SDN Software Defined Networking The Evolution of the Network



Similar documents
Software Defined Networking (SDN)

Software-Defined Networking. Starla Wachsmann. University Of North Texas

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.

Leveraging SDN and NFV in the WAN

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

SDN/Virtualization and Cloud Computing

White Paper. SDN 101: An Introduction to Software Defined Networking. citrix.com

How OpenFlow -Based SDN Transforms Private Cloud. ONF Solution Brief November 27, 2012

CENTER I S Y O U R D ATA

SDN and NFV in the WAN

Software Defined Networking (SDN) Solutions, Market Opportunities and Forecast

What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates

A Look at the New Converged Data Center

EBOOK. Software Defined Networking (SDN)

SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

I D C T E C H N O L O G Y S P O T L I G H T

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

The Mandate for a Highly Automated IT Function

Network Virtualization Solutions

WHITE PAPER. Data Center Fabrics. Why the Right Choice is so Important to Your Business

SOFTWARE-DEFINED NETWORKS

Why Software Defined Networking (SDN)? Boyan Sotirov

How the Emergence of OpenFlow and SDN will Change the Networking Landscape

Virtualization: The entire suite of communication services can be deployed in a virtualized environment 2.

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Securing the Virtualized Data Center With Next-Generation Firewalls

Data Center Network Evolution: Increase the Value of IT in Your Organization

How do software-defined networks enhance the value of converged infrastructures?

SDN Software Defined Networks

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Boosting Business Agility through Software-defined Networking

IT Infrastructure Services. White Paper. Utilizing Software Defined Network to Ensure Agility in IT Service Delivery

U s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase

How the emergence of OpenFlow and SDN will change the networking landscape

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Session Border Controllers in the Cloud

Optimizing Data Center Networks for Cloud Computing

Networks that know data center virtualization

Software-Based Session Border Controllers are Critical to the Evolution of Communications

Networks that virtualization

Getting on the Path to SDN:

Simplifying Data Data Center Center Network Management Leveraging SDN SDN

OpenFlow -Enabled Cloud Backbone Networks Create Global Provider Data Centers. ONF Solution Brief November 14, 2012

White Paper. BTI Intelligent Cloud Connect. Unblocking the Cloud Connectivity Bottleneck. btisystems.com

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

I D C M A R K E T S P O T L I G H T

VIRTUALIZING THE EDGE

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

THE SDN TRANSFORMATION A Framework for Sustainable Success

FNT EXPERT PAPER. // From Cable to Service AUTOR. Data Center Infrastructure Management (DCIM)

Virtualization, SDN and NFV

What Can SDN Do for the Enterprise?

Wedge Networks: Transparent Service Insertion in SDNs Using OpenFlow

The Promise and the Reality of a Software Defined Data Center

The rise of the hybrid network model

ADVANCED SECURITY MECHANISMS TO PROTECT ASSETS AND NETWORKS: SOFTWARE-DEFINED SECURITY

Agility has become a key initiative for business leaders. Companies need the capability

Enterprise Data Center Networks

Cloud Computing, Virtualization & Green IT

Software-Defined Networking: The New Norm for Networks. ONF White Paper April 13, 2012

Making the Case for Open Source Controllers

Designing Virtual Network Security Architectures Dave Shackleford

Mock RFI for Enterprise SDN Solutions

Virtual Infrastructure Creates Communications Agility

A Software-Defined WAN Is a Business Imperative

Ensuring end-user quality in NFV-based infrastructures

IBM Global Technology Services March Virtualization for disaster recovery: areas of focus and consideration.

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

Cloud, SDN and the Evolution of

The Many Faces of SDN: An Industry Perspective

Software Defined Data Center An Implementation view

How OpenFlow-based SDN can increase network security

Cloud-ready network architecture

Carrier/WAN SDN. SDN Optimized MPLS Demo

Center SDN & NFV. Modern Data IN THE

Data Center Technologies

software networking Jithesh TJ, Santhosh Karipur QuEST Global

Application Performance Management

RIDE THE SDN AND CLOUD WAVE WITH CONTRAIL

Software Defined Networking Goes Well Beyond the Data Center

Software-Defined Storage: What it Means for the IT Practitioner WHITE PAPER

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

The Evolution of the Central Office

Networking in the Age of Cloud Computing

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Fabrics that Fit Matching the Network to Today s Data Center Traffic Conditions

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

Unified Communications and the Cloud

Driving SDN Adoption in Service Provider Networks

Ensuring end-user quality in NFV-based infrastructure

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Virtualizing the SAN with Software Defined Storage Networks

