In the traditional datacenter (the one I “grew up in”) network services were provided by specific physical devices such as routers, switches, and firewalls. Each of these physical boxes was expensive, complex, and an obvious physical fixture in the datacenter or wiring closet. I dreamed that, one day, perhaps I could have my own switch or router at home to play with. We budgeted tens of thousands of dollars and waited all year long, just hoping that a new firewall might be approved (as if we were waiting for Santa). Once we got the money to buy a new device like a firewall, we might pay someone thousands of dollars to configure it for us and we might attend a class to learn how to use it.
Times have changed. Networking doesn’t have to be so expensive or complex. There are fewer network devices in the datacenter. Now, the network is in the software. Let me explain.
Where Did the Network Go?
With hardware getting more and more powerful, it’s capable of doing more than in the past. For example, a single physical server with a quad core Intel CPU and 8GB of RAM has many times more power than older routers that I used to use. Thus, newer faster hardware is a big reason that software-defined networking is now possible.
If you are familiar with how server virtualization and consolidation works, those concepts will help you to understand software-defined networking. With server virtualization, more and more physical servers are consolidated into very few (but very powerful) servers.
Very similar to server virtualization, SDN offers the ability to consolidate multiple network devices into a single physical piece of hardware. Thus, with SDN, the network just moved from multiple dedicated physical devices to very few powerful servers and it’s being run in software.
Besides faster hardware, SDN is also gaining popularity because organizations are demanding greater automation, multi-tenancy network flexibility, and centralized control.
In fact, SDN is fast becoming an important building block for public and private clouds. One of the exciting promises of cloud-based datacenter architectures is “agility” – the ability to quickly respond to business needs by deploying compute and storage capacity with a few mouse clicks. Until today, networking has been left behind – requiring a call to the networking team to reassign VLANs or even rack new gear and run cables – impairing the ability of IT to be responsive. Putting all the servers in one large group has turned out to be a bad idea – forgoing established security practices and creating a new set of networking problems. Emerging SDN products allow users to allocate groups of servers on-the-fly – an important advancement in the datacenter.
Traditionally the control plane of networking has been proprietary, resulting in datacenter environments that are unable to respond effectively to the dynamically changing needs of today’s cloud workloads. By enabling network control via software, SDN gives users the ability to configure and reconfigure their networks to match the changing requirements of their workloads, without compromising multi-tenant isolation and performance that would be expected from traditional networking.
Multiple Forms of Software-Defined Networking (SDN)
Software defined networking isn’t a totally new idea. In the past, SDN would have been called network virtualization. To me, SDN is really just a more advanced form of network virtualization. So, not only has the network been virtualized, that virtualized network can now be controlled using the software. The SDN also will offer the same advanced features found in the hardware network (switching, routing, QoS, etc) in the virtualized SDN.
For a comparison, VMware defined the “software defined data center” (SDDC) but it’s really a more advanced form of a virtual infrastructure (in the case of VMware, it would be powered by vSphere and the vCloud Suite).
SDN could be implemented in multiple forms by various products. Here are some of them:
- VMware vSphere distributed switch – in this form, SDN is possible by decoupling the control plane from the data plane. The networking data plane can be run on one server (forwarding packets) while the control plane (which is managing the network flow) can be run on another server. When this model is used, the control plane is usually centralized and managing tens or hundreds of data planes, being run across multiple servers. This model, as described, is used by the VMware vSphere Distributed switch.
- VMware vCNS – VMware’s vShield security product has been enhanced and renamed. It’s available in the new VMware vCloud networking and security. VMware says that vCNS enables the SDN. vCNS is included with the VMware vCloud Suite, which is VMware’s software-defined datacenter (SDDC). It offers firewalling and understands the virtual infrastructure. New secure networks can be brought up automatically for net vCloud tenants. vCNS is API-driven such that third-parties can write solutions utilizing vCNS. VXLAN, part of vCNS, can create layer 2 networks over layer 3 boundaries such that multiple public and private clouds can all be connected (and combined) into a single hybrid cloud.
- VMware’s Nicira– when VMware bought Nicira for $1.2B earlier this year, they ate the company that claims to have invented the term “software defined networking”. The founder of Nicira is Martin Casado who created OpenFlow (info below) and the open vSwitch. The Nicira product delivers SDN with a “network hypervisor”. Today, Nicira’s solution is only for the largest datacenters in the world but, now that VMware has their technology, we will likely see much more of Nicira’s SDN technology in future VMware products.
According to Nicira, there are 7 properties of network virtualization (which enables SDN):
Figure 1: Nicira’s 7 Properties of Network Virtualization
- OpenFlow– Created by Martin Casado of Nicira, OpenFlow is an open standard that enables researchers to run experimental protocols in campus networks. OpenFlow is added as a feature to commercial Ethernet switches, routers and wireless access points – and provides a standardized hook to allow researchers to run experiments, without requiring vendors to expose the internal workings of their network devices. OpenFlow is currently being implemented by major vendors, with OpenFlow-enabled switches now commercially available.
- Vyatta (now owned by Brocade) – Vyatta’s software-based networking and security solution provides routing and firewalling functions inside virtual machines. Vyatta removes the constraints of a fixed device with a finite, predetermined amount of physical ports and other resources and replaces it with the very scalable resources of a virtual infrastructure. Vyatta’s virtual router can be replicated and positioned where needed, avoiding network congestion due to unneeded trips out to a central router. Additionally, software-based virtual routers can provide significant savings over a large, proprietary router – leveraging the economies of the x86 architecture. Vyatta is working on a new, much more advanced, SDN solution called vPlane.
- Microsoft SDN – just as about every company says that their solution can help enable cloud computing, many companies also say that their solution can enable SDN. Microsoft too says that they have a solution for SDN and that’s available today in Windows Server 2012, System Center 2012, and Virtual Machine Manager. These brand-new solutions are exciting new ways to learn about SDN
Like the software-defined datacenter and the maturity of public cloud computing, SDN is a vision today but one that is necessary to fulfill SDDC and mature infrastructure cloud computing. Please understand that none of these solutions implement the perfect software-defined network today. Each of these solutions is in various stages of attempting to fulfill the SDN vision. These solutions will continue to innovate as quickly as possible so – stay tuned to the latest SDN news and keep learning about SDN! The future is bright!