Software Defined

Networks
What is SDN?

• Software-defined networking (SDN) describes an architecture that

separates the network control plane and the forwarding plane, aiming
to simplify and improve network control. IT teams are better able to
rapidly adapt to changing business requirements and application
needs.
• SDN is a highly flexible, agile way to adapt to growing networking
requirements and enable automation and agility. By separating the
network control and forwarding planes, SDN makes network control a
programmable entity and abstracts the infrastructure underneath.
• Network engineers benefit from SDN because they no longer have to
wrangle individual network devices to offer network services, connect
locations and applications, or govern resource and capacity utilization.
Instead, SDN takes care of this task by directing these individual
“switches” to provide services when the business requires them.
Features
1.Agility - As business and application needs change, administrators can
adjust network configuration as required.
2.Centralized management - SDN consolidates network intelligence,
which provides a holistic view of the network configuration and activity.
3.Programmability - The ability to directly program network features and
configure network resources quickly and easily through automated SDN
services.
4.Open connectivity - SDN is based on and implemented via open
standards. As a result, SDN streamlines network design and provides
consistent networking in a vendor-neutral architecture.
The benefits of software-defined networking

• Context and visibility - In an SDN, users can view the entire network through a centralized
source, which simplifies provisioning and managing processes.
• Lifecycle management and automation - Business demands vary day-to-day, so IT
managers need to set up what-if network configurations to accommodate demands from new
applications and virtual machines (VMs). In an SDN, these what-if configurations are easy to do
and pose no impact on the network.
• Security - Improved security makes SDN a no-brainer for many businesses. Security is
centralized in an SDN. In this central controller, an IT manager can create and distribute security
policies throughout the enterprise with ease.
• TCO and ROI - Lower operating expenses are another alluring benefit of SDN. Because an SDN
improves overall resource and server utilization, businesses will experience reduced operational
costs and administrative expenses.
• Cloud - SDN is an excellent way to help “cloudify” the datacenter, ultimately helping to unify the
components of a business’s infrastructure. Specifically, a business can abstract, and therefore
unify, cloud resources through SDN.
• DevOps - The ability to redirect and shape data traffic is a defining feature of SDN. This enables
IT teams to improve their service delivery and network responsiveness, which makes the end-
user experience more seamless.
How is software-defined networking used?

• There are multiple use cases where SDN is beneficial. First, SDN can help support
DevOps initiatives. Application updates, deployments and even IT infrastructure
components can be automated through SDN while DevOps applications and
platforms are created and deployed.
• Second, businesses can leverage SDN controllers to improve the functionality
of campus networks, which are often complex due to ongoing Wi-Fi and
Ethernet needs. The central SDN controller delivers automation and centralized
management that improves security and helps businesses deliver more high-
quality services across the network.
• Third, service provider networks can leverage SDN to automate the process of
provisioning networks for improved service management and increased control.
• Finally, businesses can enjoy the increased protection and simplified firewall
administration that SDN provides. Businesses can create distributed firewall
systems through the virtualization capabilities of SDN, delivering an extra layer of
security to prevent a breach from hopping from one VM to another.
• Administrators and managers can also centrally track and change network activity to
proactively detect vulnerabilities and eliminate possible data breaches.
• Some other use cases include:
• Converged storage systems – Some organizations are using SDN to create
programmable fabrics that span and expand their data storage and data center
capabilities.
• Video applications - By combining network virtualization platforms with SDN networking
technologies, some organizations are realizing that SDN can increase their ability to
maintain and ensure quality of service through enhanced, dynamic control over the
network.
• Mobile operator network orchestration – Some mobile network service vendors have
begun to see value in SDN as a way to ensure optimal resource utilization and dynamic
service provisioning.
• Scaling data center networks – SDN in the data center allows many organizations to
more effectively scale bandwidth between data center servers without incurring additional
hardware costs. They’re also seeing higher access speeds and better load balancing.
Types of SDN

