I.

Sofware Defined Network (SDN)

1. Definition
Software-Defined Networking (SDN) is an approach to networking that uses software-
based controllers or application programming interfaces (APIs) to communicate with
underlying hardware infrastructure and direct traffic on a network. This model differs
from that of traditional networks, which use dedicated hardware devices (i.e., routers and
switches) to control network traffic. SDN can create and control a virtual network – or
control a traditional hardware – via software. While network virtualization allows
organizations to segment different virtual networks within a single physical network, or
to connect devices on different physical networks to create a single virtual network,
software-defined networking enables a new way of controlling the routing of data packets
through a centralized server.
2. Components and working flow of SDN
Here are the SDN basics: In SDN (like anything virtualized), the software is decoupled
from the hardware. SDN moves the control plane that determines where to send traffic to
software, and leaves the data plane that actually forwards the traffic in the hardware. This
allows network administrators who use software-defined networking to program and
control the entire network via a single pane of glass instead of on a device by device
basis.
There are three parts to a typical SDN architecture, which may be located in different
physical locations:
 Applications, which communicate resource requests or information about the
network as a whole
 Controllers, which use the information from applications to decide how to route a
data packet
 Networking devices, which receive information from the controller about where to
move the data
Physical or virtual networking devices actually move the data through the network. In
some cases, virtual switches, which may be embedded in either the software or the
hardware, take over the responsibilities of physical switches and consolidate their
functions into a single, intelligent switch. The switch checks the integrity of both the data
packets and their virtual machine destinations and moves the packets along.
3. Different models of SDN
While the premise of centralized software controlling the flow of data in switches and
routers applies to all software-defined networking, there are different models of SDN.
 Open SDN: Network administrators use a protocol like OpenFlow to control the
behavior of virtual and physical switches at the data plane level.
 SDN by APIs: Instead of using an open protocol, application programming
interfaces control how data moves through the network on each device.
 SDN Overlay Model: Another type of software-defined networking runs a virtual
network on top of an existing hardware infrastructure, creating dynamic tunnels to
different on-premise and remote data centers. The virtual network allocates
bandwidth over a variety of channels and assigns devices to each channel, leaving
the physical network untouched.
 Hybrid SDN: This model combines software-defined networking with traditional
networking protocols in one environment to support different functions on a
network. Standard networking protocols continue to direct some traffic, while
SDN takes on responsibility for other traffic, allowing network administrators to
introduce SDN in stages to a legacy environment.
4. Benefits of Software-Defined Networking (SDN)
There are many benefits of software-defined networking (SDN) architecture, several of
which stem from the centralization of network control and management as well as the
ease of scalability, evolution and change implementation. Some of the benefits are as
follows:
 Ease of network control via direct programming resulting from the separation from
forwarding functions.
 Agility and the ability to dynamically use load balancing to manage the traffic
flow as need and usage fluctuates. This reduces latency, increasing the efficiency
of the network.
 Greater granularity of control over security. SDN lets network administrators set
policies from one central location to determine access control and security
measures across the network by workload type or by network segments. You can
also use microsegmentation to reduce complexity and establish consistency across
any network architecture — whether public cloud, private cloud, hybrid cloud or
multicloud.
 Ease of configuration. With SDN, automated programs can be more easily written,
enabling the organization to configure, secure and optimize resources as needed.
 Simplified network design and operation through the use of open controllers rather
than vendor-specific devices and protocols.
SDN technology combined with virtual machines and virtualization of networks provides
efficiencies to service providers as well. With these resources, they can provide distinct
network separation and control to customers. As a result, SDN is modernizing the
telecommunications industry. Service providers can improve their flexibility and provide
bandwidth on demand to customers who need greater flexibility and have variable
bandwidth usage.
Many of today’s services and applications, especially when they involve the cloud, could
not function without SDN. SDN allows data to move easily between distributed locations,
which is critical for cloud applications.
Additionally, SDN supports moving workloads around a network quickly. For instance,
dividing a virtual network into sections, using a technique called network functions
virtualization (NFV), allows telecommunications providers to move customer services to
less expensive servers or even to the customer’s own servers. Service providers can use a
virtual network infrastructure to shift workloads from private to public cloud
infrastructures as necessary, and to make new customer services available instantly. SDN
also makes it easier for any network to flex and scale as network administrators add or
remove virtual machines, whether those machines are on-premises or in the cloud.
Finally, because of the speed and flexibility offered by SDN, it is able to support
emerging trends and technologies such as edge computing and the Internet of Things,
which require transferring data quickly and easily between remote sites.
5. Risks of software-defined networking
Many security issues related to the traditional network architecture also apply to the SDN
architecture. Unfortunately, the new features that provide great flexibility, real-time
programmability and simplified controls through the centralized SDN controller also
introduce new security challenges. In fact, SDN is exposed to various sources of security
risk from its network architecture design perspective, which includes the control plane,
application plane and data plane layers.
