2012 Predictions

“To prophesy is hard, especially with respect to the future.”
   – Mark Twain
_________________________________

Network Virtualization, Phase I: VM Adoption
The “virtualization tipping point” occurred at the end of 2011. Gartner recently reported that now 50% of the installed base of x86 server workload is virtualized. They also report that only 5% of network security is virtualized. Uh-oh.

This has created a measurable and immediate driver behind my first prediction: 2012 will witness the explosive adoption of network/security virtual machines. This is Phase I of network virtualization, because a) the need is immediate and b) solutions are available. It’s so inevitable I feel a little guilty about calling it a prediction, but since Vyatta pioneered this dynamic I hope you’ll give me a pass on the easy one.

Network Virtualization, Phase 2:  SDN
2011 had more noise on the wire about SDN-ish topics than ever before. OpenFlow! Controllers! Flat networks or not?! Well, get ready … it’s going to keep building steam.

As the discussion continues, however, it will begin turning to a critical but heretofore almost-undiscussed topic. Until now it’s been, “A new kind of controller…” [from emerging vendors] “… communicates over a new kind of protocol … [OpenFlow or others] “…to some forwarding plane that will support that protocol.” [Empty space.  Who?] It’s that last part that now must begin to take center stage of the discussion.

The SDN concept is stillborn until the forwarding plane component is resolved. If you think the big incumbent switch vendors are going to concede power and let someone else control their kit, I have a bridge I’ll sell you. This is behind my second prediction for 2012: Discussion of open forwarding planes will begin to take center stage in the SDN movement. Otherwise the whole concept has legs but no wings.

Network Virtualization Made Real:  The New IT Pro
As networking becomes software-based, the skillset needed to design, deploy and manage networks needs to change. The networking team needs to learn about software (hypervisors and operating systems), and the compute team needs to learn about networking. APIs, SDKs and the like are going to cross IT organizational boundaries.

I predict that 2012 will demonstrate the skillset evolution of networking pros becoming software pros as well. Training and coursework in this area will explode. Articles will begin publishing on specific topics. Heroes will be identified by their best-in-class virtualized network designs, with their faces and stories splashed all over the media and onstage.

So that’s it: It’s all about network virtualization for 2012, and it’s going to be a wild ride…

January 16, 2012 at 10:51 am Leave a comment

Vyatta In High Gear

“You hang out with smart people, you get smart friends.”
   – Rocky Balboa
_____________________________

Anyone who reads this blog knows why they’re reading it.  They don’t need their advanced perspectives to be validated.  That said…

The news broke this week that Vyatta received a significant financing round from an investment firm comprised of operating executives who know a thing or two about networking, infrastructure and technology disruptions.

This is fantastic news at a fantastic time.  Things are moving so fast for Vyatta & Friends that it’s starting to blur together.  In the span of 2011 alone Vyatta has substantially spread its wings, including:
+ First major clouds announcing adoption of Vyatta (Dell, Carpathia, DinCloud)
+ Continued Enterprise adoption (Boeing, EMC, Honeywell, CBS, Toyota)
+ Our one millionth download of the Vyatta Network OS
+ International distribution partners Zycko (Europe) and CTC-Itochu (Japan)
+ Playing a key part of the live network at InterOp
+ Crossing over the 1,000 customer mark
+ Winning even more industry awards
+ Advancements in multi-platform environment suport (Red Hat KVM, Amazon)
+ World-class executive additions
… and that’s just some of the high points.

2012 will be the year virtual networking explodes in adoption.  The data points are all over the map.  It started by looking like a jungle out there… then a dirt road emerged.  Now there is nothing but highway in front of us, and Vyatta is shifting into high gear.

We continue to be awed by the power of the Vyatta Community that is at the root of our inexorable drive.  Right now there are over 300,000 registered members worldwide. Vyatta Users groups continue to spring up around the world (Poland, Latin America, Japan) and the Vyatta Japan Users Group published their first book on Vyatta this year.  The Vyatta Network OS has been downloaded by over 50% of the Fortune 500 and running in datacenters around the globe.  It’s amazing to watch.

There’s more to do, but we’re all in the right place at the right time.  Viva Vyatta!

November 15, 2011 at 10:12 am Leave a comment

Response Bias or Who owns the virtual network

“Only when the tide goes out do you discover who’s been swimming naked.”
Warren Buffett, famous investor
____________________________________

I was recently asked by a respected Silicon Valley figure, “Why is it that Vyatta’s customers know exactly what virtualized networking problem they’re solving, but when I speak to other IT people I know in  the virtualization arena they say they don’t have that problem?  Or they tell me the networking problem is solved by the vSwitch that every hypervisor now has?  I don’t understand this dichotomy.”

