In contrast to the vastly changing realms of consumer-facing technology, such as mobile phones, Web browsing enhancements, social networking, and so forth, the fundamentals of computer networking have remained stable for several years. Many of the IP and routing protocols in use today are virtually unchanged compared to twenty years ago, and while there are new Wide Area Network offerings in the present day, the core concept of how packets traverse a network and how systems share information has remained virtually unchanged.
One particular aspect of networking, however, is starting to emerge and is making such a huge impact on how large enterprises operate, that the entire field of computer networking is feeling a transformation.
Through Software Defined Networking, or SDN, full centralization and automation are now front-and-center as the biggest change in computer networking. Whereas other major changes in networking, such as the transition from IPv4 to IPv6, had a slow adoption rate due to most enterprises not seeing an immediate need for change, most network administrators can agree that SDN is providing a benefit to both administration and cost.
This concept of SDN extends beyond just the internal network and allows for huge gains in wide-area-networking options. Businesses are now looking towards Software-Defined WANs (SD WAN) to replace the previous practice of manually managing WAN traffic and the leasing of private lines. This not only heavily decreases on-going costs, but it allows for more precise control over wide-area network traffic than ever before.
The top 5 What is SD WAN points?
1. Software intelligence exists within a NFV environment providing agility and flexibility via web portal configuration.
2. SD WAN is marketed as an Internet VPN by vendors looking to save you money by leveraging low cost Internet.
3. SD WAN is an agnostic technology, select the right connection for your business whether this is Internet, MPLS or otherwise.
4. SD WAN is able to terminate any connection from any source and apply security, load balancing and local traffic shaping depending on network conditions.
5. SD WAN builds on the traditional WAN router and is revolutionizing the telecoms market place.
What are the origins of SDN?
For over fifty years, the general practice of having computers communicate with one another involved various, separated devices that all had to be managed individually. Going back all the way to gateways, bridges, hubs, and eventually routers and switches, the management of these devices remained the same: each component played its own individual role and was managed as an autonomous device. Over time, attempts were made to make management of multiple devices more efficient, such as the Simple Network Management Protocol. This allowed for a degree of centralized management and the reporting of network devices. However, devices were still considered autonomous, and unless extensive programing took place in advance, the management of devices such as routers and switches were typically limited to specific commands or routines.
As the complexity of networks grew, and large enterprises began utilizing more redundancy in both the internal and external network, the need to have a smarter, more robust network quickly came to light. Even with the most sophisticated system managing each network device remotely, this was no longer sufficient for network staff. System administrators wanted a way for a centralized system to be smart enough to manage the network devices directly; to have full knowledge of the network and at a high-level, be able to control the decisions made by devices that traditionally handled routing and switching functions.
This is a vast shift from the paradigms of how network devices have worked for several years. Previously, even if a group of routers utilized a routing protocol to share all information about their routes, one router had no way of knowing how its neighboring router would handle a packet. A neighbor router may have a filtering rule, routing policy, or so forth, that could influence how a packet is routing to its final destination.
This placed a burden on networking staff, as they had to be fully aware of how each individual device was configured for a given route. With software defined networking, however, a centralized application can have full knowledge of the network, and would properly convey information to each device in the path to allow for complete control of a specific type of network flow the network engineer would like to follow. This makes SDN a much more robust solution than previous attempts, such as SNMP, and changes how networks operate as a whole. Entire routines can now be fully automated, such as adding a new VLAN to a branch network, in which rules can automatically be added to firewalls; routes added to the appropriate routers, and so forth.
The benefits of SDN can therefore be shared across organizations of various size. Service Providers, for instance, can take advantage of SDN at multiple levels of the company. For example, a workflow can exist such that once a request for a new business account is created; SDN can assist with automatically allocating an IP address, then create a Virtual Routing and Forwarding entry to isolate the network, and finally, populate the route as needed to achieve WAN connectivity with other branches.
Having a centralized structure that can manage the various devices in networking provides the additional advantage of organizational efficiency. By having a system that can have preset workflows and patterns, the company can now retain the time that was once dedicated to change-management, along with the time needed to troubleshoot issues due to configuration errors.
What are the components of SDN?
While there are several vendors and standards available, there are three main components to any SDN implementation:
Conventional routers and switches had their own control and data planes, meaning they housed the logical and forwarding functions within the same device. With SDN, these traditional devices now simply act as packet forwarding devices. This would allow centralized software to handle the logical path and control decisions, and the switches would follow the instructions provided by this centralized structure.
The application layer in regards to SDN refers to network services that were traditionally part of the management plane on conventional networking devices. Network administrators define the policies and settings at this level. The following are examples of application layer functions is SDN:
Acting as the hub of the SDN infrastructure, the controller takes the instructions from the higher-level application layer and sends the commands to the physical devices at the infrastructure layer. It is the controller layer that makes logical decisions based on the requested configuration at the application layer. As the brain-center of SDN, the controller processes the various routing and security decisions and directs the infrastructure devices on how to specifically handle those tasks.
This concept therefore separates the conventional paradigm of how networking devices function: where the logical control plane and traffic-forwarding data plane resided on the same device. Instead, the controller acts as the control plane and allows the networking devices to act solely as data forwarding devices.
Since the goals of SDN is to increase efficiency and provide centralized management, typically only the first set of packets from a flow are sent to the controller for a decision. For instance, the controller might direct traffic for a new flow to a firewall for inspection, then have it bypass the firewall after successful review, reducing the overall load on the network path and firewall instance.
