LAS VEGAS -- SDN security, use cases and network virtualization were the major trends discussed during this year's...
During the session, "The Great Debate: Overlays versus OpenFlow," Adam Johnson, general manager at Midokura, broke down the evolution of network virtualization from the initial use of virtual local area networks, which had scalability problems, to the development of OpenFlow, which gave access to the forwarding plane of the network, but also falls somewhat short. He pointed to virtual network overlays as the answer, saying they allow engineers to use encapsulation to run everything over virtual tunnels.
Johnson concluded his session by saying the future of network virtualization includes getting more out of the physical network without having to rip and replace existing infrastructure. Overlays offer the chance to both centralize information on the network, and bridge physical and virtual infrastructures.
Customers move past SDN hype
During an SDN perspectives panel, Chris Lauwers, vice chair at the Unified Communications Interoperability Form UC SDN Task Group; Ravi Rao, principal program manager lead at Microsoft; and Sarwar Raza, director of cloud networking and SDN at Hewlett-Packard (HP), discussed the move to practical deployments of SDN.
Overall, there is a significant improvement in how organizations are starting to view SDN.
Customers are moving past the SDN hype and beginning to ask vendors specifically what problems the technology can solve, Raza said.
Lauwers pointed out, however, that vendors -- and their technology -- may not be completely ready with the answers.
"There have not been a lot of indicators that SDN is ready to take on a bigger role," Lauwers said. "The SDN community has done a poor job of articulating the real value of SDN in managing networks."
However, during a panel on Wednesday, a number of companies developing SDN applications presented their projects during a session titled, "It's All About Applications -- SDN Apps and Use Cases". The panel was presented by HP, whose open SDN ecosystem and app store were the basis for the apps discussed. Among them were BlueCat's DNS security application, F5 Networks' DDoS Umbrella, Guardicore's The Active HoneyPot, and Radware's Defense Flow.
"[SDN gives] intelligence and accuracy for security," said Radware's Lior Cohen, director of cloud and SDN solutions. "It lowers the false negatives. The conversation is shifting from speeds and feeds to, 'This is the value I offer throughout the network … and this is how I can improve security posture and QoS [quality of service].'"
Security pushes network virtualization mainstream
During a keynote session on Thursday, Martin Casado, chief technology officer of networking and security at VMware, expanded on his security "Goldilocks zone" theory, saying that hypervisors that virtualize the compute, networking and storage tiers provide a unique platform for enforcing security policies. During a media briefing, Casado explained that security spending is outpacing all other IT spending, but security losses still overshadow security spending.
"There's an architectural issue -- something's technically wrong," he said. "If you look at the data center, there's no ubiquitous security layer that provides context and isolation."
There are two approaches today to protecting data, he explained: controls at the endpoint devices, or policies in the infrastructure. However, there's an opportunity to make a new security layer that runs through the hypervisor, which would combine the context of end-user devices with the policy-enforcement capabilities of the underlying hardware.
"It's another chance to change the industry," Casado said. "Security products will suck less with a 'Goldilocks' zone."
For network virtualization as a whole, the focus is shifting from dexterity to security, Casado continued.
"The original use case and the reason for most adoption was agility." However, security is becoming a compelling use case, as well, "which is cool and causing the market to mature," Casado said. With regard to security, "no one wants to be targeted," he concluded. "It's pushing network virtualization into the mainstream."