Its purpose is to prevent any one company from taking over the policy layer — because Casado thinks it’s policy that will dictate which vendor, if any, controls the network.
“The policy layer must be open,” Casado tells SDNCentral. “It shouldn’t be owned by VMware; it shouldn’t be owned by Cisco. It should be totally open. It is the most important area right now to make sure that all of the work we’ve done over the last 10 years, we get to maintain.”
Keeping Policy Open
Application policy is suddenly in the news, now that we know details of how it drives Cisco’s Application-Centric Infrastructure (ACI), the vendor’s answer to SDN. The heart of ACI is the Application Policy Infrastructure Controller (APIC), an SDN controller that forwards policy-driven requirements to routers, switches, and other gear.
As it discussed at Interop this week, Cisco is trying to make its policy framework open. APIC code is available in open-source form through the OpenDaylight Project. Cisco has also started a group policy initiative inside OpenDaylight, the results of which will also be open-source, of course. And it’s trying to standardize OpFlex, the southbound interface from APIC that would deliver policy information.
Casado says he suspected, a year ago, that Cisco and others would take this direction, so he started Congress as a resistance front for keeping policy open. To be fair, Cisco has pledged openness for its policy models and for OpFlex. Casado is OK with that and find the group policy initiative “admirable” — but thinks Cisco’s friendliness has to be taken with caution.
“Where we need to be careful is if they say: ‘If you have this policy framework, we will accelerate it in an ASIC, or we can differentiate with an ASIC.’ As soon as those words start to get uttered, then you know you’re in a vertical lock-in strategy. You’ve brought the highest layer down to an ASIC now,” he says.
Policy is crucial because it’s where the user touches the network. That point of contact has been the command-line interface (CLI), Casado says — but the CLI’s importance will fade as SDN and management tools automate things such as provisioning and configuration.
That moves the point of contact to the policy layer, Casado thinks — and policy probably can’t be automated. It’s where the business logic gets inserted into the network, and business logic is a fuzzy thing that will differ with every organization, Casado says.
“Business logic is over every aspect of the system. It’s over applications. It’s over users. It’s over location — ‘If it’s in this building, you should never go to wireless.’ Those types of things. You want a policy framework that allows you to declare policy over all those things, and you want it to be totally open, because whoever owns that framework will own the account,” he says.
A Wider View of Policy
OpenStack Congress is broader than the policy efforts Cisco is talking about. Aiming to present “policy as a service across any collection of cloud services,” as the mission statement states, it’s about applying policy to compute and storage as well as networking. It includes a group-policy framework that Casado says is a superset of what Cisco and partners have proposed in OpenDaylight.
Considering the openness of the OpenStack organization, Congress hasn’t exactly been a secret. But neither is it widely known. Casado didn’t want to publicize it earlier because he thought the industry was having enough trouble with the nebulous “SDN” discussion that was going on at the time. Now, ACI and APIC have brought policy to the forefront.
Casado has no problem with Cisco’s policy work; he just thinks it should be taken with a note of caution. To him, SDN has been about disconnecting software from hardware and preventing vendor lock-in. He’s concerned that policy could offer a vehicle for reversing the trend.
“I really believe the next battleground is policy. I believe that if we lose this one, all the work we’ve done in the past is lost,” he says.
(Photo: Casado, left, with VMware CEO Pat Gelsinger, on the Interop stage Thursday.)