I recently had the opportunity to sit down with an old friend, Dr. Suguru Yamaguchi, who’s currently a professor at the Nara Institute of Science and Technology in Japan. Dr. Yamaguchi also happens to be the former head of JPCERT/CC, a position he left to take on a cabinet-level role in the Japanese government as their Cyber-Tsar (officially known as the Japanese government’s Advisor on Information Security for the Cabinet but I think Cyber-Tsar sounds better). He recently finished his term though he still consults extensively on the topic of networking and security with the government and other organizations and continues to be extremely active in JPCERT/CC and other international networking organizations.
There’s been a lot of interest in the US and Europe around OpenFlow and SDN, but the trend is stronger even in Japan. Major manufacturers such as NEC have backed OpenFlow in a big way, and national carriers like NTT deploy SDN in production. There are those who believe Japan is ahead of the US in SDN, given their more advanced networking infrastructure. We wanted to provide our readers with a better understanding about the state of OpenFlow in Japan and Dr. Yamaguchi was glad to oblige.
SDNCentral: Thank you for spending time with us today! Let’s start with why OpenFlow is so popular in Japan?
Dr. Yamaguchi: “Well, Japan already had a large number of virtual circuit deployments with ATM and fiber in the past and when SDN and OpenFlow showed up, there was no rejection of the concept. They were already running big pipes with shared traffic across those pipes. Furthermore, many providers were running fiber pipes into large multi-tenant units and ISPs were sharing the links through tagging mechanisms. SDN and OpenFlow were viewed as just another way to overlay logical networks on physical networks.
Plus the infrastructure operators wanted service differentiation and through programmability, SDN allowed them to manage VLANs and other tagging mechanism, insert services from middle boxes. It was not surprising that operators jumped on the SDN bandwagon quickly.”
SDNCentral: Can you share some examples that indicate the popularity of OpenFlow in Japan?
Dr. Yamaguchi: “To be candid, we’re still in the awareness-building phase in Japan. However, we are seeing good interest across the board around the traffic management use cases. OpenFlow is very popular among university students, and even high school students are running traffic management experiments. I’ve seen high school students programming small and inexpensive switches for summer holiday assignments using OpenFlow. It’s great for new and young engineers to create proof of concepts and come up with fresh ideas for networking management.”
SDNCentral: What is your view of OpenFlow versus SDN? Is the Japanese market enamored with OpenFlow itself, or the overall concept of SDN?
Dr. Yamaguchi: “Most of us recognize that OpenFlow is name of protocol and SDN is much broader. I’m seeing many other opportunities and other products that could qualify as SDN today. As a protocol, OpenFlow has enjoyed a good reputation since the National Laboratory for Information and Communications Technology (NICT) built a large and successful network around OpenFlow. Other types of SDN are also building a decent reputation in the market.”
SDNCentral: Who are the market leaders in OpenFlow and SDN in Japan? What is driving them to make that level of investment in OpenFlow?
Dr. Yamaguchi: “NEC was one of the first ones to enter the market. They were very strong in OpenFlow. I’m seeing a lot more players, including Cisco getting into the SDN market. NEC invested big in OpenFlow very early. It was already active in developing L3 switches and making chipsets for flow management in Japan. They had an MPLS label switch and wanted to keep the innovator’s edge in the Japan, and OpenFlow was therefore natural for them. It was a lucky opportunity for them.”
SDNCentral: What are the major use cases or deployments of SDN? We have seen The NTT network virtualization use case, but are there others?
Dr. Yamaguchi: “Aside from that, I’m also seeing some investigation into streaming control and differentiated services. Many carriers are providing differentiated services around media mixing of real-time streaming—like YouTube or even real-time content delivery networks for TV stations over the Internet . Many of the service provider customers want guaranteed performance. OpenFlow and SDN seem to be a technology option to enabling these kinds of service differentiation.
In addition, I see work around virtual circuit services, L1/L2 overlay services, multiplexing of physical connections (L1.5) in conjunction with OpenFlow and SDN. SDN’s manageability and flexibility makes it very tempting for large carriers to look into this.
Despite the excitement, I’m not certain about the scalability in production, or the performance of its manageability yet. For small deployments, SDN is working well. When the number of flows goes up, we could get into trouble with flow management. In real production deployments, with large number of flows, large amount of traffic, it could be very complex. Unlike Google, which has a good scheme for traffic management because they have good visibility into their own backend traffic, most carriers have to deal with less predictable workloads—they don’t get a choice as to what type of traffic to accept. I see their challenge in managing traffic as a Tetris game, where they have to fit the blocks which keep falling with increasing speed.
Another challenge around use cases and the maturity of it in carriers is their closed culture. They tend not to share or discuss their plans, unlike many datacenter operators who are more transparent about what’s going on. I think we’ll need for forums of information exchange, not unlike what SDNCentral is attempting to do.
SDNCentral: Based on your prior roles as Advisor on Information Security, in Cabinet Secretariat, Japanese Government, and head of JPCERT/CC, do you see any applications for SDN in the national cybersecurity space?
Dr. Yamaguchi: “No so much applications, but I see potential threats. And I say this not just from my experience on the cabinet or on JPCERT/CC, but in what I’m hearing from other places as well. We are observing a lot more attacks that target the control infrastructure. Historically, many attacks went after the data plane, or used the data plane to get to final assets for attacks.
Along with attacks targeting the smart grid, we are also seeing control plane attacks. As SDN becomes more popular, it will be critical to protect the control plane. Historically, we’ve had small islands of isolation that collaborate—allowing for a more distributed and robust system. SDN is different and while many engineers like the programmability of SDN, there will be new vulnerabilities. Imaging getting control of a control plane in a large carrier SDN network, that could be disastrous.
At the same time, SDN can simplify the network as well—allowing for more comprehensive and easily validated security. I hope to see the SDN community build more security features and write better quality code as they role out their solutions. Our IT infrastructure it critical for the Japanese society and the maintainability and quality of SDN solutions will be scrutinized by the government and public alike.”
SDNCentral: For any US company looking to sell OpenFlow and SDN products in Japan, do you have any advice?
Dr. Yamaguchi: “Run fast, always. There are already many competitors and smart ideas in Japan. “
SDNCentral: Are there any parting thoughts around SDN that you would like to share with our readers?
Dr. Yamaguchi: “I think OpenFlow and SDN introduces new market dynamics. Historically, the Internet pipe market was only for the biggest of players—the big money people. You needed economies of scale and large investments to succeed. I see the control structure of the market as quite different. I think for this, the big brain people have an advantage—especially in research and education around the control infrastructure. Regardless, I think any story around big money winning again is boring and I’d rather place my bet on the underdog winning just because it’s a more interesting story, so I’m happy to beat the drum for SDN and OpenFlow.”