The buzz around software-defined networking (SDN) is virtually inescapable in technology discussions today. And for good reason. The innovative take on networking promises the kind of Agile infrastructure that dovetails
By separating the control plane from the physical network, SDN creates an environment where all switches and routers take their traffic-forwarding direction from a centralized management controller -- an approach that enables a holistic view of activity across the entire enterprise. The result is a highly automated network that promises a level of efficiency, security and operational cost savings that legacy enterprise topologies can't match.
Yet, as impressive as the projections seem to be … most enterprises would be ill-advised to launch an SDN deployment today.
Industry projections indicate a fairly fast takeoff for SDN deployment, with some research firms predicting that the market will balloon to billions of dollars in revenues before the end of this decade. Enterprises seem eager to jump on board. One study, a 2013 survey of 1,750 IT professionals sponsored by data and storage networking vendor Brocade Communications Systems Inc., found that as many as 55% of organizations are evaluating software-defined networking technology.
Yet, as impressive as the projections seem to be -- and its perceived operational benefits notwithstanding -- most enterprises would be ill-advised to launch an SDN deployment today. The reason is clear: The technology required to drive the build-out of SDN environments is still in its earliest stages. And there are still too many unknowns.
Case in point: Though OpenFlow is often used interchangeably with SDN, there is not one single approach to creating the kind of programmable, automated network that is synonymous with a software-defined network. Major vendors including Cisco and VMware have proposed alternate approaches. Thus, there is a long road ahead in terms of technology development and the standardization essential to ensure both product quality and interoperability.
Security benefits and barriers cloak SDN deployments
The fact that SDN is still in its earliest stages doesn't in any way diminish the model's potential, particularly as more dynamic applications enter the enterprise mix. And through increased automation, SDN promises much lower operating costs, and, in theory, more consistent performance. Conceptually, in an SDN environment, a controller-based load-balancing application would automatically transfer workloads to the resources with sufficient capacity.
In addition to the greater efficiency and agility that an SDN deployment promises, the approach also could improve security on a number of fronts. At the most basic level, the centralized automation enabled through SDN should make it easier to deploy a virtual LAN than in a more traditional environment. SDN's centralized control concept will also make it easier for IT administrators to deal with the vanishing perimeter challenge by allowing them to send all internal and perimeter traffic through a consolidated firewall. This should make it easier to control entry and to capture security data in real time.
Additionally, it should be easier to respond quickly and proactively to an attack. For example, in the event of a distributed denial of service attack, IT administrators could quickly reroute packets and prevent the kind of traffic deluge that could cripple their network.
Yet, on the flip side, centralizing so much of the traffic routing function to the controller presents some specific security challenges. An attacker in an SDN environment might choose to take out the network by inundating the controller and switches, rather than going after the hosts directly. Vendors will need to answer questions regarding how they will counter threats that go directly after the communications between the controller and network switches.
For most enterprises, status quo will be sufficient
As hot as the hype is around SDN today, from an enterprise perspective, the benefits are still mostly in the future. Simply put, while service providers whose networks are far more stressed by high traffic volumes and rich media content can expect to see nearer-term benefits from the technology. The majority of enterprises are still better served by their proven existing infrastructures that deliver more reliability today than the new SDN products can guarantee now.
Before most enterprises make the leap to SDN, they will need some solid assurances around security, reliability and solution interoperability. Most would be wise to wait for products and feature sets to mature and interoperability standards to jell. Enterprises will also want to learn about their peers' SDN experiences before they jump into the fray themselves.
That said, savvy IT administrators need to keep SDN on their radar. After all, the future seems to come faster all the time.
This was first published in November 2013