The software-defined network (SDN) is one of the hottest topics in IT today. It’s also one of the most difficult concepts to pin down. The technology has great promise for cloud environments because it’s agile, programmable, centrally managed and based on open standards. It also presents new issues regarding Virtualization Security for today’s network administrators.
What Is SDN?
In some respects, the answer to this depends on whom you ask. However, most people agree SDN is the biggest change in networking since hardware-based routing and the Internet. Essentially, packet forwarding and network-control functions are decoupled in an SDN. When this happens, you can directly program network control. You can also abstract the underlying infrastructure for network services and applications.
With decoupled network control, administrators can dynamically change traffic flow on the network according to what the organization needs. With the software-based SDN controllers, applications and policy engines essentially see a global-network view as a single switch. Because SDN controllers aren’t proprietary, IT can write its own automated SDN programs to configure, manage, secure and optimize network resources.
What’s Wrong With Our Current Networks?
On today’s networks, adding devices, moving devices and deploying network-wide policies is largely a manual process. These processes are complex and time-consuming, and they present the threat of downtime. Because manual changes are so labor-intensive, IT may be tempted to skip them. In an SDN environment, changes are made using software so IT can respond quickly to network changes.
Traffic patterns in virtualized networks are dynamic. Many routers use oversubscription to allow ports to run at a higher speed to accommodate extra bandwidth. Statistical multiplexing improves network utilization, but if the network becomes congested, service may degrade. Instead of giving switches local control over traffic routing, SDN control is centralized and adjustable in the software interface.
Current networks don’t offer the flexible traffic management required when applications need to access geographically distributed databases and servers through public and private clouds. Big data means additional capacity requirements; the cloud means on-demand access to IT resources including applications and infrastructure. Also, because of BYOD trends, networks have to be both flexible and secure. SDNs have the potential to solve most of these problems.
How the SDN Could Improve Network Security
The SDN also has several positive implications for network security. Since operators have visibility over the entire network instead of having to look at each individual switch, they don’t have to worry about forcing network traffic through security appliance bottlenecks. Also, the centralized control lets the network operator respond dynamically to malicious traffic anywhere on the network. Finally, SDN can take away some of zero-day attacks’ power. Instead of enduring an attack, learning about the threat and then doing a better job next time, operators can respond in real time whether or not they know the threat’s exact nature.
Centralized response capability is great, but it could also affect network performance. The next steps developers should take to improve SDN security include accelerating both virtualization and security functions in the control plane. Encryption to the forwarding plane from the communication channel also needs to be accelerated. At the same time, OpenFlow coverage needs to expand from a three-layer switching model to a seven-layer model. This expansion could enable forwarding plane-threat management in Layers 4 – 7.
Software-defined networks aren’t the only “software-defined” buzzwords circulating around IT these days. Network operators are also talking about software-defined storage and the software-defined data center. All of these ideas operate on two main concepts: virtualization of the underlying component and the use of APIs to manage, operate and provision the low-level component.
In a software-defined data center, for example, an IT worker who doesn’t know how to format a hard drive could provision gigabytes and even terabytes of data. Web application developers can set up load-balancing rules without a single login to a router. As IT becomes more automated, network functionality can mirror company workflow.
Just as the cloud has revolutionized data storage, the SDN will change network functions significantly. Everything is designed to give organizations the scalability, flexibility and accessibility that they need to function in today’s 24/7 work world.