SOFTWARE DEFINED NETWORKING

How the Software-Defined Data Center Is Transforming End User Computing

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

SDN Services at the Customer Edge

Transcription:

A Member of OneBeacon Insurance Group SDN Software Defined Networking The Evolution of the Network Author: Tushar Nandwana, Risk Control Technology Segment Manager Published: August 2014 Executive Summary Software Defined Networking or SDN is an emerging technology that allows for more granular control over a network s data traffic streams As this cutting-edge technology is expected to be adopted industry-wide within several years, understanding this technology and its importance to information technology ( IT ) functions is critical SDN provides vast benefits to IT, and with its anticipated exponential growth, businesses are expected to increase their IT spending to incorporate this technology To support this networking paradigm shift, new startups, as well as existing firms will enter this market to provide products and associated services to implement and manage SDN As an emerging technology, growth forecasts vary greatly, ranging from $37 billion in 2016 (IDC) 1 to $31 billion in 2017 (Infonetics) 2 to $541 billion in 2018 (Research and Markets) 3 to a lofty $35 billion by 2018 (SDNCentral) 4 Revenues from SDN-type products were estimated at $360 million in 2013 5, while the number of firms specializing in SDN has gone from zero in 2009 to 225 in 2013 6 This paper provides an overview of SDN, including what makes it so significant, defines important associated terms, applications and uses, and reviews its benefits and risks The goal is to enable the reader to understand this complex technology, ascertain risks and controls, and have greater confidence when prospecting or working with clients in this space What is it? In its simplest form, SDN can be thought of as pulling the intelligence away from your networking hardware and centralizing it Networking hardware consists generally of routers and switches that manage the flow of data across the network It is making the networking equipment dumber but then creating a centralized control management system that makes the network as a whole far more intelligent SDN is about separating the control plane from the data or forwarding plane and then centralizing the control plane Data or Forwarding Plane Within a switch or a router, this moves or forwards an incoming data packet from point A to point B This would be analogous to streets carrying vehicles where the automobile traffic represents the data traffic flow Within the SDN framework, a router/switch would have minimal intelligence It would be a dumb device waiting for the control plane to configure it on the fly Control Plane This is the intelligence component of the router/switch that will be centrally managed when SDN is deployed Using the street traffic analogy, it functions as the traffic cop or street light that directs traffic (data traffic) flow This set of management services allows IT to control and manage all of the SDN enabled routers/switches in the network Control can be performed manually by IT staff, based on established rules or programmatically through system awareness 1

Evolution of Virtualization SDN is the next phase of virtualization and to better understand its evolutionary process, a short history lesson in virtualization is helpful This is summarized below and also explained in this YouTube video 7 Data Storage (SANS) - About 15-20 years ago, the computer was a box that held everything - the power supply, processor, hard drive data storage, memory, etc However, if something failed within the box, such as its power supply or hard drive, data access was unavailable and total data loss a real possibility SANS (storage area networks) were created as one way to counter this The hard drives were pulled out of the box and separated from the servers that controlled them The individual drives were now in rack configurations with several dozen drives per rack A file could be stored over multiple drives in multiple SAN racks, while centralized management software monitored, managed and indexed the data Users access the SAN over a network to retrieve, store and delete their data without realizing that their data is being stored in multiple places The centralized system allowed IT to balance the load on the SANs and manage backup procedures, making the system more efficient and resilient Physical Servers After data storage, the next step was the evolution of the physical server device Historically, the operating system and all applications resided on a single physical server However, this became highly inefficient because the servers were not always in use; in fact they were spending much of the time idle Virtualization software was developed and enabled multiple virtual machines ( VMs ) to be run or instanced on a single physical server A single physical server could now host many VMs with multiple operating systems and different applications stored in these at any given time, allowing multiple users to access and efficiently use the server A centralized softwarebased management system controls the creation (aka spawning) and deletion of the VM instances They could be spawned when needed for a workflow and deleted thereafter The operating system and applications were now independent of the physical server In this case, intelligence associated with the physical server was removed, and the control system was centralized Like the SAN example, this allowed IT to centrally manage racks of servers and use its resources more efficiently As noted in these two examples, intelligence was separated from the underlying hardware device and a centralized system was created to control it However, networks themselves (the systems that route the data between devices) continued to get bigger, faster and better but didn t evolve as there was no compelling reason for networks to become more efficient However due to the recent advent of cloud-based services, a viable reason now exists SDN is the next evolutionary step for networking Data Prioritization Network routers and switches are intelligent, meaning they can be programmed to manage the flow of data to prioritize data flow based on data type, users, application or other requirements Why is prioritization important? Real-time communications data flow such as VoIP phone calls, streaming movies or IP-based video (TV, security cameras) require that the data packets travels from point A to B as quickly as possible with minimal jitter Jitter is a variation in the delay present between packets in such communication If the delay is too large, packets may be dropped and affect the clarity of the communication Any delays would cause a disruption in the communication or viewing Another example includes certain applications that are time-sensitive such as those dealing with real-time financial or e- commerce data Data from such applications would have greater priority than other applications 2

