Advanced Computing in the Age of AI | Monday, July 15, 2024

Cisco Counters OpenFlow SDN With OpFlex, Updates Nexus Switches 

Cisco Systems has taken a different approach to software-defined networking, by baking some of its features into its Nexus switching hardware to combat OpenFlow and more generic switches with what the company will contend is better engineering. And, as you might expect, with that new switching hardware comes a new protocol, called OpFlex, which Cisco divulged at the Interop conference this week.

The company also previewed new modular and top-of-rack switches in the Nexus line to push 40 Gb/sec networking deeper into the datacenter.

In a blog post by Shashi Kiran, senior director of datacenter, cloud, and open networking at Cisco, explained that the OpFlex protocol for SDN was meant to parallel the distributed control that Cisco has put into its Application Centric Infrastructure (ACI) architecture for switches. With ACI, the idea is to have Application Policy Infrastructure Controller (APIC) embedded in the devices and then have a policy manager talk to physical and virtual switches, routers, and network applications running up in Layers 4 through 7 of the network stack to determine their bandwidth needs and get them from a pool of bandwidth available on the network.

Instead of having data forwarding done by a central controller, as is done with OpenFlow setups and, indeed, with Google's "Andromeda" SDN stack, which it uses internally and which it has just exposed on two regions in its Cloud Platform public cloud, the APIC approach puts intelligence in all of the network devices and makes them aware of the application-level policies that are managed by APIC. The policies are centralized, but the control plane is not, in essence.


Cisco says that with other SDN approaches, whether they are based on OpenFlow or other proprietary methods, the network devices are dumbed down and all control is done centrally. That means that the network is bottlenecked by the capacity of that controller to update forwarding tables to shift traffic on all of the devices on the network.

While Cisco may have 65 percent market share or so in datacenter switching, the company knows that it needs to interoperate with other switching and routing gear and, perhaps more importantly, a slew of network software providers, cloud controllers, hypervisors, virtual switches, and so on that are spread around the datacenter. That is what the OpFlex protocol is all about. Technically speaking, this is a southbound protocol, which will link the APIC controller built into Cisco's Nexus switches and allow for these devices to provide policy control for physical and virtual switches, routers, and network services that are not made by Cisco.

To that end, Cisco is submitting the OpFlex protocol to the IETF standardization process, and is working on an open source OpFlex agent that vendors can embed into their devices and software so they can take their marching orders from an APIC-enabled box. Microsoft, IBM, Citrix Systems, and SunGard Availability Services have all been working with Cisco on the OpFlex standard. Microsoft, Citrix, Red Hat, and Canonical plan to add support for OpFlex into their virtual switches (which get tucked up inside of hypervisors), and IBM, F5 Networks, Embrane, and AVI networks are all currently planning to embed this OpFlex agent into their various products, too. Cisco is also working with the OpenDaylight open source SDN project to get OpFlex embedded in the future "Helium" release of that stack.

The OpFlex protocol is currently supported on the Nexus 1000V virtual switch, the Nexus 7000 and 9000 switches, and the ASR 9000 routers from Cisco.

In related Nexus switching news, Cisco has rolled out two new modular switch enclosures and one new line card in the Nexus 9000 line. The Nexus 9000, you will recall, was the first switch to have support for the APIC built in when it was announced last November. At the time, Cisco was shipping an eight-slot chassis, the Nexus 9508.

The top-end Nexus 9516 is a 21U rack chassis that has room for sixteen line cards. The Nexus 8516 uses a mix of Cisco's homegrown ACI Leaf Engine (ALE) and ACI Spine Engine (ACE) custom ASICs as well as Trident-II ASICs from Broadcom. The line card has two or four ASICs each, and Cisco is being cagey about the mix; it has 36 ports running at 40 Gb/sec. Cisco wants to make it easier to go to 40 Gb/sec at the aggregation layer without having to use oversubscription, and that is why this line card only costs $45,000. That is less than 1.5X the cost of a 10 Gb/sec line card. (That may say more about Cisco's 10 Gb/sec pricing than it does about its 40 Gb/sec pricing, of course.) Loaded up, the Nexus 9516 has 60 Tb/sec of aggregate switching bandwidth and has a total of 576 ports running at 40 Gb/sec. With cable splitters, you can convert that to 2,304 ports running at 10 Gb/sec speeds. The switch consumes 11 watts per 40 Gb/sec port, which is a little bit on the warm side. The Nexus 9516 will ship in the middle of the year; pricing for the chassis was not set yet.

At the low end, Cisco has delivered the expected Nexus 9504 modular switch, which uses the existing 10 Gb/sec line card as well as the new 40 Gb/sec one mentioned above. As the name suggests, this 7U enclosure has room for four line cards, which gives either 144 ports running at 40 Gb/sec or 576 ports running at 10 Gb/sec. In this device, a 40 Gb/sec port will average 14 watts of power. The line cards use the same mix of Cisco and Broadcom ASICs. The 9504 will be available this month.

But wait. There's one more thing. Around the middle of this year, Cisco will ship the Nexus 3164Q, a new switch that will cram 64 ports in a 2U fixed form factor. Those ports will run at 40 Gb/sec, and with cable splitters you can have 256 ports running at 10 Gb/sec speeds.

The Nexus 3146Q is based on Broadcom's Trident-II ASIC and delivers 5.12 Tb/sec of aggregate switching bandwidth; it is also based on the streamlined variant of the NX-OS network operating system that debuted last fall with the Nexus 9000 and it supports Linux containers for network function virtualization (NFV), which is just a funky way of saying running network services that are normally on an external appliance inside of a virtual machine or container on the switch. The switch has a 48 MB buffer and customers will be able to start ordering it soon. Cisco has not yet set prices for it. The Nexus 3146Q does not have support for ACI and cannot be used as an APIC in the network. Presumably, however, Cisco will have support for its own OpFlex agent in the device at some point.