Understanding Cisco OpFlex
OpFlex is a southbound protocol in a software-defined network (SDN) designed for communications between the SDN Controller and the infrastructure (switches and routers). The keyword here is “Multi-vendor environment” – i.e. Openflow designed to support all the vendor networking devices. The goal is to create a standard that enables policies to be applied across physical and virtual switches/routers in a multi-vendor environment.
How does OpFlex differ from OpenFlow?
Prima facie, OpFlex sounds a lot like OpenFlow – “an open standard that enables the SDN Controller to interact with the infrastructure” however, both Opflex and Openflow differ a lot as we discuss further on their capabilities. Further, we need to understand 2 terms to understand in detail –
- Imperative is used to describe centralized SDN Controller where requests from applications (via Northbound APIs) is received and SDN controller directs how Network devices need to be configured. Caveat – SDN Controller will be single point of failure in the network.
- Declarative is used where SDN controller declares the application needs and informs the downstream Network devices on how to meet application requirements. The decision making is distributed amongst network device and controller offloads itself from all the decision making. It primarily sets central policy.
Now that we have some clarity on Imperative and Declarative working of SDN controllers, it would be wise to say
- Openflow is for Imperative control
- OpenFlex is for Declarative control
Key Features of Cisco OpFlex
OpFlex is part of Cisco’s Application Centric Infrastructure, a hybrid physical and virtual strategy using Nexus 9000 switches and an Application Policy Infrastructure Controller that centralizes and automates policy management for the Nexus 9000 fabric. It can manage up to 1 million endpoints.
OpFlex, the southbound API, is an open and extensible policy protocol used to transfer abstract policy in XML or JavaScript Object Notation (JSON) between a policy controller such as the Cisco APIC and any device, including hypervisor switches, physical switches, and Layer 4 through 7 network services.
Cisco and its following partners, are working through the IETF and open source community to standardize OpFlex and provide a reference implementation.
- Intel
- Microsoft
- Red Hat
- Citrix
- F5
- Embrane
- Canonical
OpFlex is a new mechanism for transferring abstract policy from a modern network controller to a set of smart devices capable of rendering policy. Working against the wave of Imperative control technology, as is done by existing protocols such as the Open vSwitch Database (OVSDB), OpFlex is designed to work as part of a declarative control system such as Cisco ACI in which abstract policy can be shared on demand.
In addition to its implementations in the open source community, OpFlex is one of the primary mechanisms through which other devices can exchange and enforce policy with the Cisco APIC. OpFlex defines that interaction. As a result, by integrating a number of devices from both Cisco and an ecosystem partner using the Cisco ACI fabric, it can be used to provide investment protection.
Continue Reading:
Cisco ACI Network Centric vs Application Centric approach
Cisco ACI vs Cisco Viptela SD-WAN vs Cisco SD-access: Detailed Comparison
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)