By V. Dotta - Head of DT Virtual Infrastructure SQUAD
Networksare complex by definition and represent a real bottleneck withindata centers. This is due tothe explosion of server, storage, and workstationvirtualization, the inability to scale physical networks as quickly as workloads, and limitations in the automatic deployment of resources in multi-client environments. To address these issues, IT needs to reduce the deployment time of its network-related services by adoptingSDNin addition to technologies already in use, such ascloud computingandvirtualization.
What is SDN (Software Defined Networking)?
SDN is defined by the ability todecouple the control plane(which defines how a device forwards traffic)from the data plane(the device that moves data), makingnetwork devices programmablefrom a single, centralized control point. The control plane is located in a centralized controller that has a global view of the network topology and can manage the hosts that connect to it.
Communicationwith the controller takes place via its "NorthBound"and "SouthBound"APIinterfaces.The "NorthBound" interface is used by applications that tell the controller how to program the network. The "SouthBound" interface is used by the controller to communicate with network equipment. Various protocols can be used for SouthBound communication, the best known being OpenFlow, but it is not the only one. OtherprotocolsincludeOSPF, MPLS, BGP, andIS-IS.
Network deployment becomes programmable and can be industrialized
Network administrators generally use various tools to configure the network and the various devices that comprise it. It often takes several hours to connect a new server to an existing infrastructure, or even several days if additional network equipment needs to be added. Although some operations can beautomatedandsimplifiedusing tools such asPuppetorChef, the most complex tasks remain manual, and managing deployments can beproblematicand lead to errors.
Thanks toSDN,networksare nowprogrammable, and the availability of application programming interfaces (APIs) will enable network equipment to be programmed using different languages. Furthermore, this programming will no longer be done primarily by network engineers, but also by a whole range of tools such as scripts for automating deployment tasks, retrieving and analyzing network status, and orchestration tools for executing tasks in sequence.
There are many cases in which SDN can be used, such as implementing intelligent network security rules, where, for example, specific flows can be isolated and switched to an intrusion detection system, or for flow mirroring, to duplicate flows for logging, reporting, or analysis purposes.
3 different approaches to deploying SDN
- Switch-based
The SDN controller programs the existing switches in the infrastructure. Typically, these are switches that are compatible with OpenFlow.
- Overlay
Using a tunneling approach, in this case the SDN controller sends instructions to a hypervisor that contains a virtual switch. These are called "overlay" tunnels (VxLAN, GRE, etc.), which are independent of the physical "underlay" infrastructure. Examples include VMware's NSX SDN solution, Juniper's Contrail, and Cisco's VTS.
- Hybrid
This last approach consists of a combination of the previous two. It is based on overlay tunnels (VxLAN) that can interact and coexist with traditional Ethernet switching technologies.
What kind of use can be made of SDN?
In the example below, the goal is to provide the customer on the left with various services (remote desktops, web server farm connected to a DMZ network, Internet access, data security) in a fast, dynamic, and automated manner. The elements circled in blue are applications running on virtual machines, and three virtual networks are deployed: Private, Public, and DMZ.
The Private and Public networks have a specific attribute (route target) so that they terminate in a specific routing instance, one on the client-side router and the other on a router directly connected to the Internet. Communication and security between the Private and Public networks is provided by a virtual NAT/FW instance connected to both networks. A rule is then applied to these two networks to allow bidirectional data flow, while passing through the FW. This is called a "service chain."
Who are the competitors?
Network equipment manufacturers are the first to offer SDN controllers based on their own network hardware, such asCiscowithACI(Application Centric Infrastructure),Arista Networks, HP, Dell, Vyatta from Brocade, andJuniper'sContrail SDNsolution, which is network infrastructure agnostic and can communicate with other equipment from different brands. There are also software vendors, such asVMware, which offers its own SDN solution calledNSX.
