Software-defined networking (SDN) is an enabling technology shift that mimics for networking what server virtualization brought to data centers. From little more than a research project a decade or so ago, SDN has become one of the biggest trends in the data center, and for good reason. SDN allows organizations to deliver networking with the same level of flexibility and agility as virtualization has allowed them to deliver other parts of their infrastructure.
This report is aimed at both enterprise IT practitioners as well as data-center operators, and gives the audience some historical background, technical context, and specific issues to think about when in SDN.
Key highlights from this report include:
- SDN is a trend of growing importance to anyone involved in data-center design, management, or utilization. Almost every technology vendor in the networking arena now has an “SDN story.”
- SDN is a disruptor to traditional networking approaches. However, a hybrid approach towards SDN delivers real benefits for organizations with existing networking assets.
- In this early stage, not surprisingly, SDN has some barriers to adoption. A hybrid approach that embraces smaller proof-of-concept trials while looking at broader deployment is the best way to approach the SDN opportunity.
Thumbnail image courtesy of loops7/Thinkstock.
2 SDN: what is it?
Software-defined networking (SDN) is an approach to computer networking that was first commercialized out of work done at Berkeley and Stanford Universities.
SDN allows users to control the components of the networking environment via software rather than the traditional approach via hardware. SDN decouples the logic that decides traffic routing from the underlying systems that forwards traffic to and from locations. With SDN, the logic layer is replaced by a virtualized controller that can centrally configure all network equipment.
SDN gives far greater flexibility and efficiency to organizations so they can tailor networking to suit a particular application at any time.
SDN is fundamentally changing how networks are designed, built, and operated. The drivers for SDN are obvious: As data centers are expected to be ever more dynamically responsive to increasingly variable loads, SDN allows the networking aspects of a data center operation to scale in lock step with demand. In a recent Network Computing article, Serdar Yegulalp articulated the five benefits an enterprise can obtain by using SDN:
1. Service provisioning speed and agility: Setting up networks in an SDN can be as easy as creating VM instances, and the way SDNs can be set up is a far better complement to VMs than plain old physical networks.
2. Network flexibility and holistic management: SDNs enable “network experimentation without impact” – meaning one can leap over the limits imposed by SNMP and experiment freely with new network configurations without being hamstrung by their consequences.
3. Better and more granular security: VMs have made network security a headache and a half. SDNs can provide the kind of fine-grained security for apps, endpoints, and BYOD devices that a conventional hard-wired network can’t.
4. Efficiency and lower operating expenses: The exact cost savings of SDNs is still in doubt. For example, whether it might simply shift costs to controllers and software is still unclear. Still, 50 percent of the administrators surveyed who use SDNs said they sold the technology to their business executives as a money-saving methodology. And while many of those polled see lower hardware costs as a big SDN selling point, the bigger opportunity is lower opex costs due to improved network management efficiency, according to the report.
5. Virtual network services, lowered capex: Even if the biggest benefits for SDNs will be in big-league data centers, enterprises still have plenty of ways to lower their capex, by making better use of what enterprises already have, by lessening dependencies on proprietary hardware and dedicated appliances, and by reducing their reliance on a single vendor.
SDN is the natural counterpart to server virtualization. Over the past decade or so server virtualization has helped data-center administrators deliver more flexible and performant services while reducing their spend on hardware. But as server virtualization has increased it has become increasingly difficult to manage such complex and dynamic infrastructures with traditional networking approaches.
Networks today rely on IP addresses to identify and communicate with resources on the networks. While this worked well in traditional architectures, in large virtualized networks it breaks down. With SDN, administrators have flexibility to set particular attributes across the network — bandwidth, latency, etc. — for individual data flows.
As modern data centers become ever more complex and house a mixture of diverse and disperse workloads layered across both virtualized and non-virtualized assets and users, a solution must be able to provide rapid connectivity to dynamic applications while also meeting an organizations’ regulatory and compliance requirements. SDN increases organizational flexibility while still allowing visibility and control over networking.
