OpenDaylight - an alternative to VMware NSX and Cisco XNC.

Before I worked on this blog post, I always think that OpenDaylight is a SDN Controller.  While it is correct to say that OpenDaylight is a SDN controller, it is in fact an Open Source project in which the controller is the core functionality.  In OpenDaylight wiki page, we can see a list of projects that is under the umbrella of OpenDaylight Project from the Linux Foundation. 

OpenDaylight Project is described by this web site as:

The OpenDaylight Project is a collaborative open source project that aims to accelerate adoption of Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) for a more transparent approach that fosters new innovation and reduces risk. Founded by industry leaders and open to all, the OpenDaylight community is developing a common, open SDN framework consisting of code and blueprints

According to Neel Jacques, executive director of OpenDaylight:

“The OpenDaylight community has taken on the monumental task of bringing together all the disparate technologies, thoughts and ideas around SDN and forming it into a cohesive platform. The community has made amazing progress in a short amount of time as you can see in this second release which integrates more functionality, apps and use cases. Helium brings us one step closer to having one common platform the entire industry can standardize on.”

OpenStack name its release by city or street name.  OpenDaylight name its release by elements in the Periodic Table.  The first release was Hydrogen and the second release was Helium.  The OpenDaylight Helium release was available for download as of September 29, 1014.

Image source: https://www.sdncentral.com/wp-content/uploads/2014/09/opendaylight-project-helium-diagram.jpg

From OpenDaylight’s announcement “OpenDaylight paves way for innovation in SDN with latest open source software release”, I have summarized what’s new in the Helium release:

• 11 new protocols, applications and technologies
• New User Interface
• Simpler and customizable installation process
• User can build on-demand combinations of components and features to customize their solutions
• Open vSwitch Database Integration Project that provides technology preview of advanced OpenStack features
• High Availability
• Clustering
• Security
• OpenFlow Table Type Patterns
• Service Function Chaining

There are 3 things that I would like to highlight and comment:

1. Apache Karaf

One good feature for the Helium release is that user can build on-demand combinations of components and features for OpenDaylight.  This is done by Apache Karaf which is a small OSGi (Open Service Gateway initiative) based run time lightweight container where different components and applications can be deployed.  The best feature in my opinion is the ability to check for component dependencies.  Remember the days how we install packages onto a Linux system before apt-get or yum?

2. Integration with OpenStack

I believe for OpenDaylight to have more integration with OpenStack will entice more commercial IT vendors to embrace OpenDaylight.  Both VMware and Cisco announced integration with OpenStack and there are quite a few companies such as Rackspace, Metacloud, Mirantis, Cloudscaling, IBM and Red Hat that provide value added and easy installation for the Open Source OpenStack.

Work is done for the OVSDB (Open vSwitch Database) driver to provide features such as:

• Distributed L3 Forwarding
• Distributed ARP handling
• Security Group
• Load Balancing as a Service
• Firewall as a Service

This makes OpenDaylight an attractive choice as a OpenStack Neutron back end.  Also, there is a new feature to provide VLAN networking in addition to the tunnel-based networking option when a virtual network is created in OpenStack Neutron.

Interface with OpenStack with Keystone via the OpenDaylight AAA project is a big step forward between OpenDaylight and OpenStack integration.

3. Security

In the Hydrogen release, there is the Defense4All project for mitigating Distributed DoS attacks.  In the Helium there are 2 new projects for security:

1. Authentication, Authorization and Accounting (AAA)
2. Secure Network Bootstrapping Infrastructure (SNBi) project.

In this article, author Sean Michael Kerner stated that “Security is a particular area of focus in the Helium release”.

Authentication, Authorization and Accounting

AAA has been around for some time and is a popular and widely used security architecture where user’s credential is authenticated and based on the outcome of the authentication process, access for resources are granted/authorized while accounting will record this process so as to provide an audit trail.

According to a Red Hat blog, AAA project provides:

1. The ability to provide fine-grained permissions for resource usage
2. The ability to share an external identity service with other platforms

In our case as mentioned on the previous section, the external identity service will be OpenStack Keystone.

Secure Network Bootstrapping Infrastructure

This feature helps to solve the problem of having to manually distribute keys for the different networking device to communicate with each other. 

This page has more information about how this works.

Conclusion:

Besides, OpenStack integration and security both High Availability and clustering are important feature for the enterprise. OpenDaylight Helium is a big step forward from the Hydrogen release and hopefully more vendors will embrace OpenDaylight and provide this as an alternative to 

• Cisco - Extensible Network Controller
• HP - Virtual Application Networks (VAN) Controller
• NEC - ProgrammableFlow PF6800 Controller
• Nuage Networks - Virtualized Services Controller  
• VMware - NSX Controller