• There are several different ways an organization can

implement SDN. Every implementation involves a
controller, various switches, and a protocol that
communicates with the switches. Together, those
elements forward and route data packets where they
need to go. Because the elements are separated in SDN
(unlike in traditional networks where they’re present in
the same device), they allow organizations some
options when implementing SDNs.
• The main types of SDN are:
• Open, or switch-based, SDN – This is considered the most straightforward SDN type. The SDN controller uses OpenFlow, a
standard southbound protocol, to communicate with the network switches. To do this, the controller receives information from
applications and turns them into data called flow entries, which are then transmitted through OpenFlow to the switch. This
SDN type gives organizations a central point of control that oversees all switches and how they move data along the network.
Switches enabled with OpenFlow can be virtual or physical.
• SDN via API – This type uses programming interfaces, or southbound APIs, to monitor and control network traffic into and out
of switches and other devices. Because this implementation allows switches to use traditional network methods such as SNMP
or CLI—or more modern approaches like REST APIs—they don’t require OpenFlow. Each device is given specific control points
that let the controller operate them remotely through APIs. This type works well with traditional switches and make
orchestration software easier to develop. It also delivers a greater level of openness than open SDN and requires less
proprietary software and devices.
• Overlay SDN – This type of SDN model requires the creation of a virtual network that lies atop existing infrastructure and
entails various channels that allow data to flow to different data centers. Physical devices can remain as they were, and a
hypervisor is used as the interface between physical devices and the virtualized network. Each channel in the network is given
a predetermined bandwidth and assigned specific devices. The only physical devices connected to the virtualized network are
those that reside at the edge. When a data packet is sent to a physical device at the edge of the virtualized network, or the
virtual tunnel endpoint (VTEP), the hypervisor takes that data, repackages it in another frame, and sends it to its destination
at a VTEP across the network as defined by the controller.
• Hybrid SDN – Along with the three types of SDN described above, it’s also possible to implement traditional and SDN
networking approaches in one environment. Hybrid SDN can use a variety of network technologies, including VPN, MPLS, and
Ethernet to connect devices and infrastructure. This implementation method can provide a high degree of flexibility according
to the unique needs of an organization. One challenge with this type is that it tends to create more complexity than other
types and requires personnel with the skills and experience to effectively manage it and troubleshoot issues as they arise.
Architecture of software-defined networking

• SDN relies on APIs to create a centralized management plane that lets

administrators and managers decide and program network behavior.
SDN creates an abstraction or virtual overlay on top of otherwise
complex networking infrastructure. This enables IT teams to manage
their network, application, and devices consistently with minimal
knowledge of or direct interaction with that underlying technology.
• SDN performs various tasks and encompasses various technologies. But
its original defining purpose was to create a programmable abstraction
that separates the network data and network control planes.
• The control plane is the brain of the operation, managing network
services and deciding how and where packets should move throughout
the network. The data plane is the transport system that connects
endpoints and moves packets according to the control plane’s
directions.
How SDN differs from traditional networking

• SDN applications - These applications relay actions and request resources through the SDN
controller using the OpenFlow protocol, APIs, or a hypervisor. SDN applications can assume
various forms and serve various functions, such as network management, providing analytics,
adding security, or common network functions. Examples include IP address management
(IPAM), managing quality of service (QoS), load balancing, or detection and mitigation of denial-
of-service (DoS) cyberattacks.
• SDN controller - SDN applications send instructions to the SDN controller, which relays that
information to networking components. The SDN controller also collects network information
from hardware and delivers this information and relevant statistics back to the applications.
Controllers also act as SDN load balancers and ensure that applications get the resources they
need, when they need them.
• SDN networking devices or infrastructure - These devices, such as network switches, are
responsible for routing data packets and getting them to their desired destination.
• Networking protocols and APIs – These programmable open-source technologies, such as
OpenFlow, are designed to monitor and manage where traffic goes in an SDN network. These
API integrations are commonly called northbound or southbound interfaces. The northbound is
the integration between the controller and the application while the southbound is the
integration between the controller and the physical networking devices.
Software-defined networking and security

• There are different levels of security protection offered via SDN. Perhaps most
notable is the centralized intelligence SDN offers, enabling IT administrators to
quickly and easily set and keep security policies. These policies can be
universally enforced throughout the network and can be maintained and
enforced through central control.
• Furthermore, SDN creates an abstraction layer between the software and the
hardware, allowing IT teams to bypass proprietary devices and simply start
developing security tools to implement across the network. As a result, there is
greater transparency for gathering insights and possible threats if a security
breach occurs.
• Security is scalable with SDN. Rather than requiring expensive, proprietary
hardware and security controls, IT teams can create, control and deploy security
policies at scale as software grows, new clouds and applications are provisioned,
or as business needs change. If a segment shuts down or has a security gap, the
transparency of SDN allows administrators to quickly and easily detect malware.