With the logical control plane no longer individually present on each device, switches can now focus on one task: forwarding packets efficiently. The logic involved with shaping, prioritizing, and filtering traffic is no longer a decision-based burden of the individual switches. The higher application and controller layers can now handle centralized, dynamic rules and make changes whenever necessary without administrators having to touch individual switches.
From a practical standpoint, when an SDN switch receives a packet from a new flow, it queries the controller to see how the packet should be handled. The controller can then make packet manipulation and flow decisions, and then direct the switch on what action to take. The remainder packets in that flow are then handled directly by the switch for full wire-speed optimization.
Communicating between SDN Layers
In order for the infrastructure layer devices to fully work with the SDN controller, the switches need to be compliant with an SDN protocol. The most popular is OpenFlow, though there are several vendors that provide their own standards, such as Cisco’s OpFlex. The purpose of the protocol is to have a way for the controller to perform actions and provide instructions to a compatible switch. Therefore, switches at the infrastructure layer need to be SDN capable, which depending on the vendor, can be denoted as compatible under that given protocol, such as an “OpenFlow Compatible Switch”.
With the controller acting as the core center of SDN, there are two different directions away from the controller: upwards towards the application layer, or downwards towards the SDN switches. Communication between the controller and application layer is known as “Northbound”, and is handled by APIs that allow given software or services to communicate directly with the controller. It is through APIs that orchestration software, load balancers, firewalls, and security services are able to work with the controller.
Traffic from the controller to the SDN switches are considered “Southbound” traffic, and utilizes protocols such as OpenFlow or OpFlex to communicate. These southbound protocols can issue flow tables to their respective SDN switches to issue a rule, action, or retrieve statistics.
What is Network Function Virtualisation?
The overall goal of SDN is to provide better performance, automation, and centralization of the enterprise network. To better achieve this goal, traditional networking devices are now also becoming virtualised. Similar to how the emergence of virtual machines in the last 15 years vastly changed how datacenters can manage server instances as software, networking devices such as firewalls, load-balances, routers, and switches are also being virtualised to provide better performance and control.
Physical switches still have their place in the network, as aggregate devices that connect dozens or even hundreds of end-users. However, Network Function Virtualisation, or NFV, is aimed towards virtualising components that reside in the WAN edge or datacenter. This would allow similar benefits to that of a virtual machine: better scalability, redundancy, and control. For instance, with a traditional firewall, there may be physical limitations such as the number of ports available, RAM, and CPU resources. Additionally, if a new location needed a firewall, a new one would have to be physically setup and provisioned. With NFV, the firewall itself is virtualised and can be properly allocated the amount of resources needed for that specific location. More importantly, through SDN, this virtual firewall can be automatically deployed and provisioned as needed.
Aside from the benefit of virtualising networking components, is the ability for software-based networking instances to be more fluid with one-another. An example of this could be an Intrusion Detection System directly communicating with the firewall and routing functions to prevent Denial-of-Service attacks. By having a common set of administrative control, SDN allows for these devices with separate, specialized roles to work with each other in order to service the network as a whole.
What is SD WAN?
While Software Defined Networking is certainly growing as the new approach of managing a large enterprise network, it is not something that can be quickly transitioned into. A company with thousands of switches and hundreds of routers cannot simply move into SDN overnight. Many companies, however, can initially benefit with specific components of their networks, particularly those that are critical and require the most administrative attention.
Large companies tend to utilize redundant connections to remote locations, and may have complex requirements for various flows of traffic. Quality of Service, Policy Based Routing, and redundancy mechanisms can help make a network resilient and efficient, however, by utilizing software at the WAN level, the company can truly benefit from full control and automation of how traffic is routed over multiple connections in a WAN.
SD-WAN goes beyond simply helping to provide redundancy, but rather it offers the same end-to-end control of traffic that the internal network can benefit from with SDN. At the WAN level, traffic can be encrypted and allocated based on specific application-layer requirements, such as favoring traffic that is sourced from a particular user, group, or software. Additionally, SD-WAN allows for centralized management of various types of connections, such as MPLS, LTE, broadband, etc.
One major difference between SDN and SD-WAN is that SDN is a full-blown architecture that defines how the entire organizations network can be managed and consists of several components. SD-WAN, on the other hand, can refer to specific solutions that are targeted solely to WAN management.
Internally-hosted and cloud-based solutions exist that offer the ability to control and optimize WAN traffic. Products from vendors such as Cisco and VeloCloud allow for multiple WAN circuits to be viewed from a simple dashboard. Aggregation and reliability can be automated and managed through a web-browser, and does not require as extensive a change and knowledge set as a full SDN implementation in the internal network.
Therefore, SD-WAN is poised to be most organizations first leap into software-based networking due to the fact that it involves less equipment and is only concerned with one aspect of the network. Companies such as in the retail sector, who have a large amount of branch offices can easily benefit from a solution that automates new branch network deployments and allows for a centralized view of the entire network.
Software Defined Networking is changing how networks operate by moving away from a multitude of traditionally decentralized devices into an architecture that can have full awareness of the entire network topology. Not only is the network more capable of making smarter security, routing, and switching decisions, but the time and effort from networking staff is reduced thanks to orchestration and workflows that can help automate common tasks.
In a similar manner, vendors are now specifically targeting WAN services by offering solutions that help optimize how companies communicate with their remote offices. Links can be aggregated, traffic can be uniquely routed, and the overall WAN network can be easily viewed through on-site and cloud-based solutions. While a full SDN implementation may take some time to develop for each organization throughout the next few years, the benefits of SD-WAN can be seen as more useful in the near future for most companies.
Visit the Netify SASE Cybersecurity and SD WAN marketplace.
Get the data points you need to help with your SASE Cybersecurity and SD WAN decision making process.