Software Defined Networking - The Future of Networking

Software Defined Networking: A Paradigm Shift

The way we have known networking is currently going through a drastic change. The paradigm is shifting quickly and definitely towards Software Defined Networking (SDN). In this post, I am going to share some of my thoughts on SDN and how it differs from legacy networking implementations.

The current networking model, which I will refer to as Legacy Networking is implemented by connecting to individual devices and configuring them. In any corporation with a sizable amount of devices, this requires a lot of resources and time. Which is neither scalable nor cost-effective.

SDN, which entered mainstream networking post 2015, works on the premise of Controller-based Networking where a Central device is responsible for the configuration of the complete network. This key property of SDN makes it more efficient and scalable than a Legacy Network. In the corporation mentioned above, it might have taken a company 15 network engineers to provision, manage and maintain a 100-120 device network, with SDN the same task can be carried out by 5 engineers in a much more efficient and timely manner.

In a SDN network, the Administrator registers the network devices on the controller. This process could be a manual process or automated. Once the device is registered, the configuration and monitoring of the device is done centrally from the controller. Configurations that are common among the network devices could be pushed together with the help of Configuration templates. Changing policies or protocols within the network also become easier and a lot more scalable as you control the changes from the centralized controller. It also helps in provisioning new devices on the network. If a new device comes up in the network, it can easily be provisioned and configured by using the templates.

As the network devices are already registered in the controller, the monitoring and troubleshooting of these devices is also done from a central console. The controller becomes a single pane of management for the entire network.

SDN is implemented using different technologies for different parts of the network. A typical network has three main aspects, the Campus Network, the Wide Area Network (WAN), and the Data Center.

Campus Network

Cisco has a technology implementation that allows you to apply SDN technology to the Campus Network. The technology is called Software Defined Access (SDA). SDA is a technology that uses 3 components to implement SDN for a Campus Network. These components are the Controller called the Digital Network Architecture Center (DNAC). It is an appliance that is responsible for controlling the Campus Network. The second SDA component is the Campus switch. The Campus switches have to be SDA-Aware. There is a range of Catalyst switches that give you that capability. The third SDA component is the authentication server (RADIUS), preferred to be Cisco ISE. The authentication server provides the DNAC the ability to implement Intent-based networking by providing access based on the user/device that is connecting to the network. Imagine a campus with hundreds of switches that need to be provisioned or a policy or configuration change needs to be made to the entire campus network. You can implement such a change by configuring it from the DNAC rather than logging into each Network device and configuring it. SDA also provides the ability to connect to existing Non-SDA networks using L2 Handoff and L3 Handoff capabilities.

Wide-Area Network

Cisco has a technology implementation that allows you to apply SDN technology to the Wide-Area Network. The technology is called Software Defined Wide Area Network (SD-WAN). Cisco’s SD-WAN technology was acquired from Viptela, an industry leader at the time, which CISCO bought in 2017. SD-WAN is a technology that uses 2 components to implement SDN for a WAN. These components are the Controllers and the WAN Edges.

Unlike SDA, SD-WAN has 3 controllers. The first controller called the vManage is used for all the configurations. The second controller called the vSmart is responsible for the Control Plane (Routing). The third controller (vBond) is used for authenticating the devices as they connect to the SD-WAN Network. The Network devices connect to the vBond first. Once they are authenticated, it directs them towards the vManage for Management and vSmart for Control Plane. The controllers are Virtual Machines (VMs) and can easily be implemented in the Cloud (AWS, Azure, etc). You could manage your entire WAN by logging into these controllers.

The second SD-WAN component is the WAN Edge. This is the routing device that sits at the edge of each network. WAN Edge is responsible for the Data Plane. All user traffic is transmitted between sites using the WAN Edge. WAN Edges are transport-independent in terms of connecting to each other. They can connect to other WAN Edges or Controllers using a MPLS Connection, Leased-lines, Broadband Connections, or the Cellular network.

Just like SDA, SD-WAN can also implement policy changes throughout the WAN from a central device, the vManage. This provides extreme scalability to the Network Administrator to implement new networks or make changes to existing devices.

Data Center

Cisco has a technology implementation that allows you to apply SDN technology to the Data Center as well. The technology is called Application Centric Infrastructure (ACI). ACI is a technology that uses 2 components to implement SDN for a Data Center. These components are the Controllers and the Data Center Switches.

The Controller is called the Application Policy Infrastructure Controller (APIC). It is an appliance that is responsible for controlling the Data Center Network. The second ACI component is the Data Center switch. The Data Center switches have to be ACI-Aware. There is a range of Nexus switches that give you that capability. As was the case with the Campus network, Data Center Network could have a large number of switches. If a new switch needs to be added or a change needs to be provisioned, the APIC allows you to configure it scalably and centrally. ACI also provides the ability to connect to existing Non-ACI networks using L2-OUT and L3-OUT capabilities.

In conclusion, as SDN provides a centralized controller-based management mechanism, it makes your network much more efficient, scalable and nimble versus a Legacy Network.

As an engineer, this would be the right time to get acquainted and start developing expertise in these technologies. Given the cost versus benefit analysis of implementing SDN technologies that I have observed, it is my opinion that over the next few years corporations will largely adopt this approach.

Cheers, Khawar