On the other hand, file data such as emails, photos, etc is not real time and would have less priority These different priority levels are configured by IT into every router and switch within the network, allowing the network to operate efficiently and provide optimum service Static vs Dynamic Data Traffic and Networks Data traffic flow within a network has always been important, but it became more so with the changes in traffic patterns Data traffic has evolved from being static to being more dynamic In the 90s data traffic was primarily files (email, video, application-based) and the architecture was client-server based Data generally flowed in a north-south pattern meaning that data traveled from the client (individual office PCs) up to a server at the data center or via the Internet and back down There was a certain level of homogeneity to the data and IT configured network devices to efficiently route such traffic In the mid-2000s, the advent of VoIP, other IP-based data (YouTube, Skype, security) added the element of real-time traffic Since 2010, with the distribution of databases across servers, use of VMs and cloudbased storage or processing, data center traffic now flows in the east-west and northsouth directions East-west means traffic between machines such as across servers/vms in a data center or across multiple data centers Users are changing network traffic patterns as they push for access to corporate content and applications from any type of device (including their own), connecting from anywhere, at any time 8 The significant rise in cloudbased services and big data requires more bandwidth 9 and results in significantly more traffic Data traffic flow now is quite dynamic and looks significantly different than data from the 1990s The current routers and switches were designed for static data traffic and had static network architecture Although they are configurable, they cannot be configured dynamically or on a real-time basis; it requires manual adjustments With the new shift in computing workloads and data traffic, the routers and switches need the flexibility for dynamic configuration on a real-time basis The current antiquated architecture needs to be overhauled, opening the door for SDN What does SDN look like & Who are the players? SDN is both a hardware and software solution OpenFlow is an open communication protocol that was developed through the Open Networking Foundation (ONF) and its member companies The physical routers and switches need to be SDN-enabled in order to work with an OpenFlow-based controller OpenFlow-based controllers generally consist of a physical or virtual server with specialized software As this is an emerging technology, there are a few established providers and numerous startups offering partial to complete SDN solutions The established firms have an edge on the startups and it is likely that in the next few years, consolidation will occur in the SDN market, and only a few firms will emerge as key players Some of the established firms include familiar brands, such as Cisco, VMWare, Hewlett Packard, Juniper, IBM and others Some startups include Nuage, PlumGRID, Midokura, Plexxi, and others Many offer solutions using the ONF s OpenFlow protocol while a few offer proprietary or hybrid solutions 3

Key Customers & Applications Benefits for the Enterprise IT Enterprises that have dynamic large data traffic flows will be the first to embrace SDN as their new networking architecture, driven by the opportunity for efficiency both performance and cost-based These include data centers, cloud service providers and very large enterprises that have vast networks, and industries including banking/finance, government, telecommunications, IT services and education The benefits of incorporating SDN architecture for an enterprise network are substantial These include: Programmatic control enabling real time changes The centralized control panel can be programmed to alter data traffic prioritization levels and other aspects of specific routers and switches on a real-time basis This can be done centrally either by IT or through automatic rules set to handle these tasks The automatic rules can centrally configure the network devices on a real-time basis, based on traffic flow and demand This allows for more efficient use of bandwidth, better data flow, better end-user experience, support of business needs, and a more resilient network Efficiency and lower long-term costs The centralized system allows IT to collectively configure and control the entire group or subset of routers/switches With the prior architecture, each router has to be configured individually making it quite arduous SDN is more efficient at utilizing bandwidth and thereby allows IT to squeeze more performance from existing equipment, thereby reducing additional capital expenditures Centralized control of multi-vendor environments If a network device is OpenFlowenabled it allows the SDN control software to manage all such devices regardless of vendor IT is able to quickly deploy and configure OpenFlow enabled devices across the entire network Agility and flexibility 10 SDN allows IT to easily deploy new applications and services enabling the enterprise to initiate new business processes This can be done centrally, eliminating the need for IT reconfiguration of individual devices on the network Increased network reliability and security The centralized approach allows IT to maintain consistent policies across all network hardware Updates can be applied readily to affected devices They can also apply policies to individual devices, users, applications, etc Data traffic management This approach enable managing peak traffic ebbs and flows on a real-time basis Risk & Issues With all technologies, there will be issues that affect how quickly it is adopted Additionally, there are new risks created by this new technology A few are discussed below: New hardware To achieve the benefits of OpenFlow and SDN, the network hardware has to be SDN-enabled The OpenFlow controller can manage only those devices that are OpenFlow-enabled, meaning that an organization must buy new hardware to realize the benefit of SDN This may present a significant capital expenditure, although, it can be managed if the enterprise phases in the introduction of new networking by creating a hybrid network (SDN and non-sdn enabled) in the interim This can be done as part of the natural network replacement cycle to replace aging equipment The initial shortterm cost can also be tempered against the long-term benefit of this system Security Concerns With all of the network controls centralized into one server, the entire network could be greatly susceptible if someone were to hack or upload malware 4

