– Melville Wekesa, Technical Lead, Merge Systems
IN THE BEGINNING
If we could start over, what would we do differently to make enterprise networks easier to manage and secure? This was the question in the minds of the network engineers who gave birth to software defined networking. SDN found adoption first in large datacenters but has since gained acceptance in wide area networking and local area networking. Its adoption is growing in leaps and bounds. But what is SDN and what does it mean for your organization?
In its purest form, SDN introduces a separation of the Data Plane and the control plane. In networking 101, we learnt that a typical networking device will have three planes, the control plane that is responsible for determining how packets should be forwarded, the forwarding plane (also known as the data plane) that is responsible for forwarding traffic to the next hop and the management plane which offers methods of configuring and monitoring the control and forwarding planes (CLI, SNMP, etc.). For purposes of this discussion, we shall bundle the management plane functionalities into the control plane.
If the goal is to simplify management and improve security, why is this separation useful? In the current dispensation, if one has a network with one hundred devices, it means they have one hundred control and forwarding planes that need to be managed and made to operate as one. It is clear that as the network grows, and the features being activated get more and more complex, the network becomes unwieldly and difficult to manage. Separating the control and data plane allows us to centralize multiple control planes into a single control plane (deployed in redundant fashion). This control plane can then manage multiple forwarding planes simplifying management significantly. This centralization yields arguably SDN’s greatest benefit; the ability to define network wide global policy and enforce it on the distributed data planes. SDN also introduces improvements in policy definition and implementation. Firstly, it allows the policy to be defined using a high-level language as opposed to low level network constructs. Policy can be defined as simply as user A is not allowed to use service B or access host C. Secondly, SDN also introduces an explicit trust model for communication between end hosts i.e. hosts are not allowed to communicate unless explicitly allowed to. This is a huge step forward for security.
In real life, this control and forwarding plane separation is achieved by introducing an omniscient and all-knowing controller for the control plane function and dumbed down versions of switches, routers and access points for the forwarding plane function. However, legacy vendors may choose to retain some functions of the control plane on the switch or router alongside the forwarding plane.
GAINING ACCEPTANCE
Necessity is the mother of invention, it is then not surprising that SDN early adopters were to be found in massive datacenters. Organizations like Google, Facebook, Amazon and LinkedIn have an overwhelmingly large number of servers, (some reports estimate that such organizations have a ratio of one engineer to twenty-five thousand servers). These organizations also have very dynamic applications and workloads. They need ability to add new features quickly as well as the ability to scale up or scale down capacity. For them, SDN offered unique useful capabilities. These included Abstraction and Northbound API’s. Resources such as compute, storage, networking and security services could be abstracted and consumed as a pool of resources. These organizations, using SDN could disengage the application and operations layer from underlying hardware and achieve true abstraction and multitenancy. The application developer thus needed not worry about the underlying hardware but instead concern themselves with usability and performance of the application. New features could then be rolled out quickly and as long as the application could interface with the controller via the API, the network would support them. With SDN, the large-scale datacenters were able to automate repeatable, manual, error prone tasks and get rid of time consuming customizations. These automated tasks could then be grouped into workflows that met application and business policy requirements at scale and with consistency. A single engineer was enabled to manage thousands of devices in the network.
WHAT DOES IT MEAN FOR THE ENTERPRISE?
Whereas the average enterprise network may not have scale requirements comparable to large datacenters and service providers, they have other challenges that may be addressed by SDN. Enterprise organizations need to manage multiple vendors in the network, they need to be faster and improve reliability. Application performance and user experience require deployment of complex features and shrinking IT budgets are always applying pressure on headcount and personnel development. Adoption of trends like mobility and cloud demand the ability to dynamically implement policy in order not to limit agile operation.
To meet the above requirements, SDN can enable automation in the enterprise. Repeatable tasks like device provisioning, Service provisioning, Firewall rules provisioning, Quality of Service deployment, Consistency checks and data collection for troubleshooting tasks can be automated and used to enable true IT as a Service operations.
SDN application to the WAN (SD-WAN), LAN (SD-ACCESS), Datacenter (SD-DC) and Service Orchestration can help enterprises achieve;
- Faster development and deployment of new network services
- Better quality due to fewer human errors and less repetitive manual work
- Achieve vendor independence
- Cost savings
SDN is ready for the enterprise, are you ready to start over?
