Software-defined networking (SDN) is the biggest revolution to hit enterprise networking since the Internet. It represents the latest leap forward in a nonstop progression of technological and social change that has reinvented business applications (SaaS), scale-out computing (cloud), data processing and analytics (big data), and employee work styles (mobility).
With SDN, networking finally enters the on-demand and cloud era by embracing software, virtualization, programmability, and automation.
Like many technology revolutions, SDN was not hatched as a full-functioning adult. Rather, it has evolved from an academic concept and a set of immature tools into an industry-driven and open-architectural paradigm that’s being productized by innovative (and mostly emerging) networking vendors. In many ways, SDN is analogous to cloud computing: part disruptive approach, part open source and standardized tools, and part economic transformation.
This is the first piece of a two-part blog series dedicated to helping enterprise IT leaders understand “what” SDN is today in business terms; “where” it’s applicable within an organization’s infrastructure; and “why” enterprise adoption — in one or more forms — is inevitable. In fact, it’s already under way.
Defining Software-Defined Networking
From a practical perspective, we need to start with a definition of SDN. For that I turn to my good friend and networking industry luminary Dr. Jim Metzler from the consulting firm of Metzler & Associates. Here is an excerpt from Jim’s “2015 Guide to SDN and NFV”:
“Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services.”
This definition is helpful, but CIOs also need to know what SDN does to achieve such lofty outcomes. It’s important to understand the functionality of SDN architectures and the overall value proposition. There are many potential benefits that should resonate with any CIOs who are reeling from the diverse and growing demands of data, cloud, mobility, and IoT on their networks.
Software & Segregation Bring Simplicity
Let’s face it, much of the hardware-defined network architectures and technologies deployed in most enterprises today have been around for several decades. They include switches; routers; MPLS; IPsec; tiered data centers hub-and-spoke WAN topologies; border-based security; and stacks of discrete appliances at the datacenter and branch to monitor, filter, and optimize traffic.
When first introduced, the enterprise network was mostly about connecting “places,” and the employees and computing resources within them. Now, enterprises are faced with extending these legacy networks to address challenges that were never imagined when they were conceived. For example:
- Virtual machine sprawl and mobility across private and public datacenters.
- Dramatically evolved threat landscape that includes social engineering, advanced persistent threats, volumetric attacks, and exploits carried out by organized actors and foreign governments.
- People wanting to work from wherever, whenever, and on whatever device they choose.
- Need to connect thousands of new “things,” such as kiosks, digital signage, HVAC controls, power meters, traffic lights, pipeline actuators, and cameras.
Trying to adapt layers of decades-old technologies to support these new requirements has made networking mind-numbingly complex, creating a schism between the dynamism, on-demand, and scale requirements of cloud, mobile, and IoT.
SDN simplifies networking for both data center and WAN deployments by moving to software many network functions that have traditionally resided in hardware, making them programmable and automatable. Additionally, SDN segregates network functions into the Control Plane and Data Plane.
The Control Plane includes functions that are dynamic and have global network relevance, such as entitlements, policy, identity, topology, and addressing. The Data Plane includes data forwarding, packet path service injection, and edge policy enforcement. This approach can dramatically simplify the network because:
- Provisioning cycles are shortened from months to minutes.
- Manual, box-by-box configurations are replaced by automation, algorithms, and instantly distributed policies and parameters (configure once, run everywhere).
- Stacks of appliances can now be virtualized, distributed, and delivered as an in-network service.
- Route selection is no longer constrained to network conditions; it can now by dynamically and externally programmed by endpoint devices and payloads, such as servers and applications.
Virtualization Brings Economy & Reliability
While network virtualization is not technically part of most SDN definitions, I can’t imagine many practical implementations without it. It would be akin to cloud computing without virtualization —unfathomable to most. Similar to cloud computing, network virtualization means creating a virtual network that abstracts and overlays a physical one. This makes it possible to build multi-tenant architectures (e.g. SDN-as-a-Service), rapidly deploy new virtual networks on the fly, increase utilization of underlay networks, and enable performance optimization and high resiliency by being able to instantly migrate “network workloads” around slowdowns and failures in underlying networks.
If fact, so intertwined are the concepts of network virtualization and SDN that the VMware NSX team often has referred to their solution as a network virtualization offering rather than SDN. I’m also part of the camp that believes these two technologies are inextricable.
Abstraction & Encryption Bring Security
Enterprises today are deploying SaaS applications, cloud workloads, mobile workers, and IoT devices (e.g. collectors, sensors, and actuators) at a compounding rate. In fact, recent reports from IDC, Cisco and Gartner predict that by 2020, 72 percent of employees will be working from primarily mobile, 56 percent of application workloads will be either SaaS or public cloud, and more than 8 billion “things” will be connected to enterprise networks. What these trends have in common is that they utilize the public Internet as their enterprise network, creating an immense new security challenge.
The traditional approach to Internet-related security has been to stop threats at the enterprise border. While essential, this is no longer adequate. That’s because apps, data, and users can reside and interact outside enterprise borders (e.g. mobile users directly accessing cloud and SaaS applications, and IoT devices sending data to the cloud), and the number of insider-initiated attacks is increasing. These two simultaneous realities are making the border-driven model of security inadequate.
If we can’t rely on borders in the new connected enterprise, and we can’t privatize the entire Internet with MPLS Direct Connects, then how is this critical issue made tractable? Part of the answer is through the use of virtual overlay networks (network virtualization) with end-to-end abstraction and encryption. This approach makes it possible to build secure, private virtual networks that overlay the public Internet and underlying physical access networks, such as broadband, 4G LTE, and public WiFi hotspots.
Each virtual overlay network is encrypted end-to-end, has its own private address space that is not visible or addressable from the Internet (you can’t attack what you can’t address), does not require underlying static IP addresses, and is ephemeral. Virtual overlay networks also can have other privatized and virtualized services, such as domain naming services (DNS), network address translation (NAT), and dynamic and automatic IP address assignment.
Programmability Brings Flexibility & Agility
Of course, the whole idea behind making something software-defined is the ability to make it programmable in real time. In the case of SDN, this means the ability for the Control Plane to program the functionality of the Data Plane on the fly. This goes beyond real-time programming of the data forwarding primitives and includes such functions as instantiating new network services on any virtual network in seconds, or spinning up a virtual quarantine network instantly whenever a threat is detected and migrating machines onto it for interrogation and cleansing.
Automation Brings Scalability
Not only are traditional enterprise networks becoming complex, they require an increasing amount of skilled human capital to run them. At the same time, enterprise network endpoints are slated to grow dramatically as more mobile devices, virtual machines, and “things” are connected to them.
The only reasonable way to bridge this massive gap is through automation. SDN attributes of software, segregation, and virtualization make it possible to bring cloud-like automation to networking and achieve 10x or more factors of scale. Here are just are just a few of the many previously manual network tasks that can be automated in SDN networks:
- Deployment: Zero-touch provisioning and scaling of virtual networks through automation
- Configuration: Automated IP addressing, DNS, NAT, and routing tables
- Performance: Elastic capacity and dynamic load balancing of virtual network workloads
- Availability: Automated migration of virtual networks around failures within underlay networks
As you can see, SDN is more than just a technological advancement in networking. It’s enabling a reinvention of networking in the same way that cloud technologies have led to the reinvention of computing. Stay tuned for my next blog post in this series, which will talk about how SDN is transforming the way we build, scale, and manage wide-area networks.