Software-Defined Networking (SDN) Explained
Software-defined networking (SDN) has been widely deployed by some of the most technically advanced cloud service providers and large internet companies globally, including Amazon Web Services (AWS), Microsoft, Google, and Facebook (Meta Platforms). Still, despite the strained capabilities of traditional networks, enterprise adoption has largely focused on only a subset of SDN’s use cases like network virtualization and SD-WAN. As more enterprises run their applications and services in the cloud, the limitations of their traditional networks have become increasingly apparent, making the shift towards a software-defined approach more necessary.
Software-defined networking (SDN) is an approach to implementing networks that uses software-based controllers to communicate with underlying hardware and determine how to route traffic on a network. SDN is the decoupling of the network into distinct control (software) and data (hardware) planes.
Dgtl Infra provides an in-depth overview of software-defined networking (SDN), including how it works, how it is different from traditional networking, and specific examples of how it is used in practice. Additionally, we highlight the key benefits and challenges of SDN. Finally, Dgtl Infra reviews some of the top companies that offer platforms and products for SDN implementation.
Mục Lục
What is Software-Defined Networking (SDN)?
Software-defined networking (SDN) is an approach to implementing networks that uses software-based controllers to communicate with underlying hardware and determine how to route traffic on a network. A software-defined network decouples network control and packet forwarding functions from closed and proprietary physical hardware (e.g., routers and switches) and, instead, utilizes programmable commodity hardware (e.g., bare metal switches) and standards-based software to control packet forwarding.
Bare metal signifies that SDN switches are provisioned without a bundled operating system or set of networking applications, meaning no abstraction layer (or hypervisor) is installed between hardware and applications. Disaggregating the switching hardware from the software is central to SDN.
The SDN approach results in end-to-end visibility of network flows, enabling granular optimization of traffic paths, and the control of data flows through a network. In particular, SDN has experienced significant adoption in data centers and across wide area networks (WANs).
How Does SDN Work?
Software-defined networking (SDN) stipulates that networks have distinct control and data planes, and the separation of these two planes is well-defined in an open interface:
- Control Plane (Software): determines how the network should behave, such as deciding the route packets should follow through the network. The control plane in an SDN architecture has a controller which manages these network traffic flows
- Data Plane (Hardware): enables the transfer of data from the sender to the receiver. Specifically, a data plane implements the control plane’s instructions on individual packets, such as the task of forwarding packets along the routes determined by the control plane
The process of separating the control and data planes is often referred to as disaggregation, which makes it possible for different parties to be responsible for each plane. Said differently, disaggregation means that a network operator is able to purchase their control plane software from one vendor and their data plane hardware from another vendor.
Architecture – Software-Defined Networking (SDN)
Software-defined networking (SDN) architecture consists of three main components, which may be located in different physical areas:
- Applications: communicate information about the network or requests for resource availability or allocation
- Controllers: use the information from applications to determine how to route a data packet to its destination. Controllers are the load balancers within SDN, which manage network traffic flow
- Networking Devices: receive instructions from the controller about where to route the data packets
Control Plane – Centralized vs Distributed
Importantly, software-defined networking (SDN) allows for two different types of control plane implementation:
- Centralized Control Plane: control plane is fully independent of the data plane and logically centralized. Here, the control plane is implemented off-switch, for example, by running the controller on servers in a cloud data center through microservices deployed on Amazon Web Services (AWS), Microsoft Azure, or Google Cloud
- Distributed Control Plane: running the software that implements the control plane on-switch. Here, each switch operates as an autonomous device, communicating with other switches throughout the network. For example, this could be a deployment at the network edge or a node closer to the end user
How is SDN Different from Traditional Networking?
Software-defined networking (SDN) is different from traditional networks because it uses software to control commodity hardware (e.g., bare metal switches), whereas traditional networking utilizes dedicated, closed, and proprietary hardware devices (i.e., routers and switches) to manage network traffic. Typically, SDN is built on logically centralized network topologies, whereas traditional network control methods are distributed.
