The networking and communications market is at a crucial juncture as it looks to adopt Software Defined Networking (SDN). Legacy networks have become very complex and hard to manage due to interoperability and upgrade requirements, advancing protocols, and management practices typically hard-coded into underlying hardware platforms.
Conventional network devices have both control plane and data plane functions consolidated into a single physical platform. In such a network, routing and switching decisions are made by each discrete device on a distributed basis. SDN, however, based on implementations, centralizes the control plane while distributing data plane devices across the network.
SDN aims to addresses a number of challenges in traditional networks. In traditional networks, forwarding decisions are based on set rules over which network operators have minimal control. For example, packets destined for the same network endpoint are directed along the same route and handled in the same manner. If there were traffic congestion at any given point along the route, all traffic would experience congestion even though an alternate, less congested path may available.
From the standpoint of network architecture, the standard multi-tier network architecture having multiple switches connecting switches to other switches requires many more ports than the number of servers or end-devices. When virtual switches (vSwitches) are utilized, it adds another tier to the network. This multi-tier architecture increases the complexity in the network structure. SDN architecture can simplify the multi-tier network architecture by virtualizing layers in the network.
From the standpoint of network scalability, cloud-based networks with multiple tenants using a range of different applications require logical segregation for each tenant. However, traditional VLAN technology cannot provide sufficient network segments to meet this requirement. SDN networks can provide scalable LAN segmentation to efficiently support public and private cloud infrastructure environments.
SDN is also a key enabler for telecommunication networks to migrate from traditional discrete hardware-centric deployments to cloud-based deployments, with critical network elements deployed using software running on appliances built using off-the-shelf components. At the heart of this revolution is one key technology: SDN-based Network Function Virtualization (NFV), which aims at virtualizing both network applications as well as the network connectivity.
NFV leverages Software-Defined Networking (SDN) to help increase revenues with the rapid introduction of new services, and reduce expenses by shifting from expensive proprietary hardware to embedded appliances utilizing standard components with lower lifecycle costs.
What is SDN?
As defined by the Open Networking Foundation, SDN decouples the network control and forwarding functions, enabling the network control path to become directly programmable and the underlying data plane infrastructure to be abstracted for applications and network services.
Distinct from server virtualization, which allows sharing of a single physical resource by many users or entities, virtualizing of network entities enables consolidation of different, possibly heterogeneous data plane devices by a layer of control plane networking, resulting in a virtual, homogeneous network. Figure 1 describes the three requirements that commonly define SDN.
Before examining SDN technology and its benefits, let’s briefly review the design of a traditional data center switch. A typical switch consists of line cards and control card modules. The line modules are used for switching and forwarding and are typically built-in, purpose-built devices such as ASICs. Control modules, usually built on low-end control processors, handle network control and exception traffic. SDN moves network control from network switches to a centralized network controller (or multiple controllers) using software running on general purpose hardware – this approach is designed to achieve increased control and flexibility. Figure 2 shows the base components of a traditional data center switch vs. an SDN switch and network.
SDN Deployment Best Practices
Optimal SDN deployments require data plane physical hardware to perform certain networking forwarding functions at key locations within the network. OpenFlow is one of the enabling technologies used in an SDN environment, defining the communication interface between a controller (control plane) and forwarding switches (data plane). Supported primarily by the Open Networking Foundation (ONF), OpenFlow removes the entire control plane from the network equipment, enables broad vendor choices and cost-effective deployment.
Within an SDN environment, the applications running on SDN Controllers enable the higher level orchestration and programmability of the network. The SDN Controller typically uses OpenFlow to program the forwarding table of the data plane switches and directs how to route connections to accomplish the appropriate tasks for the applications.
With NFV, functionality such as firewalls, load balancers, deep packet inspection and IP Multimedia System (IMS) nodes in Communication Service Provider (CSP) networks, which were traditionally implemented with hardware-based appliances, are delivered as software-based Virtual Network Functions (VNFs) on a carrier-grade appliance infrastructure.
