An Engineer’s View of SDN
By Amit Srivastava, Senior Director of Product Management
A famous Indian parable describes the experience of a group of blind men with an elephant. As the story goes, the men had never come across an elephant before, so each person explores the animal with their hands and describes their experience. By virtue of them not having experienced the beast before, and with feeling different parts of the animal, each of them describes it differently.
‘Software Defined’ is a term associated with many technologies today. At the heart of it, software-defined ‘anything’ means a clear distinction between the ‘control’ and ‘data’ planes. The brain (i.e. the control plane) makes intelligent decisions while the data plane focuses on input and output performance – a powerful concept when applied to the network world.
Single-Threaded Monolithic Code
Take, for instance, the operating system code running on a router. The code made important routing decisions and also managed packet switching based on those routing decisions. This proved to be an inefficient design when scaling, so network equipment vendors worked on the concept of running the routing/decision-making functions and the packet switching function on separate hardware. The intelligent routing/decision-making function was moved to dedicated hardware (the route-processor) and together with the software constituted the control plane. The packet switching functions ran on another dedicated piece of hardware (the forwarding plane) and together with the software and transport interfaces constituted the data plane. The control and data planes were connected by a low bandwidth link called the “punt/inject path”. This link pushed routing decisions made by the control plane to the forwarding plane so the forwarding plane software could use these decisions to encapsulate the packets appropriately and send them out through the interfaces. The various egress interfaces on the router are connected by a backplane and were also part of the forwarding data plane.
This separation of control and data plane code and hardware enables network equipment vendors to use custom hardware for both planes. The data plane hardware and code are focused on packet switching and encapsulation while the code and control plane hardware focus on running things like routing protocols.
Control and Data Plane Separation
With a clear separation of control and data plane, network vendors started shipping high-performance network equipment with a single modular device housing RPs (route processors), FPs (forwarding processors), interface cards, and a backplane. The RP hardware would run control-plane software while the FP would take care of the data-plane processing.
Engineers soon realized that this disaggregation does not have to stop here. The control plane could potentially be spawned on the cloud and not be housed in a single device with the data plane.
These ideas led to separating the control and data planes across multiple devices. The control plane moved to a centralized location (like a data center or cloud), while customers were shipped an on-prem edge device responsible for forwarding. The controller or the brain of the setup would interact with the various edge devices over a secure transport connection on a shared media (typically the internet). Edge devices will ‘call home’ to the controller and register. Once a secure connection between the controller and the edge devices is established, the next step is to create a secure connection with other edge devices. This is done over existing available transports. These could be an enterprise leased MPLS circuit, an LTE link, or a business internet connection. The idea is to create secure overlay tunnels that would be used by the controller to make intelligent routing decisions. As you can tell, these are analogous to the interfaces and the backplane in a single box solution. Just that in this distributed solution, the WAN becomes your backplane.
Software Defined WAN
This controller-based approach allowed network equipment vendors not only to bring the software-defined approach to legacy WANs but also a bulk of desirable features like:
- End to end visibility of the entire network and enhanced troubleshooting
- Performance-based routing
- Error correction and path correction technology enablement
- Centralized command and control of WAN networks including policy enforcement
- Zero-touch branch activation
- Inbuilt security across the network
- Overlays abstracting underlying media complexities
This disaggregation also meant that the branch offices need not worry about installing and operating complex features like WAN-Optimization, branch-to-branch encrypted tunnels (DMVPN), etc. The on-prem SD-WAN edge device was relatively easy to install and with vendors implementing zero-touch–provisioning (ZTP); all an edge device needed was an internet connection.
Over the past few years, end-users have started using a lot of cloud-based applications. Erstwhile network architectures made end-user or branch office traffic hairpin via enterprise firewalls typically in a data-center location and then go to the internet. In the interest of performance, most branches would need to access the internet from the branch offices. This meant complex firewall and internet edge policies at the branch offices. The evolution of the disaggregated SDWAN routing approach enables distributed network architecture guaranteeing optimal network performance.
SD-WAN within the Zayo product portfolio is a powerful tool since Zayo not only owns the underlay transport but also offers private cloud on-ramps and high bandwidth internet access. With Zayo present in 45000 on-net locations across North America and Europe, enterprise architects will find all Lego blocks to create their next-generation secure enterprise network with Zayo’s cutting-edge product portfolio.
A lot of technology verticals are moving to a controller-based approach to run their control plane – software-defined data-center fabrics, software-defined access, software-defined pretty much everything is becoming common. As with all evolving technologies, SD-WAN keeps getting better at solving customer WAN connectivity problems. It is a software approach applied to traditional WAN networks. With engineers specializing within technology verticals, many times people will come across different definitions of SD-WAN. It’s usually based on how engineers use and experience the SD-WAN tool kit – much like the blind men exploring their part of the elephant.