I was set back for a moment.  It was a strange question to hear because at Vyatta we are so deeply in tune with “the problem” that we assume everyone naturally understands it.  It took a moment, then the answer hit me like a brick:  It was what market researchers call response bias:  He was asking the wrong people.

“Forget about virtualization for a moment,” I said.  “Go back to the previous model where a member of IT staff is tasked to bring up a new application server.  Within the IT team, that person is a compute professional, right?  Not a network architect or manager.”

“Of course,” he said.

“Now,” I said, “walk through the steps that server pro has to take.  He gets the hardware, loads an OS and the desired application, and tunes it to the required levels.  Right?”

From his expression it’s clear I’m boring him.  I go on.

“Once the application server is set up, he takes an ethernet cable and plugs it into a port on the server.  What does he do with the other end?”

“Obviously,” he said, “he plugs it into a port on a nearby switch.”

“Who provided the switch?” I asked.

“The networking side of IT of course,” he said hesitantly.

I pressed:  “What’s going on on the other side of that switch?”

He waited a moment, then said, “I’m not sure.”

“Does our server pro in question know what’s going on beyond the switch?” I asked.  “Does he know that the network was architected into subnets for a reason?  Does he know how it’s routed?  Or where the firewalls are, and why they’re configured the way they are?  Or where the VPNs are terminated?”

“Probably not.”  It came out of his mouth almost like an admission.

“So by definition of his role and knowledge base, it’s not his responsibility to know what’s happening from that port on the switch out into the rest of the network, right?”  Now I can see the light bulb over his head.  “The networking team has already established all of that for him before the server is allowed onto the network.”

“That’s right…”  His voice trailed off.

“Well, that’s what it was like before virtualization.  So now,” I pushed, “what’s it like in the virtualized world?  That same person is asked to bring up multiple virtual machines on a server.  He knows that the cable goes from the physical switch port into the server port like before.  But virtualization requires one last connection:  He also has to  logically assign the VMs to the vSwitch in the hypervisor to complete the connection.  It’s the exact same thing he did before.  He think’s he’s done.”

“So,” he began slowly, “you’re saying that if I’m talking to an IT pro about virtualization, it’s highly likely that they’re from the compute side of IT.  So there’s little reason to believe they know any more about the fundamental networking requirements beyond the server-to-switch connection than they did before virtualization.”

“Bingo,” I said.  “You’re getting respondent bias.”

“But wait,” he said, “all of that other network infrastructure is already in place!  The routers, subnets, firewalls and VPNs… they were there before virtualization and they’re still there under your example!”

“Yes they are,” I said.  “But external networking gear can’t effectively or efficiently manage the traffic at the VM level because the hypervisor blinds them.  All of those other networking functions need to be performed inside the server.  That’s what Vyatta’s customers know.  They’ve learned to meld compute and networking disciplines into a single architectural vision.”

While he thought about that, I mentioned Integral Networks, one of Vyatta’s customers recently in the press.  “Their CEO said their goal was to get to a 100% virtualized environment but they couldn’t with their existing networking gear.  He said, ‘We were happy with the security we were getting from our firewall and VPN infrastructure, but we couldn’t deploy those vendors as a virtual machine.’  Now, using Vyatta, Integral is delivering granular control and complete isolation of VM resources, as well as secure remote access for managing cloud-hosted data externally.”

“I’m getting it now,” my colleague said.

I concluded, “At a high level, it’s simple:  It’s all about applications.  They’re virtualizing, so therefore your network needs to have the same agility as the virtualized applications.  That’s a networking VM.”

QED

September 28, 2011 at 11:23 am Leave a comment

Best Datacenter and Cloud Software


InfoWorld Magazine’s test center honored Vyatta with our fourth BOSSIE award this year for our unique ability to solve the networking and security needs of the Cloud & Virtual Datacenter.

It’s an honor to be recognized as a leader in this space and to be among great company (Xen, Eucalyptus, Gluster). There is something extra special about winning awards when nominations are sent in by readers and users. Thank you to the huge (500,000+) Vyatta community for recognizing our accomplishments, advancing our product, and spreading the word about Vyatta’s ability to connect and secure virtual datacenters and clouds.

As the industry’s only software networking solution we’ve come a long way in the past five years and we’re thrilled that IDG has continuously recognized our ability to evolve our solutions to meet the changing needs of the enterprise network.

