Mavericks Invent Future Internet Where Cisco Is Meaningless

Martin Casado has mapped out a new future for the world of networking. He and Nicira and a small community of other computer scientists are pioneering a new breed of computer network that exists only as software, a network you can control independently of the physical switches and routers running beneath it. With this paradoxical arrangement, they aim to provide a far easier way of building and modifying and rebuilding the networks that run the largest services on the web and beyond.
Image may contain Human Person Glasses Accessories Accessory Face and Max Crumm
Martin Casado, the chief technology officer of the most intriguing startup in Silicon Valley.
Photo: Jon Snyder/Wired

PALO ALTO, California – Martin Casado stands up, reaches across the table, and tears a sheet of paper from a notebook. The notebook belongs to Alan Cohen, who works alongside Casado at Nicira, the most intriguing startup in Silicon Valley, and as Casado sits back down with his sheet of paper, Cohen keeps talking.

Cohen knows how to talk. He spent six years as a marketing exec at Cisco, the company that sells more networking hardware than anyone else in the world, and now, he's plugging Nicira, a company that wants to make Cisco irrelevant, taking the brains out of network hardware and moving them into software. As Cohen gives the elevator pitch – "we've created a new category: we're a network virtualization company" – Casado, the company's chief technology officer, is quietly doodling on his piece of paper. He's making lists and drawing pictures and linking them all together in some sort of elaborate flowchart.

As it turns out, he's mapping out what he will soon tell us about the origins of his nearly-five-year-old company and its lofty mission. "I was putting together a narrative," he says. "I'm a pretty linear thinker." That he is. But this doesn't quite do justice to the way his mind works. "Martin Casado is fucking amazing," says Scott Shenker, the physics PhD, UC Berkeley computer science professor, and former Xerox PARC researcher who has worked closely with Casado for the past several years on the networking problems Nicira is trying to solve. "I've known a lot of smart people in my life, and on any dimension you care to mention, he's off the scale."

In much the same way he maps out his narrative with pen and paper, Casado has mapped out a new future for the world of networking. He and Nicira and a small community of other computer scientists are pioneering a new breed of computer network that exists only as software, a network you can control independently of the physical switches and routers running beneath it. With this paradoxical arrangement, they aim to provide a far easier way of building and modifying and rebuilding the networks that run the largest services on the web and beyond.

In short, Martin Casado envisions a world where networks can be programmed like computers.

"Anyone can buy a bunch of computers and throw a bunch of software engineers at them and come up with something awesome, and I think you should be able to do the same with the network," Casado says. "We've come up with a network architecture that lets you have the flexibility you have with computers, and it works with any networking hardware." In other words, it doesn't matter if you're using gear from Cisco or HP or Juniper or some manufacturer in Taiwan most people have never heard of. With Nicira's platform, the hardware merely moves network packets to and fro, and the software does the thinking.

Casado's effort to overhaul the world's networks is well underway. The Nicira website will tell you its platform is already used by AT&T, eBay, Japanese telecom NTT, financial giant Fidelity, and Rackspace, the Texas-based outfit that trails only Amazon in the cloud computing game. But the company's influence extends much further. Though he won't name them, Casado says the Nicira platform is also used by some of the biggest names on the web. And we all know who those are.

>"Martin Casado is fucking amazing. I've known a lot of smart people in my life, and on any dimension you care to mention, he's off the scale."

"That's one of the reasons we knew we were on to something," Casado says. "In the beginning, we thought we were just a cute cottage industry. But then we had multiple large web companies say, 'We were already doing something very similar to this, and we’d like to work with you.'"

The platform is so attractive to these companies because today's hardware networks are ridiculously difficult to modify. Raymie Stata, until recently the chief technology officer of Yahoo, compares a complex computer network to the 15-puzzle game, that classic mind-bender were you're trying to rearrange 15 sliding tiles inside a square with space for only 16. When making a change to your network, he says, there are times when you have no choice but to physically rearrange the hardware.

In virtualizing the network, Nicira lets you make such changes in software, without touching the underlying hardware gear. "What Nicira has done is take the intelligence that sits inside switches and routers and moved that up into software so that the switches don't need to know much," says John Engates, the chief technology officer of Rackspace, which has been working with Nicira since 2009 and is now using the Nicira platform to help drive a new beta version of its cloud service. "They've put the power in the hands of the cloud architect rather than the network architect."

The Trouble With The Most Secure Networks Ever Built

Martin Casado once worked with a U.S. intelligence agency. He won't name the agency, but he says he worked with what he believed to be the most secure computer networks ever built. The trouble, he says, was that building these networks was next to impossible, and if you ever wanted to change them, your problems started all over again.

"What was really shocking to me was that, at the time, market forces had totally failed to create networking equipment that the government could use. The government, which has incredibly deep pockets, couldn’t go out and buy what it wanted," Casado says. "It was extremely difficult to make these networks secure, and once you did, you had a really horrible management nightmare on your hands. Moving just one computer, for example, meant you had to make eight different configuration changes. You couldn't move anything – you couldn’t touch anything – unless you put a tremendous number of people to work."

