Web-scale companies like Facebook and Google talk a lot about how they're revolutionizing their data centers by deploying software-defined networking, but when it comes to enterprise SDN deployments, the stories are few. That's for good reason: Enterprises grapple with resource limitations, legacy applications, and ingrained cultures where it's not so easy to make radical changes.
At the Open Networking Summit Thursday, a panel of enterprise infrastructure leaders talked about the challenges they face in implementing SDN.
"When you operate in a large organization, the bureaucracy is astounding," said Bryan Larish, technical director of enterprise connectivity and specialized IT services at the National Security Agency. "The technology is the easy part, it's how do we change the culture and affect this massive machinery to move it in a new direction."
The innovation challenge
Vesko Pehlivanov, VP of technology services and strategy team at Credit Suisse, said the firm has been under constant pressure to dramatically increase efficiency, reduce costs, and implement the kind of innovations the web-scale companies do while facing the challenges of legacy applications in a legacy environment.
"In a large enterprise organization, change is the enemy. At end of the day, the network doesn't deliver value to developers. Few developers want to have anything to do with it," he said.
"The network is a supporting function for the higher layers, which means a network transformation for us has to be driven by a wider cloud transformation."
Building networks for a new cloud model requires automation for scalability and efficiency, but also introduces risks, Pehlivanov said. Unlike the web-scale companies and cloud providers, his company doesn't develop a lot of new applications. "We have to carry a lot of existing systems with us. We can't just innovate," he said. "We can't build new systems completely in isolation."
Moreover, Credit Suisse doesn't have the engineering resources that big Internet companies have and is heavily regulated and network security in its private cloud must be extended to the public cloud. "We have to figure out a way to build extensible networks. It's not something we have done previously and not something you can just buy off the shelf....It's new to us, new to the industry and doesn't fit in our traditional skills."
Colin Constable, technology strategist at Deutsche Bank Labs, said that at a bank you either save money or make money. In networking, saving money means less cables, so he looks for use cases that require fewer of them. "For me, SDN is a way of virtualizing cables," he said.
Fast vs. safe
Network operators trust the CLI, but the series of approvals it requires to make changes is time consuming. Constable challenged the networking industry to focus less on features and more on autonomy. "The network should be a solid foundation that never goes wrong," he said.
SDN holds the promise of fewer commands and more autonomy for devices that are too complicated, he said. "I bet no one has had fun running networks. But that's a challenge to the industry. SDN is a tool for the industry to make it fun to run a network. That's where the industry needs to go."
Constable noted later that large enterprises tend to be risk adverse, which leads to "analysis paralysis." In comparison, companies like Google and Facebook are far less risk adverse. At the same time, a Facebook page error isn't going to affect customers the same as something going wrong with a bank account, he added.
Richard Kaufmann, VP of the infrastructure group at Samsung SDS, agreed that network automation is essential, but also noted that SDN needs to play well with legacy systems and be secure, without adding cost to the virtual infrastructure. "We need to show SDN security is at least as good as VLAN security," he said.
Progress, but slowly
Despite the obstacles, the NSA is deploying some SDN in its campus and data centers, Larish said. The agency made a strategic decision that centralization via OpenFlow was key, he said.
"The reason for this is control. We need as an enterprise to be able to control our network, predictably and efficiently to make it secure," Larish said. "OpenFlow centralized control seemed like the only viable way to do this."
Last year, the agency deployed SDN in a small area on the campus network his team uses. It's taken a year to expand that deployment. "The culture has not been to embrace change. It's been a year of fighting governmental processes and culture to get the technology deployed," he said.
Soon, the NSA will extend its SDN efforts into the WAN, Larish said. Pehlivanov said software-defined WAN technology is an easier SDN use case to implement, but also builds "islands of policy."
Still, enterprises are moving slowly in the right direction. "At the end of the day, SDN for most enterprises is about choice and opening up the industry," Pehlivanov said. "We need to be able to choose hardware and choose software."