Fotolia

Hybrid SDN is the gateway drug to the new network

Enterprises aren't ready to revamp entire networks for SDN, but it's not a zero-sum game. A hybrid SDN strategy introduces it gradually or partially.

This article can also be found in the Premium Editorial Download: Network Evolution: Context makes network security policy smarter, but not easier:

When Japanese broadcast network TV Asahi expanded from one building to four last year, its IT crew faced a lineup of all-time greatest networking challenges.

The expansion included the addition of two massive office towers and an events arena, which had to be connected to the original Tokyo headquarters and data center, all as part of one campus LAN.

Yet the TV Asahi team couldn't just ditch the existing 200-switch Brocade network at its headquarters and in the data center, which was costly but high performing. Whatever technology came into the new buildings would have to be less expensive, more flexible and also integrate with the legacy architecture.

The answer to these complex challenges was a hybrid software-defined networking (SDN) strategy. TV Asahi's senior network engineer, Kohji Sakata, and his team invested in a combination of NEC's ProgrammableFlow SDN technology and some of its legacy switches. Now TV Asahi's IT team could maintain the legacy Brocade network, implement OpenFlow-based networks in the new buildings and finally link all these resources together with dynamic virtual tenants.

Asahi is not alone in this hybrid approach to SDN. For all the lip service SDN gets in the IT press and among vendors, most users can't afford to toss aside existing network infrastructure for a full SDN overhaul. So rather than replace every existing network device with SDN-friendly switches and a centralized controller, they opt for hybrid switches that work in either environment or apply centralized control to very specific applications, such as network monitoring or intrusion detection and prevention.

In a TechTarget survey of data center engineers, 20% of 367 respondents said they'd invest in SDN in the coming year, and 37% said they'd invest in network virtualization, a form of SDN. Of the survey respondents planning to buy SDN or network virtualization products, 37 people said would they start by integrating SDN in a hybrid approach, while 29 said they would use SDN to implement specific network applications, such as monitoring and management.

Hybrid SDN is like a gateway drug -- if it works for one part of the network or one application, network engineers get hooked on its benefits and expand their use of SDN to take over more functions.

When OpenFlow meets legacy equipment

Originally, the need for dynamic network segmentation drove TV Asahi's IT team to consider SDN. The company had expanded to eight subsidiaries; each needed its own network with distinct security and management policy. Dynamic network virtualization was the only way to go.

"On the legacy network, you had to physically divide the sections," Sakata says. "There was so much overhead. We did all the wiring and redundancy of servers to support the physically segregated network."

NEC's ProgrammableFlow relies on a conventional OpenFlow model: The control plane of the physical network is decoupled from underlying switches and managed through a centralized controller. The controller sees every node on the network and manages them as if they were one large fabric switch. Inside each new building, the Asahi team built ProgrammableFlow-based LANs.

ProgrammableFlow's Virtual Tenant Network features let engineers build Layer 2 and Layer 3 tenants based on the underlying physical network. Once formed, these virtual networks function as distinct tenants that can be flexibly altered for specific traffic needs. They can also stretch across existing network resources using overlays.

"By using Virtual Tenant Networks, you can share the physical network resources by segregating the logical networks," Sakata explains. "In this new scenario, they just use the original WAN connection as a pipe on the LAN. Logically, all the buildings don't appear to be separate -- they are all one."

Once the buildings were connected over this new logical network, the Asahi IT team also found it could maintain high-availability links more easily.

"With the legacy network, for each router you had to have redundant routers and routing rules for high availability. If one link [went] down, another link [went] up," Sakata says. "But when you have a centralized controller, you don't need all those routers [and rules] anymore. The SDN controller knows where to send [traffic] when the other link goes down. It finds the alternative path automatically."

Legacy switching still plays crucial role

Sakata's IT team didn't completely abandon legacy switching in the new buildings because NEC's traditional switches had a few key stability features.

While ProgrammableFlow switches with a controller were deployed for local connectivity in each building, the team opted for non-OpenFlow NEC QX switches for their 802.1x authentication functionality to provide seamless traffic with user authentication and policy-based flow between the legacy and SDN-based networks.

End users connect to the network via the NEC QX switches and, once authenticated, users come into the SDN-based network where traffic is steered based on policies of the ProgrammableFlow controller. The joint authentication also pulls together wired and wireless user authentication and access.

The Asahi IT team has no immediate plans to change the legacy equipment in the TV network's headquarters, but Sakata says they will eventually integrate OpenFlow into that building for specific applications, such as BYOD and access policy implementation.

Can hybrid SDN solve UC performance woes?

No matter how innovative and exciting new technology is, IT engineers must prove it is life changing before they can justify the budget. The ability to correct performance issues in unified communications (UC) and collaboration applications may be just the right use case to push IT teams to invest.

"One of the challenges we have running voice and video over IP is quality. If you look at the implementation of tools out there now, 60% to 80% of the time there are quality problems that are generally caused by something in the network that is not working right," says Chris Lauwers, CEO of Ubicity, a developer of cloud orchestration tools that will tackle UC performance issues with SDN.