Once you bought a piece of networking hardware, says Shenker, you didn't really have the freedom to re-program it. "Stuff had to be coded directly into the switch or the router. You would buy a router from Cisco and it would come with whatever protocols it supported and that’s what you ran."

>"What was really shocking to me was that, at the time, market forces had totally failed to create networking equipment that the government could use"

Shenker says there was good reason for this. "If you buy switches from a company and you expect them to work," he explains. "A networking company doesn't want to give you access and have you come running to them when your network melts down because of something you did." But these restrictions caused huge problems for organizations who were pushing the boundaries of network design, including not only intelligence agencies like the one Casado worked for, but massive web companies such as Google and Amazon.

In 2005, Google went so far as to build its own networking hardware, in part because it needed more control over how the hardware operated. "When Google looked at their network, they need high-bandwidth connections between their servers and they wanted to be able to manage things — at scale," says JR Rivers, one of the engineers who worked on Google's original network hardware designs. "With the traditional enterprise networking vendors, they just couldn’t get there. The cost was too high, and the systems were too closed to be manageable on a network of that size."

So, after he left his government job in 2003 and enrolled in graduate school at Stanford, the Silicon Valley university that spawned Google, Martin Casado resolved to build a new kind of network, a network that wasn't such a nightmare. "There was a realization that networks blow – that they suck," Casado remembers. "When I went to Stanford, this is the problem I worked on: how do we make networks not suck? We want them to be as flexible and as programmatic as computers."

Death to Spaghetti Code

At Stanford, Casado studied with Nick McKeown, a professor and networking researcher who once worked for HP Labs and Cisco, and during this time, he met Scott Shenker, who oversaw the networking group at Berkeley's International Computer Science Institute. Both McKeown and Shenker worked with Casado on his PhD thesis – a network architecture dubbed Ethane – and in 2007, using the thesis as a jumping off point, the three of them founded Nicira.

It was the beginning of a movement known as "software-defined networking." It's a dreadful name. Even Casado admits as much. But like so many dreadful names in the tech world, it stuck.

In short, software-defined networking – or SDN – sought to create a better way of controlling networks. "Software-defined networking is applying modularity to network control," says Scott Shenker. "Modularity is something every software designer does in their sleep. If a program isn't modular, it's just spaghetti code. Software-defined networking asks what are the right software abstractions that let us structure the network control plane so it’s evolvable, so it's not just a bunch of spaghetti code."

>"Software-defined networking asks what are the right software abstractions that let us structure the newtwork control plane so it’s evolvable, so it's not just a bunch of spaghetti code."

Spanning computer scientists at Nicira and various academics, the movement achieved its first big breakthrough with OpenFlow, a standard way of remotely managing network switches and routers. "Think of it as a general language or an instruction set that lets me write a control program for the network rather than having to rewrite all of code on each individual router," says Shenker. Amazing as it may sound, this sort of thing didn't exist before. OpenFlow soon developed a following among some of the industry's biggest names, including Google, HP, NEC, and Ericsson, and it has been widely hailed in the press as the technology that will deliver networking from the dark ages.

The trouble is that you can't use OpenFlow on routers and switches unless the vendors add the protocol to their hardware, and even then, says Casado, who wrote the first draft of the specification, OpenFlow is only so useful. Shenker agrees. "From an industry-structure and industry-standard point of view, OpenFlow is important. It defines the detailed language of how I speak to a switch," he says. "But from an architecture point of view, it's very unimportant. The more important component is how you coordinate the activities of switches in order to provide a coherent behavior."

The ultimate aim was not to find a better way of managing networking hardware, but to create a software architecture that would let you build networks without having to deal with the hardware. The ultimate aim was to build virtual networks. According to Shenker, Casado doesn't do things halfway – whether he's at work or play. "He's an ultra-marathoner," Shenker says. "When he gets up in the morning for a run, he runs to Half Moon Bay."

The vSwitch and Beyond

Nicira is often compared to VMware, another company that grew out of research at Stanford. In the early aughts, VMware pioneered the art of server virtualization, and this quickly revolutionized the computer data center, helping big businesses save both money and space by running many virtual servers on a single physical server. Now, Nicira is doing much the same with networks.

"We’re virtualizing away this physical fabric," Casado says, "and because now we have a virtual layer, you can do anything you want with it."

VMware has long offered a virtual network switch as part of its "hypervisor," the platform that runs its virtual servers, and similar virtual switches were included with open source hypervisors such as Xen and KVM. But these "vSwitches" were limited. You couldn't really string them together into a complex virtual network. "A vSwitch is required for network virtualization," Casado says, "but it doesn't give you a virtualized network."

What Casado and Nicira have done is build a new breed of vSwitches that can be tied together into a true virtual network, and they've built the control software that lets you do so.

Known as Open vSwitch, Nicira's virtual switch is open source – meaning it's freely available to anyone – and it can be managed with OpenFlow. Casado isn't that high on using OpenFlow with hardware inside the data center, but the protocol is an important part of the software Nicira uses to build its virtual networks.