SDN can be deployed for many traditional networking functions like routing, security, and load balancing. In addition, SDN can be used to solve new networking challenges such as traffic engineering, mobility, measurement and monitoring, security, data center networking, reducing power consumption, and real-time communication.
Why is SDN better than a Traditional Network?
By opening up vertically integrated, closed, and proprietary hardware, it becomes possible to shift control from the vendors that sell networking equipment to the network operators that build networks to meet their end user’s needs. In turn, this open market creates opportunities for network operators to innovate by improving network management, supporting automation, and quickly delivering customized services to their end users.
What are Examples of Software-Defined Networking (SDN)?
Examples of how software-defined networking (SDN) is used in practice are network virtualization, SD-WAN (software-defined wide area network), switching fabrics, traffic engineering, and access networks.
Network Virtualization
Network virtualization utilizes a software-defined networking (SDN) architecture to:
- Split a single physical network into different virtual networks
- Create a single virtual network by connecting devices on different physical networks
SDN principles used in network virtualization include the separation of the control plane from the data plane, with a logically centralized controller that manages network traffic flows. This centralization allows for network automation, which enables a full set of network services to be provisioned in a programmatic way. Examples of network properties that can be virtualized include firewall policies and load balancing.
Example Platform – VMware NSX
VMware NSX is a network virtualization platform which abstracts physical networks to simplify a customer’s provisioning and consumption of networking and security resources. Below are further details on the platform’s key products:
- Distributed and Gateway Firewalls: a zone firewall and a software-defined Layer 7 firewall that help secure multi-cloud traffic across virtualized workloads
- Network Detection and Response: an artificial intelligence-based threat correlation and forensics engine that helps network security and security operations teams detect malicious activity and block lateral movement of threats
- Load Balancing: provides consistent, multi-cloud load balancing, web application firewall and application insights across data centers and public clouds for virtual machines, container, and bare metal workloads
SD-WAN (Software-Defined Wide Area Network)
SD-WAN (software-defined wide area network) is a specific application of software-defined networking (SDN) technology applied to WAN connections. Particularly, SD-WAN connects users and applications on enterprise networks across many locations – including main offices, branch offices, corporate data centers, and the cloud – over large geographic distances.
With SD-WAN, an enterprise uses a logically centralized controller to manage the interconnectivity of its various locations in order to optimize traffic flow and reduce unnecessary bandwidth usage. Specifically, an enterprise uses SD-WAN to apply pre-determined policies regarding security, traffic prioritization, and access to shared services or applications across its offices, corporate data centers, and cloud sites. For example, a policy could be to place a specific cloud service into the highest priority traffic class.
In terms of functionality, SD-WAN eliminates the need to backhaul traffic back to a central site, such as from a branch office back to the main office. Instead, SD-WAN addresses this challenge through its ability to allow direct traffic between a branch office and cloud applications – hosted in both public and private clouds.
READ MORE: Private Cloud – What is it? and How Does it Work?
Switching Fabrics
Switching fabrics are an example of how software-defined networking (SDN) is used in data centers, particularly those of the cloud service providers (CSPs). Companies like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud utilize switching fabrics to lower costs and add features to their cloud services portfolio.
To implement switching fabrics, these cloud service providers have moved away from using closed and proprietary switches – such as those sold by legacy hardware equipment companies like Cisco – to instead deploy bare metal switches. In so doing, cloud service providers are able to control the switching fabric that interconnects their servers entirely in software.
READ MORE: Top 10 Cloud Service Providers Globally in 2023
Data center switching fabrics are typically deployed using leaf-spine network topologies consisting of leaf switches or top-of-rack (ToR) switches, located in the server rack. Each leaf switch is connected with uplinks to multiple load-sharing spine switches and routers that provide the backbone. Below is an illustration of a Legacy vs Cloud (leaf-spine) network design:
Traffic Engineering
Traffic engineering, particularly for wide area network (WAN) connections between data centers, is another example of how software-defined networking (SDN) is used by cloud service providers (CSPs) and multi-tenant data center operators. By using traffic engineering, data is able to efficiently move between distributed locations, which is critically important for cloud applications.
