In case there was any confusion: I do not, do not speak for my employer or anyone else. So there.
“ If, however, someone tries to sell you software that’s supposed to control your physical switches, and does not support the usual set of protocols you need to integrate the OpenFlow-controlled switches with the rest of your network (example: STP, LACP, LLDP on L2 and some routing protocol on L3), think twice. If you use the OpenFlow-controlled part of the network in an isolated fabric or small-scale environment, you probably don’t care whether the new toy supports STP or OSPF; if you want to integrate it with the rest of your existing data center network, be very careful. „
“ The detail about the network that is unspoken when the idea of building cheaper network switches is discussed, is the ability to dynamically control and redistribute capacity. Capacity in the network is and has been constrained from the beginning. Capacity is constrained by the physical wires and the protocols that we run over the wires to allow for interoperability, fault detection and restoration. The idea of building overlay networks for virtualized machines is an attempt to solve the challenge of static capacity with programming. If all the compute resources are virtualized, it is possible to build an overlay network that can then move VMs around to pools of capacity in the network. „
“ The reason is that it’s a new messaging protocol, where you don’t specify the recipients. New protocols are rare. Or more precisely, new protocols that take off are. There are only a handful of commonly used ones: TCP/IP (the Internet), SMTP (email), HTTP (the web), and so on. So any new protocol is a big deal. But Twitter is a protocol owned by a private company. That’s even rarer. „
“ The 2008 market crash left IT leaders with far too much IT infrastructure that was misplaced and misallocated to the needs of their customers. See the attached charts of CAPEX. Five years on from 2008 we are in a period of recomposition for the IT industry — especially the network. I suspect that 2014 through 2020 are going to big years in which nearly all the networks on global basis are going to be rebuilt. 2013 is the year in which IT leaders are working through the process of figuring out what the pieces of the new network will look like. Once those technology choices are made, we will be off and running. „
“ I suspect after reading this post that VMware will go from offering a per-host user space FW like vShield App to a full blown stateful distributed FW in kernel space that dynamically builds its policy as new flows are checked. Their technology can do this already - just need to add inspection engines. „
“ It’s high time for networking to become a transport utility: we provide transport and baseline security – Internet-facing firewalls, DDoS mitigation with traffic blackholing, BPDU guard, and a few other bits and pieces – and server or application teams become responsible for their own security. The security team should (a) help them when needed and (b) monitor everyone’s compliance. „
“ To summarize: with properly architected TCP/IP stack (I doubt I’ll live long enough to see it) we wouldn’t need large layer-2 domains (and FabricPath, TRILL, SPB, EVB, VEPA …), load balancers, application-level gateways, 500K entries in global BGP table (and in TCAM of every core router) or LISP. TCP is really the most expensive part of your data center. „