Some exciting news on the open cloud front.  Nicira’s openvswitch (think: open source Cisco Nexus 1000V) made it in as the default vSwitch in the latest release of the Xen Cloud Platform.  For those who aren’t aware, the Xen Cloud Platform is an open source provider/cloud-focused management framework for clouds.  The website says:

    Xen Cloud Platform offers ISVs and service providers a complete cloud
    infrastructure platform with a powerful management stack based on
    open, standards-based APIs, support for mutli-tenancy, SLA guarantees
    and deteailed metrics for consumption based charging.

I’ve mentioned Nicira before in public forums and videos made with John Willis, but I haven’t posted here about them.  Nicira is commercializing the OpenFlow switch specification.  OpenFlow is a very important change in the way we build, design, and manage network infrastructure.

From the website:

    In a classical router or switch, the fast packet forwarding (data path)
    and the high level routing decisions (control path) occur on the same
    device. An OpenFlow Switch separates these two functions. The data
    path portion still resides on the switch, while high-level routing decisions
    are moved to a separate controller, typically a standard server. The
    OpenFlow Switch and Controller communicate via the OpenFlow protocol,
    which defines messages, such as packet-received, send-packet-out,
    modify-forwarding-table, and get-stats.

What this means is that instead of allowing the switch to make routing/switching decisions, you can have centralizing control of the entire network topology.  OpenFlow has two types of switches: software switches like the openvswitch and firmware that can be loaded onto cheap switch hardware.  Combined you can create fully virtualized networking.  A single centralized control system that is integrated to your cloud layout can reprogram your logical network topology on-demand.  A virtual server moves from one host to another?  Switches are reprogrammed dynamically and the move is never noticed.

This means you can create a fully multi-tenant, highly secure, extremely flexible, cloud network topology that maps exactly to your requirements.  This contrasts starkly to the current cloud networking today, which is either extremely restrictive (Amazon’s EC2), has scaling problems (e.g. 802.1q VLAN tagging), or doesn’t give you complete control (Rackspace Cloud, et al).

Let me clarify what I mean by complete control before anyone is offended. Rackspace Cloud does provide more control than EC2, but it doesn’t put you in the driver’s seat.  Imagine that instead of having a fixed network architecture like, every customer has a ‘frontend public network’ and a ‘backend private network’, you have something that allows arbitrary network configurations?  Customers get a ‘private’ network by default and buy networks as their applications need them.  Now having a separate network for database servers per PCI compliance (or other) rules is trivial.

Many other things are possible if you move towards an OpenFlow-based network architecture with a centralized control system, including:

  • Distributed firewall just like Amazon EC2’s distributed firewall

  • On-demand network introspection / tapping

  • On-demand in-line firewall / IPS

  • N-tier network topologies

  • Distributed Virtual Switch (a la Cisco Nexus 1000V)

There are many other possibilities.  The eventual promise here is network virtualization as good as storage or computing virtualization is today.

Way to go Nicira and Citrix!