The future of SDN and network virtualization

Date: Tue, 05/06/2014 - 19:41

A Retrospective on the future of network virtualization, at NetEvents Cloud Innovation Summit 2014, California
The future of SDN and network virtualization

Martin Casado, CTO of Networking, VMWare, at NetEvents Cloud Innovation Summit, Saratoga, California

Image credited to NetEvents

Martin Casado could be described as a “virtual legend”. At Stanford he was instrumental in developing OpenFlow and went on to found Nicira Network — later acquired by VMWare.
What currently excites him is to see hardware simplified into general purpose “pools of capacity” while software takes over providing network functions with ever more semantics and power. He will give examples of SDN and network virtualization in practice – how massive network upgrades can be modelled and tested in the lab, then loaded in minutes – as well as benefits such as greater visibility that surprised even him. Who will be leading the technology push in 2014 and where will it be taking us in the next five years?

Keynote Presentation by Martin Casado, CTO of Networking, VMWare, at NetEvents Cloud Innovation Summit, Saratoga, California

Thank you all for being here. So I'm going to talk about two things. I'm going to just give kind of like a really cursory overview of what we've been doing for the last few years, and then I'm going to talk about what we're doing next. But don't look at this slide, so focus on me for the first -- I want to tee this up in a way that I haven't written about, that I was thinking about when I came over here.
So I think one of the least talked about but most significant trends in data centre networking has been happening over the last 10 years, and it has nothing to do with me, and it has nothing to do with Stanford and it has nothing to do with SDN, and that is the cloud, and I'm not really sure what that means -- but this has come out of data centres being built by large operations like Google and Facebook and Amazon and Azure and Tencent and Baidu and Yahoo!. And if you look at how they built these data centres, nobody was selling them here. Nobody was telling them, giving them validated architectures. Nobody was telling them how to do it.
These very, very technical companies with some of the most technical expertise on the face of the planet came up with their own architecture. And if you look at what that trend looks like, basically, what they did is they said, I'm going to move functionality that has traditionally been in the network, and I'm going to move it to software.
So things like security, things like security, things like fault isolation, things like billing, things like visibility and debugging, instead of being traditionally put in hardware in the network, they were moved into software. And there's a lot of good reasons for doing this. If it's in software, you can evolve it more quickly. If it's in software, you've got more context, because you're closer to the application.
Arguably, if it's in software, you can scale it better, so there's been this massive trend. And then if you look at these data centres, which again are the most successful data centres on the planet, they're awesome in pretty much every vector and direction you can look at. I mean, if you look at the CapEx, people throw around numbers, but it seems to be about a fifth the cost to build a data centre like this.
They're by far the most scalable data centres on the planet. Operational overheads are always the best in this case. So you're like, wow, this is this great way to build a data centre and they're awesome on every vector, so why doesn't everybody do this?
So I'll tell you why. The reason why everybody doesn't do this is because you can only do this if you can rewrite your application. If I'm Google, I have the Google application, and I can put security in there, and I can put load balancing in there, and I can put billing in there. If I'm Amazon, I control the application, I can do the same thing. So if I control my application, I can build the most awesome data centre on the planet.
So the question is, how do you then build a data centre that has the same type of properties, right, but you don't control the application? You're the IT for Goldman Sachs, you're a large enterprise, you're a hospital -- listen, we all want to have awesome data centres, but you don't necessarily have these characteristics. And this is kind of where network virtualisation comes in, which is the work that we did at Nicira, and now that we're continuing to do at VMware. So I want to actually describe it very quickly.
So what is network virtualisation? If you have a data centre, you have a physical network in the data centre. So that physical network could be anything. It could be Cisco infrastructure, it could be an IP network. It could be IP over InfiniBand, some physical infrastructure that provides connectivity.
So connected to that, of course, you have your servers, and then on your servers, let's assume that you're running virtualisation. So the idea is, just like these large data centres have pulled functionality away from the physical network and moved it into the application on the edge, the idea of network virtualisation is to use the position at the edge to create what you can think of as a network hypervisor. So all the functionality they're pulling out of the physical network, you're moving it to the edge, and then you're exposing what looks like a physical network but is really a virtual abstraction.
So now the idea is I can deploy any application. I can attach it to one of these virtual abstractions, and the application thinks it's running on a physical network, but these abstractions have the operational model of a VM. You can create them dynamically. You can grow them or shrink them or move them around or do whatever you want. So now, from a high level, you have the same types of characteristics of the Googles and the Facebooks and the Yahoo!s, which is you have functionality that's written in software, that provides all of the operations. You can use any type of hardware that you want, but you're gluing it to these applications in a way that they know about.
So when we first started doing this stuff, most people thought we were crazy. We were working with the real early adopters, and there was a lot of joint partnerships.
We worked with some of the largest clouds in the world. We worked with some of the largest telcos in the world, the largest financials in the world.
But it's been very interesting to see this evolve. And this tends to happen with virtualisation in general, which is if you think about compute virtualisation, like what VMware does, so with compute virtualisation, when you started to bring it out, people just viewed it as something that will allow them consolidate two servers into one server, right? And it's just a very simple tool that allowed for a very simple value proposition, but over time, virtualisation, it tends to be that kind of proverbial indirection layer in computer science. Once it's there, you can leverage it to do great things.
And so with compute virtualisation, you started with this very simple value proposition of server consolidation, but then over time this grew to be cloud, right? You have things like vMotion, you have things like full data centre provisioning. And so the same thing has kind of started to happen with network virtualisation. You start with this very simple use case. I'll talk about this now. And the very simple use case was provisioning.
So at a macro level, you can say, okay, listen, you've got a data centre. It's expensive, it's hard to operate. If you go to this new model, everything's better, but the reality is, it's very difficult to consume new technology, so you normally have to point to some very simple if you put this in your life is better because of X. And the initial use case that people adopted network virtualisation on, the initial use case was provisioning time. It goes something like this.
If you're going to deploy a new application, spinning up a VM takes 30 seconds, but configuring the network takes two months. There's a huge mismatch here, so if I reduce the time it takes to provision the network to zero, you're happier. That was the initial value proposition of network virtualisation. That was it.
I'm going to reduce the time it takes to provision the network to zero and I'm going to remove a hurdle to do something for the business, whether that's onboard a new customer or onboard a new employee or deploy a new application or whatever. And so over the last three years, we've kind of seen this be adopted. It started being adopted, and then the service providers, and then the cloud guys, and then test and dev environments, we've seen a lot of traction in the financials. And over the last year, we've actually kind of seen this grow out.
Now, I think we announced 31 customers in the last few months, and three of the top five financials and beverage companies and conservative Midwest manufacturing companies. This is really starting to catch on, and what I find very interesting as a technologist is as you adopt these kind of primitive platforms like virtualisation, to see how it captures the imagination and to move into new types of use cases.
And as the market matures, and it actually is maturing. Early adopter sales are very difficult, because you've got to take the technology, and you've got to sell it into a particular company, and you've got to educate them, and it takes years, and it's a very technical type of discussion, but as markets mature, they can consume technologies much easier, right?
So, for example, last quarter, I think we had -- I found two customers that adopted network virtualisation that I'd never spoke to. Nobody on my team had ever spoken to. And then, when I talked to the sales guy that sold it to them, he didn't know what network virtualisation was. It's like the first example where you actually have a pull or a draw that's coming from the field, and you ask why that is.
Well, it's because they're starting to understand this stuff. All of the big companies are talking about it now, there's general education, and so a lot of times I think people view SDN and network virtualisation as this existential threat, this thing that's coming and whatever. But largely it's here. We've got the use cases, we've got the proof points. And so what's been interesting to me is to watch the evolution of the use of this. You're starting off in provisioning, you're starting off with a simple use case, but more and more, it's become security, actually, that's driving a lot of sales of this.
And actually, I didn't anticipate this early on, and I want to dedicate the last half of my talk to exactly this use case. And so I would say about 40% of the actual adopters that are paying money for SDN network virtualisation are doing it as a security use case. And there's kind of two driving kind of sub-use cases. The first one is micro-segmentation, which is basically I have a data centre. Right now, data centres have tons of shared state and tons of shared services and a huge attack surface.
