Ed note: This is a transcription of an exclusive SiliconAngle/Wikibon interview of Martin Casado (MC), cofounder and CTO of network virtualization pioneer Nicira, with SiliconAngle Founder and CEO John Furrier (JF) and Wikibon Networking Analyst Stuart Miniman (SM). The interview happened at the end of VMworld 2012, just after the announcement that VMware had purchased Nicira. The full video is available here on YouTube. Also see analysis of this interview here: Martin Casado on Changing Networking and full VMworld 2012 coverage.
JF: You guys are ranking #1 under networking in our trending tool because of VMworld. VMware spent $1B for you guys. Jayshree Ullal from Arista called you guys the Instagram of networking. Great wire story I saw today with you guys. Welcome to the Cube.
So take us through the logic & emotions of the past year up until the buy-out. What a roller coaster. As an entrepreneur what was it like? Give us some highlights of what happened.
MC: I've been very focused on changing networking. For me it's been a technical ride. Since we started the company five years ago we've been focused on developing core technology. We did that for the first 3 years. Then the last year for us was mostly about execution & customer engagement. So we've spent a lot of time developing the technology, getting it into production, doing the support & building out that model.
So it turned out to be a very natural transition point when the acquisition happened. We had gotten traction. We had started to realize how difficult it is to address a market as large as this within a smart start-up. So it was very welcome to join a much larger company that can provide us with more resources.
JF: So you had some big backers – it's very well documented in the valley. But every entrepreneur has that moment when, “Wait a minute, is this what I wanted. The dollars are so good.” VMware's obviously a growing company. What clicked for you, what made you go, “This is the right thing”?
MC: Absolutely. To me business guides behavior. At the end of the day the goal is how do you change networking. I have a very, very firm belief that the access layer of the network is moving from within the network to the edge. So we wanted to develop technology that can use this position to re-implement networking in software. So once you get the core technology done, once you prove it out with core customers, once you prove out the market, the question is what is the best way to have the biggest impact.
In some respects you can look at VMware as one of the largest networking companies in the world, based on port count. The number of virtual ports that they control is as large as any large networking vendor. So this is the opportunity of a lifetime to change an industry. I've been doing this now, SDN, since my PhD at Stanford, going on 10 years now, & this is the opportunity of a lifetime to actually have broad, broad – like planet-scale – impact.
JF: Congratulations. You certainly disrupted the market, not only in the validation of the acquisition but as you guys were moving out & the deployments you guys were doing, it just came out of left field for most people. But the inside people knew what was going on in terms of disrupting. The messaging here at VMworld is very solid around Software-Defined Data Center, & that brings you into a whole other [area] beyond networking. We've been covering converged infrastructure at SiliconAngle & Wikibon around storage, servers & networking. So this is bigger now than just networking; you're taking this to a whole other level of the journey. So connect the dots for the folks between software virtualization and software-defined networking to the data center. Help them understand what's going to happen on the next leg of the journey.
MC: We're all familiar with computing virtualization. This is how VMware initially changed the world. The time it takes to provision a workload went from weeks to literally two minutes. However, IT isn't about single workloads. IT is about applications & all the network services those applications require – for example firewalling & security, monitoring, debugging. So even though we reduced the time it took to provision a workload from weeks to minutes, it still took days to do everything else that was required. So if we take a broad look at IT, we realize it still takes days to provision new applications & workloads.
So the only way to get past this, the next step we want to take, is to virtualize every aspect of infrastructure. So there's three of those: there's compute, which is virtualized; there's storage, which we're making good progress on; & there's network. And network is a pivot piece, it is the one piece that touches everything, it is between compute & storage, it is between the different kinds of compute. So if you look at large data centers, even cloud data centers, the long pull in the provisioning is the network. We must virtualize that.
So the goal is software-defined data centers: everything's in software, everything's dynamic, you create it on demand, it's dynamic, it's liquid, it's like water, it will go anywhere. But in order for this dream to be realized, you've got to get the network out of the way. And that's what we're talking about.