The final benefit of SDN is that it allows the networking aspects of a data-center operation to be automated and, by extension, allows an organization to focus more on its core competencies. By increasing flexibility and automation across the networking function, SDN increases an organization’s ability to innovate and remain agile.
3 SDN as a disruptor
SDN is a technology disruptor on several levels. The traditional vendor approach towards data-center networking has been to sell highly proprietary combined hardware and software solutions into the market. These finely tuned (and generally expensive) solutions lacked significant interoperability with other vendors’ equipment and hence tended to lock customers into an ongoing capital expenditure with one vendor.
Early in the advent of webscale operators such as Facebook and Google, engineers realized that traditional networking was prohibitively expensive for their application and didn’t give them the level of flexibility they required. They began to experiment with open-source controllers sitting on top of commodity networking hardware, and enjoyed the cost savings and flexibility that approach brought. While these massive organizations arguably have the ability to push proprietary vendors to supply them at competitive prices, the flexibility that SDN and open approaches give them deliver more value than any cost saving could ever offer.
Seeing a potential commercial application for SDN, a number of vendors have sprung up to market, either as open-source software, flexible hardware, or open combinations of the two in an effort to give enterprise data center operators the opportunity to enjoy the benefits of SDN that larger players had already been enjoying.
The traditional networking vendors have also reacted to the very real threat that SDN creates for their businesses by investing in SDN startups or embracing on their own SDN initiatives. Early in the life cycle of SDN there is little clarity about which approaches will be the most successful. While many enterprises are trialing SDN, analysts predict that full-scale SDN deployments are likely to be a year or two away. However, to enable real deployments in two years, organizations need to be looking at trials within the next 12 months.
The plethora of new vendors or solutions from existing vendors leaves data center operators in something of a quandary: With existing investments still in place, they are faced with the prospect of either retaining their proprietary networking layout or embracing SDN across the board.
Of late, organizations have been investigating a hybrid approach towards SDN, leaving existing networking equipment as the underlay within the data center but utilizing an SDN overlay to drive greater efficiency and flexibility for it. (We will cover hybrid approaches to SDN in a subsequent section.)
One of the key benefits of the move to SDN is the centralized operational model it is based on.
With traditional networking models, operational staff needs to manually distribute the network policies on all elements (routers, switches, etc.) within the network. This occurs whenever a change is required, and can be a scheduled update to all passwords on the network or forced through a change in application types on the network: for example, a new application that requires a network-wide change to the quality of service policy.
SDN provides the environment for policy-based networking to centrally enforce these changes, and to assure the distribution of the new policy is pushed to all devices on the network while also providing a tracking and auditing mechanism of the change. This frees the IT department from the laborious task of making the change and the auditing of the change as required by government initiatives to audit the environment for compliance.
As a result this policy based networking functionality can reduce the overall operational expenditure of the change (forced or scheduled) and reduce the compliance costs of ensuring the network platform is delivering the business information to only those that it should.
4 A drive for agility
As organizations are increasingly under pressure to be more nimble and innovative, demand has led to a parallel requirement for data centers to respond to the needs of the organization. Historically a data center would have been more likely to house a somewhat homogenous application stack. The modern data center is far more complex: diverse workloads running on both virtualized and traditional infrastructures and serving highly unpredictable loads.
Given this complexity, organizations are looking for technologies that allow them to respond to these demands for agility in a way that is in keeping with the compliance and regulatory requirements. SDN increases agility via a number of impacts:
- Allowing the organization to innovate unconstrained by any networking barriers means that proof-of-concept and prototype applications can be created and deployed rapidly.
- Allowing the data center to be more responsive to the opportunities that mobile computing and big data provide increase the ability to chase outlier opportunities.