So I'm not sure if you guys know, I used to work for the intelligence agencies. So before I went to Stanford, I actually did computer security. I did kind of operations, where I would actually break into things. And let me tell you, a data centre has almost no controls in it at all. Like, 80% of our spend is on the perimeter, and that's a Maginot Line. So if I can pay somebody off or I can put on a black mask and I can break into the building and I can install some code on a server or I can remotely exploit a server, if I get in the data centre, I'm done. That's because that's where all the data is, and there's almost no controls within the data centre.
Why? It's very difficult to control a terabit worth of bandwidth. That's why we build boxes and we put them on the perimeter. So what's the state of data centre networking today? We've got this Maginot Line of middle boxes that we put on the perimeter, and we've got where all the valuable stuff is kind of -- attackers have unfettered access to.
So the more we can develop technologies within the data centre to add controls, to do things like micro-segmentation and limiting the attack surface, the better position that we are in protecting the data centre and the assets within it. And this has become, I think, the driving use case going forward. And as things like SDN and network virtualisation cross the chasm, I think it's security that's going to do it.
So just to pencil this out very quickly, and I want to make sure that I stay on time here. So to pencil this out very quickly, the idea is as follows. So let's say Martin is in his previous role and I'm attacking a data centre. So what do I do? Let's say I pay somebody off within the data centre to deploy some code on some server, right? So that code is on some server.
So, now, if I scan from that server, what can I see? Everything. I can see the physical network, which in a physical network will have 50 versions of iOS, which is many tens of millions of lines of code. I've got shared DHCP. I've got shared DNS. I've got shared AD. I can see every one of the other servers.
Now, who knows what server I might have compromised. It could have been some test dev server. It could have been something that was plugged in to support a legacy app that's been running a long time ago, and if I compromise it and the millions of lines of code that are running on the end host, I have unfettered access to everything that I want.
So what do you want to do? What you want to do is you want to enforce what's called the principle of least privilege, which is I want to take any application that's running on the data centre and I only want to give it access to exactly what it needs to get the job done and nothing else.
It's pretty silly that if I compromise an application I can see the physical infrastructure. There's no reason for me to see that. It's pretty silly that I have to share all of these components, so that if I'm able to smack one of these components -- so if I compromise the server and I go ahead and I smack DNS or AD, then I have access to everything within the data centre or shared storage.
So the idea is you use network virtualisation as a primitive, as building blocks to build micro-segments. And if I put something within one of those virtual networks, or within one of those segments, the only thing that it can see are also in those segments. So, for example, for every application I can create a virtual network. I can give it its own security services. I can give it its own L4 through 7 services, and if it gets compromised, the attack gets localised to just that.
So this is kind of driving a lot of the adoption of network virtualisation, which is cool. Again, as a technologist, you come up with these core architectures and you come up with these core products, and then it starts getting driven into areas that you hadn't really anticipated.
And so now, I've been spending the last six months actually looking at the security problem, and so I'm going to take the last portion of this talk to say where I think that security is going kind of from a vision perspective. So I'm going to tee this up. Oops. That was like half of my slides.
The good news is I actually have these memorised, so I can talk about them. You guys have the rest of my slides there, or do you want me to just keep talking? What's that? That's right, they've been isolated.
So let me just go ahead and move on. So like I told you, I was in security 10 years ago. I took a hiatus. Guido and I were at Stanford together, good friends, did a bunch of great stuff, focused on networking, and then I come back to security. And the funny thing is like almost nothing seems to have changed in 10 years, as far as I can tell.
We've been looking at the trends of security. So what are they? Well, security spend is outpacing IT spend, right? And the only thing -- great, cool. No worries. So the only thing that seems to be outpacing security spend is security losses. It's like we're losing this battle, we can't spend our way out of the battle. And to me, this is opportunity, and there's something fundamentally architecturally wrong.
It was just like with SDN. For SDN, you're like, you've got computers you can program to do cool stuff and you've got networks that you do almost nothing with and operations is getting worse over time. So you've got this trend that if I take the slider bar out to the future, I'm like, wow, we're going to spend all of our time on the network. That's opportunity for an architectural shift.
I think we're at the exact same place with security, which is like, if you look at all the trends, you take the slider bar out to the future, 100% of our money is going to be in security. It's the quickest growing, both on losses and both on spend.
So we've been developing this concept called the Goldilocks zone, which is a corollary to network virtualisation, but taking advantage of the hypervisor. So what is the Goldilocks zone? The Goldilocks zone is a term that was created by NASA planetary -- I think it was planetary scientists in the 1970s, and it describes the perfect distance away from the sun for planet to be able to sustain life, so not too hot and not too cold.
So I think -- I think that in the modern data centre, one thing that's missing is a horizontal security layer that provides both context in isolation to do security, so I'm going to describe this by describing the lack of it. So today, when we do security in the data centre, there's this basic trade-off between context and isolation.
So if I take a security control, like whatever it is, a firewall or some agent, and then I put it in the application, it's got all of this great context. It knows the users, it knows data, it knows files. But you don't have any isolation. You don't trust the application. You don't trust the endpoint, so putting a security control there is kind of like taking the on-off switch to an alarm system and putting it on the outside of a house. It doesn't make any sense.
On the other hand, and this is to the bottom, we say, okay, well, maybe I'll put the security control in the infrastructure. So what I'm going to do is I'm going to put ACLs or whatever on switches and routers. And there you actually have good isolation. If I'm able to break into a server, I haven't broken into the router, necessarily. The attack surface is much smaller, but the problem is, even though I have isolation, I don't have any context. I don't really know users really, I don't know applications. I don't have access to local file systems.
So I'm doing this fundamental trade-off between I know everything, but I don't have any real security, or I know nothing and I'm pretty isolated. And so the question we've been asking is, can you build a Goldilocks layer that goes ubiquitously throughout the data centre that provides both context and isolation? And so, given that the majority of workloads are virtualised -- certainly the majority of enterprise workloads are virtualised, 40m VMs are out there, just under VMware alone. Some 70% to 80% of enterprise workloads are arguably virtualised.
If you could use the hypervisors -- the hypervisor is in a separate trust domain. If you could use the hypervisor to both peer into the application to pull out meaningful context, like users and applications and what things are doing but also protect that visibility and provide protection and enforcement, you kind of have this optimal place, where you have both this visibility and context and the isolation.
And so this is kind of a major area that I'm looking into, because again, given the state of the security industry and if things go the way we are, we're going to be spending all our time and money on it, we do need something that will change the architecture and the way we view it. And I do pause it, and I'll stand behind this going forward, that what we're missing is we're missing a horizontal layer that we can provide meaningful security.
And so if I can build that out and we can build that out as a platform, new security services can snap on top of this to do things like, for example, next-generation firewalling with deep visibility in the end host, or maybe network access control that actually understands things like objects and people or meaningful policy or vulnerability assessment, where you're actually looking in and saying, there's this vulnerable piece of code, so I'm going to immediately remediate this.
I think that this actually cuts across many areas of security, and every time now I go through a new vertical in security -- so security always seems to be like a litany of stuff. It's kind of these different verticals that are loosely coupled. But if you look at data centre security, whether it's end host security, whether it's network access control, vulnerability assessment, whether it's IDS or IPS, all of them would be affected by something like this. All of them need better isolation and all of them need more context.
So if we can build out this layer or this Goldilocks zone, I think we can actually move security in very much the same way that we have moved networking over the past seven years. I mean, I dedicated my life to SDN, and I think that we have the same type of opportunity here.
And so I'm going to leave you with this. Compute changes -- the model of computing changes very rarely, right? Mainframe, client server, and from client server we're going to cloud. And I think we're seeing shifts happen in the network architecture, and I think that's great and I think this is happening, but I think this is like the one time, sort of the once in a wave opportunity, as we're redefining these new architectures, to actually build security in as a primitive, as a fundamental primitive. So we have a root of trust. So you have a horizontal security layer that you can build rich systems on top of.
So I'm very excited to continue to participate in this. So that's it for the talk, but I appreciate you guys listening. Thanks.

