In part 3 of our SDN series, I covered virtual versus physical infrastructure. Part 4 will cover the three most commonly propounded benefits of SDN: efficiency, agility and security.
Early, hyper-scale pioneers of SDN such as Google astounded the networking community with the increased network utilization they achieved using SDN. The industry norm for WAN link utilization is between 30% and 50%, whereas, by deploying SDN, Google drove utilization up to 95% (without impacting critical flows, losing traffic, etc.). This is primarily due to SDN’s holistic view of the network and deeper understanding of inter-application requirements allowing SDN controllers to perform far smarter traffic engineering, route determination and load balancing than traditional QoS implementations. Using techniques such as sub-optimal routing for less time-critical traffic allows more circuitous routes to be employed to better utilize less desirable links thus reducing congestion on faster, more expensive links for time critical traffic.
Another emerging feature of SDN controllers is the ability to pre-compute failover paths for critical flows especially over particularly vulnerable or unreliable links.
Within the datacenter SDN can massively help with automation of network reconfiguration and enhance virtualization agility. By having a complete view of the datacenter: virtual machines, virtual switches, load balancing services / appliances and the underpinning physical network infrastructure combined with the virtual machine to service and security policy mappings, the SDN controller can reconfigure the SDN to allow seamless migration of virtual machines around the network ensuring that security constraints are maintained, service chains (i.e., the linkages between VMs to network services such as load balancers, firewalls, IDS, etc.) are preserved.
Within the broader campus, SDN can provide similar advantages for network device mobility combining wireless and wired network management, ensuring dynamic QoS compliance, traffic engineering, resource limiting and security (e.g., RBAC).
Throughout the SDN estate the ability to dynamically restructure service chains provides yet greater flexibility. The ability to dynamic insert a virtual load-balancer or a firewall, for example, into a service chain without needing to rack a new unit and re-cable is a powerful feature of SDN. Such service chain modification using NFV is an integral part of increasing network agility (and therefore business service agility).
SDN can improve network security by providing basic (typically layer 2-4) packet filtering at network ingress and throughout the network thus reducing the amount of undesirable traffic entering and traversing the network. Similarly with the ability to dynamically modify service chains and network connectivity it is easier to insert a physical or virtual firewall / IDS / IPS into a network path or orchestrate packet captures and flow analyses. With more dynamic (and therefore more up to date) security policies and RBAC there will be less scope for security and resource allocation loopholes to occur.