Software-defined networking (SDN) promises a new world network applications -- also referred to as northbound APIs. That's because SDN introduces network programmability and flexibility that opens up the way applications can be used to manage and control the network. These applications range from network virtualization and dynamic virtual network provisioning to more granular firewall monitoring, user identity management and access policy control. This guide is an introduction to northbound APIs -- what they are, who uses them and the status of standardization efforts.
Table of contents:
What is a northbound API?
In software-defined networking, the control plane of the network is decoupled from the underlying infrastructure. In many scenarios, the control plane is consolidated into a centralized controller that uses the OpenFlow protocol, or alternate communication methods, to control each node and traffic flow on the network.
Applications -- called northbound applications -- sit to the top of the controller. The northbound API presents a network abstraction interface to the applications and management systems at the top of the SDN stack. The information from these applications is passed along through a southbound interface. The southbound interface allows a controller to define the behavior of switches at the bottom of the SDN "stack." Essentially, the northbound interface and southbound interface allow a particular network component to communicate with a higher- or lower-level network component, respectively.
Learn more about the role of northbound APIs in an SDN in this tutorial on northbound APIs.
Northbound APIs put applications in control of the network
Why all the excitement around northbound APIs? Quite simply, a northbound API puts applications in control of the network. Rather than tweaking and adjusting infrastructure repeatedly to get an application or service running correctly, an organization can set up a framework that allows the application to demand the infrastructure it needs.
Pascale Vicat-Blanc, CEO of SDN and cloud orchestration startup Lyatiss Inc., blogged that application defined networking is built on an SDN foundation and involves "applications directly controlling and adapting the networking environment using APIs so that application delivery and performance across public and private cloud networks are optimized without compromising on portability or security."
This means that the focus of the network shifts from the infrastructure to applications. In order to emphasize this shift, vendors are touting their own terminology. Lyatiss uses the term application-defined networking, for example.
To learn more about this changing perspective, read the article about how apps define the network in SDN.
The benefit of putting applications in control
While much of the hype around SDN has centered around the data center, a host of startups, academic researchers and other network gurus are exploring how to use SDN applications to make LANs and WANs simpler to manage, flexible, more secure and more powerful.
Security tends to be at the forefront of these efforts, particularly for environments that rely heavily on virtualization. SDN offers better control over network traffic, allowing engineers to differentiate network access for users in order to identify and separate bad actors and incompetent users. For example, network architects who are building SDNs could deploy applications like a virtual intrusion detection system or a virtual firewall on a controller. The application could tap into information the controller possesses about traffic patterns, application data and capacity. If the application recognizes malware traffic based on the flows tracked by a controller, it could automatically isolate those packets before they infect the network.
Read SDN apps move beyond the data center to learn about other security capabilities enabled by SDN.
Northbound APIs: To standardize or not to standardize
With so many exciting possibilities, developers are eager to write useful SDN apps, but the question remains: What northbound API do they write to?
An open northbound API would allow anybody to develop a network application, as opposed to only equipment vendors. It would also give network operators the ability to quickly modify or customize their network control. However, the Open Networking Foundation (ONF), a consortium dedicated to promoting and commercializing software-defined networking, has avoided the issue of northbound API standardization for fear of stifling innovation. As a result, more than 20 different SDN controllers are currently available, featuring northbound APIs that vary based on the needs of the applications and orchestration systems above it.
So in 2012, the ONF started a northbound API discussion group, which it rolled into its Architecture and Framework Working Group. The Architecture Working Group is developing a charter with three deliverables for the northbound API:
- Use cases that motivate the need for the northbound API.
- A compendium study that looks at examples of the northbound API and explores what they do, what they require from applications, what they convey about the network and what data models they use.
- Recommendations on what, if anything, needs to be done to help the industry accelerate the adoption of SDN applications.
Despite the ONF's efforts, there's a chance there won't ever be a juried standard on northbound API . Routing and switching vendors that traditionally rely on network-based applications and features to differentiate their hardware are positioning themselves to maintain profitability in an SDN world. These vendors will invest in custom software, and OpenFlow will run concurrently to a native OS and complement the existing control plane, according to Mike Spanbauer, principal analyst of enterprise networking and data center technology at Current Analysis Inc. The result: a complex and crowded ecosystem where the establishment is joined by innovators, some of which have yet to emerge.
In this article, read more about the application tier of an SDN architecture.