SDN: where innovation and policy intersect

By 15th Jun 2018 Blog
Nasa - Turrito Networks

The potential benefits of software-defined networking (SDN) are sizable, but businesses need to ensure they’re ready to make the leap.

Setting the scene

SDN has become increasingly popular, but what does it actually do?

The truth is, it means different things to different people. Although it’s a bit of an umbrella term, it essentially comes down to programmers configuring networks to send data down specific paths, rather than leaving it up to network protocols to show the way.

This means, instead of data following the sets of protocols inside the network switches – the switches are basically running independently from each other – to get to their destinations, data is directed by an application called a ‘controller’, which tells the switches how to route the data.

The networks can be fine-tuned to deal with specific services or issues. Take, for example, the deluge of data coming from Internet of things (IoT) devices or video on demand. Instead of having the switches protocols direct what to do with the data, the controller’s instructions directs where the data from these devices should go. Networks can be designed to transmit some data more efficiently.

The same kind of network tweaking can be used for security issues, as SDN enables networks to block suspect traffic, but allows normal traffic to flow along.

SDN: Is it for you?

The ability to configure a network is a powerful tool for business, but a company should think carefully about using it.

According to Vishal Barapatre, CTO at In2IT Technologies, the first consideration before investing in SDN should be the size of the business and the scale of its network. He believes that larger businesses with a higher adoption of digital trends and applications will benefit most from SDN; this is where user adoption will be highest, too. Organisations that have not yet begun their digital transformation journey will see far less benefit. Barapatre says this bears in mind that the complexity of an organisation’s local area network (LAN) and wide area network (WAN) will dictate which SDN solution is best suited to the company’s unique needs.

For Thembi Moyo, the portfolio manager for Ericsson’s cloud infrastructure solutions, it all depends on what key business goals decision-makers are looking to achieve. Perhaps they’re keen to automate the datacentre in an effort to reduce operational costs/complexity. Maybe they’re looking to reduce hardware costs from traditional networking vendors by deploying a combination of SDN and white boxes, or they might have other business-specific network automation goals in mind, which SDN can help them realise.

And once the business knows exactly what they want to achieve, they need to conduct an audit of their existing technical layout – exploring what in-house capabilities the organisation may have and unpacking some of the risks associated with the move, says Ralph Berndt, director of sales and marketing at Syrex. SDN forces the incumbent IT provider or in-house technical teams to successfully manage and understand complex technical routing and security requirements, he continues.

This means asking whether or not your business is equipped to manage this internally and if you have the right technical staff to do so. In line with this, Berndt advises that business leaders ensure they can deliver a smooth transition for all staff so as not to affect productivity. And, finally, and perhaps most importantly, if you’re outsourcing your SDN, be certain your chosen provider is technically competent and able to support your business needs effectively.

Organisations also need to understand that the lifespan of networking products is typically three to five years, which makes SDN ill-suited to businesses with digital strategies that extend well into this period, adds Barapatre.

A tale of multiple vendors

Both Barapatre and Paul Williams, Fortinet SA’s country manager, agree that SDN can become very complex when integrating a multivendor approach.

Organisations that have single vendor networks or are intending on using single vendor networks will be able to easily implement SDN, notes Barapatre. Heterogeneous environments with multiple technologies, however, may find it extremely difficult, if not impossible, to implement a holistic SDN solution due to the proprietary nature of the solution today. Currently, businesses will want to keep an eye on where vendors are going with SDN as they will likely have to select a single vendor solution across the board. “Mixing proprietary networks is headache material, so organisations should look out for options that will offer vendor-neutral orchestration layers,” he says.

Many businesses are holding on to their chosen vendor in order to effectively implement SDN and justify their existing investments. However, these proprietary limitations mean that the cross-integration of both – with other vendor solutions – is extremely challenging.

He asserts that SDN in multi-vendor environments will only be achievable with standardisation and an orchestration layer that is vendor-agnostic and, perhaps even, open source.

The ins and outs of SDN

In your opinion, what are some of the main benefits of SDN?

Without the limitations of traditional networks, SDN has the potential to deliver a range of benefits, including more efficient resource utilisation, simplified network design, more effective security and improved network reliability, says Citrix South Africa’s country manager, Brendan McAravey.

When coupled with automated decisionmaking like AI, SDN presents many new opportunities. Citing a recent report about next generation networking for Artificial Intelligence (AI), McAravey says a combination of AI, SDN and advanced analytics technology will help take intelligent network operations, and the control thereof, to a whole new level. We have already seen how AI embedded in mobile technology is making the user experience more intuitive, which means that we can fully expect to see the same improvements happening on a business’ network should these two technologies be coupled.

