What is the most important development in networking, not just technology but in the broadest sense? What’s going to change, shape the future? It’s the emergence of “logical networking” as what’s essentially a new OSI layer. That single force is going to reshape everything, decide the fate of the new technologies, and define the role of network vendors, standards bodies, open-source projects, and how we think of applications. In particular, it’s going to redefine SD-WAN, and perhaps SDN too.
As I said in a prior blog, a logical network is a network that connects logical entities, not physical network service access points (NSAPs). In networking today, we typically build a network of subnetworks, with each subnetwork defining either a user community or an application hosting domain. Subnets live inside facilities, and they’re connected with a WAN which in theory might be a true private network (links and routers) or a virtual private network (virtual links combined with either real or virtual routers). The obvious problem is that what the network is supposed to connect are users and application components, which exist in real networks only as addresses. If something moves, the address process has to be altered explicitly.
A logical network is one where users and application components know each other by who/what they are, in effect by their logical name. All connections are made through logical names, and the mapping between logical names and underlying NSAPs is automatic and implicit, so it doesn’t complicate the life of the user. Logical networks, because they know who and what things are, can also apply policies directly based on identity, rather than having to work through how identities (which matter at the policy level) map to NSAPs (which are all the network knows about).
By definition, a logical network should be independent of the physical network and connectivity underlayment (or underlayments) used. That means that it represents a service-layer overlay on traditional network technology. Two technologies have emerged that can provide this, software-defined networking (SDN) and software-defined WAN (SD-WAN). The embodiment of logical networking is almost certainly going to end up being one of these, and the force of logical networking will reshape both of them.
In application/user terms, the great majority of SDN use today is in the data center, to create application subnetworks or tenant networks. Virtualization demand agile deployment without compromising component, application, and user connectivity, and the easiest way to do that is to frame applications in a unique subnetwork that lets internal connectivity be open and implicit, but requires explicit exposure for external connections. It’s easy to do this with SDN in any form, but the original SDN subnet-control technology (Nicira, now VMware NSX) was an overlay technology.
SD-WAN is also a form of overlay technology. The original SD-WAN mission was primarily to extend VPNs to sites that were too small to justify high-speed MPLS/BGP connectivity, so it combined VPNs with the Internet for those small, sparse, sites. Some SD-WAN providers have also focused on connecting multiple MPLS VPNs (managed services) or on dealing with sites in areas where even Internet broadband was likely not all that “broad” and thus need low overhead. Most now offer hosted (meaning software instances) versions of their technology, which lets it be deployed in the public cloud and facilitates the integration of cloud components.
Both these missions have some credibility, but they’re also fairly technologically basic, which means feature differentiation is complicated if you stay with the original goals. Not surprisingly, vendors have sought better differentiators. In the SDN space, Nokia/Nuage is focusing on an SDN model that lets users and applications into overlay subnetworks. Juniper likes multi-cloud. For SD-WAN, there’s a trend emerging to be “entity-aware” meaning to have the SD-WAN understand applications, services, and users. That’s the beginning of the logical-network future that I’m predicting, the trend that changes everything. What’s driving it? Market maturity, competitiveness (greed, if you like), and the great overarching issue of virtualization.
There is nothing technically magical about combining an Internet overlay VPN and an MPLS VPN, or doing overlay application subnetworks, or linking two or more MPLS networks together. This is particularly true when you consider that the network operators themselves can apply SDN/SD-WAN technology to do just that. Some (like Verizon) have already started. If SDN and SD-WAN are purely technical transport overlays, then the logical provider for them is the data center network or software vendor (for SDN) or the service provider (for SD-WAN). Once these guys get serious, which is when they see the money, which is already starting, they define the market and make transport-level connectivity features table stakes.
It is totally illogical to think that network virtualization, network-as-a-service, would develop an overlay network whose goal was to do exactly what the underlay network did. IP connectivity is already here, perhaps not perfectly but surely good enough for most users. To get a larger total addressable market (TAM) service providers and vendors need to look at what network virtualization and NaaS would really demand above basic connectivity. That’s the logical networking space.
