freshidea - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What is the relationship between east-west traffic and SDN?

SDN engineer Darien Hirotsu explains how SDN can help solve the challenges presented by east-west traffic flow in the data center.

East-west traffic in the data center and software-defined networking (SDN) are related in that many SDN solutions look to solve the challenges presented by this dynamic flavor of traffic. For some real-world context, take the recent Open Networking User Group and Open Networking Summit conferences, where no shortage of topics involved touch points between the challenges from east-west traffic and associated SDN solutions.

In order to highlight this relationship in more detail, let's look at SDN for simplified enforcement and management of network policy on east-west traffic, as well as for dynamic Multi-tenancy and isolation of per-customer east-west traffic.

To start, many SDN solutions for the data center and cloud highlight network virtualization as a feature. While fellow network engineers may protest and turn the discussion to virtual LANs (VLANs) or Multiprotocol Label Switching VPNs -- which have sliced up the physical network for years -- a key difference is that network virtualization in SDN presents higher level network abstraction, which can simplify enforcement and management of policy.

Suppose an organization needs to enforce a policy for a subset of east-west traffic (such as filtering traffic between two workloads or virtual machines). For the network to enforce this policy, packet filters or rules must be configured manually on various devices. Should one of the workloads migrate unbeknown to the network team, the required configuration may not reside at the new device where packets enter the network.

Also, as policies change, manually updating packet filters on a per-device basis becomes a challenge. An SDN solution presenting a higher level network abstraction allows these policies to be applied at a centralized controller to the virtual network rather than the physical one. The resulting policy may then be rendered and applied to the underlying physical network. This simplifies policy management and enforcement, since policies at the virtual layer are enforced, regardless of workload location in the network.

Next, let's look at multi-tenancy in the data center as it applies to east-west traffic. Imagine customers trying to spin up multiple workloads or instances like Web servers and database servers in a multi-tenant cloud. Customers likely want to isolate their specific workloads and resulting east-west traffic from other customers. No surprise, since provisioning these types of services manually on traditional networks is an operational burden.

Provisioning ports and VLANs alone across hundreds of switches requires significant effort. Having to add isolated layer 3 services or additional network functions such as load-balancing further complicates this problem. As a result, a number of SDN solutions provide higher level abstractions for multi-tenancy, which simplifies the deployment of the required connectivity. More importantly, these SDN solutions treat the network holistically, allowing the required connectivity to be deployed or turned down in a centralized fashion instead of on a per-device basis.

In conclusion, while we highlighted two of the touch points between east-west traffic and SDN, there is certainly no shortage of topics to discuss. These two examples come up frequently, however, and have real solutions and applicability.

Next Steps

Vendors look for new virtualization security with east-west firewall capabilities

What to look for when buying data center switches

What is the best way to build a data center fabric?

This was last published in July 2015

Dig Deeper on Software-defined networking