One of the most significant security risk factors is the possibility of a compromised SDN
controller attack at the control plane layer. Due to the centralization design of the SDN,
the SDN controller becomes the brain of the SDN architecture. Attackers can focus on
compromising the SDN controller in an attempt to manipulate the entire network. If the
attacker successfully gains access, the compromised SDN controller can be used to direct
the network devices it controls (e.g., switches) to drop all incoming traffic or launch
serious attacks against other targets, such as sending useless traffic to a victim to deplete
its resources. To mitigate this security risk, it is critical to harden the operating system
that hosts the SDN controller and prevent unauthorized access to the SDN controller.
Furthermore, the control plane layer is susceptible to a distributed denial-of-service
(DDoS) attack. SDN switches may cause the SDN controller to be flooded with many
queries that may potentially cause a delay or drop of queries. One possible defense
against a DDoS attack is to implement multiple physical SDN controllers instead of just
one. When switches are connected to multiple SDN controllers, one of these controllers
can act as the master of the switches. When this master controller needs to process a high
load of queries, it can direct the load to other lightly loaded controllers to be the master
for some of its assigned switches. This keeps the load balanced among the SDN
controllers, which mitigates DDoS attacks.
If attackers compromise the SDN controller, they can hack the SDN applications to
manipulate security applications to reprogram the network traffic flow through the SDN
controller.
At the data plane layer, switches are vulnerable to denial-of-service (DoS) attacks as
well. A malicious user can flood the switches with large payloads, causing legitimate
packets to be dropped when a switch’s buffering capability is exceeded. There are many
ways to address this attack, including proactive rule caching, rule aggregation and
decreasing the switch-to-SDN-controller communication delay. Also, increasing the
switch’s buffering capability can mitigate the risk of a DoS attack.
Communicating messages between the control plane layer and the data plane layer is
subject to man-in-the-middle attacks. The attacker can potentially modify rules sent from
the SDN controller to switches to take control of the switches. One of the most effective
solutions to such attacks is to encrypt the messages with the use of digital signatures for
securing and proofing the integrity and authenticity of the messages.
The real-time programmability is also open to serious vulnerability at the application
plane layer. Specifically, if the attacker can hack the SDN security applications, it can
manipulate the network traffic flow through the SDN controller. If the SDN applications
are compromised, the whole network is, too. To effectively mitigate such security risk, it
is critical that security coding practices be enforced with comprehensive change
management and integrity check processes as part of the software development life cycle.
6. Comparison between SDN and traditional network
SDN stands for Software Defined Network which is networking architecture approach. It
enables the control and management of network using software applications. Through
Software Defined Network (SDN) networking behavior of entire network and its devices
are programmed in centrally controlled manner through software applications using open
APIs. Software Defined Network improves performance by network virtualization. In
SDN software controlled applications or APIs work as basis of complete network
management that may be directing traffic on network or to communicate with underlying
hardware infrastructure. So in simple we can say SDN can create virtual network or it can
control traditional network with the help of software.
Traditional network refers to the old conventional way of networking which uses fixed
and dedicated hardware devices such as routers and switches to control network traffic.
Inability to scale and network security and Performance are the major concern nowadays
in the current growing business situation so that SDN is taking control to traditional
network. Traditional network is static and based on hardware network appliances.
Traditional network architecture was used by many companies till recent years but
nowadays due to its drawbacks Software Defined Network has been developed and in
coming years it will be used more.
The key difference between SDN and traditional networking is infrastructure: SDN is
software-based, while traditional networking is hardware-based. Because the control
plane is software-based, SDN is much more flexible than traditional networking. It allows
administrators to control the network, change configuration settings, provision resources,
and increase network capacity—all from a centralized user interface, without adding
more hardware.
There are also security differences between SDN and traditional networking. Thanks to
greater visibility and the ability to define secure pathways, SDN offers better security in
many ways. However, because software-defined networks use a centralized controller,
securing the controller is crucial to maintaining a secure network, and this single point of
failure represents a potential vulnerability of SDN.
SDN Traditional Network
Software Defined Network is virtual Traditional network is the old
networking approach. conventional networking approach.
Software Defined Network is centralized Traditional Network is distributed control.
control.
This network is programmable. This network is non programmable.
Software Defined Network is open Traditional network is closed interface.
interface.
In Software Defined Network data plane In traditional network data plane and
and control plane are decoupled by control plane are mounted on same plane.
software.
It supports automatic configuration so it It supports static/manual configuration so
takes less time. it takes more time.
It can prioritize and block specific It leads all packets in the same way no
network packets. prioritization support.
It is easy to program as per need. It is difficult to program again and to
replace existing program as per use.
Cost of Software Defined Network is low. Cost of Traditional Network is high.
Structural complexity is low in Software Structural complexity is high in
Defined Network. Traditional Network.
Extensibility is high in Software Defined Extensibility is low in Traditional
Network. Network.
In SDN it is easy to troubleshooting and In Traditional network it is difficult to
reporting as it is centralized controlled. troubleshoot and report as it is distributed
controlled.
Its maintenance cost is lower than Traditional network maintenance cost is
traditional network. higher than SDN.