- By optimizing network assets, organizations can “right size” their infrastructures, secure in the knowledge that they will be neither over-provisioning nor in danger of running the risk of service degradation.
- Security and compliance can be governed from a central location rather than on a per-device basis. This increases both efficiencies and overall compliance.
- SDN allows an organization to map its networking to its compute and storage, making dynamic migration of workloads less problematic.
- By lowering both operational spend and capex, SDN frees up finances to focus on core strategic initiatives.
5 SDN in a hybrid world
In the vast majority of cases, organizations need to look at SDN in the context of existing assets. While building infrastructure from scratch using SDN exclusively is a simple process, the situation is far more complex when an organization wants to apply SDN to an existing data center.
In this case organizations want to consider SDN as a platform that can extend across the existing networking infrastructure as well as to sit atop any new infrastructure into the future. This hybrid approach to SDN is attractive for organizations as it allows network engineers to introduce SDN technologies overlaid into their operation but without completely overhauling the existing architecture.
Hybrid SDN utilizes existing network equipment and an architectural approach in the data center to provide the underlying IP fabric for the SDN-controlled overlay network connections. The benefit of this approach is the central management and control of the network paths over the existing network assets, which can result in a much more efficient network platform and extended lifecycle for these assets.
In a hybrid SDN environment, an organization can utilize both SDN and standard switching protocols simultaneously on the physical hardware. The SDN control plane can be configured to discover and control certain traffic flows while traditional, distributed networking protocols continue to direct the rest of the traffic on the network.
A hybrid approach to networking is analogous (and indeed complementary) to the hybrid approach towards compute that we’re increasingly seeing within modern data centers. The increasing use of hybrid compute highlights the failings of traditional approaches towards networking. Following a similar hybrid approach for networking helps to overcome traditional LAN/WAN restrictions.
In removing these restrictions, hybrid SDN also lends itself to a more flexible and effective delivery of compute workloads.
6 A bumpy road: constraints that impact upon SDN success
While SDN sounds like the Holy Grail for networking, some general constraints and specific issues relating to data centers should be taken into account.
Organizations must think about the velocity of the cloud service. The network as a whole constrains application availability. While IT teams can assign and deploy virtualized compute or storage in a matter of minutes, the network connections between those virtual machines and the end users take far more time to provision. This constraint means that, despite virtualized compute, storage, and networking being rapid, a bottleneck still occurs when provisioning external network elements.
This lag between when an application in a virtual environment becomes available for external users is a long-standing issue. Ideally the entirety of the network should be treated as one, with no differentiation between internal data-center networking and the WAN.
Over time these external-networking aspects will also become more agile. Meanwhile, however, organizations must consider the impacts of externalities as they relate to application deployment.
Data-center network constraints
Datacenters have constraints that are imposed by poor designs and/or the limitations that existing solutions create. Soft boundaries are implemented in order to segment the data center. These boundaries are caused by the inherent limitations of the LAN technologies. Networking aspects mean that tenants must be manually provisioned within a zone in order to gain connectivity.
SDN removes these constraints. Compute can be spread across any rack, row zone, or indeed data center, and can communicate without being restricted by network-domain constraints imposed by routers and network segmentation. As data centers have grown within enterprises, the networking has grown organically as an extension of the LAN environment.
The traditional way to make the network seem more adaptive to applications was to over provision. By doing so it was easier to deploy applications to other parts of the network. The downside to this is that it is not an efficient use of the resources and potentially leaves portions of the network remaining idle until specific loads are inserted. Hybrid SDN resolves these constraints without resorting to over-provisioning.
Initial forays into webscale data-center networks simply replicated the LAN approach, but on a bigger scale. With SDN, these artificial constraints can be bypassed to provide network connectivity over existing hardware.
7 The barriers to SDN adoption
SDN is a relatively new technology. So, as would be expected, not all customer requirements are yet in place. These will be resolved, but setting out the current barriers that exist to adoption is important.
