What is a Software Defined Network (SDN)? Our technical team worked with the media guys to put together this informative video on the different SDN components, their responsibilities and the benefits they could bring to your business.
The video demonstrates a couple different ways a connection between a client and a server could be setup in a software defined network. An SDN attempts to build a computer network by separating it into two systems.
- The first system is the control plane which provides performance and fault management via NetFlow, IPFIX, SNMP and other standard protocols. It typically handles configuration management of the SDN compliant devices and understands the network topology. Loaded with these details, the Controller can process connection requests based on desired requirements such as QoS levels. The controller can also perform link management between devices.
- The second system is the data plane which is responsible for forwarding traffic to the selected destination. Switches can either be reliant on the controller to make forwarding decisions or make the decisions on their own.
The control plane configures connection paths or flows into the data plane through the use of a control protocol. In other words, the control protocol is used by the controller in a software defined network to perform important functions such as connection setup.
When a host attempts to communicate with another host over an SDN, the first packets from the client involved with the new flow are used to determine whether or not a forwarding decision can be made locally by the switch or if the switch needs to ask the controller what to do. If the switch determines that it must ask the controller, it will do so via a secure channel using the control protocol. The controller decides based on policies if the flow should be granted. If allowed, details about the flow could be entered into the controller’s connection table. The controller could then send instructions to program the switches in the best path along the data plane. The flow would then be directed through the network. The switches may also tell the controller when a flow is no longer active. This removes it from the table.
Centralizing some or all of the connection requests has several benefits. Because of the configurable policies in the controller, some connection requests could be dropped such as DoS attacks and broadcast discovery traffic. The policies on the controller that are leveraged to make decisions on flows can be based on ranges of IP addresses, time of day and other characteristics.
SDNs also claim to overcome scalability issues. It is unlikely that a single controller would be processing all of the connection requests for all of the access points on the network. This problem can be managed in a couple of different ways that can coexist.
- The first idea is to break up the network into multiple control and data planes. Policies can then be synchronized across multiple controllers. Each controller still sets up connections end to end even when another data plane is involved.
- A second way to unload some of the connection processing on each Controller is to allow the switch receiving the initial connection requests to make some forwarding decisions. Allowing the switch to make most or a portion of the forwarding decisions provides support for environments that are not ready to commit one hundred percent to a control protocol.
Traffic analysis of a software defined network comes in two major formats. Typically the switches and routers in a software defined network are SNMP compatible and they can generally export some type of NetFlow or IPFIX data. Even the controller could be setup to export flows from its connection table ensuring that all details are available for network traffic analysis.
SDNs have gained tremendous momentum because at least six of the largest networks in the world are supporting it. What are the benefits?
The benefits of an SDN could lead to:
- The ability to purchase inexpensive switches that have very little resident software and processing needs.
- Centralization of the forwarding Information Base or Fib, allows optimum routes to be calculated deterministically for each flow – end-to-end across the topology
- SDNs dynamically respond to application requirements
- SDNs optimize the utilization of the network without sacrificing service quality
- SDNs can filter packets as they enter the network and hence these switches can act as simple firewalls at the edge of the network.
- SDN switches can redirect certain suspicious traffic flows to higher-layer security controls, such as IPS systems, application firewalls, and Data Loss Prevention (DLP) devices.
- SDN switches that support the modification of packet headers will also be able to function as a simple, cost-effective load-balancing device
- SDN Controllers can be clustered for fault tolerance and high availability.
With all these benefits, why aren’t companies rushing to deploy SDNs? When will businesses want them? Interest will increase when applications utilize the centralized control available in most SDN architectures and when IT members can purchase solutions that allow them to properly manage software defined networks. The good news is that nearly all of the hardware companies have announced plans to embrace it.