SDN was one of the main topics of discussion at May's Interop conference, as it has been for several years. More network devices are shipping with support of the OpenFlow protocol promoted by the Open Networking Foundation as a standard for interacting with SDN controllers. The concept is to break control over networking out of black box network switches, making it possible to write routing and switching rules in any programming language and run them on an ordinary server, the SDN controller.
So far, large-scale SDN implementations are limited to operations like Google's data center networks and the Internet2 high-speed network that connects educational and research institutions. However, OpenFlow and many of the basic SDN concepts were born out of university research, and universities may ultimately be some of the biggest users of SDN because of the complexity of their networks.
The first pioneers of SDN as a practical technology have really been the multitenant cloud data center operators like Amazon, said Steven Wallace, executive director of InCNTRE, an advanced networking research center at Indiana University (IU) focused on the development of OpenFlow and software defined networking. They developed proprietary methods for rewriting the rules of networking because they needed to achieve extreme performance and keep different data types separate. As the complexity of large research university networks grows, "you start to have something that looks like the multitenant data centers," he said.
[ Tough battle: Can Colleges Tame The Bandwidth Monster?]
For example, the university has provided 10 megabits for every dorm student for years, so it's essentially functioning as a broadband Internet service provider, but it also needs to manage administrative networks, credit card network connections to vending machines, hospital networks carrying healthcare data, and scientific research networks with extreme data transmission needs, Wallace said. The university needs to segment these streams for reasons of privacy and performance, much as a multitenant data center needs to segment the network capacity it delivers to different customers, he said.
By making the network programmable, SDN makes it possible to break the standard rules of networking, where appropriate. For example, an ordinary Ethernet network allows any node to talk to any other. But in an SDN network, security cameras might be limited to communicating only with the campus police monitoring station, improving the performance of transmissions while preventing unauthorized access to the camera feeds.
IU manages the core Internet2 network and is one of the leading research centers on networking technology, but Wallace acknowledges even his institution is only getting started with practical applications of OpenFlow at the campus level.
One serious early application is a custom Internet security solution for the university's main Internet connection, which at more than 10 gigabits per second, exceeds the capacity of any single intrusion prevention system (IPS) device. The workaround is to do load balancing in such a way that each IPS device gets "a coherent view" of a subset of the traffic to analyze. A suitable commercial load balancer would have cost about $200,000, Wallace said. "We have a roughly $40,000 solution that consists of an Ethernet switch, plus some software a grad student wrote." Subsequently released as open source software, this FlowScale solution "solved a pretty specific problem and was inexpensive to develop," he said.
But wait, isn't Internet routing and traffic optimization an exotic discipline? Isn't that why it has to be proprietary, with the software locked away inside a device and presumably written by people who think in binary code?
Wallace thinks not. "The kinds of things we're doing with software are not particularly exotic, and neither is Internet routing," he said. An SDN controller can also be more intimately connected with applications on the network, applying more specific optimizations, he said. "None of that stuff is really rocket science. There may be a perception that it is, but it's not."
Dan Pitt, executive director at the Open Networking Foundation, said part of the reason interest in SDN started in universities is because of "student frustration that they couldn't program the network like they program everything else in their lives." Also, for the professor of computer science, "it's harder to do research in networking when everything is locked away in closed boxes. You can't experiment and do research at scale," he said.
Wallace and Pitt both mentioned network access control as another important application of SDN for the university campus. The need to control the network access of guests on campus, while providing different levels of access to students and faculty, has created a market for specialized access control devices. There are lots of specialized network devices deployed around campus these days, but SDN "reduces many of those to a software routine or subroutine" on the controller, Wallace said.