It's been an interesting couple of months in early 2015 for OpenDaylight, the open source software project overseen by the Linux Foundation and joined by a variety of legacy and startup technology vendors. Its members' efforts to create a standard stack to support SDN and NFV orchestration have hit a few snags, including an SDN security flaw identified in late 2014 and the setbacks of former Platinum and Gold Members Juniper Networks and VMware (respectively), both of which downgraded their involvement and are now Silver Members.
CloudRouter Project and a bridge from legacy to SDN infrastructure
All the same, the project is moving forward as its contributors work on ongoing efforts such as the CloudRouter Project, a secure software router designed for cloud interconnectivity as well as facilitating the transition from legacy and physical infrastructure to virtual and SDN successors. Assets such as dedicated servers are still the reality on the ground for many organizations, meaning that automation practices (including SDN orchestration and DevOps processes) cannot simply address virtual and cloud infrastructure and must instead take diverse infrastructure in the data center into account.
"[W]e hope to build a true open source community around the CloudRouter Project to really respond to industry demand for a secure, high-quality SDN and router distribution, something that's essentially non-existent today," said Jay Turner, CloudRouter Project Lead and Senior Director of DevOps at IIX. "As the industry moves to cloud computing, there needs to be a bridge from legacy architectures to SDN, hybrid clouds and data center-to-data center connections. To accelerate the development of this bridge, the CloudRouter Project will initially focus on performance and security."
Along these same lines, QualiSystems' CloudShell is helping carriers automate and orchestrate infrastructure, so that they can build DevOps processes to keep pace with their SDN and NFV network investments. CloudShell's object-based architecture and non-programmer friendly visual tools enable engineering, testing and Ops teams to build a similar "bimodal bridge" (as Gartner terms it) to more modern, automated and agile processes that unlock productivity and cost savings while progressing steadily towards continuous integration, continuous delivery and ultimately, continuous deployment.
The progress of CloudRouter Project and the rise of "NetOps"
The CloudRouter Project's emphasis on what Turner called "performance and security" is noteworthy, considering both the importance of security to SDN's general value proposition and OpenDaylight's particular history on this front. The Netdump flaw in OpenDaylight, discovered in 2014, was capable of compromising the project's controller. As with any SDN security issue, this one highlighted the danger of having some or all packet handling hijacked. The incident led to the creation of a dedicated security team within OpenDaylight. Open source projects have long struggled with security issues at scale, usually because of a lack of good reporting mechanisms and insufficient incentive to scrutinize code for possible exploits. The Heartbleed flaw in OpenSSL is a case in point. Luckily, Netdump didn't have as broad an impact since the technology isn't commonly use in production networks. Nonetheless, following Netdump, OpenDaylight redoubled its security efforts, a change that has benefited the development of the CloudRouter Project. The project now uses standards-based IPSec VPN, SSL or Layer 2 to Tunneling Protocol for secure connectivity, with the aim of allowing for secure network programmability for SDN, alongside a foundation for NFV.
"It's hard to predict the long-term impact of the CloudRouter Project."
OpenDaylight members have stressed the project's suitability for "NetOps," a wonky term that can be understood to mean DevOps for networks. More specifically, the integrated and secure stack supported by CloudRouter Project ideally allows for relatively straightforward deployment on a network of any size.
The key features of the CloudRouter Project include:
A beta version of the CloudRouter Project became available for download at the end of March 2015, with public backing from CloudBees, Cloudius, IIX and NGINX, as well as key stakeholders in both the Linux Foundation and OpenDaylight itself. It's worth remembering, though, that OpenDaylight is still a very new project (roughly two years old) and that it is often competing with alternative technologies promoted by its own members.
Accordingly, it's hard to predict the long-term impact that the CloudRouter Project will have as organizations make the hop from legacy network infrastructure to SDN and NFV and introduce cloud orchestrators. The relative retreat of Juniper Networks and VMware illustrates the challenges that OpenDaylight faces in the years ahead.
Moreover, ON.Lab's recent launch of the Open Networking Operating System could pose a direct challenge to OpenDaylight, considering that its technology and overall goals are somewhat similar. ON.Lab is looking to make white boxes carrier-grade while introducing an open source SDN OS for managing a network-wide control plane at scale. OpenDaylight still has an impressive vendor roster, but it will have to overcome competition from proprietary alternatives and other open source initiatives.
The takeaway: CloudRouter Project represents an important step forward for OpenDaylight as its contributors work on a virtual technology to bridge from existing legacy and physical network devices towards SDN and NFV orchestration. It supports DevOps innovation for networks through the use of best-of-breed open source technologies. At the same time, its impact could be limited, depending on whether OpenDaylight can maintain its momentum in the face of rivals like ONOS.