Software may be eating the world, as Marc Andreessen correctly asserted nearly a decade ago, but some parts of the world are crunchier than others and take some time for the hardware to be smashed open and for software to flow in and out of it.
We have been watching with great interest since around 2008 or so as merchant silicon came to switching and routing and how control of hardware was broken free from control of software, much as the X86 platform emerged as a common computing substrate a decade earlier. Initial attempts at creating portable and compatible operating systems for switching and routing had their issues, but a second wave network operating systems are emerging and, we think, will eventually become the way that networking is done in the datacenter, breaking the hegemony of proprietary operating systems as happened in compute in the past. A decade of open systems Unix platforms on dozens of chip architectures really just helped create the conditions that allowed Linux on X86 to become the dominate platform in the datacenter. And, ironically, now that Linux dominates, now different hardware, now including various kinds of accelerators as well as new CPUs, can now be slipped easily in and out of compute in the datacenter without huge disruption to Linux.
The same thing is starting to happen with network operating systems, including the SONiC/SAI effort championed by Microsoft, the ArcOS platform from Arrcus, whatever Nvidia ultimately cooks up through the combination of Mellanox Technology and Cumulus Networks. Cisco Systems is now a supplier of merchant silicon with its Silicon One router chips, which debuted in December 2019 and which were augmented with switch chips last October. Every switch ASIC vendor has created some form of programmability for its packet processing engines, with P4 as advanced by Barefoot Networks (now part of Intel) being the darling but by no means the only way to achieve programmability, and now we see the industry rallying behind the concept of the Data Processing Unit, or DPU, which among other things manages network and storage virtualization and increasingly runs the compute hypervisor, offloading these functions from the CPUs in host systems.
Historically, network and computing are thought of separately, akin to how space and time were thought of separately in a Newtonian universe. There are compute layers – user spaces and kernels in operating systems and down to instruction sets and their cache hierarchies in underlying processors – and network layers – from the Layer 1 physical connection in the Open Systems Interconnection (OSI) model up through Layer 2 switching and Layer 3 routing all the way up to Layer 7 applications. Just like Einstein brought space and time together into a single spacetime, the evolution of distributed computing and innovations such as virtual switching, virtual compute, and containers requires something like a new theory of computenetwork, and something a bit more sophisticated than the famous statement from Sun Microsystems chief researcher John Gage in 1996 that “the network is the computer.” We are not sure if user spaces and kernels are akin to Layers 0, -1, and -2 in a modified OSI stack or Layers 8, 9, and 10 as you move up. The lines are getting blurry and a different topology, perhaps, is warranted than a vertical stack.
All of this brings us to the acquisition of Volterra, a company that we became acquainted with only last year, by F5 Networks, a company we have known about for a long time operates higher up in the network stack that we probably do not give enough consideration to at The Next Platform. Hence, we are paying attention to it this week as F5, known best for its BIG-IP load balancer, which has been shaping traffic on the Internet and on corporate networks for a decade and a half, is shelling out $500 million to acquire Volterra.
F5 has been on a buying spree in recent months. One of the drivers of these acquisitions has been pressure from activist investors, but another one is the realization that sealed box appliances like big load balancers – just like switch and router and firewall appliances – are moving to software running on the most generic hardware possible.
F5 spent $670 million to acquire NGINX in March 2019, best known for its web server and load balancing software, and followed this up with the $1 billion deal in December 2019 to buy Shape Security, a maker of “botwall” fraud detection and protection software.
Without the addition of Volterra, F5 has been able to grow its software business by 52 percent to $365 million in its fiscal 2020 ended in September 2020, while its hardware business declined, to a certain extent because of the coronavirus pandemic, by 10 percent to $668 million. F5’s services business, largely dominated by support for its hardware appliances and freestanding software, grew by 5 percent to $1.33 billion, with the overall company sales rising by 5 percent to $2.36 billion. Volterra is not expected to immediately drive current software revenues, but rather round out the so-called “Layer 8” software offerings that F5 sells and particularly give it a piece of the burgeoning edge market.
While the transition from closed and vertically integrated appliances to software running across a variety of hardware (including the large public clouds) has been relatively slow in the datacenter, taking about two decades more or less, we do not think this will be the case at the edge – and this is why Volterra is particularly important to F5. The edge is not going to be built from appliances, but is going to be more malleable and fungible from the get-go. That would be silly, and as a good parallel, think about the difficulty of providing phone service and then Internet service in a country as large as China when it its economy started to advance. It went straight to cell phones without laying landlines to homes because that was too costly and also stupid. The edge won’t be a baby datacenter as we know it as much as a very fat and funky mesh of compute that can support a dizzying array of CPUs and accelerators as well as various kinds of network interconnects to provide as intelligent processing that is closer to users than a few regional datacenters could ever be.
Volterra first came to our attention when Ankur Singla, the company’s founder and chief executive officer, contributed a piece to The Next Platform about the birth of the distributed cloud back in February 2020, and then we talked to Singla in July on Next Platform TV to get a better sense of what the Volterra platform was, why it was named after a famous walled city outside of Florence in the Tuscany region of Italy, and why we needed what amounts to an uber-operating system that abstracted public clouds, datacenters, and edge compute. Singla was the chief technology officer at Aruba Networks (now part of Hewlett Packard Enterprise) and is well acquainted with the edge, and then went on to found Contrail Systems, a maker of network function virtualization (NFV) and software-defined networking (SDN) software that was eventually acquired by Juniper Networks so it could try to start climbing out of its own switch and router appliance quagmire.