Manek Dubash – Editorial Director, NetEvents
Let's go take a seat. I'd now like to invite the founder of Infonetics, the well-known and well-established analysis and research company to come and give him a hard time.

Michael Howard - Co-Founder & Principal Analyst, Infonetics Research
Thank you. I'm the co-founder. It took two. I just wanted to say that for my co-founder's benefit. So, Martin, we've known each other for a little while, so 3.5 years ago, a friend of mine in the industry, Alan Cohen, gave me a call. He had been in a wireless startup, Cisco bought them. He stayed at Cisco for a few years, then he said, I've done it. I'm going to retire.
So he called me up and he said, I've been retired for a year, because frankly, networks are boring to me. However, something new showed up. He said, I want you to come over and meet this new company. It was in stealth mode at the time, called Nicira. And so I walked in, and here's Martin. I said, ah, you invented OpenFlow. Great going. He said, no. No? No, we solved an operational problem. Aha, right. So who cares about a protocol? A protocol is a means, but where's the value? The value is in what you do with it. And here we've heard the answers to one of my questions about what's next after SDNs or with SDNs? It's security.
So I wanted to find out, Martin, what -- I always like to, when I meet famous people, is who are you? Really, so what do you do in your spare time? Do you have any spare time, and what's your life like? You were at NSA or some spook organisation, and then you went to Stanford, got a PhD, found some interesting projects, invented something new, did a startup company, got bought by a bigger company for $1.3 billion. I see you wear really nice clothes now, but what other differences has it made in your life?

Martin Casado
I want to let you know, my tailor is actually pretty cheap. So I think my entire life is either traveling or being a single dad. So outside of that, I'm either with a 3.5-year-old at some park somewhere or I'm in an airplane traveling for work.

Michael Howard
So there's two Goldilocks in your life.

Martin Casado
Profoundly uninteresting on the personal side, unfortunately.

