Over the last year, we've seen another technology phenomenon added to the long list of IT hype: software-defined networking (SDN). You might ask: "Haven't networks been defined by software since the days of the ATM or the introduction of VLANs?" The answer is yes, there have been efforts to manage and manipulate physical network components through software, but most of these efforts have focused on easing network management tasks.
What makes SDN different is its intent to allow programmability of the network based on real-time information and data traffic flows. This allows for a closed-loop system where the network can be reconfigured to optimize applications or protect against threats dynamically, based on the current environment.
Imagine a USB stick inserted into a laptop that delivers malware. The laptop is brought to the office and connected to the internal network, and it starts passing that malware to other computers. SDN could prevent this from happening. When used in conjunction with a net flow analyzer, it detects the anomalous behavior and sends it to the SDN controller. The controller reconfigures the network based on your group's cyberstrategy (e.g., quarantine the offending port, slow down data throughput, or send all traffic from that device to a scanner). No human intervention is required, and this can be done with current network devices.
[Is the hype running ahead of reality for SDN? Read SDN: What's In Store For 2014]
SDN has come about as the confluence of several technology strategies has made the network respond dynamically to applications and made it easier to manipulate the network in a standards-based manner. The ability and techniques used to program and control a network are essential to executing these strategies. This is more important than ever as new services and applications with different requirements are layered on top of the network.
Most enterprise networks were created to support basic data transmissions for office applications. However, over the last decade, these networks have been asked to support voice (VoIP), video, and many mission-specific applications simultaneously.
Building management systems, video surveillance systems, and other machine-to-machine communications will be supported by these same networks. This means the network has evolved from an enabling system to a critical infrastructure for all our agencies. Therefore, more dynamic and granular control over this critical asset is needed to ensure that it continues to provide secure, reliable communications for all programs and devices.
As SDN concepts and tools become better understood and more widely used, there will be hundreds of use cases that demonstrate the value of this network evolution. Here are a few examples of how SDN can add value to an agency or enterprise.
- Protecting sensitive information: SDN can securely and selectively protect sensitive information by dynamically encrypting traffic flows running on a network. This has value for many federal IT organizations and is a critical capability in multitenant cloud architectures.
- Segmenting the network: SDN can create and isolate slices of the network by pushing policy via a centralized controller to cordon off specific traffic types.
- Improving network economics: SDN can consider business parameters and control the costs of using WAN circuits, for instance, or it can set other technical parameters (such as circuit speed) when dynamically selecting a network path.
- Creating an application-aware network: In this case, an application instructs the network to reserve the needed bandwidth for the appropriate period using packet payload inspection to identify relevant flows. When the session concludes, the reserved bandwidth is released for use by other applications.
These are just a few of the many ways SDN can improve the utilization of networks. There will be many more. Network programmability and new control points provide the means to modify applications and improve network performance. It also provides a method for the network to dynamically respond to cyberthreats in a systematic and automatic fashion.
Daniel Kent is director of public sector engineering and chief technology officer for Cisco Systems.
There's no single migration path to the next generation of enterprise communications and collaboration systems and services, and Enterprise Connect delivers what you need to evaluate all the options. Register today and learn about the full range of platforms, services, and applications that comprise modern communications and collaboration systems. Register with code MPIWK and save $200 on the entire event and Tuesday-Thursday conference passes or for a Free Expo pass. It happens in Orlando, Fla., March 17-19.