to the control plane server IT must take great care in adequately securing this critical piece of hardware The ONF has identified two basic SDN security issues 11 : o o o The centralized controller emerges as a potential single point of attack and failure that must be protected from threats This is a highly unique threat because traditional network management tools didn t give you the flexibility to dynamically change the behavior of a network on a node-by-node basis 12 With centralized control, all of the eggs are in one basket If a third-party gains control of the controller, they could cause havoc with much of the network The southbound interface between the controller and underlying networking devices (that is, OpenFlow), is vulnerable to threats that could degrade the availability, performance, and integrity of the network As a mitigating factor, OpenFlow does specify the use of TLS (transport layer security) which supports authentication and encryption to secure the connection between the controller and network devices However, IT should verify authentication and encryption controls have been implemented appropriately There could be a targeted DDOS attack against this dedicated controller server which prevents it from carrying out its function and impacting the underlying network Hackers might target controllers, switches or even virtual switches with denial-of-service attacks 13 A compromised or hijacked controller could direct data flows to an outside, third party Controller failure With a centralized controller, what happens if there is hardware failure or software corruption? What are the ramifications to the network if the controller does fail? Data traffic would continue to flow per the most recent configuration and the network will remain viable However, given enough time, the lack of a controller would affect traffic flow and negatively impact the network s performance On the plus side, once the controller is reinitiated, the flow of data can be synchronized ONF does recommend having more than one control server to guard specifically against such failure Conclusion SDN is fairly new and large volume implementations are two to three years in the future Furthermore, there are currently various flavors of SDN (OpenFlow, proprietary and hybrid) but over time there will likely be more standardization There are security concerns and uncertainties with SDN and these will need to be adequately addressed However, based on the important productivity and economic benefits that SDN can provide to enterprises and IT departments, it is clearly an emerging technology with enormous potential that will see significant growth in the future Growth in the market will result in additional vendors, including startups, entering this highly lucrative space, ultimately providing even more benefits than those anticipated at this stage Contact Us To learn more about how OneBeacon Technology Insurance can help you manage online and other technology risks, please contact Lloyd Takata, EVP of OneBeacon Technology Insurance at ltakata@onebeacontechcom or 9528526028 5

References 1 Duffy, Jim (November 12, 2013) SDDCs doubling every year Networkworld Accessed May 2014 http://wwwnetworkworldcom/community/blog/sddcs-doubling-every-year 2 Grossner, Clifford (December 9, 2013) 2014 Market size and forecast Infonetics Accessed May 2014 http://wwwinfoneticscom/pr/2013/data-center-and-sdn-market- Highlightsasp 3 Ibid 1 4 Palmer, Matthew (April 24, 2013) Infographic: SDN market size to reach $35billion by 2018 SDNCentral Accessed May 2014 http://wwwsdncentralcom/infographic-sdnmarket-to-reach-35b-by-2018/ 5 Ibid 1 6 Ibid 4 7 YouTube Video on Introduction to SDN - http://wwwyoutubecom/watch?v=2bjyiiiyu8e 8 Open Networking Foundation (April 13, 2012) Software-Defined Networking: The New Norms for Networks Accessed May 2014 Page 3 https://wwwopennetworkingorg/images/stories/downloads/sdn-resources/whitepapers/wp-sdn-newnormpdf 9 Ibid 9, page 4 10 http://wwwsdncentralcom/what-the-definition-of-software-defined-networking-sdn/ 11 Open Networking Foundation (October 8, 2013) SDN Security Consideration in the Data Center Accessed May 2014 https://wwwopennetworkingorg/images/stories/downloads/sdn-resources/solutionbriefs/sb-security-data-centerpdf 12 McGillicuddy, Shamus (February 14, 2014) SDN security issues: How secure is the SDN stack? TechTarget Accessed May 2014 http://searchsdntechtargetcom/news/2240214438/sdn-security-issues-how-secure-isthe-sdn-stack 13 Ibid 12 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information