Traffic engineering systems involve topology discovery, demand prediction, path computation, optimization, and route programming. While SDN principles move the path calculation to a logically centralized controller. A traffic engineering control program can provision networks according to the needs of various classes of applications.
Examples of traffic engineering for WANs by major cloud service providers, Microsoft and Google, are detailed below:
Example – Microsoft SWAN
Microsoft has developed a range of software-defined networking (SDN) technologies to optimally manage routing and centralize control of its network. The company’s network is built with standard switches and routers, which Microsoft manages with its own software.
Microsoft, like all cloud service providers, operates an inter-data center wide area network (WAN), which it refers to as SWAN (software-driven wide area network). SWAN is a system that increases the utilization of inter-data center networks by centrally controlling when and how much traffic each service sends and frequently re-configuring the network’s data plane to match traffic demand.
READ MORE: Microsoft Azure’s Data Center Locations
Example – Google B4
Google’s private software-defined WAN, known as B4, connects the company’s data centers around the world and is built entirely using bare metal switches. B4’s software-defined network control stacks enable flexible and centralized control, offering substantial cost savings and innovation opportunities. In particular, by using centralized traffic engineering to dynamically optimize site-to-site pathing based on utilization and failures, B4 supports much higher levels of utilization and provides more predictable behavior.
READ MORE: Google Cloud’s Data Center Locations
Access Networks
Access networks are an example of how software-defined networking (SDN) is used to implement the last-mile connecting homes, businesses, and mobile devices to the internet. Most commonly, access network technologies such as the radio access network (RAN), for 4G/LTE and 5G cellular networks, and the passive optical network (PON) or fiber-to-the-home (FTTH), are implementing SDN principles.
Typically, access networks are developed using purpose-built, closed, and proprietary hardware. With SDN, this closed and proprietary hardware is being transitioned to programmable commodity hardware (e.g., bare metal switches) that can be controlled by software.
Radio Access Network (RAN)
Software-defined networking (SDN) is transforming the radio access network (RAN) by being the connection between the cloud and mobile, particularly for 5G networks. Examples of SDN’s impact on the RAN are:
- Wireless Backhaul: backhaul is the transport of voice, video, and data traffic, originating from a wireless carrier’s mobile base station, to its mobile switching center (MSC). Using SDN, traffic can be segregated, from different providers and different types, into different flows and then transmitted over a single shared wireless backhaul medium (e.g., microwave via wireless spectrum)
- Mobile Offload: as cellular networks become strained due to capacity, wireless carriers are offloading their licensed mobile traffic (e.g., 4G/LTE and 5G) onto unlicensed spectrum (e.g., Wi-Fi). SDN provides the flexible, granular control for wireless carriers to offload their mobile traffic onto Wi-Fi networks
Large wireless carriers around the world, including DISH Network, Rakuten, and 1&1, are actively pursuing software-defined RAN networks. Moreover, these efforts are being advanced in-partnership with cloud service providers (CSPs), such as DISH Network using Amazon Web Services (AWS) to build a cloud-based, 5G Open Radio Access Network (O-RAN).
Passive Optical Network (PON)
Software-defined networking (SDN) is also being implemented in the passive optical network (PON), which is a fiber-based transmission technology used for delivering broadband network access, commonly known as fiber-to-the-home (FTTH). Examples of SDN’s impact on devices in the PON are:
- Optical Line Terminal (OLT): device that serves as the telecommunications provider’s endpoint of a PON, which is typically located in communications exchanges and other network central offices (COs)
- Gateway / Router: virtualized broadband network gateways / routers enable subscriber management and routing capabilities in a cloud-native, virtualized solution. They allow service providers to place their control planes and data planes where they make most sense
READ MORE: Fiber to the Home (FTTH) vs FTTP, FTTN, FTTC, and FTTB
What are the Benefits and Challenges of SDN?
Below we highlight the benefits and challenges of SDN from the perspective of network providers, such as internet service providers (ISPs) and wireless carriers.
Benefits of Software-Defined Networking (SDN)
The benefits of software-defined networking (SDN) are a lower total cost of ownership, open and programmable, flexibility and agility, automation, and network visibility.