Networking analysts have identified several barriers that hamper adoption of SDN:
- Lack of standards for full-device control. Trying to resolve new software to existing devices has meant a lack of clarity over how generalized network service creation should be. Should an SDN offering cover device setup or simply the networking operations? As it is early in SDN adoption, this question will be answered by the market in time. OpenFlow was one initiative intended to answer this issue, but while it provides the southbound API to manage the hardware layer, no standard exists for the northbound API to the application layer.
- A lack of service control software. Service control software is the technology that handles the build of routes and traffic control with an SDN network. Every SDN implementation requires service-control software to create the virtual networks. SDN users rely on network equipment manufacturers to provide the required service control software.
- Multivendor network control. One of the obvious value propositions of hybrid SDN is its ability to overlay across different infrastructure. Having service control software that can exercise control over heterogeneous offerings is critical to the success of hybrid SDN.
- Managing control traffic. As more and more control traffic is created, the metadata around control becomes larger than the actual application traffic itself. A more hierarchical approach towards traffic control and higher levels of distributed process and control will help with this issue.
- Boundary functions are needed. A problem with discrete as opposed to hybrid SDN is the lack of clarity as to how the individual SDN deployments will interact on the boundary between the SDN and the existing architecture. As hybrid SDN gains traction, these perimeter issues will be address more rapidly.
The industry needs more SDN clarity
As would be expected in the early stages of SDN, significant complexity and divergence of approaches in the marketplace prevent the mass majority from feeling comfortable moving to SDN today. This is an issue that must be resolved over time as more case studies and best practices are developed for SDN deployments. For now, however, vendors and practitioners involved in SDN should strive for less rather than more complexity.
Many of these barriers can rightly be thought of as small issues for what is a new approach to technology. With so much attention and startup activity in the general SDN space, a high level of commonality and consistency with regards to SDN approaches over the next few years is likely. Added to this, the next period of time will be characterized by proof-of-concept trials. As well, much the complexities and divergence will be resolved before wide scale production deployments roll out.
Overall enterprises currently running or using data center assets should look towards trialing SDN for specific projects. This approach lessens the risks involved in SDN deployment. When trialing SDN however practitioners and decision makers should remain aware of the longer term implications of SDN and think about SDN in a broader context as a fabric sitting over both existing and new networking assets.
8 SDN security and compliance issues
While SDN undoubtedly brings opportunities for increased agility to an enterprise it also introduces some security and compliance issues. Centralizing control in an SDN controller removes protective, layered hardware boundaries such as firewalls. Secondly, by decoupling the control plane from the data plane, SDN introduces new surface areas such as the network controller, its protocols, and APIs to attack. Finally by centralizing control, an attacker only needs to compromise the controller to gain access to the entire network.
While these are all valid concerns, analysis has shown that many attacks take advantage not of vulnerabilities but rather of configuration mistakes. Centralizing the control plane into one place allows an enterprise to ensure appropriate configuration across the entire network far more easily.
Specialist SDN vendors invest in ensuring that the surface areas are as robust as possible. Hardened operating systems, robust identity, authentication, and authorization approaches over APIs and application whitelisting all help to mitigate the security risks that SDN introduces.
Perhaps most importantly, deploying SDN allows a networking operations team to be far more efficient. Rather than massaging a divergent and complex networking architecture, they can move to a more strategic model where time and resources can be invested to ensure heightened security for centralized networking assets.
9 SDN user case study: University of Pittsburgh Medical Center
The University of Pittsburgh Medical Center (UPMC) is a $10 billion integrated global nonprofit health enterprise that has more than 62,000 employees, 21 hospitals, and 400 clinical locations including outpatient sites and doctors’ offices serving a 2.2 million-member health insurance division, as well as commercial and international ventures.
As a large healthcare provider UPMC has a world class IT infrastructure environment that is 80 percent virtualized serving over 4 Petabytes of storage within its data centers supported by a private MPLS network.
