Anyway, what does this have to do with OpenFlow/SDN? Nothing…yet, but the question that came to me while I was in a meeting with a NYC based financial firm last week was, “How will security be perceived with running a *real* virtualized network with control plane separation happening at a controller?”
Before I go any further, here is some background…
Enter OpenFlow.
What if their network was virtualized by means of an OpenFlow enabled solution using a Big Switch controller (BSC). Two weeks ago, I wrote about the demo Big Switch gave. Like I said then, it was pretty sweet. They created a logical switch in seconds using the BSC (hope you all like the acronym ;)). What if the customer I’m referring to used the BSC and created several logical switches. They would look and feel like several physical switches. No communication between each other and they would even be riding on the same hardware. No complex PVLANs either. This sounds attractive and was exactly what I was thinking during the meeting. Would this have worked?
BUT, is the “logical” or “virtual” switch secure? Actually, I’ll rephrase that, and more importantly, “how would this be perceived by organizations that have security teams?” One of my first career lessons was “perception is reality,” so while it may or may not be secure, what will the perception be? I think for what I described above, this would be no issue for the “typical” Enterprise, but for those with security teams, I’m not so sure.
Based on what I’ve read, it would seem Big Switch (or any other controller vendor) is being extremely creative and doing some funky MAC-learning tricks to produce mini virtual switches.
What do YOU think - should there be security concerns? Remember, focus on perception. Lastly, do the companies driving the OpenFlow/SDN industry momentum need to have targeted messaging at some point to gain the mindshare of security focused individuals/teams?