“Beyond designing the network, we envision that AI and analytics services will also be key in the maintenance and protection against attacks designed to disable a business’ network.”

Acting chief strategy officer at DFA Vino Govender’s top benefits include network efficiency and lower total cost of ownership in the long run.

SDN enables you to optimise the delivery of applications and services on finite network resources, capacities and capabilities. A key advantage that SDN offers is that it can respond dynamically to demands that are placed on the network. In an era of digital transformation, the increase in digital services requires much more dynamic and adaptive networks, Govender notes.

SDN also eliminates the need for a costly infrastructure overhaul every time there are changes in an operator’s bandwidth demands.

It offers the ability to optimise the delivery of applications and services without the need for significant investments, which makes it possible to leverage existing network capacity and resources in a more optimal manner.

What are some of the new vulnerabilities introduced by SDN?

Adding SDN to a network means that there are new functions/interfaces to be protected, which means that there is a larger surface of attack, states Moyo. And with greater automation across multiple domains there is an increased risk if the system gets compromised because these malicious actions will be harder to trace.

On the other end of the spectrum, the hope is, obviously, that greater automation results in fewer errors.

By unifying different domains into one, it is easier to focus on fewer, common elements that need to be secured.

While there’s no denying that virtualisation and SDN are rapidly transforming datacentres into more agile, innovative and cost-effective private clouds, if your security is an afterthought, you simply cannot keep up with these fast, flexible environments, according to Williams.

This can cause protection gaps, which leads to technical staff having to adopt manual security processes that negate the advantages of SDN and network virtualisation in the first place.

What new technologies around SDN should those working with tech policy know about?

According to Moyo, SDN provides both the visibility and the ability to enforce policies and ensure traffic optimisation. So, in essence, it is a key enabler for closed-loop automation systems.

He believes that intent-based networking, which allows an organisation to describe its network connectivity needs in a more abstract way, demonstrates the intersection of policy and SDN. Business leaders and IT can use SDN APIs and model-driven architecture to translate this into actual network actions, which can then be freely optimised using different network technologies, vendors and locations without impacting application design or complexity.

Given the additional layer of abstraction and layer of intelligence, it is important to ensure that the right information is exposed to the analytics/AI layer in order for it to make the right decisions.

And given that SDN also has built-in dynamic and reactive capabilities, it needs to be properly modelled by AI so as not to react in unforeseen and contradictory ways (similar to multi-layer protection systems, for example).

SDN and SD-WAN explained

It is all too common for businesses to get confused about the differences between SDN (Software Defined Networking) and SD-WAN (Software Defined Wide-Area Networks).

According to Brian Timperley, of Turrito Networks and Dial a Nerd, SD-WAN is regularly confused with its parent technology SDN because both refer to the ‘Software Defined’ nature of their operation.

While SDN and SD-WAN use the same fundamental technology to optimise and accelerate internal/external networks, they differ in their primary function.

SD-WAN deals with the software defined operation of Wide-Area Networks, connecting branch offices and businesses to each other and to the internet/datacentres. SDN is the software defined operation of internal/ local area networks and is at the core of how service providers deliver SD-WAN to their customers.

Both SDN and SD-WAN are becoming big business. According to MarketsandMarkets, the global SDN market size was $2.46 billion in 2016 and is expected to reach $54.41 billion by 2022, at a Compound Annual Growth Rate (CAGR) of 71.4%.

There’s a similar story for SD-WAN. According to the IDC’s ‘Worldwide SD-WAN Forecast: 2017-2021’ report, the tech research group expects global SD-WAN infrastructure and services revenues to have a CAGR of 69.6% and to reach $8.05 billion in 2021.

The IDC says digital transformation will be ‘the most significant driver of SD-WAN growth’ over the next five years.

It says this is especially true when digital transformation is used to deploy ‘Third Platform’ technologies – which is the independence of cloud computing, big data and analytics, mobility, and social business – as a way to unlock new sources of innovation and creativity that enhance customer experiences and improve financial performance.

SD-WAN can be helpful, as digital transformation tends to increase network workloads and elevates the network’s end-to-end importance to business operations. The IDC notes that aside from digital transformation, the continued rise of public cloud-based software-as-a-service (or SaaS) applications will be an additional factor in driving the growth of SD-WAN.

This growth looks likely to benefit from the broader acceptance, and adoption, of SDN throughout the enterprise. As virtualisation, cloud management, and SDN continue to gain traction throughout enterprise networks, SD-WAN will benefit from this shift, says the IDC.

