back to article Cisco says network virtualisation won't pay off everywhere

Cisco has published an interesting white paper in which it appears to suggest network virtualisation can produce unpleasant and productivity-crimping consequences. “Virtualization is not a new concept but it is now being applied to network functions such as those in switches, routers, and the myriad network appliances deployed …

  1. dan1980
    Holmes

    Taking the statement at face value, Cisco are correct but it should be generalised to the entirety of IT, which is to say that no product or technology or solution is going to be the best fit for everyone, across the board, regardless of situation, no matter how 'hot' it is or how buzzword-filled the marketing or lavish and breathless the presentations.

    Or, in other words: "duh".

    1. Preston Munchensonton
      Boffin

      Reading the other comments demonstrates how obviously few people are getting dan1980's point. You have to have the right tool for the job. All flavors of SDN (including NSX) have areas of import where no one will be able to dispute their utility. But there are plenty of instances where SDN simply doesn't make sense because the requirements of the project don't line up for SDN. All of which is perfectly fine and dandy, since IT comes in many sizes and flavors and there's certainly not a one-size-fits-all solution available.

      I tell my clients all the time: Too many IT vendors are looking to sell you a bill of materials and a statement of work, but can't be bothered to help you find a solution. Silly me for thinking that I'm supposed to help with solutions and not just sell kit and services.

  2. GitMeMyShootinIrons

    Of course Cisco would be lukewarm about network virtualisation.

    In the same way as turkeys tend to be a bit lukewarm about Christmas.

    At the end of the day, it's all about the right tool for the right job. Would you put a monster Cisco Nexus switch in a small village post office? Of course not.

    1. Anonymous Coward
      Anonymous Coward

      Re: Of course Cisco would be lukewarm about network virtualisation.

      Not seen a Nexus in a post office branch, but their partners and SEs recommended $5mil of high end CPE to be installed in shacks...

      http://arstechnica.com/tech-policy/2013/02/why-a-one-room-west-virginia-library-runs-a-20000-cisco-router/

      Anon, because W Virginian's doesn't take kindly to being characterized as dumb, they have guns and I live less than a gas tank's drive from them.

  3. Anonymous Coward
    Anonymous Coward

    For Cisco to go public and pour cold water on Network Virtualisation in this FUD manner...

    ...they must be really quite scared !!

    Think I'll go look at NSX in some more detail now.

    1. Anonymous Coward
      Anonymous Coward

      "For Cisco to go public and pour cold water on Network Virtualisation in this FUD manner...

      ...they must be really quite scared !!

      Think I'll go look at NSX in some more detail now."

      They are scared and they're damn right ! The huge milk cow which is Cisco hardware maintenance fees is going to dry out quickly, once NSX takes off, and there is no real SDN vision at Cisco to replace it.

      Definitely have a look at NSX. Now.

  4. Tokoloshe

    Cisco are probably right...for now at least.

    Like any true commentard I haven't read the Cisco whitepaper, but having seen VMware's CTO present on NSX a couple of times recently, I do have reservations.

    VMware would say that you simply move all your network workloads like firewalls onto NSX (so called NFV) and use cheaper 'white box' switches to tie it all together. Now some NSX supported virtualisation targets, Palo Alto Networks FWs for example, use expensive custom silicon like FPGAs (as well as x86 chips) in their appliances to deliver multi-gig FW/IPS throughput. The best that seems to be available in ESX/NSX for Palo Alto FWs is 1 gig FW with only 600Mbps of IPS, and that's using 4 cores.

    In short, if Palo Alto, or for that matter, any vendor using non-x86 silicon, could do multi-gig or 10G firewalling, IPS etc on commodity x86, rather than presumably more expensive custom ASICs/FPGAs, then wouldn't they be doing it already*? How many x86 cores (and corresponding ESX and NSX licences) will need to be thrown at network services that non-x86 silicon can do better, and maybe more cheaply?

    I don't care enough to do the maths...but there's presumably someone out there that has (thanks in advance!)

    *Check Point are tied to x86 and that (plus a large dose of incumbent complacency) is why the FPGA-based PAN FWs have been kicking their arse over the last few years.

    1. Trevor_Pott Gold badge

      Re: Cisco are probably right...for now at least.

