The evolution of modern hyper-converged cloud platforms, application architectures and mobility is driving rapid and radical changes in network architectures and technologies.
The implications of this shift will be vast and take many years to fully play out. But some of those effects are evident now in today’s modern networks that are based on software-defined network architectures and take advantage of Network Functions Virtualization.
Already, enterprises are seeing the benefits of adopting software-defined networks (SDNs). SDNs support the principles of loosely-coupled architectures, where routing and switching functions are consolidated in a centralized controller (control plane), which is then decoupled from the traffic-carrying function in the network switches (data plane). Given the controller’s global context, it programs the switches efficiently on demand based on: running applications requirements, network state, security constraints, governance model, prioritization rules and arbitration policies.
This programmable centralized controller enables the network to grow from a limited role of statically connecting devices to dynamically, adaptively, and predictively supporting applications during their run time given a set of operational controls. In this role, SDNs facilitate the movement of data in programmable flows with a global context, using all the good benefits of software constructs.
Network Functions Virtualization (NFV) can be used in conjunction with SDNs to provide exceptional agility and to reduce capital and operational expenses. NFV uses virtualization technology to deploy network functions on industry standard, high-volume servers as opposed to specialized and expensive appliances. SDN combined with NFV form a powerful dynamic system of programmable modern networks. In these modern networks, everything – including routing logic, switching functions, and appliances – is defined, provisioned, and managed entirely in software.
As such, modern networks deliver many important benefits to modern data centers:
- Security and policy enforcement to mitigate inbound threats and prevent outbound data leakage
- Network slicing and traffic isolation based on services, class of users, internal/external events, or other classification
- Application-aware routing policy to address bandwidth requirements, resource optimization, security constraints, or SLA thresholds
- Operational control to support resource optimization, cost management, and operational efficiency
In this post, we will discuss a few use cases to highlight these categories.
1 Accelerate and improve big data implementations
Big data and analytics are being applied to a growing range of enterprise applications, which can strain traditional IT resources. An SDN can improve big data implementations by more effectively processing large-scale datasets and reducing the time it takes to complete large analytics jobs.
SDNs can improve job completion time because they enable a global view of available bandwidth and have the ability to flexibly manage network resources. This allows the network to automatically orchestrate resources when setting up a new big data cluster. SDNs can take parameters such as job size, traffic priority (background or bulk transfers) and infrastructure capabilities (such as those related to IP storage systems, for example) into consideration.
The network will further optimize for traffic types (broadcast, shuffle, and incast) and allow the scheduler to improve the joint optimization of map and reduce tasks to avoid job starvation. The result is improved data locality, reduced congestion and optimized task assignment.
2 Provide end-to-end service management
With SDNs, self-monitored applications communicate with the network about the resources they need to meet performance, capacity, coverage and latency requirements. This oversight provides a mechanism for managing service levels and ensuring SLAs are met by mitigating network-related SLA issues. By using software-defined networking, IT can identify potential problems and automatically prescribe a course of action proactively before a service interruption actually takes place.
3 Support network fabric for the Internet of Everything
Characterized by a high number of devices, low-volume traffic, heterogeneous networks, differing priorities and highly distributed, time-sensitive traffic, the Internet of Things raises many network challenges. The flood of devices will affect security, performance, affinity, capacity and latency of the network and will demand new monitoring capabilities, changes in policies and complex SLAs — all of which an SDN can effectively navigate.
In addition, SDNs offer better control over network traffic. IT can differentiate network access for users and applications based on qualifying metrics such as user privileges and connecting devices. By separating information flows, IT can better deal with individual service interactions at a finer level of granularity.
4 Enable an end-to-end security architecture
SDNs provide three important mechanisms to implement a robust and complete end-to-end security architecture:
- Granular segmentation of the network to reflect complex security policies
- Centralization of security policies and their respective configuration management
- Automation of security remediation tasks
This means security can be built into business application logic, which simplifies network security policy enforcement and auditing, and improves threat detection and response.
Complex policies and remediation tasks can be implemented programmatically. This process can take into consideration application functions, constraints, user classes, service categories, locations of traffic stream endpoints, time of day or week, cost of links, and external events. These capabilities not only strengthen existing security functions but can also improve the overall security posture.
For example, SDNs offer an effective approach to preventing distributed denial of service (DDoS) attacks. While traditional methods use expensive devices to constantly advertise and change virtual IPs for a potential target, an SDN network controller can randomly assign virtual IP addresses to protected hosts at a much higher rate than can be effectively made using traditional methods. The temporary mapping between the virtual and physical IP addresses is pushed to the switches closest to the protected hosts at the very edge of the network, where the translation can then take place.
Additionally, SDNs can automatically respond by raising preemptive alerts, provisioning additional resources temporarily, or blocking certain ports while offering a rich set of forensic capabilities.
We’ve only begun to see the changes that SDNs will bring to the enterprise, but it’s already clear that the technology offers a beneficial shift in the way IT services and resources are provisioned and used.
How is your enterprise using SDNs today?
Read more in the white paper, Secure Software-Defined Networks Unlock Digital Information.
Rafat Shaheen is a lead global solutions executive and a member of CSC’s CTO Office. His expertise includes IT transformation, service-oriented architecture, design methodologies, IT virtualization stack, hybrid cloud architecture, DevOps and architecture design patterns. Connect with him on LinkedIn.