ltstudiooo - Fotolia
F5 Networks says there is life after the death of network boxes and that application delivery controllers are still relevant in SDN.
At F5's Agility Conference in New York City this week, executives said the company has moved beyond basic application delivery and load balancing into a wider array of application services, including security and policy enforcement.
Its road into SDN will be with "software-defined application services" -- or features like load balancing and firewalling that can optimize applications in an SDN or network virtualization environment.
Using the new Synthesis technology, F5 users can orchestrate and control a "fabric" of services, spinning them automatically for the needs of specific applications and distinct network segments, explained Manny Rivelo, F5 executive vice president of strategic solutions. Synthesis can be an OpenStack for network application services.
F5 began unifying traffic management systems for a fabric when it recognized that cloud operators would need to eliminate the manual management of throngs of devices, Rivelo explained. Synthesis also lets engineers provision services to be consumed in any number of ways -- on a virtual or hardware appliance, on premises or in a public cloud, he said. F5's bottom line goal is fewer boxes and more centralized control -- essentially SDN for application services.
F5 SDN integrates with VMware, Cisco, OpenStack
In promoting yet another orchestration tool, F5 risks further confusing IT pros that already have a head-spinning array of similar tools to choose from. There is already confusion about the conflicting roles of OpenStack and SDN controllers, such as OpenDaylight. Many may question where an application services orchestrator fits into all of this.
F5 says Synthesis will work within the context of these other orchestration and control environments. There are plug-ins for VMware NSX, Cisco ACI, HP Networking Virtual Application Networks and OpenStack. The application is what matters to F5, and that will be the case regardless of network or virtualization environment, said Rivelo.
"If we can read the bit stream on tap we can apply services to it," he said.
If SDN is application-aware, why do we need ADCs?
When Cisco rolled out ACI last year, its key message was that the application-aware network had finally arrived. ACI would allow engineers to provision and manage the network automatically, according to the needs of the application. In that case, why bother with application optimization?
But F5 CTO and executive vice president of product development Karl Triebes noted a radical difference in what Cisco and F5 fabrics are responsible for.
"Cisco calls [ACI] a services fabric, but it's really a connectivity fabric. They don't have to go down and program switches individually" said Triebes. "They don't provide the essential types of services that an [application delivery controller] ADC can provide -- things like security and high availability services [for applications] … we are transacting as a proxy; whereas they are transacting at a packet level network."
Essentially, SDN controllers see into Layers 2 and 3, but they are not aware of Layers 4-7. This is why there has been so much development of Layer 4-7 services tools that live on top of SDN controllers.
But with so many controllers -- one for the network, one for application optimization, another for cloud orchestration, will there ever be an uber-controller to manage them all? Not any time soon, said Triebes. That single management platform has been long sought and never found in IT, he said.
If services are software, what exactly are partners selling?
If you're a data center engineer, the talk of virtual appliances and management fabrics may ring in your ears as dollars saved -- and that's certainly the message from F5. Rivelo predicted a TCO savings of 50% to 80%.
Yet for partners, that could translate into fewer boxes sold. In fact, many F5 partners at Agility reported flat hardware sales.
"Hardware sales are way down and we are moving customers to our own cloud to sell them services," said Scott Schilling, a senior security/infrastructure consultant at Meridian Group International, an F5 partner. "Services are up 200%."
F5 executives faced the issue head on, telling partners at Agility to prepare to sell wider "solutions" with support services and integration.
Dave Chandler, a practice lead in enterprise network solutions at F5 partner Word Wide Technologies, said "it's not a stretch" to begin selling a wider array of F5 services, such as application firewalling, into network virtualization or SDN environments..
The networking world is exactly where the server market was when virtualization first began experiencing uptake, said Chandler. "That was sold as a death knell for the server business," he said. But server sales never disappeared and IT shops actually began expanding and running hundreds more apps because it became less expensive to do so.
Network sales won't disappear and World Wide "won't do a 180" with its sales model, Chandler said. But the company is rapidly expanding its services business to include features, such as "lab-as-a-service" where customers buy virtualized network resources for testing. World Wide Technologies is also one of the few systems integrators that have built an SDN practice, working with both Cisco ACI and VMware NSX. Chandler expects a big part of its services/integration practice to center on SDN implementation and management. F5 will be a part of that process.