Michael Howard
But you always seem to be trim and fit and in shape. Do you run? What's in your life these days?

Martin Casado
So I used to deal with stress by running. I used to be a big ultrarunner, so I'd do 100-mile runs and 100K runs and 50K runs. In a good year, I'd run maybe 10 to 15 ultramarathons. I'd run like a marathon a week or a marathon very couple of weeks and so forth. But I want to be very clear that I run these very slowly. I'm not a good runner, I'm not a skilled runner. I just did a lot of running.
And I just figure, I think a lot of people have physical acumen and I don't. I think I don't have those genetics, and so I like to trade off pain tolerance for physical acumen, so I'll just keep going and just kind of endure the pain while other people are kind of fast and athletic.

Michael Howard
Do you do anything halfway?

Martin Casado

Michael Howard
I used to think -- I ran a half-marathon once -- I was a runner. I was at track in college and I've been running all my life, but that is ultra.

Martin Casado
It's a lot of running.

Michael Howard
But I think it says something about your character. So you don't do anything halfway. I don't think you even do anything 100%. You do it 200% or 300%. So I have some questions that have been out there in my mind that I've heard around the industry. So how's the delivery of NSX going? So here's virtualised networks, VMware bought Nicira, and there's this new product called NSX. So I hear around the industry that not much is happening. It's slow to really get it working, so what's really happening?

Martin Casado
So I think that last -- we've been selling this stuff and running in production for a while, and we've kind of seen this slow growth. And I think that last -- not Q1 this year, but Q4 last year, kind of the dam broke, where I think raw numbers are always less interesting than the trends. And in this case, the type of people that are adopting NSX, so early on, every customer was these kind of early adopter types. You'd go talk to them, and like, wow, clearly, these guys are a little bit crazy and they're visionary and they're risk takers. And whether it was in a financial or it was in a cloud, you'd talk to the people that were backing it, and you're like, yes, you're a little nuts, right?
And so that was the first couple of years. But now, in the last six months, you're actually seeing these like -- we've got a Midwest manufacturing company. We've got an airline, we've got beverage companies. These are typical bottom-line, non-IT-focused, not special-technology-focused companies that are adopting this technology. And so yes, deployments are growing, and yes, we're seeing a lot of production.
But what's much more interesting to me is the makeup and the demographic of the people that are using it.

Michael Howard
It's across the board. It's not the early adopters.

Martin Casado
It's across verticals. Right, and like I mentioned, it's just so strange to me. For those of you that have seen kind of -- when you're creating a market category and you're selling something, you're walking in and your pitch to the customer is like this magic bean pitch. You're like, listen, I've to these magic beans, and I promise, if you bury them in the backyard, they'll grow into a beanstalk, and there's going to be this gold, and so forth.
It's this vision pitch, right? Where in a late-majority type of sales situation, you walk in and you're like, listen, you know what this is, and mine is better than the guys by X and mine is cheaper. They already know everything and the discussions are mostly on numbers.
We're seeing the magic bean pitch go away and to be replaced by Cisco said this, and Alcatel-Lucent said this, and we're saying this, and ours is better on this dimension. And now, the customers are actually pulling rather than us pushing, so I think we're seeing this inflection point now, which is very exciting.

Michael Howard
It's a big risk for a company, whether they're an early adopter or not, to make such a fundamental change in their data centres.

Martin Casado
So arguably much less now than two years ago. Two years ago, it was. It was like, who are you? I'd walk in, and --

Michael Howard
And what is it?

Martin Casado
Who are you, what is this? I don't even need it. Gartner doesn't have a position on this, Cisco tells me you're an idiot. So you were kind of going against anything, the channel, the competitive -- you're going against everything. And now there's actually a draw. And I actually think a lot of the reason the market has matured is because, last quarter, Cisco came out and said this is the right problem to be solving. I mean [inaudible], this is the right problem to be solving.

Michael Howard
We can't call it SDN.

Martin Casado
Well, but again, the customers are focused on solutions, and Cisco was like, the problem is an operational problem. You need network virtualisation, and here's our solution. It's all built on hardware, but here's our solution. And so now the customer is like, well, so now instead of saying, do I do this or not, it's like, who do I do it from? Very different conversation.

Michael Howard
Cool. So obviously the data centre has been the focus of your work and Nicira's and VMware's, but I've been -- my focus is service provider networks, and they're all hot about SDNs and NFV. How do you see NSX software playing not in the data centre but in a service provider network? The problems you pointed out here, that could be a service provider WAN, not just the data centre.

Martin Casado
Yes, that's right. So I'm generally kind of like a problem-oriented guy, and so here's what I think that the fundamental critical strategic challenge the service providers are facing, and it's this. If I'm AT&T, I've got a bunch of COLOs, and Netflix and YouTube, they come to me and they say, here's this server. Host this server for me, and the hosting business is 4% margins. And so I'm AT&T or whoever, and I host that server, and then what does YouTube and Netflix do? They build an overlay network and they optimise that overlay network and then they use the service provider as basically delivery. Dumb delivery, right?
And so where I think that network virtualisation as an application adds a lot of value is, what if instead, AT&T said, you know what? I'm not going to do a 4% margin hosting. I'm just not going to do it. That's the business for Costco or Jeff Bezos.
Instead, I'm going to build out a platform, and this platform is going to have APIs, and you know what, Netflix? You can use my APIs, so I'm going to be the EC2 of my network. So it's not EC2 as a compute cloud. It's EC2 as a networking services cloud, and you build on top of that, and now I have control to monetise.
In order to do this correctly, you need network virtualisation, but you also need platform as a service on top of that. So I think it's a piece solution, but I think the most critical vulnerability is these over-the-top solutions where a long-held business model of the service providers for hosting is actually eroding their chance for margin. Is that a sensible answer?

Michael Howard
Yes, yes, and then the operators have networks. So that's the other piece of compute, storage and network.

Martin Casado

Michael Howard
Cool. So how much time do we have and when do we open to the audience? Because I only have 20 more questions. Oh, well, let me ask a couple more questions. Okay. So I had a question for you, what's next after SDN and NFV in the industry? You kind of showed that you can virtualise security. Do you think that's it, and how do you see things evolving from SDN to whatever's next?

