In this DemoFriday, KulCloud’s Dipjyoti Saikia and Nikhil Malik discussed the primary use cases where PRISM can play a defining role, including a scalable OpenStack Neutron gateway, an SDN-driven data center leaf-spine underlay fabric, a replacement of vendor-locked internet exchange point (IXP) fabric, and even scale-out router with service chaining support for 3GPP P-GW. They also demonstrated PRISM’s scale-out and distributed routing with on-demand cloud bursting of the private OpenStack cloud to a public cloud. After the live demonstration, our presenters took questions from the audience. Read the full Q&A below!
You guys mentioned about scaling during the demo. What are the scaling numbers customers can expect from PRISM?
KulCloud: Before answering the question, we would like to clarify the myth which many of us associate with OpenFlow protocol that SDN solutions can’t scale up because there are a limited number of TCAMs in ASICs. Now, it is possible to have standards based interface to program various tables available in the ASICs as OpenFlow objects. Utilizing this in an efficient manner enables us to scale and provides lot of flexibility to implement rich features. So, the answer to the question is we can scale to what underlying hardware provides. In the demo, we used an Edge-Core switch with a Broadcom Trident2 ASIC and with that we can scale north of 100k Layer 3 routes. For the edge router, we used a Noviflow switch which supports around a million flow entries.
Apart from data center & cloud, what are some other possible use cases of PRISM?
KulCloud: PRISM can be used as flexible hardware accelerated virtual routers in different environments like enterprises or even as a scale out 3GPP P-GW router. We have witnessed interest from customers who want to use existing CPEs like NIDs and easily add various routing features without any changes to hardware and addition of simple agent software. PRISM can also be used as an underlying network infra for central office clouds.
Where does PRISM fit in the virtual network functions (VNF) landscape?
KulCloud: PRISM can be readily used as a service function forwarder which is responsible for managing data forwarding to and from the VNFs. The majority of the VNFs are vRouters which are mainly Linux based. Due to PRISM’s linux abstraction capability we can transparently offload certain vRouter flows which require high-bandwidth and low-latency.
KulCloud: We use our own home grown controller which is based on our open source controller called OpenMUL. For a framework like PRISM we did not want to use a do-all SDN controller with many unrelated features but instead a customized and highly scalable controller fit to PRISM. In the end, it is not about the SDN controller but delivering meaningful SDN solutions to the market which can really help customers in their respective business areas.
What is the underlying fabric technology used in PRISM? Is it VLAN based, TRILL or proprietary?
KulCloud: It is completely flexible in the sense it can use MPLS, QinQ, plane IP for VXLAN based networks or even PBB. It depends on the choice of underlying hardware and also a particular customer’s existing network gear. PRISM does not use hop-by-hop installation of all existing flows as seen in most other SDN implementations. There is a proper segregation of the end-user flows from the fabric flows/routes. As we have seen in the demo, there is a lot of ECMP inside the fabric to distribute traffic evenly. With the help of SDN we can achieve a lot of traffic engineering internally.
What can we expect to see in PRISM’s roadmap apart from the features we saw today?
KulCloud: We are working on:
- Providing a lot more analytics with PRISM
- Integration with major Layer 4-7 vendors is a work in progress
- One can also expect security features like secure tunnels
- Further down the lane, we are also going to have MPLS functionality
How do you manage the tunnels at large volume?
KulCloud: PRISM is a distributed architecture and can run multiple agents in different physical entities for handling multiple tenants. Hence, Tunnels can be spread out and distributed across all the tenants.
What integrations are you considering for FW integration in the hopes of reducing the security attack surface?
KulCloud: If the application traffic has SSL protection e.g. https then first level of security is provided by default. Secondly, if user wants to use third party security application e.g. firewall as VNF, it can also be orchestrated with service chaining by PRISM. Thirdly, we are working with our hardware partners on providing the security features in the hardware itself.