WavebreakmediaMicro - Fotolia
If you look around your data center and see a traditional core, aggregation and access layer design, it might seem that software-defined networking wouldn't fit. There's also a notion that software-defined networking is driven by new initiatives, such as private cloud. These are common misconceptions.
Software-defined networking is a broad term that encompasses a wide selection of technologies. There are two SDN use cases, in particular, that should interest network managers: software-defined WAN (SD-WAN) and network function virtualization (NFV).
Here's a closer look at the benefits and challenges of an SDN-WAN or NFV deployment.
SD-WAN brings options
SD-WAN improves service while reducing costs. Dynamically sending network traffic over the appropriate link has vexed network engineers for years. The first thought is to compare SD-WAN to policy-based routing. In PBR, engineers take an artisanal approach to traffic management; it's not uncommon for organizations to abandon the effort out of frustration.
SD-WAN products combine the power of big data analytics and traditional networking. They monitor traffic flows and network latency and jitter, making real-time decisions on traffic management. A common comparison to SD-WAN is voice traffic management. A PBR approach may dictate leveraging a Multiprotocol Label Switching (MPLS) connection for all voice traffic and a lower-quality Internet VPN for non-latency sensitive traffic. This isn't a hard-and-fast rule; if an MPLS connection is congested on the far side, the Internet VPN is the more viable option.
Trying to create a routing policy for this type of dynamic traffic routing wasn't feasible -- at least not until SD-WAN vendors combined the power of general compute with inexpensive network links. Using real-time traffic analysis, middleboxes direct traffic over the best available link.
The list of SD-WAN vendors is long. Some vendors provide the traffic analysis and flow control rules as part of a software as a service offering. SaaS offerings are quick to deploy, as there's no need to rely on customer-side server infrastructure for analysis. Other options offer some sort of central controller that maintains link state and the routing tree. Almost every SD-WAN provider advertises simple deployment, with traditional interior routing protocols replaced by proprietary algorithms calculated in a controller node.
NFV deployment helps reduce costs
NFV is another area that network managers should investigate. By virtualizing edge devices, carriers reduce the overall cost of managing infrastructure and provide better service to customers. The savings comes from deploying new middleboxes to edge locations.
Without an NFV deployment, provisioning new customers may require configuring and deploying new equipment to edge devices, which can be expensive. NFV helps eliminate these costs, while decreasing provisioning time for new services. To start a new service or increase capacity, a carrier only needs to spin up a new VM running a particular NFV instance.
Similar advantages exist for enterprise users. Configuring non-switching devices is time-consuming for network managers. From load balancers to firewalls, a lot of time is spent deploying and managing hardware that could benefit from abstraction.
With firewalls, for example, it's common to have two VMs residing on the same physical host communicating via an external firewall. It's just as common to see that the license of port on the physical firewall is 100 megabits per second. There's no technical reason for maintaining a physical firewall -- a virtualized firewall is just as secure, more efficient and easier to maintain.
Assuming licensing is the same, network performance would improve as you flatten the network without making changes to the physical route and switching underlay. In addition, customers realize all the advantages of virtualization. Prior to an upgrade, an engineer can clone the firewall, place it in an isolated virtual network and test new configurations. During the change window, a snapshot of the NFV-based firewall is taken. If the upgrade fails, recovery is as simple as reverting the snapshot. Recreating this capability in a physical network is daunting and expensive.
A common question is the segregation of security controls between the server group and the network organization. Modern virtualization platforms allow for segregated control of VMs between groups. For example, VMware vSphere allows organizations to create vCenter security groups that allow only the network group to delete, rename or edit NFV devices. The controls are granular.
Don't let the label of SDN prevent you from adopting technologies that both reduce cost and make managing your network easier. Both an SD-WAN and NFV deployment are SDN use cases that aren't particularly difficult to implement or disruptive to current operating models.
Watch out for these SD-WAN pitfalls
Here's how SD-WAN creates competition for MPLS
Why SD-WAN could hurt the NFV business case