new applications. And it’s possible to build it today. Right now in fact. Using purely open source technology. That’s a huge step forward from where SDN was a few years ago.
So, what’s next? Well, the above architecture is a good solution for a fully virtualized environments but it does have a few drawbacks. First, virtualization penetration is somewhere in the 40% range according to study by Veeam. Its growing but with the easiest workloads virtualized, it will be a long, long road to 100%. So, to cope with both the reality of physical servers and physical devices, SDN needs a few more pieces — most importantly physical OpenFlow-enabled switches and support in Floodlight for these switches. A number of vendors, most recently HP, are beginning to release hardware and we’re working hard with Floodlight to support all these variants as we get access to them. In fact, there is an exciting project called Indigo, offering open source OpenFlow-enabled firmware to accelerate physical switch adoption. Overall, we are making great progress here but its going to be an ongoing process as the ecosystem evolves.
The second limitation of the tunneled vSwitch architecture is the physical network itself. Someone still has to configure, manage, and maintain the tunnel over which a virtual switch tunnels. In fact, they would be doing so with even less visibility into network traffic due to the tunnels themselves, making things like traffic shaping difficult to impossible. At the end of the day, all traffic, both tunneled and non-tunneled, needs to traverse the same physical infrastructure and requires configuration and management. In this case, it would seem SDN would make the network admin’s job harder instead of making it easier. That is obviously not the goal…
An optimal architecture, one that truly unlocks the promise of SDN, involves extending management beyond the virtual domain to the physical edge of the network. This would allow Floodlight to better manage the network and provide ultimate flexibility to network applications. The networking administrator could work hand in hand with a virtualization administrator to control datacenter infrastructure.
Obviously, this is a bit of a long view but that’s the kind of future I’d love to see open source enable for SDN. We’re glad we completed our testing with ovs and Floodlight — its a great incremental step, and now we’re on our to tackling the entire network.