Martin Casado
I think what's exciting, and you and I have talked about this before, which I think technology -- I think a lot of people view technology as an arch, where you have to get the entire arch there, and then it's only up when you put the last piece in, and I think that's kind of the wrong way to view technology. I think it should be more like an Eichler house, where you build blocks and then so you have something functional and then you build something on top of that and you build something on top of that. And building the first functional block is all we've done.
We're just doing kind of the foundation or the bedrock, and so if I look at SDN, what is it? It's just plumbing. It solves the lowest layer of problem. It solves the provisioning problem, it solves the software problem, but I don't think it's as applicable to some of these broader things like security yet.
And so we had to get that right. I think we've gotten that right, and that's why for the last year, I really haven't talked about vision. I've just been saying -- I feel like I've been saying the same thing for four years. I'm like, we need to get this right. You need to decouple hardware from software. You need to blah, blah, blah. But it was only about L2 and L3 and basic connectivity.
So I think that is the foundation that we've created, and now we need to go up the stack and start solving more business-related problems, things like security. It's a very important one. I think there's a lot we can actually do in performance and performance optimisation. So I think that this is a primitive we should build on top of, and so I'm focusing on security, because again, if I look at the industry-wide and I kind of do my Martin heatmap of where there's issues, we're screwed if we don't solve that.
I mean, really, if you look at the trends and they continue, that's all we'll be doing. We'll just be losing money through security breaches and spending all our time trying to fix it.

Michael Howard
And our surveys and others have shown that security is the number one barrier for enterprises, organisations of all sorts, adopting cloud services, so it's a rampant problem.

Martin Casado
Yes, nobody wants to be a Target right now. These things are very public, very visible. Listen, I had my credit card just replaced a week ago because of the Target breach, and this is a big deal.

Michael Howard
So that kind of leads me to another question I had, and that is what's next for VMware? Because it seems like VMware does have this base, but there's firewalls, there's IDS, IPS. There's load balancing. There's all sorts of services that you can add on top, once you have that base of a virtualised or a multi-tenant-ised network.

Martin Casado
Yes, so I'm interested in three areas. The Goldilocks zone that I talked about, which to me, I just feel like all of networking in the past has been approximating what's happening on the edge, like all of networking. I think there's a host here, or I think this host is running this application. We've just had all of these bad approximations, and that's what happens when you build loosely coupled systems. You just don't know.
I think VMware is in this phenomenal position. Like, I can look in and see what's going on and I can inform the infrastructure. So we kind of have that glue layer, so I want to take that and just beat the hell out of it. I want to use that to solve security problems. I want to use that to solve performance problems. I'll give you an example.
So a classic performance problem in the data centre is the heavy hitter problem, and it goes something like this. In a data centre, the majority -- or the elephant and mice problem. I'll use elephant and mice. That's better. So the majority of the traffic in the data centre we call it mice flow. It's really small. So they go very quick, they're very latency sensitive.

Michael Howard
So mice, little tiny mice flows.

Martin Casado
That's right. But every once in a while, you get an elephant, which is a big flow. And so the problem is, big flows trample on small flows, so the elephant trample on the mice, and the reason is, big flows like to fill up buffers, and you get queuing delays for the mice. It's a very classic performance problem. Most people with a large data centre have this, and networking has failed to solve it for 30 years.

Michael Howard
And this is a case where the elephant is not afraid of the mouse.

Martin Casado
Elephant is not afraid of the mouse, right? So the difficult piece of this problem is nobody knows how to detect elephants. If you can detect the elephant, the problem is easy. This packet belongs to an elephant flow. Therefore, I'll make sure that it doesn't step on mice. You could actually do that. But nobody knows how to detect elephants, and we can't do it from within the network.
Well, it turns out, the hypervisor actually can see the future, in that it can see how much data there is to send. So the hypervisor can like see the future in that it can see how much data there is to send. So the hypervisor can look in the edge and be like, oh, I know that there's this much information that needs to be sent. Therefore, I know this is going to be an elephant. You can go ahead and mark it, and then that will solve this longstanding performance issue in networking.
So this is an example where I want to push how this additional visibility will change how we fundamentally build systems. And like you and I were talking about, the data centre is becoming one large computer, one large distributed system with all these causal dependencies. Let's just start informing the different pieces.

Michael Howard
I think that's a good way of looking at a data centre. It's not -- yes, it's pieces and parts, but the real operation is, it's like a computer.

Martin Casado
So loosely coupled networking -- so the networking architecture is what you get when you want to build the Internet. What is the Internet? It's like I bring my box and you bring your box, and organically, we connect them together and we build this great thing. And the only way that can actually work is if you only agree on the bare minimum. And what we agreed on the bare minimum for the Internet to work is how you get a packet between point A and point B.
So great, we built something that scaled to the size of the globe, fantastic. It does communicate, but it doesn't provide any stronger guarantees, because for every additional guarantee, you and I would have to agree on it, which would kind of inhibit our organic growth. Well, data centres are engineered, full stop. They're engineered, they've got a purpose. Like, Google's data centres to do something very specific, and Amazon's, very specific and so forth, and because we're building these systems and they're tightly coupled systems, let's build a real system, let's share information. Let's treat this as an engineering project.

Michael Howard
Google's different from most organisations in that they know their business and they have engineers that solve the common problem. However, financial institutions or a big, conservative Midwest manufacturing outfit, there's the IT department and there's the network department, and a lot of times, they don't -- well, they don't speak the same language, they don't have the same goals. This seems like a big problem. I know it's a big problem for carriers. What do you see in your travels?

