Network modernization involves three areas:
Software-defined networking (SDN) centralizes management and uses software-based controllers or APIs to communicate with underlying hardware infrastructure and direct traffic on a network. This way many network devices operating as a group can be controlled and managed from a single logical console. Network functions virtualization (NFV) decouples network functions from proprietary hardware appliances (routers, firewalls, virtual private network [VPN] terminators), so it can deliver equivalent network functionality without specialized hardware. The most commonly referenced advantages of SDN are traffic programmability, agility, and the ability to create policy-driven network supervision and implement network automation.
SDN centralized management enables network managers to automate changes across a large fleet of network devices.
In Cisco Systems’ definition, SDN has the following elements:
The major advantage of SDN is it brings agility through network abstraction and automation. Historically, a network has always been cables and wires and a big reliance on physical infrastructure. With SDN, by comparison, we can leverage the ubiquitous network carriage, primarily the internet, and effectively overlay functions on top of that.
This is game-changing, in that as business requirements change, the network can be changed, Lyons says. “Sometimes you hear the term infrastructure as code. I think that that’s a good description of the way it works.”
Network functions can be added or removed on-demand, much as cloud compute or storage resources can be added as needed. This elasticity removes friction, enabling services to be turned on or modified quickly.
Another advantage of SDN’s programmability is how it streamlines life cycle management. Take a legacy firewall, which may have 100,000 rules in it, built up over time and always in force. With SDN, the firewall rules are established at the time of provisioning, so when that workload is retired, the firewall’s rules are torn down with it.
“To me, of all the features of SDN, it’s that ability to automate life cycle management that has the biggest benefit for security and governance generally,” says Lyons.
Further automating network provisioning, several vendors are working on so-called intent-based networking. Essentially, intent-based networking proposes using AI and machine learning to adapt and adjust the network dynamically to the user, device, or use case. Rather than defining a detailed set of network configurations, which can be very arcane, the idea is to describe an intent and let the automation make the changes necessary to deliver it.
So if the “intent” is to set up a web server in a particular environment, a semiautomatic script will create the server, set up its rules, establish the port translations, register a Domain Name System (DNS) name, and so forth. Taking this automation up a notch, some foresee software engineers’ using machine learning to “teach” the platform to perform these functions on its own.
“Intent-based networking sounds really impressive,” says Lyons. “But I would suspect that there’s a significant challenge to it, and one of the reasons that network engineers are well sought after these days is that it’s not simple to do.”
Lyons says human beings are still needed to create patterns and conduct quality assurance to make sure the resulting configuration “does what it does properly and doesn’t have unintended consequences.”
Broadly, however, SDN is not a panacea. “You have to be very clear about why you’ve got functions in place at any given time, and life cycle management is a big part of it,” Lyons says. Thoughtful governance still matters, he adds.
“A shortcut can expose a security vulnerability,” he says. “That’s possible in any environment, and it’s absolutely true with SDN. Having a technology does not absolve you of the requirement to govern how you use it, which is an important part of our ethos as a provider.”