This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
2. - SDN in the LAN and WAN: Read more in this section
Explore other sections in this guide:
This article can also be found in the Premium Editorial Download "Network Evolution: The new network: SDN gets real."
Download it now to read this article plus other related content.
Software-defined networking (SDN) is already changing the data center network, but now the technology could redefine other parts of the network, as well as the network engineering profession itself.
A host of startups, academic researchers and other network gurus are exploring the powerful flexibility and programmability of SDN applications for strategies to make the LANs and WANs of tomorrow simpler to manage, more secure and more powerful than ever before.
SDN applications could improve network security
At the forefront of many SDN researchers' minds is security, particularly in environments that already rely heavily on virtualization. Software-defined networking will offer better control over network traffic, allowing engineers to differentiate network access for users in order to identify and separate bad actors or simply incompetent users.
"What is talked about most is security and the ability to understand or customize hosts on your LAN network," said Mat Mathews, co-founder of Plexxi Inc., a networking startup betting heavily on SDN advances.
Today, those capabilities are vendor dependent. Cisco and Juniper, for example, have gone to great lengths to bake security into their networking hardware, but these capabilities don't necessarily integrate well in a mixed-vendor environment. Nor do they translate well if you want to manage your security through a third-party vendor that doesn't partner with your switching provider.
That will change if open, standardized SDN catches on.
Toward a unified SDN security solution
Researchers are currently exploring how to use SDN to provide segmented, virtualized networks based on the characteristics of the connecting device, such as IP or MAC address. This would allow companies to give authorized users full network permissions while connecting guests to a completely partitioned network that restricts their access to file shares, printers and other sensitive areas.
Software-defined networking could also help find and eliminate threats that come from within a network, whether it's a cloud provider working to prevent malicious users or a university campus trying to stem the tide of a nasty virus. This was one of the exciting avenues of research for Ben Cherian, chief strategy officer of Midokura.
"Let's say that a DDoS [distributed denial-of-service] attack is originating from your [public] cloud, and you have no idea who is doing this. You can handle that by having physical people watching the network … or you could set rules on your network, and say 'I am going to tap all the traffic on my cloud, and if I see something abnormal, I'm going to programmatically shut down the tenants that are abnormal,'" Cherian explained.
The latter option not only requires fewer staff, but it also scales up more easily. In addition, it leaves network security less prone to human error. Midokura has already developed and deployed a port mirror that clones traffic for analysis, allowing increased security without compromised speed.
SDN applications for network services: Think Layers 4-7
As SDN advances, it will enable new applications that are unimaginable today. Instead of buying firewall or WAN optimization appliances, for example, enterprises could work with startups that are developing alternative SDN applications that can be installed and scaled on a virtualized network.
More on software-defined networking applications
Northbound OpenFlow applications up next
In software-defined networks, applications define the network
Big Switch Networks: An army of SDN application partners
Midokura network virtualization: Layer 2-7 services
IBM OpenFlow controller: Big Blue eyes SDN applications
Kyle Forster, co-founder and vice president of Big Switch Networks Inc., is building the company around that very idea.
"We have 15 apps in the pipeline," including a firewall, he said. But what's exciting to him are the new capabilities SDN applications will have in monitoring and redirecting network traffic in real time.
"The wonderful thing about having a programmable Level 2/Level 3 network is that if you're a Level 4 or Level 7 application provider, you can do a small adjustment to get the right packets to [your appliance] at the right time," Forster said.
That's a level of direct access that used to require pricey, specialized hardware investments. In time you could implement these capabilities on an SDN network quickly and inexpensively, dramatically changing the speed and flexibility of how networks are managed.
Rethinking network administration with SDN applications
While being able to access data streams in new and innovative ways could provide a wealth of new networking applications, the most lasting change could be in how networks are managed -- and the skills required to manage them.
"As networking gets more integrated into the virtualized part of IT, the software people will be running things," said Dan Pitt, executive director of the Open Networking Foundation. "There will be less manual configuration. If people can write automatic scripts for configuration and dynamic management, they don't have to get their fingers dirty with ports and VLANs and other problem areas."
That doesn't mean the network engineers of the future should forget everything they learned studying for the CCIE and start brushing up on their Python (yet). It could mean that they should start thinking about new services that can be delivered and have a positive business impact. With the right frame of mind, engineers could help move the network from being a ‘cost' center to a business driver.
"We like to say, 'What can we do to make network engineers heroes again?' It's been a long time since we've seen that," said Forster. "[SDN] increases their ability to grab applications when they need them to make their networks more useful."
Plexxi's Mathews echoed that assessment.
"What has happened is that the toolkit available to sys admins to maintain, operate and orchestrate compute resources has expanded," Mathews said. "They've changed their position to be more like DevOps."
So what can forward-thinking network engineers do to prepare for the coming software-defined networking wave?
"I would counsel them to be the advanced scout for their enterprise; show their enterprise how they can exploit SDN and do it [in] conjunction with the current installed base," said Pitt. "Some [networking] jobs will be going away, and the people who lead the charge in how you [transition] in a productive way will be the ones the enterprise wants to retain."
Staying open-minded might not hurt, either. "I don't think the network is going away or this role is going away, but there's a different breed of person who needs to manage it," said Cherian.