      I have read Cisco's whitepaper. And various blogs. And talked to Cisco Champions and CCIEs on the subject. And used NSX, OpenDaylight and Juniper's amazeballs OpenFlow stuff. Cisco shouldn't be scared by software defined networking.

      They should be pissing themselves in heart-stopping almighty fucking terror.

    2. dan1980

      Re: Cisco are probably right...for now at least.

      @Tokoloshe

      One thing you have forgotten is the effort required to rewrite for a different platform, which can be a significant hurdle.

      There are two separate questions. The first is whether you go for SDN or not. The second, if you chose SDN, is x86 or FPGAs.

      There is really nothing to touch custom-designed ASICs for port speed. The problem is that they are expensive in the long run and very static, with a relatively long time to market for new features. Working from x86, you can pretty much do whatever the hell you want and implement whatever new features take your fancy well before ASIC-based devices can.

      Network virtualisation is pretty cool. The problem, so far, has generally been sub-par performance. This can be seen in the admonitions to link VMs to physical NICs one-to-one for best performance, rather than connecting them to the hyper-visor's virtual switch.

      Anyone doing the latter is using virtual networking and already knows that it's very handy indeed.

      1. Tokoloshe

        Re: Cisco are probably right...for now at least.

        FWIW, my future view of SDN is of a hardware independent, white-with-rainbows box networking utopia :)

        I was questioning VMware's approach of NFV on x86 for east-west workloads, which looks great on a marketing slide, but would seem compromised by performance and/or cost, to my jaded, though admittedly myopic, eyes. To that end, and based on what *supported* SDN technology is available currently to the mere mortal sys admins, I would say that the article title is correct, but won't be continue to be so.

        In summary, I don't think either VMware or Cisco's SDN land grab will succeed...both will get disrupted into IT history.

  5. M. B.

    The funny thing is...

    ...most partners aren't even allowed to sell NSX services or support yet. We're a large regional Premier partner and we're only just starting to get our partner briefings and there is some talk of training plans in the next 6 months. We're considering coupling NSX with Brocade VCS for a large data center build but yet we still have to wait our turn. Only select nationals with PSAs are actually permitted to sell the NSX product and services around it. So most people who say they've worked with it are full of shit, at least around these parts.

    VMware is playing this really close to their chest right now, way too close to tell what impact this is going to have on the industry. Everything is pure speculation at this point. There is one large client that was looking for a significant amount of work to be done on their freshly implemented NSX environment around scripting and monitoring that is currently unfilled simply because no one knows the product yet.

    @Tokoloshe: We're expecting that, based on what our PSE discussed. Some things are best left to ASICs, and when we pushed for more details around that statement and the impact of extensive ACLs and routing and load balancing configurations we didn't get very far.

    1. Anonymous Coward
      Anonymous Coward

      Re: The funny thing is...

      NSX implements software VTEP in the hypervisor while also working with HW VTEP capabilities in all switch vendors who choose to implement HW VTEP capability in conjunction with a control plane protocol (OVS-DB). I believe the only vendor who has chosen not to implement interoperability with NSX is Cisco, and really, the only piece they are missing is the control plane protocol between their HW and the NSX Controller. Switching, Routing, and FW services in Hypervisor only makes sense as any network IO between VM's running on the same HW get an "in hypervisor" IO path vs having to sling packets all the way to the core just to make a simple L3 decision. As far as ASICS and FPGA's - All still needed for NICS, network switches and routers providing a high performance data center network, but all the additional network functions such as VPN, DHCP, Load Balancing can now be virtualized (network function virtualization) by either using X86 capability and/or extending in NSX partner ecosystem hardware or software solutions. At the end of the day, the power of any network virtualization technology is the power to orchestrate the creation of network constructs via an API... Creating new L2 and L3 logical networks in a matter of seconds vs CLI interfaces touching many boxes. Certainly Cisco regards NSX as a competitive threat, but they have had 20 years in this game and never changed the "status quo" until challenged. Ironically, the bigger challenge has been largely ignored and that is the development of merchant silicon with solutions such as the Broadcom Tridant chipsets. Merchant silicon lowered the cost of networking gear and making it easier for new hw vendors to be cost and performance competitive. Network virtualization simplifies physical network topologies (L3 data center networks) and moves operational aspects of network consumption (logical L2-L7 services) to an API.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like