What is
Software-Defined Networking (SDN)?

A standard SDN setup includes:

• Data plane used to move data packets through the network based on the directions given by the control plane
• A control plane used to determine where to route traffic through the SDN, following the design implemented. The control plane can follow a hierarchical design, using distributed controllers and a centralized root controller to determine where data packets should go, or a fully distributed design where controllers take a local view and synchronize together to make routing decisions.
• Applications are used to provide information about the status of the network to the controllers through a northbound interface.
• Central controllers, which route the data packets based on the information received from the applications and then provide a larger, more holistic view of the network to the applications.
• Network devices are charged with moving the data packets to the destination based on instructions from the controller.

These components are all contained in distinct locations of the SDN architecture. By keeping the control and data planes separate, the abstraction of the network control is possible in a way not available through a traditional network, and the centralized network control becomes directly programmable.

The innovations possible with SDN in place help take virtual networking to the next level, as key components of the traditional network management can now be virtualized and automated. This might include important functions like:

• Security services that define secure pathways to keep network users safe. Thanks to the precise information about users and the ways they access the network available in SDN, administrators can create secure pathways for each type of user that provides the appropriate level of protection.
• Load balancing, which can be done in the cloud through software-based central controllers instead of on-site routers, thanks to the SDN’s clear distinction between the data and control planes

The key difference between a software-defined network and a more traditional one is the types of equipment used to establish and administrate the network’s parameters. While traditional networks use hardware devices, SDN is controlled by a software controller or an API that helps tell the underlying network how to direct traffic.

In SDN, administrators can configure network services and alter the network infrastructure immediately through one centralized controller location. These smart switches can examine and direct data packets through the network based on criteria established by the network administrator, automating the flow of traffic.

The virtual nature of SDN can make it a better choice for enterprises who want to move forward with virtualizing to encourage flexibility and agility across the organization. It also makes it easier to add new locations and users to the network quickly.

A virtual network is more agile and easier to customize, allowing network administrators to prioritize data flow to key applications that require more availability on particular days or times when the demand for the application increases.

The increased visibility of SDN is often cited as another example of an advantage over traditional networking. You can eliminate any proprietary software and replace it with an open-source solution, making a larger view of network security possible. With the removal of this proprietary software, administrators can write custom programs to automate functions within the SDN, including monitoring the network for threats or using existing APIs to save time on deployment.

One potential disadvantage of SDN is the use of a centralized controller, which can present a single vulnerable point for cybercriminals to attack. The placement of this controller is vital to the success of the network, as too much distance between the controller and network devices can cause a propagation delay. If this controller is not properly secured, the network can be infiltrated.

Enterprises using SDN can trust Illumio to set up faster, simpler, and safer segmentation and workload protection. While SDN is a great approach to automate many aspects of networking, it is not efficient at security segmentation.

Our modern approach to security segmentation complements SDN, to help you reduce overall spending, decrease network downtime instances, and protect your data center against constantly evolving threats from potential attackers moving laterally, which allows you to conduct business safer.

Discover how Zero Trust segmentation can help protect your organization.