As Singla explained it to use back in July 2020, which seems so long ago, the central architectural issue that Volterra addresses – and that other cloud fabrics do not – is that the Internet was never designed to provide symmetrical interconnects between devices. Thanks to the coronavirus pandemic, we all have intimate experience with this fact, since upload and download speeds to our cable modems are definitely asymmetrical, as corporate networks have been from the beginning, and have more bandwidth coming down from on high than can be sent up from below. But in a data processing and storage paradigm that mashes up and meshes on premises datacenters, multiple public clouds, and the edge, there has to be symmetry between them because all of them, at any given time, can be the center of the data processing acting at any moment. To solve this problem, Volterra has built its own transcontinental and intercontinental network and a SaaS platform that provides a compute and storage framework that guarantees symmetric interconnects between these different compute and storage tiers. The Volterra platform also peers with all of the major telcos and service providers and content distribution networks (Akamai is the big CDN, of course, but not the only one by any means).
The point is that Volterra’s network does exactly what the hyperscalers and cloud builders do themselves, and there is a way to architect the connections between the edge, the clouds, and the on-prem datacenters so you never hit the public Internet and its asymmetric bandwidth. (It’s more like an information superhighway with ten lanes going south, but only one or two lanes going north.) But here one of the neat bits: VoltMesh software that controls the Volterra Network interconnect backbone can dialed up and down the interconnect bandwidth and deliver quality of service on latencies as needed and is on a pay-per-use pricing scheme like compute on the public cloud. On top of that, the VoltStack is an implementation of the Kubernetes container control system that has been optimized to run at the edge and mesh with other Kubernetes stacks on the public cloud and in on-premises datacenters.
The way that F5 and Volterra see it, the CDNs like Akamai, which started in the late 1990s in the original dot-com Internet commercialization era, what it calls Edge 1.0. In this era, people were focused on accelerating static content, but they could run specific services on very specialized CDN servers. With the Edge 1.5 era, typified by the Cloudflare and Fastly starting around 2012, every service could run on the CDN servers, but like Edge 1.0 commodity security applications were fragmented from the applications, very specific code was running at the edge and was different from that running on the cloud or on-premises, and customers were limited to the hardware choices of the CDNs.
With the Edge 2.0 era, which starts now through the combination of F5’s BIG-IP load balancer, the NGINX middleware, and now Volterra VoltMesh and VoltStack, any service can run on any server, the same control code runs everywhere, security is consistent across all tiers, and there is hardware independence. This is the benefit of not only deploying Kubernetes, but using it to build the tools.
To make this all fluid, F5 plans to integrate the BIG-IP load balancer’s security software into the VoltStack platform, and that will expand F5’s total addressable market to now include a $5 billion of edge business. Both BIG-IP load balancing and security software and the NGINX middleware will be ported to and distributed atop the Volterra platform so they can be hosted on any cloud.
At the moment, the Volterra business will be a small – and undisclosed – portion of F5’s overall business, but it has been getting traction in its own right, which is why F5 moved now rather than wait. Volterra was founded in 2017, and it acquired Acorus Networks for its distributed denial of services security software in July 2019 for an undisclosed sum. Volterra had raised $50 million in a single round in November 2019 (Khosla Ventures, Mayfield Fund, Partech, Microsoft, and Samsung were the big backers), and has grown to 125 employees (with 75 percent of them being in engineering, always a good thing for a software startup) in the past three-plus years. Volterra has more than 50 enterprise customers, including 3 of the top 15 telcos and a slew of big banks and insurance companies. F5, by contrast, has more than 18,000 enterprise customers, including 48 of the Fortune 50 and sits behind 450 million applications and websites (including 70 percent of the largest websites on earth, according to the company). F5 generates more than $750 million a year from its application security business alone, and has more than 6,000 employees working in 43 countries where it operates.
But as we say above, this is more than just a cross-selling opportunity. Volterra’s network and stack is going to underpin all of F5 going forward, and that speaks volumes to how software is utterly transforming all aspects of the network in the datacenter and at telcos and service providers.
Expect a lot more shakeups on this front.
But here is the virtuous circle that F5 and Volterra can create, and this is the important bit as Shuman Ghosemajumder, who was the chief technology officer at Shape Security before F5 bought it and who is now the global head of artificial intelligence at the company, tells The Next Platform.
“I think that the orchestration enabled by the Volterra platform is valuable in and of itself,” Ghosemajumder explains. “It reduces complexity, creates flexibility, improves performance, and all of that. That is fantastic. But I think that in the long term, the biggest benefits come from the platform itself and enabling new functionality that’s is based on data. Security is an example of that. What Shape Security has provided is all about analyzing the telemetry that comes from every transaction that’s handled by the infrastructure, combined with new telemetry that we generate from the client in order to be able to have insights on application behavior that nobody else has. And so you can do the same thing from a general application behavior perspective, figure out how to be able to optimize the behavior of an app and thereby a business for your audience. Now, all of a sudden, we are not just talking about IT budgets anymore. We are talking about marketing budgets and line of business budgets, too, and how we can generate new categories of value for them.”
Ghosemajumder is someone whose opinion counts here, because he was global head of product trust and safety at Google between 2003 and 2010, and that means he was in charge of click fraud and advertising protection as well as other network services that underpin Google’s revenues. This software is just as valuable as the infrastructure and applications at Google. The same will hold true of every enterprise on Earth, and now F5 can help build a platform that not only secures the apps and makes it perform well, but has a shot at being the uber-platform on which companies will build their applications themselves so they can span clouds, edges, and datacenters.
It will be interesting to see how this turns out. VMware or IBM/Red Hat or Microsoft might have wished they jumped here first, and don’t be surprised to see someone now buy F5 Networks. With an $11.8 billion market cap and say a $2.5 billion business, it might be a little pricey, maybe $15 billion, maybe higher. But we have seen bigger deals. Both AMD’s deal for Xilinx for $35 billion and Nvidia’s deal for Arm Holdings at $40 billion are much larger against similar-sized revenue streams.