In a report I published earlier this year, I outlined five things that a product would need in this new logical networking space. They were session awareness, explicit logical name support, application/service awareness, as-a-service or software-instance deployment option, and self-federating with respect to policies, namespaces, etc. A few vendors in the space support all of these now, most support some, and a few have nothing at all. The “market”, meaning the media/analyst space, hasn’t yet awaked to all of these points as elements in “logical networking” and some of them aren’t recognized as a part of any particular tech trend. That’s going to change.
There’s no question that virtualization is the prime driver of change from a technical perspective, and mobility second. Anything that unties the traditional relationship between a network-connected entity and a network address is either going to force that tradition to change or limit the range of things that virtualization and mobility can accomplish. Where either of these forces are acting, the push for logical networking becomes stronger. Where both are acting, that push becomes relentless. Nothing is going to stop this shift in emphasis. It may stop some players, though.
None of the current reported top-ten in market share in this publicly available list (which I don’t agree with; none of the three vendors I see most often competing for current opportunities are even on it) is particularly strong in the logical network space, or even well-positioned to exploit it. The list also proves that the space itself isn’t well-defined. If it’s correct as a picture of the space in 2017, it combines with my recent experience to show a major shift is already underway. If it’s correct, it shows that the “incumbents” may be too complacent to be credible even in today’s leading-edge opportunities.
Let’s suppose that this logical-network thing keeps developing as I’m predicting. The impact would be to move user/application issues up into the new logical-NaaS layer, which would be created almost entirely at the network edge. Transport features would become increasingly invisible, and the need to sustain current Ethernet/IP service models would erode because the models would be invisible. SDN adoption in the WAN would be facilitated. Edge-centric NFV (virtual CPE or vCPE) would get subducted into these new SD-WAN edges. Security would be likewise. In short, these new devices or software instances would become the logical network service access point (L-NSAP) if you like new acronyms. Every current user, current application, future user, future application, even new services and things like mobility, would likely be changed eventually to fit this new model. Revolution, without any major new infrastructure investments.
Then there’s management. Service management is a key requirement for any business service, and SD-WAN could provide a universal edge point where the service as the user sees it joins the service as the provider offers it. You can see into the transport network choices from there, inward (to a degree at least) into the user network, and all of the service features and bindings/routings and policies. It’s the perfect management agent. There are already a few SD-WAN players who specialize in management and SLAs. Everyone will be there eventually.
Eventually, this space is probably going to open-source. The opportunity is too large and the number of SD-WAN endpoints too high for operators to accept commercial solutions. Remember, NFV got started in order to reduce capex from proprietary appliances. Another big force is the evolution of P4-based standardized platform like DANOS and Stratum, which I think will be adding support for non-forwarding-related processes co-hosted in the P4 boxes. That means that vendors will need to stake out positions here, and make exits, very quickly. It’s not going to be a problem this year, next, or even in 2020, but by 2022 I expect to see the market dominated by open devices—and that means SD-WAN, vCPE, uCPE, and everything else at the network edge.
Four years is a long time, but open-source doesn’t move quickly, particularly in the network space, and most of all in the operator space. There’s plenty of time for somebody to get smart, get positioned, define the way that SD-WAN will work, sell out for big bucks, and shape the market. Who will do it, or will anyone? That’s the question. Inertia is a powerful force, startups are crippled by their VCs’ lack of vision and “laser focus”, and a lot of this is going to be the kind of promotion and education combination that nobody likes to face. Lots of startups won’t face it, perhaps even all of them. They’ll hope for a small, easy market that keeps them safe.
SDN vendors are in the same position. They have a secure data center niche, and while there’s no reason they couldn’t adopt all the logical network features I’ve noted (some already have, at least with respect to some key features), the market and vendors seem content for the moment. What might make a difference for SDN is that some of the key SDN players have been acquired by major firms and have deeper pockets and an interest in the long-term. They might want to use logical networking to broaden the total addressable market and improve margins. Since applications and virtualization are the primary driver, and since they’re data center elements, SDN could still emerge as a critical factor in logical networking. It could also continue to fall short of its promise.
Let me be clear. Nothing in the SDN or SD-WAN space will be safe from convulsions because of the logical network shift. In the SD-WAN space, nothing the “leading” players have relied on will matter, beyond a simple tick on an RFP checklist, even a year from now. The differentiators will change, the requirements will change, and the leaders will change. Long before the critical 2022 point, we’ll know whether anyone goes for the brass ring, but the change will come no matter what choice is made.