Computer equipment is increasingly available in the factory with high-speed 2.5G, 5G and even 10G network cards and wireless WiFi modules 5, 6 and 6E. In order to take advantage of the ego’s communication capabilities, the company must develop an appropriate infrastructure. Effective management of a large network can be problematic. SDN comes to the rescue.
SDN (Software Defined Network) technology, ie software-managed networks or, as they are often referred to, programmable computer networks, is a LAN / WLAN network management concept that consists of disconnecting the physical network infrastructure from the network for data transmission. the software layer that controls its operation. Thanks to this, it is possible to manage the network from the center without taking into account the physical structure. In other words, an administrator can manage many infrastructure elements as a device, such as routers, access points, switches, and firewalls. Data transmission is managed at the level of an abstract, global corporate network, which does not belong to individual devices. The OpenFlow protocol is the most common, but is always used to manage such a network.
SDx – The software defines everything
Are the future of IT infrastructure management software-driven solutions? Recently, we often hear about SD-WAN, SASE, Zero Trust Access Network, SDN, SD-LAN. These abbreviations refer to solutions that allow software to manage IT infrastructure. It seems that they will soon dominate the implementation of WANs, remote access to corporate resources for employees, management of LAN or WI-FI networks. Why does technology use SDx solutions so extensively, and why are these solutions so useful in building modern IT infrastructure?
There is no single simple answer to this question, as these solutions cover many aspects of infrastructure implementation and management. However, five key elements need to be noted. They are: 1.) integration of many functions in one solution; 2.) flexible approach to execution and configuration; 3.) simplification of hardware infrastructure; 4.) try to provide maximum protection no matter how we access the network; 5.) continuous development of technology to meet the needs of the most demanding customers. It should be noted that the integration of many functions in one solution allows you to manage the entire IT infrastructure from one place, which not only simplifies control, but also allows its integration.
SDx solutions make application and configuration more flexible, and most importantly, they can be implemented faster (for example, by using templates to configure multiple devices at the same time). Simplifying the network architecture and creating routing and security elements such as NGFW or UTM on a single device, and even reducing the number of devices by allowing this device to be viewed as a gateway for remote access to employees, can reduce costs. network installation and maintenance. Security is another important element in the development of SDx solutions. Regardless of how the company’s resources are accessed by the branch, information center, remote employee or partners or even customers, they must always provide the highest level of protection. The ability to combine security policies for as many devices and users as possible significantly increases the level of resource protection.
It should be noted that SDx solutions are constantly evolving. Until recently, SD-WAN networks were their main element, and today more attention is paid to SASE solutions. Of course, SD-WAN still plays a very important role in them, but these solutions only apply to a wider area of IT infrastructure than the WAN network. There will be those who claim that such rapid changes are not useful, because technology must “warm up” and take time to stabilize. It seems that this approach to technological applications will never return due to the very dynamic changes taking place both in business and in our daily lives.
The SDN concept is designed to solve the problems associated with the configuration of a large number of network devices. The static architecture of traditional networks is decentralized and complex, whereas in the age of virtualization and cloud systems, the company’s network is required to be more flexible and easy to solve. SDN centralizes “network intelligence” in a single element, separating the network packet routing process (data layer) from the routing process (management layer). The control plane consists of one or more controllers – they can be considered the brains of the SDN network, where all the intelligence is concentrated.
What SDN gives
When using a programmable computer network, the hardware layer must still exist and work. This is where physical network traffic occurs physically, ie all data packets are processed and routed. On the other hand, the level of management of network functions is transferred to the software. In the control layer, you define how the hardware layer works. At the hardware level, we only need agents to form the interface between the hardware and the network brain, the SDN controller.
In addition, network devices compatible with the OpenFlow protocol allow you to configure the virtual network topology, connections and data transmission paths. Thus, the quality of service is very easy to manage. As a result, the network runs smoothly and uses more of the available resources, which eliminates the need to purchase new devices that are rarely used. Many network devices currently available on the market can run so-called hybrid devices. They support classic packet switching and routing functions and accept commands from the OpenFlow controller.