With such a large and dynamic compute environment UPMC found that its traditional IP network was suffering from network configuration delays because of the complexity of the workflow between the IT and IP teams within their organization and the exchange of detailed network information (IP addresses, VLAN tags, QoS requirements, and security profiles) that needed configuration setup for each application instance.
As such, UPMC looked at the SDN technology market for ways to streamline the provisioning aspects of the network, and to provide an increase in the visibility and control of the network for the IP team.
UPMC trialed Nuage Networks SDN solution over a six-month period from May 2013 through October 2013 and has moved forward with the deployment of SDN starting in February 2014.
Networking in a Virtualized IT Environment
With the move to virtualized compute UPMC found that traditional data-center networking did not match the dynamic nature that IT applications required.
With traditional (bare metal) server deployments where hosts were deployed for long production lifecycles (three to four years) and network configuration was configured once and then left alone didn’t apply. With the virtualized compute environment, demands changed to require instant deployment for peak periods and a significant increase in moves, adds, and changes to the network. The increased workload strained the traditional IT to network team workflow processes and increased the likelihood of human based configuration errors.
Networking based on the SDN framework promised to alleviate these problems through abstraction of the network configuration from the application deployment and the automation of the network paths within the application environment and out to the wide area.
SDN based Network Virtualization
During the trial period UPMC tested the functionality of SDN to provide network virtualization overlays. It also validated the assumptions that SDN’s automation and abstraction principles would significantly improve the organization’s ability to react to changes driven by its business and improve the service delivery from its IT department.
Once the trial concluded, UPMC moved to deploy SDN on its backup network and chose a backup network that provided some leniency in deploying without impacting the production environment. At the same time it provided UPMC with significant improvements in the network reactivity SDN promised.
The implementation of this SDN environment begun in February 2014, with a long-term strategy to expand the SDN environment and to transition the production network onto the SDN based network during the later half of 2014 and into 2015.
Benefits of SDN for UPMC
The migration to SDN provides a number of benefits to the IT department at UPMC.
- UPMC is expecting a significant reduction in the network-configuration time for both application changes and new deployments.
- It will gain from network efficiency.
Where now the department overprovisions the network with SDN, it will gain from greater functionality in the areas of bandwidth management, QoS conditioning, improved security profiles, operational toolsets, and most importantly, a lowered risk from configuration error.
10 Key takeaways
- SDN is a trend that is of growing importance to anyone involved in data-center design, management, or utilization. Almost every technology vendor now has an SDN story.
- SDN is a disruptor to traditional networking approaches however a hybrid approach towards SDN delivers real benefits for organizations with existing networking assets.
- Given that SDN adoption is in its early stages, barriers to adoption remain. A hybrid approach that embraces smaller proof-of-concept trials while still looking at broader deployment is the best way to approach the SDN opportunity.
- SDN standards are evolving slowly. We believe that the pace of this evolution should not impact an organization’s willingness to experiment with SDN in its own setting.
11 About Ben Kepes
Ben Kepes is a technology evangelist, an entrepreneur, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users. He is a globally recognized subject matter expert with an extensive following across multiple channels.
Ben currently writes for Forbes. His commentary has previously been published on ReadWriteWeb, Gigaom, The Guardian, and a wide variety of publications both print and online. Often included in lists of the most influential technology thinkers globally, Ben is also an active member of the Clouderati, a global group of cloud thought leaders, and is in demand as a speaker at conferences and events all around the world.
12 About Gigaom Research
Gigaom Research gives you insider access to expert industry insights on emerging markets. Focused on delivering highly relevant and timely research to the people who need it most, our analysis, reports, and original research come from the most respected voices in the industry. Whether you’re beginning to learn about a new market or are an industry insider, Gigaom Research addresses the need for relevant, illuminating insights into the industry’s most dynamic markets.
Visit us at: research.gigaom.com.