SDN complements NFV by simplifying the connectivity between physical and virtual network elements via network virtualization protocols such as OpenFlow. NFV and SDN supported by embedded network appliances together offer an elegant solution for CSPs looking to address the challenges driven by business dynamics and operational considerations for today’s telecom networks.
The three most frequently cited benefits of SDN are security, efficiency, and agility.
SDN can improve network security by providing layer 2 to 4 packet filtering at network ingress and throughout the network, thus reducing the amount of undesirable traffic entering and traversing the network. Similarly, with the ability to dynamically modify service chains and network connectivity, it is easier to insert a physical or virtual firewall/IDS/IPS into a network path or orchestrate packet captures and flow analyses. With more dynamic security policies and RBAC there will be less scope for security and resource allocation loopholes to occur.
The increased network utilization achieved using SDN is primarily due to SDN’s comprehensive view of the network and deeper understanding of inter-application requirements allowing SDN controllers to utilize data plane devices perform far smarter traffic engineering, route determination and load balancing than traditional QoS implementations. Using techniques such as sub-optimal routing for less time-critical traffic allows more circuitous routes to be employed to better utilize less desirable links, thus reducing congestion on faster, more expensive links for time critical traffic.
Within the datacenter, SDN can massively help with automation of network reconfiguration and enhance virtualization agility. By having a complete view of the datacenter, virtual machines, virtual switches, load balancing services/appliances and the underpinning physical network infrastructure, combined with the virtual machine to service and security policy mappings, the SDN controller can reconfigure the SDN to allow seamless migration of virtual machines around the network. This ensures that security constraints are maintained, and service chains (i.e., the linkages between VMs to network services such as load balancers, firewalls, IDS, etc.) are preserved.
Network Visibility Challenges for SDN
Network visibility is a crucial element in enterprise and service provider networks and becomes even more essential in SDN architectures due to the specific challenges inherent in SDN. For example, in SDN, control and forwarding layers are managed autonomously yet require seamless interoperation. Synchronization challenges between these network layers due to differences in networking infrastructure from diverse vendors and network latency issues can disrupt operations and cause bottlenecks, and require dynamic visibility for monitoring and resolution.
Regarding SDN applications and services, the advantages of on-demand configuration are assured. However, dynamic provisioning can cause arbitrary traffic patterns that become hard to troubleshoot via traditional means, which place performance management tools at predictable places in the network. Visibility to such traffic in the SDN realm needs to be in real-time and the tools centralized so that they can receive all traffic flows and packets. A similar approach is required for network security. Whereas security devices could be placed on critical network segments in traditional networks, this is not always feasible for SDN. Centralized placement and total access to all SDN traffic gives security and performance management technologies the highest possibility of uncovering implanted malware and anomalous threats.
Niagara Networks’ SDN-based Network Visibility Offering
Niagara Networks offers SDN-enabled Niagara Visibility Controller (NVC), a centralized management application that leverages software-defined network (SDN) architecture and OpenFlow protocol to provide an enterprise and service provider network-wide managed visibility layer. With the NVC, the user can interact with multiple SDN control and data plane device devices as a single virtual switch fabric, and at the same time integrate with the customer’s wider management orchestration infrastructure.
The NVC’s advanced abstraction layer enables the creation of an intelligent, dynamic and responsive network visibility layer – one that interacts with the network services in real-time. The abstraction layer also serves to hide the complexities associated with managing and configuring the visibility layer, thus increasing ease-of-use. The advanced abstraction layer opens up new opportunities for enterprises for service creation and service management. In addition, by increasing the ease-of-use, the NVC reduces the probability for errors and the time and effort needed to manage the network visibility layer.
Niagara Networks are experts in deploying advanced, highly capable visibility solutions for even the most complex network architectures. Check out our resources to learn more or contact one of our visibility experts and empower your network today.