Martin Casado
So I think this is kind of an organisational issue, which if you were to start a company today from whole cloth, and you're like, I'm going to build a data centre, what you would do is you'd get basically infrastructure architects and developers and they'd all work together to build one big distributed computer, and it would be awesome. And you'd be like, if I compare this to traditional data centres, it's more awesome on all these directions. That's what you'd do.
The reality is, if you go to company X -- I'm mostly outbound, guys. I did 320,000 miles of travel last year, probably saw 200 customers. And the biggest hurdle to adopting things like SDN have nothing to do with technology. In fact, I don't want to have too much hubris, but I think we've have a fait accompli. I think SDN's done. I think we understand the technology, I think it's going to be adopted. I think that we're going to see the death throes of many large companies as this stuff happens, but I think it's done.
However, the hurdle now is how do you get these organisations to adopt the stuff, because as we said, if you're building a large distributed system, everybody that's involved in that has to be able to communicate, and that's not how we've typically done things. We typically have networking guys and server guys and so forth, and they don't communicate. And so the number-one hurdle is overcoming that. The good news is, is as goes cloud -- as goes these macro trends, so goes the enterprise, and so Amazon and all of these other models are pressuring them to do this, but all of the friction is on the personnel. Most of the friction is organisational.

Michael Howard
I'll add just one thing, on the service provider side, that yes, they have that same problem, but also between their data centre folks and their WAN folks, but they also have the back office, as well, as a third problem.

Martin Casado
Sure. It is balkanised in pretty much any lens that you look, whether it's vertical balkanisation, horizontal balkanisation. I mean, you've got a bunch of fiefdoms that have a certain a purview, and they don't like blurred lines. So even just in the case of virtual networking, like what I do, if I go and I say, we now have a networking layer on the server, like, the first question is, who owns that? Is it the server guys or the networking guys? Well, both.

Michael Howard
I want to ask, what will Martin be doing in five years, and right after that question is, what about 10 years? Oh, my God, it's hard. It's hard to think out that far. Sorry, I finally have a question that stumps you? No.

Martin Casado
You know what? I think I'm just fundamentally a hill climber, and I'm happiest if I'm running up a hill and it's really hard. And so whatever I'm doing in five and 10 years, I guarantee there's going to be a hill, I'm going to be running up it, and there's probably going to be a couple of windmills I'm tilting at along the way.
When I think back on the last 10 years and I think back, what do I really enjoy, my favourite thing, especially in a work environment, are the people I work with, by far. I'd rather be -- I would rather be a janitor with phenomenal people than a pop star with people I can't stand. Right now, I'm very, very lucky to still be working with the team from Nicira. It's a phenomenal team, we've got huge challenges, and so I think we're going to drive this to ground as much as we can.
We're going to move from SDN. We're going to start focusing on security, and I will be doing that for a while. Ten years, boy, I don't even know. That's kind of well beyond my speculation horizon.

Michael Howard
I threaten that I'll be retired by then, so that's what I think I'll be doing. Let's take some questions from the audience. Alan.

Alan Weissberger - IEEE
I'm Alan Weissberger from IEEE. First of all, I'm in humble awe of you running 15 ultramarathons. I've done 12 full marathons, and I'm quite proud of that. Michael asked you to explain the situation of SDN, NFV and service provider networks, and you mentioned not really what the challenge was, but what the problem is, the problem being that web hosting is a low-margin business, the customers are building overlay networks and carriers want a part of that business.
What's your opinion of whether or not they'll succeed, and what really are their obstacles in building a carrier cloud?

Martin Casado
That's a good question. NFV, I think at the most basic is just disaggregating the service from the box, and people have different ideas about what that service is. I see basically two camps. One camp is for big carrier, heavy gear that's sold by the likes of Ericsson and Nokia Siemens, I want to decouple that software and that hardware.
I think that's going to be a very difficult journey. I think the incentives aren't aligned correctly. I'm not sure there's a technical rationale for doing that. So when it comes to actually doing NFV for core carrier equipment, I don't buy this is going to actually happen. I could be wrong, but just from an industry standpoint, I just don't see the incentives aligned correctly.
Another way that you can view NFV is providing L4 through 7 services, things that are already virtualised and running in x86, so I'm going to offer security services, I'm going to offer load-balancing services. For that, I think that, A, this is already happening. I think the telcos are in a great position because they own the infrastructure to provide this. You hear about virtualisation of VPN using top solutions. I think all of that will happen.
I'm actually suggesting something even a little bit more radical. So, again, the NFV where you're trying to disaggregate the big hardware boxes. I'm not sure there's a technical justification. There's a market justification. I don't think there's a technical justification. I think it's going to be too difficult.
When it comes to kind of L4 through 7 services, these things are already on x86, virtualisation will happen. The carriers know how to provide these as a service. I think they'll be successful with that. I'm suggesting something even more radical, which is why don't you build an API and a platform that the guys that you typically have host have to use?
So instead of hosting BitTorrent or Netflix or whatever, have them program to your APIs. And so I'm not sure if anybody's talking about that but me, but I do think that that's the -- that's kind of to me what NFV should become.

Michael Howard
We have another question back here.

Jerry Caron - Current Analysis
Sure. Hi, this is Jerry Caron from Current Analysis, a disembodied voice from behind the podium.

Michael Howard
Stand up so Martin can see you.

Jerry Caron
I'm going to ask you sort of a commercial question as opposed to a technical question about relationship with Nicira and VMware. Obviously, good for the folks at Nicira, including yourself, financially, but is VMware really positioned well to be a network solutions provider? I said solutions, not network technology provider. It's a matter of credibility and position within both the enterprise and within the service provider.
I think my view and our view at Current Analysis is that VMware, as wonderful company as it is, has a long way to go in this space. So are you happy with the choice of VMware as your --

Martin Casado
Yes, so delighted. Actually, this has actually gone way better than I expected. So let me provide a little bit of colour. VMware has 500,000 customers. It has 40m virtual machines. Every one of those virtual machines has one port, at least one virtual port at least. The average is three, which means VMware probably has 120m virtual ports. Every time I look at this, 120m virtual ports. That's more ports, and these ports do forwarding, they do L2, they do ACLs, they do networking. They handle every single packet, every packet, that a VM sends and receives today.
So in some respects, VMware already is one of the largest networking companies on the planet. That's more ports or about as many ports as Cisco has physical access ports. So we're already doing networking. We're already handling every packet. We're already doing L2.
So the question is, how can I use that position, that leverage, that customer base, as a position to solve more networking problems in a more fundamental way? I think that you're right. If it came to VMware coming and running your physical infrastructure, that would be silly. We're not a physical infrastructure company, we're a software company. But if we're doing networking and software, there's no more important infrastructure software company on the planet.
We have more VMs, more virtual ports, more virtual networks than any other company. It's the natural place. Now, if we were like, you know what we're going to do, we're also going to go ahead and start managing your routers, that would be silly. But as long as I'm here, we won't do that.

