Thursday, July 10, 2014

Software-Defined Networking in the Physical World

I just finished a short lunch-hour style training on the Cisco Prime platform, and I've got to say - they get it. No one wants to play with switches all day.

That's a hard thing to admit.I've spent 500+ hours studying for Cisco certifications, and I'm currently prepping for a CCIE, a certification solely in route/switch that costs over $1,500 per attempt in a far-away state. But I'm confident saying it:

I don't want to work on switches all day. 

I want to work on a management platform that can completely configure, control, and monitor my route/switch infrastructure. I want to use this platform to correlate threat data and alert me when my ports are filling up, let me know when to plug in another cable between my switches so it can configure a port-channel, and I want it to have the smarts to shut down a network storm.

If Cisco enabled CDP to allow for simple management, the management appliance could reach new devices by chaining through CDP-enabled devices to set up the management connection on new devices. It could also allow for recovery if a command renders a device unreachable.

In short, I want my network devices to act like lightweight APs - they have some ability to operate themselves, but they are able to act intelligently and seamlessly when controlled by a central management station.

This is entirely possible, and appears to be where Cisco is going.

Let me start over - Cisco's Prime platform is a super-charged monitoring platform. It's able to discover and monitor all your routers, switches, ASA, etc with great reporting. It's able to apply templates that you've built to a switch once you've given the switch a base config and a routable IP that the management device can reach.

But still, you need to know the configs. You need to know which things to turn on and turn off and why. I'm sure there's an argument there that only the experts in the field, who've invested significant time and money (wink wink), should be doing this anyway, so who cares?

If Cisco is able to realize this dream, they'll have brought the fantastic benefits of Software Defined Networking (SDN) into the physical world. 

They'd allow existing businesses with millions invested in 'heavy,' self-managed switches to upgrade their switches software and enable central, intelligent management. Costs for expertise in networking will go down, and the cost of running a business will go down. Constantly mutating security attacks can be more quickly identified by taking the aggregate data and correlating it in a central place.

More importantly, if Cisco doesn't move to do this quickly, someone else will. 

You can read Cisco's information on Cisco Prime here:

No comments:

Post a Comment