JF: At SiliconAngle & Wikibon we just kicked off a discussion on what we call Data Infrastructure & really highlighting this modern era. We use a lot of sports analogies, but the modern era meaning the new way, not the old way. You're a classic example of disruption in the new way. So talk about the enablement you see happening from a marketplace standpoint. Share the vision of what you will enable with this. Networking does have to be dynamic, that makes total sense. You guys have done it. What's going to happen next in your mind's eye in terms of what the possibilities are?
MC: Absolutely. I think ultimately this is where we want to get to. We want to build a platform that will recreate every network service & functionality in a virtualized manner in software from the edge. That means there can be any service anywhere over any hardware at any scale that's needed. And it can be done all at virtualization time-frames. So you do an API call, you get a virtual network abstraction, you add a firewall to it, you can figure ?? to it. So all of network configuration, all of network services, all of network operations becomes...like a VM image, & it becomes available anywhere you want it to.
So that is the first step. I believe these transformations in systems, & it's happened many times in the past, happen in 2 steps. The first one is you virtualize. When you virtualize, you offer the same thing, but in a more flexible manner. When you virtualized compute, you offered an X86 CPU, but you did it in software. After you virtualize, you can actually change the operational paradigm. Like when they created compute virtualization they didn't immediately get to snapshot or rewind or any of these other kinds of operational benefits. These came later. So the first step is any networking anywhere you want, at any scale, automatically. Then the second step is drastically changing the operational paradigm so you can do things like better security, so you can rewind configuration state, things we can't even think about today, because now we have the ultimate point of indirection, this virtualized layer.
Operational & Staffing Implications
JF: And who's the candidate for this – developers, admins, all of the above? Is it going to be software, programmatic? It takes dev/ops to a level of functionality that is just mind-boggling. So who's the new personnel?
MC: Who's life does this impact? It's a good question. Immediately anybody who’s building out a data center like a cloud architect is going to have this primitive that they can use to architect better systems. Just like you gave them the primitive machine, they used that to build better data centers. Now we're giving them virtual networks as a primitive to build virtual data centers. So the cloud architect's job gets easier.
Application developers don't have to worry about the basics of how networks work or network configuration. Operations will have a lot more flexibility, & the virtual layer is where they can move things around.
As far as the physical networking layer, the problem becomes simpler, but you still have to focus on the problem of building a physical network. So for example when server virtualization came around, you didn't reduce the need for servers, you needed more servers. The same thing will happen with network virtualization. You'll still need physical networks, & they'll probably have to be better physical networks. So the problem now is how do you build a physical network with high capacity that can support a workload and less about the operational stuff you do today.
JF: We just had Chris Hoff on from Juniper who works in security. We were just riffing on the security problems. So give us your perspective on how this new canvass of software-defined virtualization will effect the security paradigm.
MC: I think there are a couple of answers. I think ultimately the security model improves, honestly. The original plumbing for Nicira came from the intelligence community. My background – I used to work for the intelligence agencies. When you move everything to software, we already have a fundamental security paradigm, which is trust consolidation in the hypervisor. With network virtualization you follow the same paradigm, which is you trust the hypervisor to enforce things like isolation and enforce the security. But now you have a strongly authenticated end-point. You're not guessing at things. But it requires the security community to evolve with the virtualization community. I think that's more of a socialization hurdle than a technical hurdle. All of the technology is there to do good security in the cloud. Getting the traditional vendors to evolve their tools and evolve their thinking is much more difficult.
I have one more thing to add. I actually think there is an opportunity to do security in entirely new ways, ones that again can transform the industry. So for example with virtualization you have deep semantics into the workloads. You're in the hypervisor, you can look inside the VMs, you know who's using them, you know what applications they are using. You even know what documents are being sent or read or passed around. Because you have this information at the edge, if you virtualize the network as well, you can pass this content into the network. So now instead of looking at packets & trying to guess what application they're using by looking at traffic, you can actually get the ground-truth information from the hypervisor. So I think we have the opportunity to drastically improve security.
SM: If you look at the networking industry, a lot of companies have tried to change things in the past. When you talk about innovation, standards have often slowed things down. There's the legacy box. I have great respect for CCIEs, (Cisco Certified Internetwork Experts) but they have their way of doing things. So there are so many pieces that make up networking, & even the first time I saw your slides, there's multiple standards & open groups working on this. So how do you guys see & work through all of these issues?