The result is that you don't have to wait for the hardware vendors to adopt OpenFlow – or anything else. You can you use its Nicira's software to build a virtual network atop any networking hardware. With Nicira's platform in place, the physical switches and routers forward the network packets, but that's it. The virtual network handles all the important duties – including how the traffic is routed and how it's secured.

"Once you have your switch virtualized, you can pretty much do whatever you want with it," says Rackspace chief technology officer John Engates. "You can route traffic however you like, and you can reprogram it whenever you like, on the fly."

VMware says it is also offering network virtualization, and others companies, including Cisco, say they too are developing similar technology. "[Software-defined networking] is a very big passion and focus area for us on our infrastructure side," says VMware chief technology officer Steve Herrod. But Casado and his Nicira cohort, former Cisco exec Alan Cohen, insist that no other company is anywhere close to doing what Nicira is doing.

Virtual Servers, Virtual Storage, and, Yes, Virtual Networks

Nicira's platform is particularly useful to an outfit like Rackspace. Following in the footsteps of Amazon, Rackspace operates an "infrastructure cloud," offering instant access to virtual servers and storage. This service is used by thousands of developers and businesses across the globe, and Nicira provides a means restricting each customer to its own virtual network – or multiple virtual networks.

"We have hundreds of thousands of customers, and that translates into multiple hundreds of thousands of network or network segments that customers want to create," says Rackspace's John Engates. "Nicira gives us the ability to put any customer, any end point, any location on one common virtual network."

Raymie Stata, the former Yahoo chief technology officer, agrees that Nicira changes the game if you're running this sort of infrastructure cloud service. But he questions how useful the company's software will be to other web services. "If you want to have virtual private networks for a large number of customers, that's one of the hardest problems to solve, and Nicira is a great solution for that," Stata says. "But if only one tenant is using a network, even if the tenant is very large, it's less useful. I wouldn't imagine it would be as useful to Facebook, for example. They're very large, but they're the only tenant on their network."

>"If you want to have virtual private networks for a large number of customers, that's one of the hardest problems to solve, and Nicira is a great solution for that"

According to Casado, this misses the mark. Many of the biggest web operations run extremely complex operations, he says, and though the resources may not be shared among many outside customers, they're shared among many different applications within a company. "Some of the big web guys have very simple operations. They have one website that runs the same code. This isn't an obvious fit for us," Casado says. "However, any sophisticated website generally has many applications with different requirements, as well as test and development [applications] from different groups, all using the same infrastructure."

As John Engates points out, at a company like Google, the company's private infrastructure operates much like the public infrastructure services offered by Amazon and Rackspace. All of these companies have built sweeping operations that pool a massive collection of hardware resources into one coherent whole. That's what a cloud is. You can grab virtual processing power and virtual storage whenever you need it, and you can move these virtual resources from one physical place to another. But in the past, the network wasn't as malleable, and this restricted how easily you could move resources. Nicira adds the missing piece.

The End of the Network Operator

Many of the world's largest web companies, including Google, are already buying cut-rate networking gear directly from manufacturers in Taiwan and China, making an end-run around the Ciscos and the Junipers. With Nicira providing a virtual networking platform that works with any gear from any vendors, Casado says, this trend will only continue. The Ciscos and Junipers, he says, will become less and less important.

Yes, Cisco is working on its own network virtualization tools. And it has joined Nicira and others in building a networking virtualization framework for OpenStack, the open source platform for building infrastructure clouds along the lines of those offered by Rackspace and Amazon. "Cisco is a networking company, and we're increasingly looking at cloud services. We’re not just switches and routers anymore," says Lew Tucker, who oversaw the development of Sun Microsystems' cloud service before it was sold to Oracle and now runs Cisco's OpenStack efforts. "We want to make sure this stuff works on Cisco gear."

>"Cisco is a networking company, and we're increasingly looking at cloud services. We’re not just switches and routers anymore. We want to make sure this stuff works on Cisco gear"

But Casado believes Cisco and the other big networking vendors will never fully commit to network virtualization. "The traditional networking vendors? I don’t think they can do this, because they'll end up cannibalizing themselves," he says. "They can do something that has some of the same properties, but they can’t actually virtualize the network. They can never come out and sell you a project that will allow you do work with any type of hardware. They will make motions in this area, but I don’t think they’re going to be doing anything really concrete."

Whatever the case, Casado believes it's only a matter of time before networking hardware takes a back seat to software.

Recently, Casado was in Hawaii when he received an e-mail from someone who worked for a large company Nicira had dealt with in the past. This person asked Casado if he could meet for a chat, and Casado said yes, assuming he was an executive who wanted to discuss a partnership between the two companies. But as it turns out, this person was an ordinary network hardware operator who had read about Nicira and wanted to know if he would be out of job in 10 years.

"I didn't know what to tell him. Get a new job? Do something different?" Casado says. "The truth is, in 10 years, you’re not going to have highly skilled, highly paid people working with networking hardware."

Additional reporting by Robert McMillan.