1) Lower Total Cost of Ownership
Software-defined networking (SDN) significantly reduces networking costs when compared to legacy network designs, enabling faster time-to-service and improved availability. Firstly, automation tools (see #4 below) reduce the operational costs of provisioning, managing, and monitoring a network and speed up service delivery. Secondly, network visibility features (see #5 below) provide end-to-end visibility across complex networks without the need for additional data collection equipment.
As a result of automation and greater network visibility, SDN lowers operating expenses because fewer network engineers are needed to operate large networks. At the same time, disaggregating hardware and software led to the availability of low-cost bare metal switches and a smaller hardware footprint, which lowers capital expenditures for a new network build.
As an example, Rakuten Mobile, a wireless carrier in Japan, notes a significant reduction in capital expenditures and operating expenses associated with building and maintaining networks due to virtualization, automation, and open architecture. Specifically, Rakuten Mobile points to a 40% capital expenditure reduction and a 30% operating expense reduction.
2) Open and Programmable
Software-defined networking (SDN) is open and vendor agnostic, enabling bare metal switches to be purchased from a variety of vendors. For network providers, this results in a diversified hardware supply chain and no vendor lock-in. Separately, control plane software can be purchased from another vendor or even implemented using an open source version of those protocols – in order to facilitate communication with the hardware devices.
SDN’s programmable interface delivers more control by allowing for software / cloud networking platforms to integrate with a wide range of third-party applications. Instead of manually programming multiple vendor-specific hardware devices, developers can control packet forwarding and the flow of traffic over a network simply by programming an open standards-based software controller.
3) Flexibility and Agility
Software-defined networking (SDN) is much more flexible than traditional networking because the control plane is software-based. As such, SDN allows network administrators to utilize a centralized user interface to control the network, configure settings, provision resources, and increase / decrease network capacity. Additionally, by leveraging standard protocols, SDN can meet the extremely large network requirements of cloud / hyperscale data centers.
At the same time, SDN is centered on rapid deployment (i.e., networking resources in minutes) and agile provisioning, when network requirements change.
4) Automation
The centralized approach of software-defined networking (SDN) is a key enabler of network automation. Automated software programs can be written to allow organizations to configure, provision, secure, and optimize network resources as needed. For cloud service providers, automation of manual work is of particular importance, through methods such as zero-touch provisioning (ZTP) – which is used to configure a switch without human intervention.
5) Network Visibility
Software-defined networking (SDN) employs end-to-end network visibility applications to provide real-time insight into the status of the network. These tools proactively monitor, detect, and notify network administrators when network issues arise. Also, these network visibility tools can deliver real-time data to third-party network performance and security applications.
Challenges of Software-Defined Networking (SDN)
The challenges of software-defined networking (SDN) are reliability, interoperability with application programming interfaces (APIs), latency, and security. Below are further details on the limitations and weaknesses of SDN:
1) Reliability
Software-defined networking (SDN) utilizes a logically centralized controller which configures and validates network topologies to prevent manual errors and increase network availability. However, this intelligence can be hindered because the centralized controller is susceptible to becoming a single point of failure, unlike a distributed system where the control plane software is run on two or more switches which operate as autonomous devices.
In the absence of a standby controller, only one centralized controller is in charge of the whole network. If this controller fails, the whole network may collapse.
2) Interoperability with APIs
Decoupling of the control and data planes distinguishes software-defined networking (SDN) from a traditional network. In SDN, both planes can evolve independently as long as application programming interfaces (APIs) connect them. Problematically, the centralized approach of SDN accelerates changes in the control plane (software), as opposed to the data plane (hardware).
As a result of this decoupling, there is an inherent complexity of defining standard APIs between both planes, particularly as networks scale up in terms of the number of devices (i.e., routers and switches). In very large networks, the issue of scale arises because it can be difficult for a single, centralized controller to handle thousands or tens of thousands of network devices being added to the network.
Since SDN uses APIs to communicate with underlying hardware infrastructure and direct traffic on a network, the SDN controller may become a bottleneck for handling traffic flows.