MC: Clearly a very complex and multi-faceted question. I'm going to take one piece of it, & we can go from there. One of the primary benefits of actual virtualization is what you end up with should look like what you started with. So if you're fundamentally changing an operational paradigm you're probably not doing virtualization. So for example in a network virtualization solution the physical network is still a physical network, & it needs to be managed with physical networking tools.
In order to be fully virtualized, the virtual abstraction I give you an abstraction, that should look like the networks you've grown to love as a child. It should have all the counters, all the debuggings, all the ability to interpose services. From that standpoint, you're still preserving all the interfaces people are used to, it's just more of them.
So for example when I talk to a network operator today they are saying “All this is confusing, I've got virtualization.” I say actually instead of having one network that's really complicated you've got N simple networks. You've got a simple physical network and then N virtual networks, & they all have the same interfaces that you are used to managing.
However, there's one catch. That is there's additional bits of information which is how do you map this virtual world to the physical world, which happened in compute virtualization as well. So everybody understood the virtual machine; everybody understood the physical machine. They weren't entirely sure how you debug the mapping between the two. It's entirely incumbent on us as software providers & solution providers to provide that, to provide the ability to map from this platonic virtual reality down to this gritty physical reality.
Open Source vs Open Standards
SM: So from a standards standpoint you guys helped invent OpenFlow. You guys created the Open vSwitch, you're heavily involved in OpenStack. There's been a lot of buzz since the acquisition about the involvement in OpenStack & …. What's your thoughts on it?
MC: Let me go over two things before I get to that one. Networking standards are really important. The way standards work is you have a bunch of people who go & talk about things & design things & agree on them. That's actually quite different than Open Source. There's different processes, different communities, different rules of engagement. So let me focus on the Open Source first, & then we'll go back to standards.
Just to give a little foreshadowing, I hope the world goes open source, not open standards. So as far as Open Source, I wrote the first version of OpenFlow. That came out of my thesis. The first three employees of Nicira created the first draft of OpenFlow. It was just something we wanted to use for control switches. We wrote the first draft implementation, the first open controller, of course the faculty & staff at Stanford were involved. We also are the primary developers behind Open vSwitch, that's in the Linux kernel. We put many millions of dollars into developing that. It's used by competitors & partners alike, it's used in many clouds. And then we heavily participated in OpenStack, in particular in the lead on Quantum, which is the networking part of OpenStack. We've done a lot of development there.
So as far as the acquisition is concerned, none of that will change. We're fully committed to Open vSwitch and OpenStack. We'll continue and even escalate our contribution there.
SM: A quick note on OpenStack. I was told that some of your folks actually entered some code into OpenStack for storage. I was kind of curious about that.
MC: We've touched many areas of Open Stack, & again the networking piece touches everything, and we did a lot of the development on Quantum. Nicera internally runs an OpenStack cloud for an internal cloud, & we have thousands of VMs on it. So we are really heavy users & contributors to both OpenStack and Linux. If you look at Linux, we actually fixed a lot of the D-LAN issues in the kernel.
So we're very involved in Open Source, but we're involved as users. We don't sell Linux or OpenStack, but we do believe that to have a vibrant ecosystem it's nice to have these tools out there. As we use the tools we fix them & contribute there.
SM: What about multi-hypervisor environments? That was one of the things that really impressed me about Open vSwitch is that it really enabled that multi-hypervisor. Even more than heterogeneous switches, that's the multi-hypervisor piece.
MC: So if you zoom away, I think we had a pretty fair myopic focus in the industry on servers over the last 10 years. And as you zoom away from the server to a data center, you end up in this realm of heterogeneous technologies, multiple ?? systems, multiple hypervisors. So when we came up with our initial strategy for building a network virtualization layer, we knew networks touch everything, we must support all of those technologies. So it was a fundamental part of the technology that we would support all hypervisors & physical hardware switches as well, because there are workloads that are not virtualized. So Pen vSwitch itself, which is the vSwitch that we use, is in KDM, FairMetal Linux, it's imported to VSE and ported to other operating systems, it's been ported to Copperback Harbor switches, so we can use all of that to do network virtualization.
