Software-Defined Networking Rises Above The Hype - InformationWeek
Government // Cloud computing
09:45 AM
Daniel P. Kent
Daniel P. Kent
Connect Directly
Fearless & Secure Cloud Migration
Dec 14, 2017
In this webinar, learn how to make a safe, secure migration to the cloud, that both manages risks ...Read More>>

Software-Defined Networking Rises Above The Hype

SDN earned plenty of hype in 2013, but the ability to program networks improves network performance and security in a more systematic and automatic fashion.

Over the last year, we've seen another technology phenomenon added to the long list of IT hype: software-defined networking (SDN). You might ask: "Haven't networks been defined by software since the days of the ATM or the introduction of VLANs?" The answer is yes, there have been efforts to manage and manipulate physical network components through software, but most of these efforts have focused on easing network management tasks.

What makes SDN different is its intent to allow programmability of the network based on real-time information and data traffic flows. This allows for a closed-loop system where the network can be reconfigured to optimize applications or protect against threats dynamically, based on the current environment.

Imagine a USB stick inserted into a laptop that delivers malware. The laptop is brought to the office and connected to the internal network, and it starts passing that malware to other computers. SDN could prevent this from happening. When used in conjunction with a net flow analyzer, it detects the anomalous behavior and sends it to the SDN controller. The controller reconfigures the network based on your group's cyberstrategy (e.g., quarantine the offending port, slow down data throughput, or send all traffic from that device to a scanner). No human intervention is required, and this can be done with current network devices.

[Is the hype running ahead of reality for SDN? Read SDN: What's In Store For 2014]

SDN has come about as the confluence of several technology strategies has made the network respond dynamically to applications and made it easier to manipulate the network in a standards-based manner. The ability and techniques used to program and control a network are essential to executing these strategies. This is more important than ever as new services and applications with different requirements are layered on top of the network.

(Source: Wikipedia Commons)
(Source: Wikipedia Commons)

Most enterprise networks were created to support basic data transmissions for office applications. However, over the last decade, these networks have been asked to support voice (VoIP), video, and many mission-specific applications simultaneously.

Building management systems, video surveillance systems, and other machine-to-machine communications will be supported by these same networks. This means the network has evolved from an enabling system to a critical infrastructure for all our agencies. Therefore, more dynamic and granular control over this critical asset is needed to ensure that it continues to provide secure, reliable communications for all programs and devices.

As SDN concepts and tools become better understood and more widely used, there will be hundreds of use cases that demonstrate the value of this network evolution. Here are a few examples of how SDN can add value to an agency or enterprise.

  • Protecting sensitive information: SDN can securely and selectively protect sensitive information by dynamically encrypting traffic flows running on a network. This has value for many federal IT organizations and is a critical capability in multitenant cloud architectures.
  • Segmenting the network: SDN can create and isolate slices of the network by pushing policy via a centralized controller to cordon off specific traffic types.
  • Improving network economics: SDN can consider business parameters and control the costs of using WAN circuits, for instance, or it can set other technical parameters (such as circuit speed) when dynamically selecting a network path.
  • Creating an application-aware network: In this case, an application instructs the network to reserve the needed bandwidth for the appropriate period using packet payload inspection to identify relevant flows. When the session concludes, the reserved bandwidth is released for use by other applications.

These are just a few of the many ways SDN can improve the utilization of networks. There will be many more. Network programmability and new control points provide the means to modify applications and improve network performance. It also provides a method for the network to dynamically respond to cyberthreats in a systematic and automatic fashion.

Daniel Kent is director of public sector engineering and chief technology officer for Cisco Systems.

There's no single migration path to the next generation of enterprise communications and collaboration systems and services, and Enterprise Connect delivers what you need to evaluate all the options. Register today and learn about the full range of platforms, services, and applications that comprise modern communications and collaboration systems. Register with code MPIWK and save $200 on the entire event and Tuesday-Thursday conference passes or for a Free Expo pass. It happens in Orlando, Fla., March 17-19.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Susan Fogarty
Susan Fogarty,
User Rank: Author
1/2/2014 | 11:54:36 AM
Re: Has SDN Risen Above The Hype?
I have to agree with jgherbert's first comment on this piece -- while SDN certainly offers a great deal of potential to improve network performance and security, as of yet it is still a concept that remains unproven for the average business. And Cisco is further behind the pack in offering its customers any practical way to actually inplement SDN, so rather than vague assurances I would really like to see some detailed pilot projects and case studies rolling out.