3) Latency
The control plane in an SDN architecture has a controller which is responsible for establishing every flow in the network by passing flow rules on to a switch. In a logically centralized controller set-up, certain decisions will suffer round-trip latency as the networking application requests policy directions from the controller.
Latency is a measure of time delay experienced in a system, from a source to a destination.
Time delays can occur at the controller from processing a packet which requires new flow rules. For example, if a packet arriving at the switch does not match any of the switch entries, it requires a controller to process that packet and agree on the flow of traffic. In turn, the processing time in the controller and the time for updating the switch creates a delay and, thus, higher latency in the system.
Additionally, the placement of the controller in a network impacts latency, with sub-optimal optimal placement resulting in higher latency.
4) Security
Software-defined networks that have a logically centralized controller are more exposed to security attacks that target the controller as a single point of failure. Therefore, an SDN solution is more vulnerable to attack than a network with distributed control, which has no single point of failure. Moreover, compromising the centralized controller, which is responsible for overseeing the operation of the entire network, means that the whole network will be compromised.
As such, steps must be taken to protect both the centralized controller and the communication channels between it and the networking devices, from security breaches.
Software-Defined Networking (SDN) Companies
Software-defined networking (SDN) companies are Cisco, Arista Networks, Juniper, and VMware.
Cisco
Cisco offers its Application Centric Infrastructure (ACI) solution which delivers centralized application-driven policy automation, management, and visibility of both physical and virtual environments as a single system. This solution focuses on the data center segment, to deliver multi-cloud architectures that bring policy and operational consistency, regardless of where applications or data reside.
Arista Networks
Arista Networks offers its Extensible Operating System (EOS), a network operating system, combined with a set of network and Ethernet switches and routers based on merchant silicon. This solution focuses on cloud networking for large-scale data center and campus workspace environments.
Juniper
Juniper offers its Contrail Networking solution which delivers an open-source, standards-based platform for software-defined networking (SDN). This platform enables customers to securely deploy workloads in any environment. It offers continuous overlay connectivity to any workload, and can run on any compute technologies from traditional bare metal servers, virtual machines, to containers.
VMware
VMware offers its NSX network virtualization platform that abstracts physical networks to simplify a customer’s provisioning and consumption of networking and security resources. NSX can be layered into any environment and integrates with many automation, security, and container solutions.
Software-Defined Networking (SDN) vs Network Functions Virtualization (NFV)
Software-defined networking (SDN) and network functions virtualization (NFV) are both independent approaches to networking that serve different goals. However, they are also complementary and overlapping in a number of different ways.
Similarities between SDN and NFV
Software-defined networking (SDN) and network functions virtualization (NFV) are both software-based approaches to networking that rely on virtualization technology to function and benefit from automation. Both SDN and NFV use network abstraction, commodity hardware, and software to support more efficient and programmable network services:
- SDN: decouples network control and packet forwarding functions from closed and proprietary physical hardware and, instead, utilizes programmable commodity hardware and standards-based software to control packet forwarding
- NFV: abstracts networking functions from the proprietary, physical hardware on which they run and, instead, through virtualization, network functions can run in software on generic, commodity hardware
SDN and NFV’s use of cloud computing and virtualization technologies is fundamentally changing the roles of data centers, networks, wireless carriers, and internet service providers (ISPs). Particularly, these approaches are resulting in a lower total cost of ownership, flexibility, automation, and an open ecosystem for network providers.
Differences between SDN and NFV
SDN may be used for many purposes unrelated to NFV. At the same time, network functions virtualization (NFV) can be implemented independently of software-defined networking (SDN) because it is possible to virtualize network functions without using SDN approaches.
SDN separates the network control functions, such as routers and switches, from packet forwarding functions, while NFV separates networking services from dedicated hardware.
SDN’s scope is much broader than NFV, as it controls and manages a series of network objects that could contribute to a service, by decoupling and centralizing the network intelligence from the packet forwarding process. In contrast, NFV aims to reduce the cost and time to provide network functions that support the delivery of a service, but it does not introduce changes to existing protocols.
READ MORE: Network Functions Virtualization (NFV) Explained