OpenFlow: What is it actually good for?
FYI, this story is more than a year old
In the early 90s, Cisco essentially created the router market and that is where Pete Moyer began his career.
He now has more than 15 years of experience in IP and MPLS networking, with six years in OpenFlow and Software-Defined Networking (SDN).
It was 2010 when Brocade became the first networking vendor to announce support for OpenFlow, hence that is where Moyer went in 2011, as he wanted to be with “the folks who were embracing the new technology” before everyone else.
“No one really knew what it did,” Moyer says, now a solutioneer at Brocade. "It reminded me of the early days of MPLS in 1998 where everyone was scratching their heads thinking it sounds kind of cool but what are you really going to use it for? What problem is it going to solve that isn’t already solved?”
The original concept of OpenFlow meant taking the control from the router so that it essentially becomes just a dumb switch with the intelligence now living offline in a controller, with that controller telling the network how to build the paths from endpoint to endpoint.
“This controller pushes state information into the device and these devices build the network itself, but all the intelligence lives in the controller, the devices - which are essentially dumb now - just forward packets,” Moyer says. “I call this network transport, so when people think of OpenFlow, they think of it as for building the network itself rather than using an existing protocol like MPLS.”
Google’s network is probably the most famous OpenFlow network, as it’s 100% OpenFlow.
“They have a network between their data centres that is 100% OpenFlow which is their internal backbone,” Moyer says. “They publicly launched this about two-three years ago. It was the first, global-scale OpenFlow-only network, and it was pretty significant as they proved that it could be done.”
According to Moyer, the circuits connecting their sites are running at 99% utilisation. A lot of network providers operate on the basis that if their circuits are running over 50% capacity, they'll add another circuit.
“They can't afford to drop packets because then customers will complain that their network is not providing QOS,” Moyer says. “And when circuits fail, traffic gets rerouted, so if one circuit is running at 80% and another circuit fails, traffic gets rerouted then that circuit is full and you will be dropping packets.”
What this means is that the majority of networks are vastly under-utilised – there is huge investment for using only half the capacity, sometimes even as low as 30% for the conservative types.
Googles optimizes OpenFlow network means they’re able to run at near-full utilization, saving money on circuit costs and maximising their infrastructure.
But what is wrong with MPLS? Why completely rebuild your network with OpenFlow?
“I love MPLS too, but the point of my talk is to spread awareness,” Moyer says. “Think of OpenFlow as providing a network service, on top of an existing network that might be MPLS. You can build a network out of IP or MPLS, but you don't have to build your network with OpenFlow - use it to provide an additional service.
For example, if you were to have an edge router connected to the internet and had DDoS attacks coming in to your enterprise, OpenFlow can be extremely effective.
“With OpenFlow I can set a profile and say when that networking device sees this type of flow - based on the profile that's a known DDOS attack - just throw those packets away,” Moyer says. “Now you can deploy OpenFlow incrementally on a few switches, and say "I'm not going to build my network with OpenFlow, I'm going to stick to MPLS, but I'm going to deploy this SDN controller and I'm going to use OpenFlow to tell that switch which packets to throw away because they're DDOS.”
This allows you to provide a service by solving a problem and the best thing is it that it is incrementally deployable – you can put it on one or as many boxes as you want, you don’t have to put it on your whole network.
OpenFlow can be invaluable for limiting specific flows. For example, a University may want to limit distractions like Youtube, Bittorrent or Netflix on their network, which they can do easily by pushing an OpenFlow rule into the network that restricts these flows.
It also allows you to tackle problems using just one person instead of an army of engineers to configure all the nodes in a network.
“It is a common misconception that OpenFlow is only used for building a network,” Moyer says. “I'm not here to say you should use OpenFlow to build networks. I'm not saying you shouldn't. I'm here to say think of OpenFlow differently. Think of OpenFlow as providing a new service or solving a problem.”