Summary of Vyatta BOSSIE awards:

2008:  Vyatta – Best Networking Software
”Logging in to a Vyatta router can closely resemble the console of a Cisco or Juniper router…”
2009:  Vyatta – Best Networking Software
”The amazingly useful Vyatta Core distribution…”
2010:  Vyatta – Best Networking Software
…”an open source David to Cisco’s Goliath…”
2011:   Vyatta – Best Cloud and Datacenter Software
”For all of the talk about the wonderful advances of computing, many savvy enterprise managers are scraping their heads and wondering about security. How can they lock down their machines if they don’t know where they are? One solution is Vyatta..”

Vyatta will keep the hits coming… watch this space!

September 13, 2011 at 8:06 am Leave a comment

VMWorld’s “Virtualization Stall”

“That’s how things change:  slowly at first, then all at once.”
  Ernest Hemingway
_____________________

We’re back from VMWorld in Las Vegas, where the industry started viewing their virtualized environments with the same kind of wary eye they cast on a blackjack dealer with shifty eyes.

After all, you wouldn’t take your money out of an ATM leave it out in the open on a public table… so why would you take your mission-critical applications, which are safely wrapped in a carefully-constructed network, and put them in a virtualized environment that is wide open with no network controls?

Vyatta has been out in front of the industry demonstrating solutions to these issues for a while, and we have the leading customer implementations to prove it.  This week, for the first time, other vendors are beginning to highlight this very important problem statement:  Virtualization breaks networks!  Until that problem is solved the deployment of virtualized apps will be limited to those that can afford the network exposure.  Forget about virtualizing apps that have compliance needs, such as PCI or HIPAA.  Don’t go into a multi-tenant environment until you can lock your own doors.  Don’t pull the cord until you know what you’re going to get.

One wag put this way:  “It’s virtualization stall.”  At a minimum, it is a problem that limits virtualization’s true growth potential.

This is articulated perfectly in a recent editorial from SearchNetworking’s Rivka Gerwitz Little where she agrees that businesses shouldn’t pull the cord on leveraging the cloud until they have a clear plan for securing virtual environments. ”Ultimately, we’ve learned that every network security strategy must be extended into the virtual environment. That means learning how to connect the virtual environment to the DMZ network, as well as implementing virtualization firewall strategies, and moving away from physical separation.”

Network virtual machines are a clear answer to these issues, but not in the limited capacity and vendor lock models being introduced at VMWorld. An ideal network security solution for virtual and cloud environments needs to be available for all hypervisors, capable of automation through any orchestration or management layer via an open API and must offer a single system that enables complete replication of the enterprise network edge (L2-L7). As Cisco announces a second attempt at virtual firewalling (virtual ASA to be available late 2012) and VMware, Cisco and others propose new standards (VXLAN) to extend L2 networks, Vyatta customers have been benefiting from a full featured virtual network OS to connect and secure their virtual environments for years.

In all, this VMWorld was a great show for Vyatta.  Networks are changing, and it’s starting to happen fast.  I’ll sum up with another great statement from Rivka Gerwitz Little:   “If networking professionals don’t stay abreast of these issues – and push their way into the virtual conversation – they’ll find themselves backtracking to solve problems that have literally been architected into their networks without them even realizing it was happening.”

September 6, 2011 at 12:17 pm Leave a comment

Vyatta Release 6.3 – Extending Networking in the Cloud

“Every cloud has a silver lining, but it is sometimes difficult to get it to the mint.”
- Don Marquis
_______________________________

For enterprise-focused clouds to truly prosper, they need network virtual machines.  With our release 6.3 Vyatta has extended our hard-earned leadership in this exciting arena.

Of all the advancements in version 6.3, the most exciting ones are cloud-related.  From a feature perspective, our continued enhancements focus on security and connectivity of cloud architectures.  But one of the most unique benefits of Vyatta is that we continue to make it work in practically all cloud environments.

With new support for the Red Hat KVM hypervisor as well as an Amazon AMI image, Vyatta continues to be the only virtualized networking solution that doesn’t dictate what hardware or software you have to use.  Do you want to run it on VMWare, Xen or KVM?  Or do you, like 60% of all other organizations, have a multi-hypervisor environment?  Vyatta gives you the freedom to span those platforms.  Do you want to do your POCs or test & dev in Amazon first?  With Vyatta, you can.

Vyatta was founded on openness.  (A few of you might even know that “Vyatta” is Sanskrit for “open”.)  Enabling cloud networking, regardless of the platforms you use, is a perfect example of the benefits of being open.

Be sure to follow the continued press releases of our cloud customers as they talk openly about how Vyatta lets them get their cloud into the prosperity zone ;-)

August 23, 2011 at 11:14 am 4 comments

A Prescription for HIPAA Compliant Security in the Cloud

“I told my doctor I wanted a second opinion. He said, ‘Okay, you’re ugly too.’”
Rodney Dangerfield
_____________________________

As applications continue to shift into cloud-based systems, the importance of architecting the proper supporting infrastructure is  paramount.

