Definition of SDN:

The idea of programmability is the basis for the most precise definition of what SDN is: technology that separates the control plane management of network devices from the underlying data plane that forwards network traffic.

IDC broadens that definition of SDN by stating: “Datacenter SDN architectures feature software-defined overlays or controllers that are abstracted from the underlying network hardware, offering intent-or policy-based management of the network as a whole. This results in a datacenter network that is better aligned with the needs of application workloads through automated (thereby faster) provisioning, programmatic network management, pervasive application-oriented visibility, and where needed, direct integration with cloud orchestration platforms.”

The driving ideas behind the development of SDN are myriad. For example, it promises to reduce the complexity of statically defined networks; make automating network functions much easier; and allow for simpler provisioning and management of networked resources, everywhere from the data center to the campus or wide area network.

What SDN actually does:

Much of the logic for SDN is moved inside the servers' central processor, as just another user function. Some of it is moved inside simple switch and router appliances, where software is comprised of open-source operating systems and open-source controllers. Yet all of these phenomena are the side-effects of SDN, not the purpose. These changes happen because the real purpose of SDN is to move networking logic to a place where it can be more directly controlled and managed, and even more importantly, changed to suit the dynamics of variable workloads.

The basis of SDN:

Here are SDN's principal architectural tenets:

The flow of user data is separated from the flow of control instructions. In a physical network, data packets that belong to an application take the same route as internal instructions the network components need to coordinate their actions. As SDN engineers put it, the control plane is separated from the data plane. This makes it feasible for there to be one controller in a network making routing decisions for any number of devices, rather than a plurality of devices, each of which with its own handle on the control plane, and all of them having to coordinate -- a job that requires quite a bit of messaging, which places stress on the network.

(Some diagrams show the addition of a third plane, often called the "management plane." Usually this upper tier is added by a vendor that wants to demonstrate a competitive edge. A management plane may not necessarily be a bad thing, but in actual SDN architecture, it may not really be a separate thing.)

With the data plane separated, the flow of packets in that plane may be tailored, and altered when necessary, based not just upon their eventual destination but also the most efficient route to reach that destination. When Internet Protocol was first devised, the basic job of a network device was forwarding -- passing packets on in the general direction of their respective end goals. There appeared to be a peculiar logic to it all, but there really wasn't -- and for a time, that was the beauty of it. But in a more sophisticated data center, the abstraction of the data plane gives software the opportunity to apply reason to its logic -- for example, building data flows based on security policy, rather than adapting security policy to fit unalterable data flows.











The device that controls network functions is replaced with an operating system. That network operating system (NOS) may run on a plain, zero-frills, non-branded server, such as an x86. It communicates with other components by way of an open protocol, the original and most prominent of which -- devised by the creators of modern SDN, many of whom hail from Stanford University -- is OpenFlow.

 

The role of each networking appliance is replaced by SDN with a virtual switch (vSwitch) or a virtual router (vRouter). VMware (perhaps inadvertently) created one of the first such non-device devices, dubbed vSwitch, ostensibly as a way to facilitate networking in its vSphere virtualization environments. There are a handful of alternatives. Since the switch remains a critical networking component whether it's virtual or physical, Cisco has devised its own virtual switch, called Nexus, with the intent of substituting for VMware's design, though as you can imagine, VMware began blocking this effort. The Linux Foundation maintains an open-source alternative called Open vSwitch. In practice, a vSwitch is meant to be paired with a hypervisor in a virtual machine (VM) environment such as vSphere. Since a containerized environment such as Kubernetes is, by definition, not a VM environment, it requires the addition of another virtual component such as the Linux Foundation's OVN. This lets an orchestrated container environment run in a logically defined network.

 

How does SDN support edge computing, IoT and remote access?

A variety of networking trends have played into the central idea of SDN. Distributing computing power to remote sites, moving data center functions to the edge, adopting cloud computing, and supporting Internet of Things environments – each of these efforts can be made easier and more cost efficient via a properly configured SDN environment.

Typically in an SDN environment, customers can see all of their devices and TCP flows, which means they can slice up the network from the data or management plane to support a variety of applications and configurations, Capuano said. So users can more easily segment an IoT application from the production world if they want, for example.

Some SDN controllers have the smarts to see that the network is getting congested and, in response, pump up bandwidth or processing to make sure remote and edge components don’t suffer latency.

How does SDN support intent-based networking?

Intent-based networking (IBN) has a variety of components, but basically is about giving network administrators the ability to define what they want the network to do, and having an automated network management platform create the desired state and enforce policies to ensure what the business wants happens.

For that reason, IBN represents a notable milestone on the journey toward autonomous infrastructure that includes a self-driving network, which will function much like the self-driving car, producing desired outcomes based on what network operators and their organizations wish to accomplish.

 

How does SDN help customers with security?

SDN enables a variety of security benefits. A customer can split up a network connection between an end user and the data center and have different security settings for the various types of network traffic. A network could have one public-facing, low security network that does not touch any sensitive information. Another segment could have much more fine-grained remote access control with software-based firewall and encryption policies on it, which allow sensitive data to traverse over it.

The ability to look at a set of workloads and see if they match a given security policy is a key benefit of SDN, especially as data is distributed, said Thomas Scheibe, vice president of product management for Cisco’s Nexus and ACI product lines.

 

What is SDN’s role in cloud computing?

SDN’s role in the move toward private cloud and hybrid cloud adoption seems a natural. In fact, big SDN players such as Cisco, Juniper and VMware have all made moves to tie together enterprise data center and cloud worlds.

Cisco's ACI Anywhere package would, for example, let policies configured through Cisco's SDN APIC (Application Policy Infrastructure Controller) use native APIs offered by a public-cloud provider to orchestrate changes within both the private and public cloud environments, Cisco said.