SDN is sitting at the peak of it’s hype cycle (at least I hope it’s the peak.) Every vendor has a definition and a plan. Most of those definitions and plans focus around protecting their existing offerings and morphing those into some type of SDN vision. Products and entire companies have changed their branding from whatever they were to SDN and the markets flooded with SDN solutions that solve very different problems. This post will take a deep dive into the concepts around SDN and the considerations of a complete solution. As always with my posts this is focused on the data center network, because I can barely spell WAN, have never spent time on a campus and have no idea what magic it is that service providers do.
The first question anyone considering SDN solutions needs to ask is: What problem(s) am I trying to solve. Start with the business drivers for the decision. There are many that SDN solutions look to solve, a few examples are:
- Faster response to business demands for new tenants, services and applications.
- More intelligent configuration of network services such as load balancers, firewalls etc. The ability to dynamically map application tiers to required services.
- Reductions in cost i.e. CapEx via enabling purchase of lower cost infrastructure and OpEx via reducing administrative overhead of device centric configuration.
- Ability to create new revenue streams via more intelligent network service offerings.
- Reduction in lock-in from proprietary systems.
- Better network integration with cloud management systems and orchestration tools.
- Better network efficiency through closer match of network resources to application demands.
That leaves a lot of areas with room for improvement in order to accomplish those tasks. That’s one of the reasons the definition is so loose and applied to such disparate technologies. In order to keep the definition generic enough to encompass a complete solution there are three major characteristics I prefer for defining an SDN architecture:
- Flow Management – The ability to define flows across the network based on characteristics of the flow in a centralized fashion.
- Dynamic Scalability – Providing a network that can scale beyond the capabilities of traditional tools and do so in a fluid fashion.
- Programmability – The ability for the functionality provided by the network to be configured programmatically typically via APIs.
The Complete Picture:
In looking for a complete solution for Software Defined data center network it’s important to assess all aspects required to deliver cohesive network services and packet delivery:
- Packet delivery – routing/switching as required. Considerations such as requirements for bridging semantics (flooding, broadcast), bandwidth, multi-pathing etc.
- L4-L7 service integration – The ability to map application tiers to required network services such as load-balancers and firewalls.
- Virtual network integration – Virtual switching support for your chosen hypervisor(s). This will be more complex in multi-hypervisor environments.
- Physical network integration – Integration with bare-metal servers, standalone appliances, network storage and existing infrastructure.
- Physical management – The management of the physical network nodes, required configuration of ports, VLANs, routes, etc.
- Scalability – Ability to scale application or customer tenancy beyond the 4000 VLAN limit.
- Flow management – The ability to program network policy from a global perspective.
Depending on your overall goals you may not have requirements in each of these areas but you’ll want to analyze that carefully based on growth expectations. Don’t run your data center like congress kicking the can (problem) down the road. The graphic below shows the various layers to be considered when looking at SDN solutions.
The current options for SDN typically provide solutions for one or more of these issues but not all. The chart below takes a look at some popular options.
Bare Metal Support
Physical Network Node MGMT
|Nicira/VMware||X||3rd Party||*||X||*||X||3rd Party||X|
X = Support
There are several management models to choose from and two examples in the choices I compared above. OpenFlow uses a centralized top down approach with the controller pushing flows to all network elements and handling policy for new flows forwarded from those devices. The Nicira/VMware solution uses the same model as OpenFlow. Midokura on the other hand takes a play from distributed systems and pushes intelligence to the edges in that fashion. Each model offers various pros/cons and will play a major role in the scale and resiliency of your SDN deployment.
The Northbound API is different than the device APIs mentioned below. This API opens the management of your SDN solution as whole up to higher level systems. Chances are you’re planning to plug your infrastructure into an automation/orchestration solution or cloud platform. In order to do this you’ll want a robust northbound API for your infrastructure components, in this case your SDN architecture. If you have these systems in place, or have already picked your horse you’ll want to ensure compatibility with the SDN architectures you consider. Not all APIs are created equal, and they are far from standardized so you’ll want to know exactly what you’re getting from a functionality perspective and ensure the claims match your upper layer systems needs.
There are several other considerations which will effect both the options chosen and the architecture used some of those:
- How are flows distributed?
- How are unknown flows handled?
- How are new end points discovered?
- How are required behaviors of bridging handled?
- How are bad behaviors of bridging minimized (BUM traffic)?
- What happens during controller failure scenarios?
- What is the max theoretical/practical scalability?
- Does that scale apply globally, i.e. physical and virtual switches etc.?
- What new security concerns (if any) may be introduced?
- What are the requirements of the IP network (multicast, etc.)
- How is multi-tenancy handled?
- What is the feature disparity between virtualized and physical implementation?
- How does it integrate with existing systems/services?
- How is traffic load balanced?
- How is QoS provided?
- How are software/firmware upgrades handled?
- What is the disparity between the software implementation and the hardware capabilities, for example OpenFlow on physical switches?
SDN should be putting the application back in focus and providing tools for more robust and rapid application deployment/change. In order to effectively do this an SDN architecture should provide functionality for the full life of the packet on the data center network. The architecture should also provide tools for the scale you forecast as you grow. Because of the nature of the ecosystem you may find more robust deployment options the more standardized your environment is (I’ve written about standardization several times in the past for example:http://www.networkcomputing.com/private-cloud-tech-center/private-cloud-success-factor-standardiza/231500532 .) You can see examples of this in the hypervisor support shown in the chart above.
While solutions exist for specific business use cases the market is far from mature. Products will evolve and as lessons are learned and roadmaps executed we’ll see more robust solutions emerge. In the interim choose technologies that meet your specific business drivers and deploy them in environments with the largest chance of success, low hanging fruit. It’s prudent to move into network virtualization in the same fashion you moved into server virtualization, with a staged approach.