Nowhere is this more evident than in healthcare.  To assure high levels of compliance such as those demanded by HIPAA, network security is a crucial part of an acceptable solution.  For a great case study in how to do it right, look no further than cloud provider Thrasys.

Thrasys offers “on demand” cloud services for managing Electronic Health Records.  This placed two key challenges on the network architecture:
1)  Rapid & flexible deployment
2) Government-approved levels of security

To satisfy their needs, Thrasys  announced it had turned to Vyatta virtual machines to connect and secure their cloud-based service.  To quote their CTO, “Our Vyatta virtual firewall allows us to offer providers, patients and service centers easy access to on-demand applications – from anywhere, at any time.”

Take a moment to think how virtualization changes the requirements for network solutions.  IT architectures can’t lose what they use to have — they still need network segmentation and security.  The difference is that now they have to achieve it inside the server, betwixt and between virtualized applications.  It could be driven by something like HIPAA, or it could be for other multi-tenancy reasons.  Regardless, it has to happen and Vyatta has the industry’s most complete solution for easily meeting these rigorous networking requirements.

Last year we predicted 2011 was the year virtualized networking went mainstream, and we were right.  Today production solutions around the world are running on Vyatta virtual machines.  Enterprises, clouds, and even the federal government run Vyatta VMs to meet their needs.  Do yourself a favor and test out the broad capabilities of the Vyatta solution… like Thrasys, you’ll discover it’s a key part of an incredibly effective and efficient IT architecture.

August 11, 2011 at 2:38 pm Leave a comment

Free Network Labs

“What we need are legitimate virtual lab products supported by companies like Cisco and Juniper offered directly to individuals.”
     – Jeremy Stretch, Network Engineer
_____________________________________

A recent article described how Cisco and Juniper can’t meet the needs of network engineers when it comes to accessing infrastructure for test & development outside of production environments.

The problem stems from the hardware-bound nature of the vendors’ business models.  They can’t let the software escape into the wild; otherwise how will they make money?  Genies that have escaped the bottle are difficult to put back in.

This is one of the beauties of Vyatta.  We’re a software company.  We radically encourage network engineers to download our software for test & dev, experimentation, even learning.  We also have world-class documentation and online training courses.

Vyatta provides freedom that no other networking vendor can offer.  Build your virtualized network model in your own lab, not in some temporary shared space in a vendor’s datacenter.  Do it at your own pace, not based on time-outs enforced by the vendor’s lab.  Do it for free, not for some usage-based fee model that the vendor so happily offers.

As I write this we’re nearing our millionth-download mark.  We have Fortune500 customers now creating commercial relationships with Vyatta because the next-gen architectures they designed – in the freedom of their own environments – are ready to go operational now.

Our fundamental philosophy remains unchanged:  People are smart.  We just need to give them the tools and the freedom.  Better solutions are the result.

May 26, 2011 at 11:09 am Leave a comment

Cisco’s Poor Appeal

“The lady doth protest too much.”
William Shakespeare, Hamlet
_________________________

I (almost) cringed when I saw the news that Cisco was attempting to out-shout Gartner’s clearly presented research stating that the single-vendor network not only isn’t necessary, but in fact is the antithesis of a cogent IT strategy.

Even in a press environment where Cisco has traditionally thrived, the reader feedback was generally awful.  Among the comments posted:

“Delightful watching Cisco squirm at being told the emperor has no clothes!  Their house has had some problems that the marketeers now just can’t spin.”

“LOL Cisco still trying to justify their stratospheric prices? Building multi-vendor networks is decried as ‘tactical’ versus the ‘strategy’ of child-like dependence on a single vendor? Is Cisco now in the COMEDY business?!?!  Cisco is behaving like a spoiled child, Gartner is right, and single-vendor dependence can’t be taken seriously as a strategy for acquiring anything the business needs, least of all critical IT.”

This has gone from bad to worse for Cisco.  No IT category is immune from the competitive forces brought on by standards and commoditization.  It’s only a question of time, and the larger the incumbent’s industrial girth the longer they can try to outlast the trend. But the trend is relentless… it will not be denied, and now Cisco’s seams have popped.

As an aside:  It’s a strange irony that Cisco can’t control opinion because information flows freely these days… and it’s largely IP traffic flowing over old Cisco gear.

But back to the trends and Cisco’s behaviors:

1.  Networking is now commoditized.  Cisco’s P&L is finally demonstrating that.  No amount of FUD will reverse this trend.
2.  Virtualization & cloud change the game of what’s required from vendors.  Those needs don’t match Cisco’s business model or product offerings.

