Wednesday, May 25, 2011

Cisco Wrapup/More On OpenFlow

Cisco Emergency Communications Vehicles
One more post on Cisco, and then I'll be done for now. I wanted to elaborate a bit on some things I said in my previous two posts which can be found here and here.

I talked a fair amount about OpenFlow last time. I kind of presented it as a potential panacea for Cisco. I think it's a very interesting technology but I don't think I did a very good job of explaining why that is or how I think it can help Cisco. I'm not going to subject anyone to a routing primer here but I do need to spend a brief bit of time explaining at a high level how modern networks work.

Networks are a lot like our road system. To talk to your email server or retrieve a web page your computer needs to know how to send a request to a remote computer and that remote computer needs to know how to send a response back. In the real world when I have a similar problem I bring up Google Maps, type in my starting point and destination and get back a route to get me from where I am to where I want to be. Networks use exactly the same basic approach. It's called routing. The big difference between routing and Google Maps or a navigation system is that routing figures out the next turn or "hop" one step at a time while your navigation system figures out the entire path for your trip from beginning to end. While the route taken between any two points more than one hop apart can change over time it tends to be fairly static over shorter periods such as minutes or hours.

There is another concept in networking that is important to understand. It's called "flows". A flow is a conversation that goes on between two different end points(computers) on the Internet. A flow could be you typing a URL in your browser which causes your computer to retrieve a web page or a continuing conversation via a chat client. Flows are particularly important in the case of firewalls. When your computer starts a conversation with a remote system it needs to be able to hear the response. In the modern world there are almost certainly at least two firewalls in between the end points of that conversation. In order for the response to get back temporary holes need to be opened on both ends. These holes are created as a result of flows. If a conversation (or flow) is allowed by the firewall policy then a temporary hole is opened in the opposite direction to allow a response back

One of the coolest things about OpenFlow is that it allows you to manage flows and how they get from point A to point B. You could for instance send video, web traffic and voice data all over different paths even though one or both of the end points is identical. You could create what is referred to as a "honeypot" in the security world and route suspicious traffic into your network to that honeypot. To the attacker this could be made largely transparent. They would think that they were actually breaking into your network while instead they were wasting their time. The first example is from one of the videos on the Openflow web site while the second is one that occurred to me while thinking about this technology.

So how does this help Cisco? Well, in truth it's more about Cisco getting ahead of the curve rather than having their competition out innovate them. The reason I see OpenFlow as a paradigm shifting technology is that it essentially eliminates the need for traditional routing in some cases and provides a tool that allows for the management of flows in a highly dynamic and customizable way. The potential for new products and technologies to emerge from this shift is significant. Cisco is well positioned to be a leader given their expertise in networking and growing presence in the server space. They basically own a portion of the entire puzzle from end point to end point. That is a very exciting place to be right now. If, and this is a big if they recognize the possibilities and are willing to make the investments and changes needed to take advantage. Big well established companies seldom do in these circumstances.

To summarize, one of the thing that is revolutionary about OpenFlow is that it enables us to get away from routing and focus instead on flows of data. There still needs to be a way to know how to get from point A to point B, but that information can be handled in a much more dynamic and flexible manner. Great technology alone doesn't create shareholder value. You need to leverage that technology to solve problems that customers are willing to pay to have solved. Cisco is well position to both identify those problems and solve them and if they don't, someone else is likely to.

While Cisco is making positive moves right now my suspicion is that instead of adjusting to the competitive and technology landscape as it is today they are trying to return to what worked for them in the past. It'll be an interesting story to follow, and hopefully not in "train wreck in progress" kind of way.

Image by densaer via Flickr
Enhanced by Zemanta

No comments:

Post a Comment