HyperScale Data Centers Featured Article


Demystifying SDN


July 13, 2017
By Special Guest
Christian Saide, Development Operations Engineer, NS1

The networking community has mixed feelings about software-defined networks (SDNs), particularly with the arrival of dockerized systems. I have discovered in my role as a DevOps engineer who has implemented multiple SDNs that organizations have three main questions about this technology. They want to know what exactly an SDN is, how it functions and whether they need one. These are questions that must be answered because the ramifications for the future of any platform or system they are integrated with are significant.

Setting the Scene

To cut through all the hype, the big-picture definition of an SDN is a network configuration management tool that is specifically designed to implement a fully interconnected network among your various services and hosts. When using an SDN, every one of the services and/or hosts will be directly linked with all other services and hosts without the use of a middleman. This design decision is the key that makes an SDN stand apart from standard VPNs. Standard VPNs generally rely on various middlemen to connect two or more fully segregated networks together in a point-to-point fashion.

This tool has been around since the arrival of virtual networking. SDNs rely on the same technology that you already have in your infrastructures, but they add a layer of automatic configuration management on top of those technologies.?

SDNs are inherently good at crossing over many types of hardware and hosting platforms because they use the same technology that you currently use. This is arguably the best part about using an SDN. You can connect multiple different cloud providers, private collocations, data centers and everything in between, in any combination and, generally, it will just work.?

How an SDN Functions

In thinking about how SDNs function, it’s important to understand that the process runs on each host participating in the network. SDNs can be configured in one of two different modes of operation, depending on the choice of technology and its configuration. The first mode is in kernel networking, which relies entirely on in-kernel networking technologies like vxlan or clever use of routing tables. The second mode is userland networking, which relies on using a TUN/TAP-like device to facilitate the network communication through a userland-based process.

There are pros and cons to each of these modes of operation that should be carefully considered before picking one over the other. One thing that needs to be called out: neither mode of operation is particularly performant or efficient when compared to fully hardware-backed networking. That's not to say they cannot support the majority of use cases, but if you need 10 Gbit networking among all of your hosts, you may not want to use an SDN. However, if that is your use case, you are unlikely to be looking at using an SDN at all and probably already have the specialized hardware and teams required to support that volume of network.

Userland Networking

Userland mode networking has the advantage and disadvantage of processing each individual packet. The advantage here comes from being able to manipulate those packets in many more ways that are not available in the kernel. The disadvantage is the large number of context switches that each packet will go through to successfully traverse the network.

Kernel Networking

Engineers will gain several significant advantages over the userland networking modes by using kernel mode networking, specifically when talking about performance and efficiency. Since it relies entirely on in-kernel networking, there are very few extra context switches for each packet traversing your network, and it uses hardened C code to manipulate and handle those packets. The tradeoff, though, is that there is more reliance on the backend network and, specifically, the kernels being used. For instance, if you need network encryption, your kernel will likely require the ability to handle and work with IPSEC.

Storage and Management

How an SDN stores and manages configuration is the real heart of the issue. Most SDNs use CoreOS’s Etcd or Hashicorp’s Consul, but a few technologies have proprietary stores built in to facilitate the same function. This key/value store is how an SDN manages to add, remove and update networking configuration on the fly and then propagate those changes to the rest of the network, in near-real time.

SDN Use Cases

SDNs are becoming increasingly attractive to enterprises of all sizes due to three tangible benefits: reducing costs, reducing complexity and accelerating your network and development operation teams.

Reduced Expense

Simply by serving the same function as networking hardware, an SDN reduces costs. Most SDN technologies are fully open source, so they don’t incur any kind of licensing fees and allow for easy manipulation if you find there is a feature that is missing or doesn’t quite work the way you want it to.

Reduced Complexity

The automatic configuration and propagation of network settings across the entirety of the network it is managing reduces complexity. This eliminates the need to reconfigure switches and routers as new hosts or services are added, updated and removed. They are also far easier to keep up to date and hotfix than their hardware counterparts. I am sure every reader has had to manage a switch or router upgrade and then witnessed the woes of what can happen during those upgrades. An SDN is just a software upgrade and can usually be done in place and rolled back at the first sign of a problem.

Increased Speed

Network and development operations teams can move faster when cost and complexity are reduced. Since an SDN will automatically configure the networking for the new server that was just created, your network teams will no longer need to worry about making sure that all the tedious configurations needed are in place. Your development operations teams can directly integrate the key/value stores with their larger configuration management pipelines. This allows them to manage the more important parts of designing and building new architectures to help solve real problems, instead of worrying about which IP address is assigned to which server.

The Final Analysis

There are two elements that spell victory for all of the current SDN technologies that exist. They allow for fully automatic configuration which, in turn, allows for teams to move quickly. A connected network like this cuts out the middleman and creates agility. SDNs are currently being used by smaller companies to allow their teams to focus on the most important issues, giving them an edge over slower-moving large enterprises.

About the Author

Christian Saide is a development operations and software engineer at NS1. He is a contributor to multiple OSS projects, with a passion for designing and building high performance and innovative solutions to today's complex networking and large scale computing problems. Over the past seven years, he has worked on a multitude of different platforms and system architectures, ranging from simple virtual machine deployments of a few nodes to hybrid virtual and bare metal deployments that span the globe. In Christian’s spare time, he enjoys playing real time strategy, and first-person shooter video games, like Starcraft and Counterstrike.



Article comments powered by Disqus







Click here to share your opinion - Has your company evaluated how to integrate AI, Artificial Intelligence, into your operations workstreams?






Featured Blog Entries

Day 4, Cisco Live! 2017 - The Wrap

Day 4 was the final day of our first ever Cisco Live! We had a great show, with many great conversations and new connections with existing and potential end users, resellers, partners and job hunters.

Day 3, Cisco Live! 2017

Day 3 of Cisco Live is history! For Fiber Mountain, we continued to enjoy visits from decision makers and influencers who were eager to share their data center and structured cabling challenges.

Day 2, Cisco Live! 2017

Tuesday was Day 2 of Cisco Live for Fiber Mountain and we continued to experience high levels of traffic, with many high value decision makers and influencers visiting our booth. One very interesting difference from most conferences I attend is that there are no titles on anyone's show badges. This allows open conversations without people being pretentious. I think this is a very good idea.

Day 1, Cisco Live! 2017

Fiber Mountain is exhibiting at Cisco Live! In Las Vegas for the first time ever! Our first day was hugely successful from just about any perspective - from quantity and quality of booth visitors to successful meetings with customers.

Industry News