Software-Defined Networking – SDN – What is it?

Written By: Amar Moturi

Firstly, what is Software Defined Networking and why has it become a popular platform to develop on?

Software-Defined Networking (SDN) is simply the physical separation of the control plane (controls the forwarding behavior of routers) from the data plane (performs forwarding as instructed by the control plane) and was created as part of the process to make computer networks more programmable. Standard networks are highly complex and are difficult to manage for two main reasons:

  • Diversity of equipment on the network
  • Proprietary technologies for the equipment

SDN offers new ways to redesign networks to make them more manageable by dividing the network into two planes – control plane and data plane and uses this separation to simplify management and speed up innovation.

 

What are the key differences in the traditional vs SDN approaches to networking?

In the traditional approach, the routing algorithms (control plane) and forwarding function (data plane) are closely coupled. The router runs and participates in the routing algorithms. From there it is able to construct the forwarding table which consults it for the forwarding function.

In the SDN approach, on the other hand, there is a remote controller that computes and distributes the forwarding tables to be used by every router. This controller is physically separate from the router. It could be located in some remote data center, managed by the ISP or some other third party.

We have a separation of the functionalities. The routers are solely responsible for forwarding, and the remote controllers are solely responsible for computing and distributing the forwarding tables. The controller is implemented in software, and therefore we say the network is software-defined.

These software implementations are also increasingly open and publicly available, which speeds up innovation in the field.

One of the most popular SDN network controllers, OpenFlow, (using the POX API), has the functionality to create hubs, switches, load balancers, or firewalls all through software. An SDN framework like POX allows running experiments on actual network hardware or via software emulators.

In practice, the network configuration of an SDN firewall will not look very different from that of a traditional hardware solution. An SDN controller sits in between hosts with the Firewall running on top of the controller software.

The key difference between the two approaches is that a software controller, such as OpenFlow, is used instead of traditional hardware. POX then acts as a firewall by establishing rules on what the OpenFlow controller should filter in/out between two hosts.

The SDN approach to implementing an L2 configurable firewall using the POX controller:

SDN

One of the best things about SDN is that it is almost all open source. If you have an interest in learning more about how this can impact your organization, contact Triden Group by using the form below.

If you would like to experiment with this technology please follow this tutorial to get your own instance of an SDN simulation with Pox and OpenFlow running on your computer (Linux VM needed!): https://github.com/matanby/CloudFirewall