Michael Howard
Do you have a follow on, Jerry? Was that a good answer for you?

Jerry Caron
[inaudible] whether it's going to work or not.

Martin Casado

Anthony Caruana - CSO Australia
Anthony Caruana, CSO Australia. As we abstract more functions out of our hardware towards software, aren't we making things potentially less secure? So as an example, Apple recently had their little embarrassing snafu with the SSL certificate thing in their desktop and mobile operating systems.
What if someone did something similar at a carrier or service provider?

Martin Casado
So, to me, if you move things from hardware to software, does it become less secure? There's a logical fallacy there, which is if you're doing the same amount of functionality, you have the same amount of complexity. So there's never been a piece of software ever that has not run on hardware, ever. Right?

Michael Howard
I was going to say that.

Martin Casado
So everything is some combination of software and hardware, right? Now, you can fix some functionality in hardware, and that doesn't mean it doesn't have bugs. There's been hardware with bugs and vulnerability. The reason that you would consider it more secure is because it's so limited in what it can do. So you're basically saying, our system shouldn't have any complexity and should be limited in functionality to make them more secure.
So if you follow your argument down, you're basically saying, hardware is more secure not because of -- it's still Turing complete, it's still a programming model, it's still gates. But we do formal verification because it's got such limited functionality. We could do the exact same thing with software.
The reason software tends to have more bugs is because we put a lot more functionality in it. So, yes, we need to focus on software security, but that's the majority of all functions on the entire Internet and every application we do today, and fortunately, we have great paradigms for dealing with that. So it's a very important thing to focus on.
Yes, as you add complexity, absolutely, whether that complexity is in hardware or in software, you have to be able to manage that complexity. But I think it's a fallacious argument to be like, this is a hardware versus software thing. It's a functionality thing.

Anthony Caruana, CSO Magazine Australia
My argument would be that software makes [inaudible] and increases the capacity. We compound our errors because we don't catch them fast enough.

Martin Casado
Exactly, so yes, no, no. So you're saying systems that we evolve quickly and have a lot of functionality are more complex and therefore less secure. Therefore, we should have simpler systems that we don't evolve a lot. Being someone that loves to innovate and loves to evolve high-functional systems.

Anthony Caruana
The [inaudible]. Aren't we making it inherently easy to be less secure?

Martin Casado
What I would say is, I would say whether it's in software or whether it's in hardware, I think you should have a root of trust that's formally verified. I think it should be in software, because if there's a bug, I want to be able to fix it on the fly instead of shipping a new box, so I think software is actually inherently more secure for exactly that reason.
So here's what I would like to do. When you get your hypervisor from me, there's a stack there that's 10,000 lines that I've formally verified that gives you a root of trust. It will use hardware TPM and it will give you a root of trust. And then if you care about very secure things, you use that root of trust to build your very secure things, and if you don't use very secure things, you can do whatever the hell you want.
And that way, you as a customer or as an application provider, can decide which path you're taking. Am I taking the crazy develop like wild, maybe be insecure, or I'm taking the I'm going to use an existing root of trust and use formal methods to extend that? But the only way I think you can actually do this is with software, because it gives you that type of flexibility and those options. I think that's a very important point you're raising. I think we need to all be cognizant of the fact that, as we're at a dead run, building these systems, they can have security issues as part of them, but we know how to manage this stuff, and we just need to be cognizant to do it. Thanks for bringing up that question. I think it's a great question.

Michael Howard
So I had a similar question, and that may be the answer, but how do you secure the Goldilocks zone?

Martin Casado
So I don't believe in perfect security. I'm not a Pollyanna. I always think of it like this, so this morning, when I made my bed. So you get up and you make your bed and you're putting your blanket on. There's always that last bump, and you then you take that bump, and instead of getting rid of the bump, you kind of move it over to the wall, it looks nice by the wall, or you move it over the pillow. So I think this is a lot of security. I don't think you get rid of security vulnerabilities. You just move it to a place that you know how to protect. You kind of move that bump somewhere.
And so I think in the case of the Goldilocks zone, you can move security to a set of code that you can formally verify or you can use attestation and TPM, but at least you know where it is. It's tantamount to being like, I'm going to put all my valuables in this closet, and I know where to put the guard, the guy with the gun, right? And so I do think that now you know what your assumptions are, now you know what it is. And so it's not to say that this isn't vulnerable, but you apply known techniques to it.
And I also believe very much in defence in depth, meaning I wouldn’t say this is the only way to do this. I'd just say it's a very important layer. I hope that metaphor wasn't too outlandish.

Michael Howard
That was good. We have Goldilocks, Jack and Beanstalk, elephants and mice and the bed, making the bed. Could you say your name and organisation?

Solange Belkhayat-Fuchs, CNIS Magazine; Solutions & Logiciels
My name is Solange Belkhayat-Fuchs. I work for a French magazine. We met in September.

Martin Casado
I remember.

From the floor
Is your work not sooner or later fighting against Cisco all the time?

Martin Casado
Listen, I love narratives and stories, and that's why I do things like Goldilocks zone, and I love it. And everybody loves a David and Goliath story. They do, and when you're a startup, you want to galvanise the way people think, so when you're a startup, you're kind of like, this is the enemy, screw them! You do that, but let's be honest. The reality is, Cisco builds physical gear. They build great physical gear. We build software at the edge, and we build great software at the edge, and there's no reason why there isn't this great joint world together.
There are some pieces of overlap, but they're actually incredibly small. I'll give you an example. Many of the deals that we've sold lately are based on functionality that Cisco could never do in an ASIC. It's stuff that's done in software on the edge with the aid of the hypervisor. Now, you can still have Cisco physical gear and you can still have the software that we've done. There's no real overlap, because they don't have the functionality, and we'd be best friends.
And I just think that much of this kind of Cisco versus VMware is me early on, but then also it's just kind of this nice narrative for everybody to talk about and write about.