"Voice and video are very bandwidth hungry," Lauwers explains, so UC providers build call admission control (CAC) tools to be sure traffic doesn't exceed what the network can support. But these tools are largely inefficient because application developers are unaware of the state of the network, and network administrators can't see what's happening inside the UC and collaboration applications, since those flows are encrypted.

SDN with centralized controllers addresses the visibility issue on both sides. Centralized SDN controllers see into every port and traffic flow on the network in real time. Opening up an API on the SDN controller that can integrate with UC and collaboration tools means engineers can integrate network status information into the application, and vice versa, in order to dynamically steer traffic for better performance.

At İstanbul Kültür Üniversitesi (IKU) in Turkey, network manager Onur Candas planned to implement Microsoft Lync for 800 users on campus, but he had serious concerns about Lync performance. However, Microsoft had released an open SDN API to improve Lync performance last year.

With the Lync SDN API, engineers can create an environment where users connect to a front-end server in the Lync environment that initiates each media stream and provides ongoing information about each stream, user and device. That API allows visibility into the characteristics, health and metrics of each voice, video and data media stream in the Lync environment, as well as information about user, location and device.

Companies like HP, Aruba and Nectar Services Corp. integrate information from the Lync API into their own systems. The HP Network Optimizer, for example, feeds that information into its centralized Virtual Application Networks (VAN) controller, which in turn uses it for policy and Quality of Service (QoS) provisioning.

All of these factors played a role in Candas' decision to revamp the entire campus network with HP equipment.

The IKU team wasn't sure it was ready for a complete SDN overhaul, but HP had a hybrid SDN story -- switches that run in both a legacy environment and support OpenFlow with a centralized controller.

Candas' team replaced 100 of their Cisco Catalyst 3750 and 2950s switches with HP backbone, distribution and access switches that all support OpenFlow. On the wireless network, they also replaced their Cisco 1231 and Cisco 1242 access points (APs) with HP's 560 802.11ac APs.

"The most important differentiator of HP was IMC's [Intelligent Management Center's] single pane-of-glass management, which would provide us great benefit -- and the fact that SDN is supported by the whole config," Candas says.

Candas and his team aren't ready to run fully on OpenFlow, so their HP switches will be used in a traditional architecture, but Candas will use the Lync SDN API and VAN controller for QoS tagging, and then move to traffic engineering. Once that's stable, the team can consider optimizing more applications with SDN control.

"In the future, we can use other aspects of the SDN controller -- for example, to accelerate the performance of SAP," Candas says.

Meanwhile, industry groups are working on a broad effort to solve UC's performance problems with SDN. The Unified Communications Interoperability Forum (UCIF) created the UC SDN Task Group, which developed a use-case specification for QoS in SDN. Specifically, the task group examined the automation of QoS markings, CAC and traffic engineering.

The UCIF doesn't develop standards, but it has submitted the use-case specification to the Open Networking Forum (ONF) northbound API working group. The ONF is a standards body.

"The UC application would make a request through the SDN API to apply QoS markings for a call starting on the network. For example, it could ask to make sure [a specific] call gets 1 megabit per second. In response, the controller says, ‘There is congestion; I can't give 1 megabit per second, but I will allow the call at one-half megabit,'" explains Lauwers, who is also vice chairman of the UCIF SDN working group. "In response, the app developer needs to be able to say, ‘I am not going to use high def; maybe I will use lower-resolution video.' There will be continuous interactions between the application and the network."

Other paths to hybrid SDN for UC

Any vendor that extends programmability to its legacy switches can interact with SDN controllers for QoS and traffic engineering -- even if that controller speaks a language other than OpenFlow, says Lauwers. Cisco, with its One Platform Kit (onePK) toolkit and Application Policy Infrastructure Controller (APIC), can extend programmability to its legacy LAN and WAN switches and therefore can extend SDN control for QoS and traffic engineering, as long as there is an open API in the UC and collaboration tool.

But even enterprises without technology that allows them to control physical switches can apply QoS to UC performance in a virtual network overlay, since controllers can manage functionality among virtual switches.

"There are ways to introduce functionality by focusing on the edge of network, which is increasingly becoming software through virtual switches. Those can be under the control of an SDN controller that provides APIs," Lauwers says. UC QoS can be implemented within the virtual overlay.

Lauwers' company, Ubicity, will take this approach, implementing QoS on network overlays through its orchestration tools for cloud providers.

"We are taking the use cases from UCIF and incorporating them into a service orchestrator rather than into the UC apps themselves," says Lauwers. "In the cloud, you'll have virtual machines running the service and virtual networks interconnecting those services and connecting to the customers using virtual private networks (VPNs). You could apply the QoS treatments to the VPNs -- or the virtual network overlays -- in aggregate rather than in sessions."

This was first published in August 2014

Dig deeper on SDN use cases

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchNetworking

SearchEnterpriseWAN

SearchCloudProvider

SearchUnifiedCommunications

SearchSecurity

SearchDataCenter

Close