Coming full circle to the opening part of this entry, this recent marketing propaganda from Cisco will dilute and dissipate as quickly as it came because it’s just not credible.  But what will last is the continued change in networking, and the customers who take advantage of it will gain the most.

April 28, 2011 at 12:21 pm Leave a comment

x86, ASICs, and Relativity

“Someone pointed out I had two different-colored socks on.  I said, ‘To me they’re the same; I go by thickness.”
  – Steven Wright
_____________________________

F5′s Lori MacVittle made an interesting post recently arguing the necessity for ASICs (as opposed to x86) in networking infrastructure.  In short she argues that latency is a bad thing in networks and eliminating latency requires ASICs.

Below are some relevant thoughts from our CTO Robert Bays.  But first, I’m really glad Lori made this post because it pulls forward one of the most critical things to understand when a technology market goes through an evolution, and that is the distinction between technology absolutes vs relative customer requirements.

1. x86 and RELATIVE performance
Lori’s definitely correct in that there is always room at the peak of performance requirements for specialized hardware.  This is true in compute, storage and networking.  If you’re pushing the limits, off-the-shelf components may not work.  But that’s not the majority of customer demand.  Example:  In 2011 alone nearly $8B will be spent on traditional midrange secure routing products.  And thanks to Intel’s recent advancements, x86 cuts through those  products like a hot knife through butter.  And that Intel train isn’t stopping anytime soon.  This recently-published white paper projects the speed of Vyatta-on-Intel to increase 10X with the next iteration of Xeon, enabled in part by Intel-sponsored software tools.  With this much horsepower available, x86 will continue to be able to address the majority of the RELATIVE market requirements.

2.  Network virtual machines and RELATIVE performance
The value of network VMs is based on their immense operational flexibility and the fact that they perform roles for smaller subsets of a multi-tenant datacenter.  Need a datacenter network fabric that runs 40Gb/s?  Today, buy specialized hardware.  Need to connect and secure various application VMs within a group of servers at speeds that meet their independent requirements?  Spin up network VMs; they’re more than fast enough.

‘Nuff said from me.  Here’s the view from Robert:

————————————

There are definitely use cases where ASICs, or similar, are called for.  High port density low complexity devices where the underlying protocols are well defined are a good fit. Traditional switches are an excellent example. I don’t expect standard x86 to be able to compete in that market anytime relatively soon. However ASICs are not a panacea.  Setting aside for a moment the high development, maintenance, and support costs associated with ASICs, one can’t expect purpose built silicon to handle the increasingly complex requirements in the forwarding plane of today’s converged devices especially not without an expensive respin of the hardware. In more and more modern network appliances at least a portion of the forwarding pipeline is being pulled into a general purpose computing environment.

Fortunately, the question of variability in packet latency is not due to general purpose hardware per se, in this case x86, but instead to the software architecture running on the general purpose system.  Eliminating multiple layers of schedulers and locks goes a long way towards creating a deterministic forwarding path and therefore reducing or eliminating system induced jitter.

Intel has made great advances in treating a generic x86 core as if it were a task specific network processor. They announced the Data Plane Developers Kit at IDF that acts like a Multi-Core Executive Environment and provides guaranteed latency at an order of magnitude greater throughput than existing software architectures. This combined with further advances in the Intel hardware architecture are proving that x86 is competitive, on performance, latency and cost, with purpose built network processors even when scaling to 40G+. Products based on this technology are in development now.

For products shipping today, the jitter effects induced by any one well behaved software stack on a general purpose CPU are usually negligible in comparison to the variability and latency of the entire path of the packet through the Internet. Admittedly, there are high traffic load scenarios where software on a general purpose CPU creates a bottleneck.  But similar bottleneck scenarios exist at many points along the path, not just in software network stacks. Fortunately for everyone the Internet usually continues to work transparently; packet drops, jitter, and all. The end user needs to first ask themselves whether or not their traffic load will ever approach the limits imposed by existing software stack based products. If not, then the cost and reduced complexity of a software solution may work well for them. There are numerous use cases where this proves to be true. Software based networking is a single tool in a very big toolkit.

Looking forward, requirements are increasingly forcing networking functions into the purely software environment of the hypervisor and cloud. The organization who develops a software network stack that is reliable, consistent, and full featured in spite of the limitations imposed by the environment will define the networks of tomorrow.

————————–

April 15, 2011 at 11:04 am 1 comment

Older Posts

Recent Posts

Vyatta Tweets

Archives

Follow

Get every new post delivered to your Inbox.