JF: I want to ask you about the software-defined partnering strategy from a technical perspective. As VMware with you guys in the family go to other clouds, because they are talking about multiple clouds at this point, what do you guys bring to the table for Microsoft Hyper-V environments & other big vendors – HP, Dell, Microsoft? Are you talking to them, & if you were having those conversations, what would those conversations be?
MC: So the product we are developing & we do bring to market & will continue, is network virtualization platform that's called a hypervisor. The goal is to have something that you can deploy into any cloud environment regardless of the CMS you are running & regardless of what hypervisors you're using. We have many partners, whether they're system integrators or solution partners. So we don't have any religion on the type of technologies in play. We want to provide the best virtual networking solution in the industry. That's really our primary focus.
JF: Let me ask you about some trends in the tech community and academia and research area. For example, randomly, low-level virtual machines at the University of Illinois in Chicago. Those kinds of shifts are happening. What are you tracking right now in the top universities?
MC: This is a great question to ask an academic, & I'm going to totally disappoint you in that I'm on a lot of committees and submit a lot of papers & read a lot of research all the time. I've mostly lost pace with the research process on the academic side recently.
JF: How about focus, though, in terms of trends.
MC: I think that's exactly the point. I think there's enough vision to last for a century. Now it's time to do work. If it were up to me we would all be taking these ideas that we've come up with over the last 10 years – there's very few new ones in my opinion – & we'd be executing like crazy. I think we should all focus on changing infrastructure into software, executing like hell, and changing the world that way. I know I have a really bad attitude about this, especially as a professor.
Managing Perception in the Industry
JF: What is the biggest surprise, besides the acquisition, that made you fall out of your chair over the past 24 months around you in the industry in your entrepreneurial venture now with VMware, good or bad?
MC: I think what has been most shocking is how difficult it is to manage perception in the industry. If you look at social media & a lot of the buzz in the rags, so much of it is generated by invested parties. So I think it's possible to be a perfectly good citizen & then get painted in a negative light or be a very negative citizen and be painted in a very good light. And it's been counter-intuitive to me how you manage this effectively. It's almost a dynamic feedback system.
For example Nicira's been an enormous contributor to Open Source. I think we've contributed more than anybody in our space by a factor of 10 or more. We contributed most of the core technologies, and then people say, “Well, it's a proprietary solution.” On the other hand there are people saying, “We should use Nicira because it's the open solution.” So there is this thing where we're seen as both closed source and open source. And sometimes it's worked for us for the wrong reasons and other times it's not worked for us for the wrong reasons. So that dynamic has been the least intuitive for me. I'm not sure I fell off my chair, but I think that has been the most surprising.
JF: At SiliconAngle we say we're agile media, and ultimately in media the whole business is changing. That's why we have the Cube. This is raw data we want to share – be provocative, be edgy. It's a data-driven world, and we believe the media business is screwed up beyond all recognition. So because of lack of fact checking, and old techniques aren't working. But it's the same game. So things circulate, things get branded, & we've seen it time & time again. I've seen great people show up and be branded almost as criminals. So it's a sad state of reporting & media there.
Network Virtualization's Impact on IT Employment Careers
SM: The networking industry is a big community. When you talk about jobs, what's your recommendation to people in the networking industry? What should they start to read or start playing with to understand where things are going down the line?
MC: I don't want to say a cliche, but I really believe this one. I think networks are evolving to become proper systems, meaning there's a very well defined hardware and software layer, & they all work together. I think the data center is becoming a large computer, & I think the most important thing is to view the industry in that lens. I would get as much information as I could on how Google or Facebook or Amazon build their data centers & realize that if you do a cross-section of those like the capital savings, the operational savings, the flexibility of software, that's changing the world. And if it's not changing the world directly by changing infrastructure, it's changing the world by the services they deliver. Understanding that model in your bones I think is the beacon going forward. If it were me first I would really understand why they are making those decisions, what the benefits are, & I would use that to guide my learning going forward.