SOFTWARE-DEFINED NETWORKS (SDN)

Software-Defined Networking (SDN)

Software-Defined Networking (SDN) can be simply defined as the physical separation of the network control plane from the routing-data plane, with a single control plane managing several devices. For example, Cisco Catalyst 9500 Series Switches (C9500-24Y4C) are ideally suited for SDN deployment since they are programmable and support high throughput.

The central perspective and split of the control plane and data plane mean that the SDN controller can create a physical topology. Nodes like Cisco Nexus 9300 Switches (N9K-C93180YC-FX) are connected and form paths in the network based on algorithmic mappings. These paths are then installed into the routing engines of devices such as Arista 7050X3 Series (7050X3-48YC12). This allows the SDN controller to control flows across the entire network and adjust to changes more quickly and intelligently. The effectiveness of the controller in translating these routes is a key part of SDN functionality.

SDN is a flexible, manageable, cost-efficient, and scalable design, making it well-suited to the high bandwidth and dynamic needs of modern applications. By separating routing and network control functions, SDN enables the infrastructure to be partitioned for applications and network services, with network control being programmatically manageable.

Direct programmability is a core feature, as network control is decoupled from routing capabilities. For instance, Juniper MX Series (MX204) provides direct programmability for SDN use. Decoupling control from routing allows administrators to adjust traffic flow across the network to adapt to evolving needs, with products like Huawei CloudEngine S12700 Series (CE-S12700-12) excelling at adaptive traffic management. Network intelligence is logically centralized in software-based SDN controllers such as VMware NSX Controller (NSX-MGR-ADV). SDN allows network admins to configure, administer, protect, and optimize network resources at high speed and dynamically; for example, Palo Alto Networks Firewall (PA-5220) can be integrated with SDN for programmable security configurations. By being deployed via open standards, SDN simplifies network design and utilization, as instructions are provided by SDN controllers rather than multiple vendor-based devices and protocols. Devices like Dell EMC PowerSwitch Z9264F-ON provide open standards for vendor independence.

Technical Overview

In traditional architectures, various devices at each layer process messages, and these devices must be purchased and managed accordingly. For example, a laptop is an application-based device and cannot function as a base station, so all users must connect to a base station to use services like Netflix, which can lead to bottlenecks.

SDN addresses this by making devices "dummies" with a centralized control plane that sends rules to devices. Controllers like Cisco DNA Center (DN1-HW-APL) communicate with devices at regular intervals, allowing them to execute independently with pre-defined rules. With this approach, device operating systems are centralized in a controller. Applications like F5 BIG-IP iSeries (i5800) are bundled into high-level programs that operate dummy devices, creating an efficient data plane consisting of forwarding-optimized hardware. Centralization of multi-tenancy, routing, switching, and DNS processing is governed by the controller.

While SDN has its weaknesses, its advantages greatly outweigh the disadvantages. In high-demand situations, a centralized controller like Juniper Contrail Networking becomes more effective.

Fundamental Principles of SDN

Network Function Virtualization (NFV) virtually replicates the controller for managing functions dynamically. The data plane is installed inside switches like the OpenFlow-capable TP-Link T2600G-28TS. Globalization through SDN constructs an integrated system using NFV as the enabling technology.

SDN switches utilize protocols like OpenFlow, which focus on flow control rather than individual messages or packets. A "flow" (a sequence of successive packets or messages) replaces packet-level analysis, and devices process flows as virtualized streams centrally managed by the controller.

An SDN controller aggregates operations like firewalling, routing, switching, traffic scheduling, and quality of service (QoS). For instance, a firewall operation in the controller is executed via socket programs for dummy devices. OpenFlow switches such as HP Enterprise FlexFabric 5700 (JG896A) execute these operations efficiently.

In summary, SDN simplifies network administration by centralizing intelligence, improving programmability, and incorporating flows instead of traditional packet handling.

A Network Management Design for SDN

Suppose in a local IPv4 network, the gateway device is used in dual-mode: both as a firewall and as a VLAN switch. Devices such as Fortinet FortiGate 600E (FG-600E) can serve both functions for such an application. An example design for this purpose is shown below:

Software Defined Networks - Overview Architecture

The OpenFlow Controller simplifies network-wide configuration by centralized management. As traffic needs change, the network can be dynamically configured using OpenFlow, achieving optimal resource utilization. The network structure is optimized through VLAN segmentation, isolating traffic for different parts of the organization or departments (such as Marketing, Sales, and Warehouse). The presence of a firewall within the SDN controller keeps the network secure at the centralized node, removing dependency on particular devices.