What is Software-Defined Networking (SDN)?

What is SDN?

Software-defined networking (SDN) describes an architecture that separates the network control plane and the forwarding plane, aiming to simplify and improve network control. IT teams are better able to rapidly adapt to changing business requirements and application needs. 

SDN is a highly flexible, agile way to adapt to growing networking requirements and enable automation and agility. By separating the network control and forwarding planes, SDN makes network control a programmable entity and abstracts the infrastructure underneath. 

Network engineers benefit from SDN because they no longer have to wrangle individual network devices to offer network services, connect locations and applications, or govern resource and capacity utilization. Instead, SDN takes care of this task by directing these individual “switches” to provide services when the business requires them.

How does SDN work?

To gain an understanding of how SDN works, it’s important to know the underlying components that make up the network infrastructure. They are:

• SDN applications - These applications relay actions and request resources through the SDN controller using the OpenFlow protocol, APIs, or a hypervisor. SDN applications can assume various forms and serve various functions, such as network management, providing analytics, adding security, or common network functions. Examples include IP address management (IPAM), managing quality of service (QoS), load balancing, or detection and mitigation of denial-of-service (DoS) cyberattacks.

• SDN controller - SDN applications send instructions to the SDN controller, which relays that information to networking components. The SDN controller also collects network information from hardware and delivers this information and relevant statistics back to the applications. Controllers also act as SDN load balancers and ensure that applications get the resources they need, when they need them.

• SDN networking devices or infrastructure - These devices, such as network switches, are responsible for routing data packets and getting them to their desired destination.

• Networking protocols and APIs – These programmable open-source technologies, such as OpenFlow, are designed to monitor and manage where traffic goes in an SDN network. These API integrations are commonly called northbound or southbound interfaces. The northbound is the integration between the controller and the application while the southbound is the integration between the controller and the physical networking devices.

With the components listed above, a network engineer can manage all networking tasks and services from a single centralized console. Through automation and programming, the SDN controller, open-source protocols, and APIs work together to ensure data is sent to the right destinations. SDN allows organizations to move away from the traditional networking approach, in which the decisions network devices made about how to move traffic depended on their pre-configured routing tables. Now, a centralized controller tells each switch how and where to deliver data and it doesn’t matter how those devices are (or are not) connected to a specific server.

Because SDN separates the network into a control plane and a data plane, these networks have more flexibility than traditional networks. The control plane is in charge of deciding how and when data should be transmitted across the network, and the data plane does the work of moving those packets to the right locations as instructed.

Here’s a simple breakdown of how it works: A data packet is sent from an application into the network. It arrives at a switch, along with instructions from the SDN controller about where to send the data. The switch sends that packet to its destination and then updates the controller about each operation. SDN is capable of dynamic routing, which means a switch can send a request for instructions to the controller when a data packet arrives without a designated route. The controller then responds back to the switch with the intended destination, and the switch moves the packet on.

How is software-defined networking used?

There are multiple use cases where SDN is beneficial. First, SDN can help support DevOps initiatives. Application updates, deployments and even IT infrastructure components can be automated through SDN while DevOps applications and platforms are created and deployed.

Second, businesses can leverage SDN controllers to improve the functionality of campus networks, which are often complex due to ongoing Wi-Fi and Ethernet needs. The central SDN controller delivers automation and centralized management that improves security and helps businesses deliver more high-quality services across the network.

Third, service provider networks can leverage SDN to automate the process of provisioning networks for improved service management and increased control.

Finally, businesses can enjoy the increased protection and simplified firewall administration that SDN provides. Businesses can create distributed firewall systems through the virtualization capabilities of SDN, delivering an extra layer of security to prevent a breach from hopping from one VM to another.

Administrators and managers can also centrally track and change network activity to proactively detect vulnerabilities and eliminate possible data breaches.

Some other use cases include:

• Converged storage systems – Some organizations are using SDN to create programmable fabrics that span and expand their data storage and data center capabilities.
• Video applications - By combining network virtualization platforms with SDN networking technologies, some organizations are realizing that SDN can increase their ability to maintain and ensure quality of service through enhanced, dynamic control over the network.
• Mobile operator network orchestration – Some mobile network service vendors have begun to see value in SDN as a way to ensure optimal resource utilization and dynamic service provisioning.
• Scaling data center networks – SDN in the data center allows many organizations to more effectively scale bandwidth between data center servers without incurring additional hardware costs. They’re also seeing higher access speeds and better load balancing.

What are the types of SDN?

There are several different ways an organization can implement SDN. Every implementation involves a controller, various switches, and a protocol that communicates with the switches. Together, those elements forward and route data packets where they need to go. Because the elements are separated in SDN (unlike in traditional networks where they’re present in the same device), they allow organizations some options when implementing SDNs.