Michael Howard
Yin and yang?

Martin Casado
Well, not yin and yang. I actually think people like the David and Goliath as a narrative. I like it, but I think the reality is just that's actually not the case. Seventy percent of our deployments have Cisco physical infrastructure.

Michael Howard
Next question. I have more, but I'd rather have

From the floor
Martin, [inaudible]. Did you have any commitment on Oracle's [OECA]? Oracle recently announced a product focused on the x86. That means Oracle bought your [plan].

Martin Casado
Sorry, I'm having a hard time. I think I heard that Oracle and OCE.

From the floor
Oracle announced that --

Martin Casado
Well, maybe the short answer is, I've never heard of Oracle OCE, so I probably don't have an informed opinion.

From the floor
Oracle bought your compute [appliance], that machine focused on the x86 market.

Martin Casado
Oh, okay, I see.

From the floor
So that competes with VMware.

Martin Casado
So I'm not familiar with this existing one, but I think it's indicative of what I think is the battle of the titans. We talk about SDN and network virtualisation, but honestly, the reality is, there's this battle that's much bigger than that going on, and it's the battle for IT. The battle is this. You've got people that want to sell you hardware, and their margin model is ASICs. And they will sell you converged infrastructure, and they will argue why their ASICs are good, right? This is why a lot of the execs from these companies walk around with chips in their pockets.
These are the hardware guys. They're bringing back the mainframe, and you know who they are. The next battle is for the software guys. We're like, you know what? Hardware should be general purpose, because we're good computer scientists. You need layering, you need decoupling, and functionality should be in software. You can evolve it quicker, you've got better semantics and I know how to program.
So you've got the hardware guys that walk around with chips in their pockets. You've got the software guys that say that hardware should be basic and functionality should be in the software.
And then you've got the service guys. They say, you know what? Forget hardware, forget software. Your network of the future is an Internet connection, and your IT of the future is a service that I'm going to provide to you. And this is the Googles -- and this is the battle that's actually shaping out.
You're already seeing like the sides, the messaging, become very, very clear. Cisco's ACI announcement, they basically say, our value is policy, which is the highest layer you can get, and we tie it down to an ASIC, which is the lowest layer you can get. The messaging is basically bookends, right?
They're like, policy, all the way down to the ASIC, that's what we're providing, right? VMware, where I come from, we're like, it's all software, SDVC all the time. And then Amazon is that -- and all discussions and dialogs are in this broad framework. So I'm sure Oracle announced something. My guess is it has to do with converged infrastructure. I don't know anything about it. Certainly, other people are doing the same thing, and it's because everybody's positioned themselves along this.
My guess is what's going to win are the latter two. It's going to be some combination of the latter two. Probably, the SMB is going to go to the cloud, and people that differentiate infrastructure are going to use software, because software is fundamentally more powerful. We have 50 years of computer science of software kicking the crap out of hardware. This is a natural law.
Darwin has already spoken. We just have to wait for it to happen. There you go.

Michael Howard
That answered my other three questions. [Manek]?

From the floor
I was just going to say, if you're ready to wind up and move on?

Michael Howard
Oh, here we go.

Viral Vimawala - Spirent
Hi, Martin. This is Viral Vimawala from Spirent. Now that we know that there's a lot of intelligence towards the edge and we're talking about all these services residing on the edge, this brings the controller becomes a key piece. Can you speak a bit about the failover scenarios and what happens in case of a controller fails and how do we handle that?

Martin Casado
So I haven't talked anything about decoupling control plane and data plane. I've only said that functionality is going into software at the edge. Let's take for example a web data centre, one that's serving search or an online auction site. That's an overlay. It's an HTTP overlay. Security is being done in the web server or in the application. Load balancing is being done in a load balancer. Discovery is being handled by probably some naming service built on top of it.
So all of the things that you could put in the network are being written in the application, they're being re-implemented in a distributed way and they're running on x86. So if I take a traditional enterprise data centre and I compare it to just the web data centre, the web data centre is much better. And there's no basic functionality that it can't do that this one can do.
So my macro point is that moving functionality to the software on the edge is good, not that you should centralise the control plane, right? That said, to me, SDN has never been about centralising the control plane. It's been decoupling the distribution model of the control plane, right?
So I could have a whole bunch of networking gear and fewer boxes running the control plane, but it's still distributed. And distributed systems scale to the largest data centres on the planet, because that's how we build them, and so it has all the properties of a proper distributed system if you build it right. So, for example, the one that we build does have a decoupled control plane. It's a proper cluster that can handle arbitrary nonmajority failures. Way more redundancy than you would find in a typical network. Way more.

Michael Howard
I'll just take the last last question, and that is, a lot of times in the industry, we refer to x86, but really there's MIPS and ARM. There's other ISAs, so it really doesn't matter, as long as you can port all of the --

Martin Casado
Yes, yes, and so I use x86 as kind of like the whole Xerox thing. The important thing to me is decoupling. Why? Because Darwin needs decoupling. So decouple layers, and then you'll have a food fight in every layer, and the result is that the customer gets better innovation and gets cheaper stuff? I mean, if you tie layers together, then you innovate at the slowest layer, and one person provides sourcing for all of them, which is just an unhealthy market. The more decoupling you do -- so we should decouple at the CPU instruction layer. We should decouple at the hardware infrastructure layer. We should decouple at the different software layers, as well. And then, that way, all of these layers have competition.

Michael Howard

Martin Casado
Anti-lock-in, but I would say different. I would say pro innovation.

Michael Howard
That's better. Okay, well, I'd say thanks so much.

Martin Casado
Thank you. Appreciate it, guys.

valorar este articulo:
Your rating: None

Post new comment

Datos Comentario
The content of this field is kept private and will not be shown publicly.
Datos Comentario
Datos Comentario