Theoretically, a software-defined wide-area network (SD-WAN) is a convenient mechanism for linking broadly dispersed branch offices into one virtual unit, and then operating upon that unit like a single data center. Theoretically.
Cisco had a strategy for executing SD-WAN and moving large data workloads across dispersed facilities. It involved a type of overlay network based around a VPN for secure Internet Protocol (IPsec) called Dynamic Multipoint VPN (DMVPN) and typically involved one means or the other for rendering obsolete an old IP routing shortcut protocol called Multiprotocol Label Switching (MPLS).
Nothing underscores the fact that Cisco’s approach has encountered too many dead ends than this week’s announcement that the company would seek to acquire Viptela, a San Jose-based five-year-old exclusive producer of SD-WAN technology, in a deal valued at $610 million.
Last January, Viptela snatched Praveen Akkiraju, formerly the CEO of Cisco co-owned VCE (maker of Vblock), as its own CEO. Akkiraju had spent most of the previous 24 years working either at Cisco or a Cisco-owned property, prior to EMC’s acquisition last year of the majority of Cisco’s stake in VCE.
Just last month during the Google Cloud Next conference, Akkiraju told SiliconAngle’s The Cube why MPLS, from his perspective, represented a 20-year-old networking mindset that failed to take the cloud into account. Suppose a user of a SaaS application, he explained, wanted it to access data presently stored in a branch office. Should that data be routed back through the main data center, and then to the public cloud — as MPLS would mandate?
“Most branches today have internet connections that are faster than anything MPLS VPN can provide,” he argued, citing one Viptela customer’s estimate of the per-megabit cost for MPLS data routing at $200. Relying on the internet alone would cost the same customer $2 per megabit.
The concept of MPLS worked on ATM-switched networks at first. But around the turn of the century, MPLS had become the original “internet fast lane” for ISPs that wanted to get in the data shuttling business, using IP protocol as its conduit. Technically speaking, it employed a dedicated route between two hosts — say, between a branch office and a central data center — and instructed IP routers to employ that dedicated route by means of labeling the packets. Those labels put packets on the fast lane and gave ISPs an opportunity to charge premiums. One of the earliest arguments about net neutrality that ever came to light before a legislative or regulatory body involved this very practice.
Cisco continues to offer managed MPLS VPN service today and has touted MPLS as a modern component of its “Intelligent WAN” architecture as recently as last April 13. At the same time, it’s been pushing its DMVPN service as an alternative means for enabling a secure wide data tunnel between dispersed branches and the home office. Seemingly depending at times upon whether the day was numbered odd or even, DMVPN may or may not have been the core of Cisco’s SD-WAN portfolio.
In an August 2015 presentation to the analysts gathered for Tech Field Day that year, Jeff Reed — who at the time oversaw Cisco’s SD-WAN efforts, and who is now senior VP for its security products — admitted that customer adoption of new networking technology tended to be too hard. “We lacked an abstraction layer at the network,” he told them, which contributed to the overall problem of the calcification of the entire stack at the network layer. Deploying new network capabilities required upgrading the embedded operating systems in switches.
“Out of that spawned this idea that we should fundamentally rethink how we’re building networks,” Reed said, “in terms of what functionality should live at the device layer; what functionality should we push to the controller layer; and even, over time, what functionality should live in the cloud?”
Those questions were the catalyst, to coin a phrase, for the company’s SD-WAN strategy. DMVPN appeared to address that strategy with a reasonable, practical model, in which branch offices became spokes connected to the central office hub.
But Cisco found itself re-articulating that strategy, introducing it all over again to the same group of analysts the very next year. By 2016, the goal was delivering application-level functionality across disparate network endpoints, which seemed clear enough.
But in that re-articulation, MPLS reared its head (or headed its rear) once again, as an option for binding virtual VPN units to link Cisco Cloud Bridges. Neither Overlay Transport Virtualization, nor any of the other proposed Cisco protocols to render MPLS obsolete, made an appearance.
It was getting to the point where business and financial analysts — not even network analysts — were speculating as to whether there was a more conspiratorial logic behind Cisco keeping MPLS alive. Business Insider had been following the careers of several Cisco engineers (which, if it had dug another half-hour longer, it would have realized were four in number, not three) whose career paths would have them officially leaving the company to form startups, only for them to be soon solely acquired by Cisco for considerable sums. The process was called “spin-in,” and the common bond between Mario Mazzola’s, Prem Jain’s, Luca Cafiero’s, and Soni Jiandani’s accomplishments appeared to be as simple as the initials of their given names: M.P.L.S.
In June 2016, all four members of team M.P.L.S. resigned from Cisco, in the midst of a management re-organization ordered by new CEO Chuck Robbins. In a parting memo to his former staff, Mazzola explained to the world that the startup process was not a conspiracy at all, but a policy inspired by former CEO John Chambers. “We entered the data center market with the first spin-in, Andiamo Systems, which became the MDS SAN product line,” Mazziano wrote. “The creative model of the spin-in demonstrated that by tying specific execution timelines, revenue and profitability targets to engineers’ compensation a new market could be opened for the company with minimal financial risk to Cisco.”
But Mazziano also acknowledged that his fellow engineers — particularly Prem Jain — joined him as champions of MPLS, the protocol. Their interests in building business units around technologies based upon MPLS may explain why Cisco could simultaneously offer DMVPN-based SD-WAN, along with a second SD-WAN option around its Meraki line of wireless appliances, while proceeding with a strategy that continued to tout MPLS as its principal tool.
Meanwhile, as Viptela continued its evolutionary path, it compared its SD-WAN not to the MPLS scheme, but to DMVPN. The Achilles’ heel of that later approach, wrote Viptela CTO Khalid Raza (another former Cisco Distinguished Engineer. . . see if you spot a trend forming), is that it relied upon the creation of an artificial subnet for simulating router adjacency — a subnet which introduced fixed IP addresses into the mapping scheme. Meanwhile, with Viptela’s singular control plane approach, no artificial subnet is needed.
Which brings us to this week, as plans begin for Cisco to acquire a company currently led by two of its most distinguished engineers in its former employ. Maybe spin-in is not dead after all.