When Japanese broadcast network TV Asahi expanded from one building to four last year, the IT crew tackled a lineup of the all-time worst networking challenges with hybrid SDN.
The TV network added two massive office towers, an events arena -- which had to be connected to the original headquarters -- and data center all on one LAN.
Yet, the engineers couldn't ditch the existing 200-switch Brocade network in the headquarters building and data center. That network was costly, but it was high-performing. Whatever technology came into the new buildings would have to be less expensive and more flexible, but would also have to be integrated with the legacy architecture.
Meanwhile, TV Asahi needed a wireless network with complex access and security policies to serve the massive number of people visiting its arena and the mobile employees in its office buildings.
Finally, the combined wired and wireless infrastructure would have to be segmented to handle eight subsidiaries living under the Asahi umbrella, each with distinct security and network management needs.
In fact, this network segmentation requirement was one of the challenges that lead Asahi to consider SDN.
"On the legacy network, you had to physically divide the sections," said Kohji Sakata, TV Asahi's senior network architect. "There was so much overhead. We did all the wiring and redundancy of servers to support the physically segregated network."
Sakata and his team chose to go with NEC's ProgrammableFlow, which they could use to stretch virtual tenants across both new and legacy equipment without all that physical maneuvering.
ProgrammableFlow works on a classic OpenFlow model in which the control plane of the physical network is decoupled from underlying switches and managed through a centralized controller. The controller can see every node on the network and manage them all as if they were one large fabric switch.
ProgrammableFlow's Virtual Tenant Network feature lets engineers build Layer 2 subnets that are connected to virtual routers. Once these overlays are formed, they function as distinct tenants that can be flexibly altered for specific traffic needs.
"By using Virtual Tenant Networks, you can share the physical network resources by segregating the logical networks," Sakata explained.
Investing in new legacy equipment as well as OpenFlow
But Sakata and his team didn't go for full out OpenFlow because NEC also offered traditional switches with stable features that they found important. They opted to buy non-OpenFlow NEC QX switches for local connectivity within each building and ProgrammableFlow switches with a controller for connectivity between the buildings.
"The QX switch runs 802.1x, so once you plug in your laptop, you get authentication and you can use dynamic LAN. The other big feature is the loop prevention and detection built in," Sakata said.
These switches can still be detected by the ProgrammableFlow controller, which would basically control a virtual LAN overlay between the buildings and into the data center using OpenFlow.
"In this new scenario, they just use the original WAN connection as a pipe on the LAN. Logically, all the buildings don't appear to be separate --- they are all one inside," Sakata said.
Once the buildings were connected over this new logical network, the Asahi team also found it could maintain high availability links more easily.
"With the legacy network, for each router you have to have redundant routers and routing rules for high availability. If one link goes down, another link goes up," Sakata said. "But when you have a centralized controller, you don't need all those routers [and rules] anymore. The SDN controller knows where to send [traffic] when the other link goes down. It finds the alternative path automatically."
Centralized controllers for BYOD policy
OpenFlow controllers are celebrated for bringing programmability to networks, but controllers also bring a deeper level of network visibility and discovery. Centralized controllers see every single device that attaches to a network in real time.
For TV Asahi, that meant using its ProgrammableFlow controller to apply policy to and control wireless users as they connect to the network. In the new hybrid SDN model, users are authenticated onto the network through the QX switches, and the controllers take over.
"Once they get the authentication [through the QX switches], the controller can be used to set policy for wireless guest users and employees," Sakata explained.
Asahi will not change the legacy equipment in its headquarters any time soon, but the team will work to integrate OpenFlow into that building for specific applications, such as BYOD and access policy implementation.