What does it do in practice? First of all, it is very easy to manage the entire corporate, extensive infrastructure, even in different places. The administrator does not have to worry about having to configure each device separately, go to several routers scattered around different buildings each time, or connect remotely with dozens or more keys to tiringly repeat the same configuration process several times with the same settings. In an SDN network, using a single panel, it defines firewall rules, transitions, or user permissions only once on a virtual, single network device.
SDN technology itself will automatically check them using agents and replicate them to all devices on the network to achieve the desired effect. This not only saves time required to configure individual devices, but also eliminates the possibility of human errors or even parameter overrides in the configuration of one or two devices, which will increase network security. The administrator can also see the operation of the entire network, which allows him to make better decisions, such as load balancing and proper distribution of network traffic.
The potential of a programmable computer network is great. It allows you to transform the network into an IT environment that can meet all business expectations very quickly, while reducing the likelihood of bottlenecks in data transmission. As a rule, the introduction of new networking functions required by the company is time consuming and sometimes requires significant financial costs. The problem is further complicated when many vendors use different infrastructures.
Thanks to the SDN, the application of the new functionality is less complicated and can often be done without the need to purchase new equipment – it is also able to place physical keys where they are most needed. The programming potential also makes it easier to automate network functions, which reduces operating costs associated with IT infrastructure. As automation eliminates the human factor at many points, errors and downtime are reduced.
It is important to note that network administrators in SDN solutions receive complete information about its topology at any time, which allows for better and more automatic distribution of network traffic, especially during periods of increased data transfer, such as backups. The bottom line is that SDNs help reduce operating costs and capital costs.
Organization of SDN network
But what if the company has several SDN networks, ie several different, independent and often incompatible control planes? We can deal with this situation when there are large server rooms and data centers, or when a company has several server rooms scattered in different places. In this case, you need a so-called SDN network orchestra, ie software that coordinates the work of SDN controllers.
In SDN solutions, network administrators receive complete information about its topology at any time, which allows for better and more automatic distribution of network traffic, especially during periods of increased data transfer. SDNs help reduce operating costs and capital costs.
The role of the orchestra is to communicate with various types of local SDN controllers that monitor the operation of individual networks in server rooms or local data centers. It allows duplication of rules on separate networks, allows the exchange of security configuration information, and integrates locally distributed SDN networks into a single corporate body. There are currently several Open Source SDN orchestration solutions on the market, for example: openMANO, OPNFV, ONAP and OpenContrail. There are also commercial solutions such as Comarch OSS or Inmanta Service Orchestrator.
Currently, LAN networks alone cannot be controlled by software. SD-WAN (Software-Defined Wide Area Network) is a network designed to provide a centralized connection between a company’s head office and its branches, data centers, and cloud services. With SD-WAN solutions, you can diagnose and track access policies, security and quality of application traffic, Internet connections, and VPN connections between individual locations, and manage them from one location.
The SD-WAN architecture allows the company to add another Internet connection to existing connections and then optimize it through intelligent routing. SD-WAN also provides extensive traffic control, including optimization of routing schemes for key applications, depending on business priorities, bandwidth requirements, or latency sensitivity, which are important from a business perspective. Thus, traffic is sent through a link that has the best settings for a particular application. In SD-WAN networks, as in SDN networks, it is possible to balance the load, as well as compress and buffer traffic.
SD-WAN solutions are often offered as a service by telecommunications operators. For example, T-Mobile. The system of this operator is characterized by advanced security mechanisms included in all solutions, extensive data analytics that allow the analysis of network quality parameters and the ability to fully integrate with the existing MPLS (Multiprotocol Label Switching) network, ie. applied packet routing techniques using labels and different types of connections. The service offered by T-Mobile minimizes concerns about the use of WAN in traditional technology – lack of access optimization, difficulties in implementing security procedures, integration with cloud resources and flexibility.
Unfortunately, it should be noted that many companies do not pay attention to the fact that the SD-WAN network allows us to build a wide area network that will be integrated with the public clouds of different providers. This way, you get the full flexibility to connect any corporate user to any app in any cloud.