SD-WAN is going to be a game changer. “SD-WAN is not a solution in search of a problem,” says Rohit Mehra, IDC vice president, network infrastructure. “Traditional WANs were not architected for the cloud and are also poorly suited to the security requirements associated with distributed and cloud-based applications. And, while hybrid WAN emerged to meet some of these next-generation connectivity challenges, SD-WAN builds on hybrid WAN to offer a more complete solution.”

Struggling to explain the value of SDN to business decision-makers? Here’s a great analogy.

If you’ve ever had to navigate cites like London or Paris, you’ll be fairly familiar with what elaborate underground train networks look like. These complex transport routes could be compared to a network. When these rail networks were first established, there needed to be some sort of timetable or plan before the trains could actually start operating. This meant figuring out what paths the trains should take in order to benefit the most people. This decision-making process is a lot like the SDN control plane – it’s all about learning the best routes. In some cases, these movements from one location to another are static – with the train driver almost working on autopilot. And in some instances, they’re more dynamic, which, in this example, would be a bit more like an Uber driver, who travels on demand via the best routes.

In this example, the trains are the data planes. They don’t make any decisions about the flow of traffic, they simply follow the instructions given by the control plane. Think of the network ports as the stations, and the payload your passengers. Passengers use the information they’ve gained from the control plane to select their preferred route. They enter the stations and climb on the trains. These passengers travel across the network and change trains at different junctions to reach their desired destination. Should a junction be out of order, passengers are informed and recommended an alternative route. In a software-defined network, the control plane is centralised so that the network controller can easily redirect traffic and respond quickly to changing business requirements.

Look before you leap

The transition of a company’s network can prove to be a daunting task, which is why a smart, informed and strategic approach is needed, says Citrix SA country manager Brendan McAravey. He believes businesses interested in SDN should keep the following in mind before starting their SDN journey:

* Impact on finance and capital expenditure – Sure, SDN allows you to ‘build once and use many times’, but it doesn’t suit the way many businesses run their accounting policies. SDN requires not only a change to the datacentre, but also a change in the way overheads are managed, assets are written down and departments cross-charged.

* SDN isn’t the only way – SDN is extremely valid, but by no means the only route to consider. Even though SDN makes perfect economic sense, businesses must look at what SDN offers, as well as what it lacks.

* Understanding the need for change – Anything that offers consolidation and automation tends to make good long-term financial sense, but the ease of management, improved user experience and agility offered by SDN can have a much more immediate business impact.

* Impact on network utilisation and capacity planning – A move to SDN should bring greater flexibility and resource efficiency, but be sure to challenge suppliers to ensure their pricing and licence models are as flexible as their product. Pay-as-you-grow licensing, burst packs and options for using third-party infrastructure in the cloud should be considered.

* SDN ergonomics – As the datacentre consolidates, so will job descriptions and functional roles. Be sure to consider that datacentre operatives will need cross-functional skills covering security, networking storage and related disciplines.

SDN vs NFV

Although SDN and network functions virtualisation, or NFV, are closely related, both are moving networks into virtualisation and automation. They often exist together, but are not dependent on each other. When it comes down to it, they have different goals. SDN separates the network’s control and forwarding functions. It also provides a centralised control of the network, so it can be more efficient in orchestrating and automating network services, like firewalling and intrusion detection. In contrast, NFV looks at optimising the network services themselves. It does this by not using the applications used in the networks hardware, but rather using standard IT virtualisation technologies.

SDN and NFV are different, but they can be used to increase a network’s scale and improve its agility, while making better use of the network’s resources.

Looking back: a history of SDN

Typically, networks are complex, they offer limited functionality and are pretty unreceptive to change. Encompassing an assortment of technologies from routers and switches to middleboxes, firewalls, network address translators, server load balancers and intrusiondetection systems, this complexity is understandable.

SDN changes up how networks are designed and managed.

While there has been much excitement about SDN in recent years, many of the ideas underlying this technology have evolved over more than two decades. At a time when the internet was just starting to gain traction, the challenges of managing complex network infrastructures were brought into the spotlight. The global networking community – including everyone from researchers and standards bodies to companies – realised that they needed to create a programmable infrastructure. In some ways, their approach, which saw them separating the control and data planes to simplify network management, resembled the principles used to develop early telephony networks.

What is important to note when unpacking the history of SDN is that much of the work in this area was done before this approach to designing, building and managing networks earned the name SDN. In 2006, a PhD student at Stanford first coined the term SDN to describe the university’s OpenFlow project. While OpenFlow and SDN are not the same thing (OpenFlow is considered one of the first SDN standards), the idea of abstracting different network layers and separating these network planes holds for both SDN and OpenFlow. In an SDN environment, the fact that these different planes are software-based makes them more agile and flexible, making it easier to support innovation and seamlessly handle network updates.

Leave a Reply