Abstracting the Network - NFD8

Going into Networking Field Day 8 (NFD8) I really didn’t have a solid view or opinion about SDN, Network Virtualization (NV) and all the talk about controllers, VxLAN, etc... I had mixed feeling on how as a network engineer my day-to-day job would change.  Leaving NFD, I have to say, I'm pretty excited to see where networking is going.

What impressed me was how these solutions actually simplified the network instead of driving complexity.  Even though each vendor has their own spin on SDN there was one common theme I heard from each company, network abstraction.

NOTE: I will keep this as simple as possible to give everyone my view of the technology. Future post will go into more detail of the vendors products. As always I value feedback and discussion as this is a subject Im just starting to get familiar with.

Abstract the Network 

I have a firm belief the networking field is on the same trend as servers when virtualization joined the party. Server virtualization abstracted the server from the constraints of physical hardware and introduced a ton of flexibility and power into the datacenter.

Networks currently are rigid and require complex technologies and configurations to provide the flexibility needed in the datacenter. The common theme from each of the vendors at NFD8 was to build the network so that is can get out of the way of the applications.

Each vendors approach at this varies, but all of them are centralizing network operations into a controller. The controller is where the magic is and will manage everything from provisioning physical leaf/spine nodes, to port configuration similar to how a Cisco Nexus FEX is controlled by a Nexus 5000. Im also optimistic controllers will soon make my coffee and fill out my time-sheets but I don't see that on anyone's roadmap...

Great Ryan, So where is all this network abstraction stuff you are talking about? Calm down I'm getting there...

Currently networks require manual configuration and changes such as VLAN provision, routing and security policies. Even worse these changes usually need to be propagated to a large number of network devices to support the application from any location. Remember server abstraction now allows the server and application to reside anywhere within the datacenters. The network needs to start doing the same.

So what are these vendors doing different?

The approach I saw from the vendors was to setup the physical network as generic as possible. Then abstract the network function from the hardware and attaching it to applications or services. This is done with policies or application containers. Think of UCS services profiles but for VLANS, routes and firewall rules.

Each vendor is using policies or application containers to control the network flow of each server or application. Similar to VRFs, servers are provided a network port that is tied to a specific policy.  The controller then manages routing, traffic flow, and security services through the policy.

Policies introduce tons of flexibility into the network as each policy is attached to groups of servers so the network policy moves with the servers. Policies also allow the controller to directly manage routing and security. These policies are applied by the control once the traffic hits the network instead of funneling your traffic through a router or firewall to control traffic flow.

For a better explanation of policies and how they will be incorporated into the network check out these two NFD8 videos from Cisco and Nuage Networks. And of course check out all the NFD8 videos for a great view of whats to come!

Defining Applications Using Policy with Cisco ACI from Stephen Foskett on Vimeo.

Nuage Networks Application View of Networking from Stephen Foskett on Vimeo.

Disclaimer: Both Cisco and Nuage Networks were sponsors of Network Field Day 8. They indirectly covered my costs to attend. However, I am under no obligation to write about any of the presenters.


  1. I don't know deeply knowledge about this topic, but i know few concept like, Single link interstate data movement over 70 TB/day is the norm in our environment with local data movement being much larger. Being one of the most data intensive labs with immense scrutiny for data integrity means that we experience and notice failures in tools that other user communities either donʼt see or donʼt care about. thanks read more info at: cloudwedge. thanks

  2. Thanks for this writeup, Ryan! We were so honored to have you and the rest of the NFD8 crew over to Nuage Networks (Twitter: @nuagenetworks). It was a great discussion.



Note: Only a member of this blog may post a comment.