 The main types of SDN are:

• Open, or switch-based, SDN – This is considered the most straightforward SDN type. The SDN controller uses OpenFlow, a standard southbound protocol, to communicate with the network switches. To do this, the controller receives information from applications and turns them into data called flow entries, which are then transmitted through OpenFlow to the switch. This SDN type gives organizations a central point of control that oversees all switches and how they move data along the network. Switches enabled with OpenFlow can be virtual or physical.
• SDN via API – This type uses programming interfaces, or southbound APIs, to monitor and control network traffic into and out of switches and other devices. Because this implementation allows switches to use traditional network methods such as SNMP or CLI - or more modern approaches like REST APIs - they don’t require OpenFlow. Each device is given specific control points that let the controller operate them remotely through APIs. This type works well with traditional switches and makes orchestration software easier to develop. It also delivers a greater level of openness than open SDN and requires less proprietary software and devices.
• Overlay SDN – This type of SDN model requires the creation of a virtual network that lies atop existing infrastructure and entails various channels that allow data to flow to different data centers. Physical devices can remain as they were, and a hypervisor is used as the interface between physical devices and the virtualized network. Each channel in the network is given a predetermined bandwidth and assigned specific devices. The only physical devices connected to the virtualized network are those that reside at the edge. When a data packet is sent to a physical device at the edge of the virtualized network, or the virtual tunnel endpoint (VTEP), the hypervisor takes that data, repackages it in another frame, and sends it to its destination at a VTEP across the network as defined by the controller.
• Hybrid SDN – Along with the three types of SDN described above, it’s also possible to implement traditional and SDN networking approaches in one environment. Hybrid SDN can use a variety of network technologies, including VPN, MPLS, and Ethernet to connect devices and infrastructure. This implementation method can provide a high degree of flexibility according to the unique needs of an organization. One challenge with this type is that it tends to create more complexity than other types and requires personnel with the skills and experience to effectively manage it and troubleshoot issues as they arise.

The benefits of software-defined networking

Businesses that invest in SDN are often lured in by its ability to support data-heavy applications. But beyond that purpose, there are innumerable benefits that make SDN a worthy venture. Below are several of the top advantages.

• Context and visibility - In an SDN, users can view the entire network through a centralized source, which simplifies provisioning and managing processes.
• Lifecycle management and automation - Business demands vary day-to-day, so IT managers need to set up what-if network configurations to accommodate demands from new applications and virtual machines (VMs). In an SDN, these what-if configurations are easy to do and pose no impact on the network.
• Security - Improved security makes SDN a no-brainer for many businesses. Security is centralized in an SDN. In this central controller, an IT manager can create and distribute security policies throughout the enterprise with ease. 
• TCO and ROI - Lower operating expenses are another alluring benefit of SDN. Because an SDN improves overall resource and server utilization, businesses will experience reduced operational costs and administrative expenses.
• Cloud - SDN is an excellent way to help “cloudify” the datacenter, ultimately helping to unify the components of a business’s infrastructure. Specifically, a business can abstract, and therefore unify, cloud resources through SDN. 
• DevOps - The ability to redirect and shape data traffic is a defining feature of SDN. This enables IT teams to improve their service delivery and network responsiveness, which makes the end-user experience more seamless.

Architecture of software-defined networking

SDN relies on APIs to create a centralized management plane that lets administrators and managers decide and program network behavior. SDN creates an abstraction or virtual overlay on top of otherwise complex networking infrastructure. This enables IT teams to manage their network, applications, and devices consistently with minimal knowledge of or direct interaction with that underlying technology. 

SDN performs various tasks and encompasses various technologies. But its original defining purpose was to create a programmable abstraction that separates the network data and network control planes.

The control plane is the brain of the operation, managing network services and deciding how and where packets should move throughout the network. The data plane is the transport system that connects endpoints and moves packets according to the control plane’s directions.

Software-defined networking and security

There are different levels of security protection offered via SDN. Perhaps most notable is the centralized intelligence SDN offers, enabling IT administrators to quickly and easily set and keep security policies. These policies can be universally enforced throughout the network and can be maintained and enforced through central control. 

Furthermore, SDN creates an abstraction layer between the software and the hardware, allowing IT teams to bypass proprietary devices and simply start developing security tools to implement across the network. As a result, there is greater transparency for gathering insights and possible threats if a security breach occurs.

Security is scalable with SDN. Rather than requiring expensive, proprietary hardware and security controls, IT teams can create, control and deploy security policies at scale as software grows, new clouds and applications are provisioned, or as business needs change. If a segment shuts down or has a security gap, the transparency of SDN allows administrators to quickly and easily detect malware.