freshidea - Fotolia
East-west traffic in the data center and software-defined networking (SDN) are related in that many SDN solutions look to solve the challenges presented by this dynamic flavor of traffic. For some real-world context, take the recent Open Networking User Group and Open Networking Summit conferences, where no shortage of topics involved touch points between the challenges from east-west traffic and associated SDN solutions.
In order to highlight this relationship in more detail, let's look at SDN for simplified enforcement and management of network policy on east-west traffic, as well as for dynamic multi-tenancy and isolation of per-customer east-west traffic.
To start, many SDN solutions for the data center and cloud highlight network virtualization as a feature. While fellow network engineers may protest and turn the discussion to virtual LANs (VLANs) or Multiprotocol Label Switching VPNs -- which have sliced up the physical network for years -- a key difference is that network virtualization in SDN presents higher level network abstraction, which can simplify enforcement and management of policy.
Suppose an organization needs to enforce a policy for a subset of east-west traffic (such as filtering traffic between two workloads or virtual machines). For the network to enforce this policy, packet filters or rules must be configured manually on various devices. Should one of the workloads migrate unbeknown to the network team, the required configuration may not reside at the new device where packets enter the network.
Also, as policies change, manually updating packet filters on a per-device basis becomes a challenge. An SDN solution presenting a higher level network abstraction allows these policies to be applied at a centralized controller to the virtual network rather than the physical one. The resulting policy may then be rendered and applied to the underlying physical network. This simplifies policy management and enforcement, since policies at the virtual layer are enforced, regardless of workload location in the network.
Next, let's look at multi-tenancy in the data center as it applies to east-west traffic. Imagine customers trying to spin up multiple workloads or instances like Web servers and database servers in a multi-tenant cloud. Customers likely want to isolate their specific workloads and resulting east-west traffic from other customers. No surprise, since provisioning these types of services manually on traditional networks is an operational burden.
Provisioning ports and VLANs alone across hundreds of switches requires significant effort. Having to add isolated layer 3 services or additional network functions such as load-balancing further complicates this problem. As a result, a number of SDN solutions provide higher level abstractions for multi-tenancy, which simplifies the deployment of the required connectivity. More importantly, these SDN solutions treat the network holistically, allowing the required connectivity to be deployed or turned down in a centralized fashion instead of on a per-device basis.
In conclusion, while we highlighted two of the touch points between east-west traffic and SDN, there is certainly no shortage of topics to discuss. These two examples come up frequently, however, and have real solutions and applicability.
Vendors look for new virtualization security with east-west firewall capabilities
What to look for when buying data center switches
What is the best way to build a data center fabric?
Dig Deeper on Software-defined networking
Related Q&A from Darien Hirotsu
NFV versus VNF: SDN engineer Darien Hirotsu explains the differences between network functions virtualization and virtual network functions. Continue Reading
Implementing NFV remains a daunting task, but Open Platform for NFV offers a path forward. Our expert explains where the open source platform stands ... Continue Reading
SDN engineer Darien Hirotsu discusses the benefits of the Central Office Re-architected as Datacenter concept for the telecom central office. Continue Reading