Software Defined Networking (SDN) has been an area of rapid innovation for the last three years. For IT managers faced with managing complex distributed networks, cloud-based SDN offers the promise of more efficient management, improved reliability, lower capital investment and operating costs.
To date, much of the innovation in Software Defined Networking has been focused on large data centers where SDN complements the highly virtualized computer resources to create flexible and scalable network applications. But recently I’ve been involved in several conversations about what role SDN will have out at the edge of large distributed networks. Can SDN principles be used to help manage large distributed networks such as an enterprise with hundreds of small branch locations?
The SDN model decouples the "control plane" from the "data plane" in the network. An SDN system separates decisions about where traffic is sent (the control plane) from the underlying system that forwards traffic to the selected destination (the data plane). SDN moves the majority of the ‘control plane’ into the cloud where it can be dynamically configured and managed. It would seem to follow that some of the related security policy management would follow.
In the short term, IT managers may be resistant to yield all control plane and security functionality from the remote ‘edge’ location (e.g. branch office) to the cloud. Perhaps some hybrid models will develop whereby cloud-based management of the edge router will allow dynamic configuration and management of some control plane and security functions at the edge, working in conjunction with higher level cloud-based network controllers. Control and management of VLANs to meet dynamic application and security needs would seem a likely candidate. This would allow IT managers to configure and add specific applications on VLANs with specific security policies ‘on the fly’ to support operational needs.
Another potentially promising area is compliance management. With SDN to the edge, IT managers could manage security policy to meet Payment Card Industry (PCI) compliance standards.
Cloud-based SDN, when combined with less expensive network ‘appliances’ at the edge, offers potential for more flexible, reliable and secure networks with lower total cost of ownership. What role SDN will take as it rolls out to the network edge is still unclear. However, it does appear to have a role. It will be interesting to see this evolve as innovators drive the ‘control plane’ to the cloud.
To read more, check out the Open Networking Foundation, which was founded to promote SDN standards and engineering as Cloud Computing blurs the boundaries between networks and computers. https://www.opennetworking.org/