Cisco Offers OpFlex as OpenFlow Alternative
Cisco last week announced a new open, standards-based network communication protocol called OpFlex as part of its Application Centric Infrastructure (ACI) architecture.
Cisco defines ACI as a holistic architecture enabling network component programmability through centralized automation and dynamic, application-driven network policy models.
OpFlex basically serves as an alternative to OpenFlow, the control communications protocol used extensively in the traditional software-defined networking (SDN) approach. ACI can be viewed as an SDN alternative, though it does incorporate some aspects of SDN. While traditional SDN involves an intelligent control plane pushing out instructions to network components, ACI favors more intelligent components that self-configure according to abstract policies pushed out by a Cisco Application Policy Infrastructure Controller (APIC). OpFlex is the communication protocol used to distribute policies and other information.
Cisco said it has proposed OpFlex as an open, standards-based protocol and has submitted it to the Internet Engineering Task Force (IETF) for official standardization. The protocol was co-authored by Citrix, IBM, Microsoft and Sungard Availability Services. The company said it's also working with the OpenDaylight open source SDN controller project of the Linux Foundation to develop a 100-percent open source, policy model compatible with ACI and an accompanying ACI reference architecture. Cisco said OpenDaylight will feature an ACI-compatible policy model in the project's upcoming Helium release.
"OpFlex will enable leading hypervisors, switches and network services (layer 4-layer 7) to self-configure driven by application policy," Cisco said in a news release. "Industry partners adopting the OpFlex technology include leading hypervisor and software vendors such as Canonical, Citrix, Microsoft and Red Hat, which will jointly support OpFlex-enabled virtual switches and extend the Cisco ACI policy framework in their virtual environments."
Along with the APIC controller and OpFlex protocol, the ACI architecture is composed of the company's Nexus 9000 switching platform -- running an optimized version of the company's NX-OS network operating system -- and Application Network Profiles used to define application requirements and any application dependencies on the underlying network infrastructure.
Cisco executive Shashi Kiran in a blog post contrasted the traditional SDN "imperative" approach with ACI's "declarative" approach. "Traditional SDN models today function on the basis of an imperative control model with a centralized controller and distributed network entities that support the lowest common denominator feature set across vendors such as bridges, ports and tunnels," he said, adding that the controller can become a performance bottleneck as the network scales in size.
"If we contrast that with the vision of the ACI model with [APIC], ACI adopts a declarative management approach," Kiran said. "This model abstracts applications, operations and infrastructure providing simplification and agility. By distributing complexity to the edges, it also increases better scalability, and allows for resiliency -- that is, the data forwarding can still continue to happen even if there is no controller. It further provides ease of use with self-documenting policies automatically deployed or cleaned up from devices as necessary. All of these help circumvent the issues seen in traditional SDN models."
Cisco often likens the OpFlex philosophy of network control to how an airport works, with air traffic controllers telling pilots which runway to use for take-off and when, leaving the details on how to do so up to the pilots.
OpFlex, Kiran explained, was developed to enable the declarative model to work in a multi-vendor environment by translating and mapping policy definitions into the infrastructure. "There has hitherto been no standard protocol to do that across physical/virtual switches, routers and L4-L7 network services," he said, so OpFlex was created.
In addition to the Nexus 9000 switches, Cisco plans to support OpFlex with other components, such as the Nexus 1000V, ASR 9000 Series and Nexus 7000 Series switches, Adaptive Security Appliances (ASA) and the Sourcefire security solutions.
David Ramel is an editor and writer for Converge360.