SDN and SD-WAN
Never before in my decades of studying and teaching computer networking have I seen more fear from students regarding the elimination of their jobs due to automation and cutting-edge technologies. In this author’s opinion, artificial intelligence (AI) and computers are not going to be eliminating the need for you (a human) in the network any time soon. While software-defined networking (SDN) allows you to add more and more automation and orchestration to a network, there will still be a need for you and your skills.
Software-Defined Networking (SDN)
Software-defined networking, which has been around for a very long time, is making a huge resurgence and being implemented in many parts of large and small networks today. For example, consider your wireless LAN. Perhaps you are using lightweight access points and wireless LAN controllers (WLCs). If so, you are seeing a very strict separation of the data, management, and control planes. The WLC is the primary control plane intelligence of the solution. (The specific SDN planes of operation are covered in more detail later in this chapter.)
SDN is changing the landscape of traditional networks. A well-implemented software-defined network allows the administrator to implement features, functions, and configurations without the need to do command-line configuration on the individual network devices. The front end that the administrator interfaces with can alert the administrator to what the network is currently doing, and then, through that same graphical user interface, the administrator can indicate what he or she wants done; behind the scenes, the software-defined network implements the detailed configurations across multiple network devices.
A key component in most software-defined networking solutions is an SDN controller. This appliance-based device is responsible for distributing control plane instructions to network devices downstream for configuration and management.
While many different approaches can be taken to SDN, almost everyone agrees that the best strategy is to separate the network into different discrete planes or layers of operation:
Application plane: This is where all the technology that involves the applications resides. Today, it is not uncommon for an application to be powered by tiny microservices running as containers in a heavily virtualized cloud environment. But of course, there are plenty of other options for powering this layer. Many of them can even be much more traditional.
Control plane: Although this layer of operation is often described as the “brains” of the operation, you are still the true brains of the operation. In fact, you are likely to use a “single pane of glass” solution that provides the correct application programming interface (API) calls to the controller. The controller turns these API commands into calls to the network devices in order to monitor or configure them properly. The API calls from you to the controller are referred to as northbound operations, and the commands from the controller to the network devices are referred to as southbound operations. The controller is always considered to be in the middle. Examples of control layer functions include routing and switching intelligence, and common control layer protocols include Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), and Rapid Spanning Tree Protocol (RSTP).
Data plane: The data plane (sometimes called the infrastructure plane) contains the hardware and software that power the enterprise. In it, you often find legacy and dated technologies. This infrastructure is now being controlled in a new and exciting way.
Management plane: It is necessary to perform a lot of routine maintenance in a network, and the management plane is for these “boring” tasks. The management plane allows administrators to see their devices and traffic flows and react as needed to manage data plane behavior. This can be done automatically through configuration apps that can, for example, add more bandwidth if it looks as if edge components are getting congested. Note that the management plane manages and monitors processes across all layers of the network stack.
All the layers of operation are critically important, and each plays an important role. The layers of operation work seamlessly together as one to get the various jobs done. Figure 8-1 shows these commonly defined planes of operations with software-defined networking.
)
Figure 8-1 Software-Defined Networking
Software-Defined Wide Area Network (SD-WAN)
For many years, new technologies and improvements have been made in local area networks (LANs). Sadly, there were not many innovations in a very important part of the network—the wide area network (WAN). Thanks to software-defined networking improvements, we now have a celebrated and popular new improvement called the software-defined wide area network (SD-WAN).
The SD-WAN is a transformative approach to managing and optimizing wide area networks. Unlike traditional WANs, which rely on proprietary hardware and inflexible connectivity options, SD-WAN utilizes software-defined networking principles to create a more adaptable and efficient network infrastructure. SD-WAN abstracts the network layer from the hardware, enabling centralized control and dynamic management of network traffic across multiple connection types, such as broadband, Multiprotocol Label Switching (MPLS), Long-Term Evolution (LTE), and more. This abstraction enhances performance, reduces costs, and improves overall agility, making it particularly valuable for enterprises with distributed branch locations.
One of the key features of SD-WAN is its application awareness. This capability allows the network to identify and prioritize traffic based on the application, ensuring that critical applications, such as video conferencing and VoIP, receive the necessary bandwidth and low latency for optimal performance. Application awareness in SD-WAN is achieved through deep packet inspection and real-time analytics, which categorize and manage traffic flows according to predefined policies. This feature not only improves the quality of experience for end users but also enhances overall network efficiency by intelligently routing traffic based on application requirements and current network conditions.
Zero-touch provisioning (ZTP) is another significant feature of SD-WAN, simplifying the deployment and management of network devices. With ZTP, network administrators can configure and deploy new branch devices without manual intervention. This process typically involves shipping a preconfigured device to a location, where it automatically connects to the SD-WAN controller, downloads its configuration, and becomes operational with minimal human involvement. ZTP significantly reduces deployment time and operational costs, enabling rapid scaling of the network to meet the needs of growing businesses and facilitating easier maintenance and updates.
SD-WAN is designed to be transport agnostic, meaning it can leverage any available connectivity option, such as broadband, MPLS, LTE, or even satellite links. This flexibility allows organizations to choose the most cost-effective and efficient connectivity for each location, without being tied to a specific provider or technology. Transport agnosticism enhances the resilience and redundancy of the network, as SD-WAN can dynamically route traffic across multiple links to maintain performance and availability, even in the event of a link failure or degradation.
Central policy management is a cornerstone of SD-WAN architecture, providing a unified platform for defining and enforcing network policies across all connected devices and locations. Through a centralized management console, administrators can easily set rules for traffic prioritization, security, and compliance, ensuring consistent policy application throughout the network. This centralized approach simplifies network management, improves security by standardizing configurations, and enables quick adjustments to network policies in response to changing business needs or threats. Central policy management also allows for real-time monitoring and analytics, providing valuable insights into network performance and usage.