Open Cord -- the use of web-centric, virtualized datacenter concepts at the edge of the carrier network -- requires a different approach by service developers.
In the second part of a two-part Q&A with ON.Lab and Open Networking Foundation (ONF), CTO Larry Peterson tells Telco Transformation that the days in which end users fashioned their own solutions are ending. Peterson, who also is the Chief Architect of CORD (Central Office Re-architected as a Datacenter), said that once they adjust to that reality their job becomes much easier. In part one, Peterson spoke about how security, SDN and NFV tied into CORD. (See ONF's Larry Peterson on CORD & Security.)
Telco Transformation: Are the changes to legacy approaches necessary for service developers to use CORD incidental or are they significant challenges?
Larry Peterson: I don't know if I would say challenge, but it is extra work. But one of the things CORD has worked very hard to do is to lower that barrier. What you're asking a service developer to do is write a service the way they think it needs to be written and then give us a model that describes how to configure and control it. That model is actually quite short. Conceptually you really have to understand what your service does and how to control it. But you should have been doing that if you work as a service developer anyway.
The whole point of it is you don't have to write a lot of code. This is a few lines of statements: "My service has parameters a, b and c and they depend on this other service x, y and z." It's on that level.
CORD does the heavy lifting to generate all the code that is required to make it so. The code that enforces the security on all of that. The code that generates the RESTful interfaces. The code that allows you to onboard and configure the service. It actually generates a graphical user interface. So there's a bunch of code that gets generated by your simple declarative statements.
TT: What you're describing does not sound like a deal breaker for these people if they know what they're doing?
LP: What has been hard for people is not CORD-specific. What's been hard is a lot of VNF vendors and service developers were working in an earlier era when they sold you a piece of hardware that had the software inside of it. That allowed them to take all kinds of shortcuts with those interfaces that led to horribly ugly configuration files and what not because no one ever saw that except for the engineers inside of that company.
This is not CORD. The whole idea of a VNF is that you've now made that available in software and you have to have thought about other people invoking that software. That's just a barrier that everyone has to come over. What CORD does above and beyond that is pretty minimal.
TT: It sounds like this is almost an instance of this new environment or this new approach taking hold and demanding that it be done with a software first focus and everything that entails, from the amount of code to the security elements?
LP: Absolutely. That is exactly right.
TT: How does open source affect the security of automated systems? One school of thought says that open source is inherently more secure because you're not relying on a single vendor to find and fix vulnerabilities. Another says having the code in public view means hackers can peruse it to their hearts content.
LP: I don't know what the empirical data says. It's not something I focus on, but I do believe that having more eyes on the code ultimately makes the code better. That part outweighs the risk of the adversaries seeing what the code looks like because they're people who probe the code whether it's open or closed. That's been demonstrated.
TT: Is there a direct relationship between CORD and IoT?
LP: CORD is, I believe, an important touchpoint for IoT. It is the telco's point of presence closest to the thing in your home or whatever because it is the very edge of the telco network. It is the first hop that your Internet of Things device is going to hit. In fact in the mobile case, one of the variants of CORD loads CORD up with a mesh of services that gives you wireless access. So that's very likely on the critical path for any IoT that happens.
TT: Are there any security elements of CORD's relationship with IoT?
LP: We have not done anything yet in CORD that is IoT security-specific. I think there is an opportunity for that, but it's not something that I know of that anyone has yet pursued.
TT: So IoT is protected at this point to the extent that CORD itself has very stringent security that would by extension secure the IoT elements that are connected to it or use it. Is that fair?
LP: That's right. And [those IoT elements] would be directly connected to CORD from the edge. That is the opportunity.
TT: Where are you in the development cycle of CORD?
LP: Officially the first release was a little over a year ago. But that was a very much a proof of concept variant. We just did a release at the end of September. Technically it was the fourth release of CORD. Had there not been so much demand and pull for CORD, it would have probably been the official 1.0 because all the things that we said were going into CORD were finally there. It's in field trial and lab trials in a number of telcos and cablecos. So it's being evaluated.
— Carl Weinschenk, Contributing Writer, Telco Transformation