LOL on the ProCurve photo -- you have an eagle eye! We are an equal opportunity publisher here at InformationWeek :)
User Rank: Ninja
1/1/2014 | 10:52:28 AM
Re: Has SDN Risen Above The Hype?
I'm excited about the prospect of software defined networking. There are a lot of things you can do to customize a network in the traditional sense, and SDN is just going to open that up some more. This is going to create a degree of disruption in terms of network engineering, but I don't think over the long-term that is going to be a major issue. SDN may end up being a weapon to better thwart hackers in the end. 
User Rank: Ninja
12/31/2013 | 9:32:05 AM
Re: SDN: NSAs wildest fantasy yet?
@asksqn: Interesting thought. Given that we've long had Cisco's "lawful intercept" IOS feature set, why would SDN vendors be any different from the hardware vendors in terms of risk of back doors? I mean, bear in mind that a few years ago it was claimed that many service provider IOS boxes had been root-kitted by malicious folks (we assume; maybe by other organizations), it may not be much of a change after all.

If anything, if you move towards a white box model and open source protocols and software, you may have more visibility into what the software can do than you would with a pre-packaged solution of any sort.
User Rank: Ninja
12/31/2013 | 2:35:23 AM
SDN: NSAs wildest fantasy yet?
I have to wonder about the implications/ramifications of SDN given that with each passing Snowden revelation Americans find out that the NSA has not only been listening in on communicstions wholesale, but also intercepting laptops ordered online and installing malware to enable backdoors upon setup/configuration of the OS. Will SDN developers also lie down for the NSA and build in backdoors?
User Rank: Ninja
12/30/2013 | 2:56:19 PM
Re: Who make the best scalable SDN?
Great question @cbabcock - who will be able to make it scale? One of the things that scares me about the move to a centralized real-time controller (in a dynamic OpenFlow-controlled network) is the dependence that this puts on the controller. As it stands yes, it is inefficient to have a complex distributed controll system effectively embedded in every router and switch, and there's an obvious efficiency to centralizing that function. That centralized resource had better be super high capacity and exceptionally resilient, or things are going to be very unpleasant across the network. What happens when you have a DDoS on an edge device? Will the controller get overloaded and impact internal flows? Oh right, we should have separate controllers for edge and core, most likely. I wonder where that stops - should we have multiple resiliency domains (and thus controllers) within each DC? Now that I have mutliple controllers, do I now need another conrtroller above those to push poilicies down?
User Rank: Strategist
12/30/2013 | 2:18:50 PM
Who make the best scalable SDN?
Good comment, jgherbert. Talking about the potential of SDN and implementing it are two different things. Interesting to see the CTO of Cisco's federal unit take such a forthright stance on the future value of SDN. Seems like we'd seen some foot-dragging in the past, with lots of talk about Dynamic Fabric Automation or Extensible Network Controller or CiscoONE instead of SDN. Is the future question, who will best make SDN scale?

See Greg Ferro's "Cisco's SDN Strategy: Four Critical Questions" also:    
IW Pick
User Rank: Ninja
12/30/2013 | 12:21:16 PM
Has SDN Risen Above The Hype?
Side note - amusing to see the library image of a ProCurve switch to illustrate this article written by Cisco Federal's CTO :-)


There are precious few companies out there with a fully operating end to end SDN solution that provide not only the theoretical capability to manage the network in the way that's promised, but actually have the controllers and the front end interface to allow such control to take place. Even Cisco - since it seems relevant - while launching Application Centric Infrastructure (ACI) during 2013, is not shipping the ACI-enabled hardware until 2014. I'm skeptical about the ability, at the moment, of technologies like OpenFlow to scale to the extent required to actually control new flows in a busy network in real time, as promised.


I'm not sure therefore that the case here has been proven - as suggested by the article's title - that SDN has risen above the hype. Don't get me wrong - I believe strongly in SDN - but we are still in reality thriving on slideware for many of the claimed capabilities. Certainly this article talks a lot about what will be, and raises hypotheticals for what might be, and how SDN could help. What's missing here, and in many other places, is a rubber-meets-the-road demonstration of these amazing automated capabilities actually running in real time 


My feeling is in the shorter term at least, we'll see more of a hybrid approach with default capabilities built in, with SDN overriding for specific flows, but perhaps not as real time as we'd like to claim - more pre-determined by the business. Still, let's see - prove me wrong, vendors!
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll