1. Definition Software-Defined Networking (SDN) is an approach to networking that uses software- based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network. This model differs from that of traditional networks, which use dedicated hardware devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network – or control a traditional hardware – via software. While network virtualization allows organizations to segment different virtual networks within a single physical network, or to connect devices on different physical networks to create a single virtual network, software-defined networking enables a new way of controlling the routing of data packets through a centralized server. 2. Components and working flow of SDN Here are the SDN basics: In SDN (like anything virtualized), the software is decoupled from the hardware. SDN moves the control plane that determines where to send traffic to software, and leaves the data plane that actually forwards the traffic in the hardware. This allows network administrators who use software-defined networking to program and control the entire network via a single pane of glass instead of on a device by device basis. There are three parts to a typical SDN architecture, which may be located in different physical locations: Applications, which communicate resource requests or information about the network as a whole Controllers, which use the information from applications to decide how to route a data packet Networking devices, which receive information from the controller about where to move the data Physical or virtual networking devices actually move the data through the network. In some cases, virtual switches, which may be embedded in either the software or the hardware, take over the responsibilities of physical switches and consolidate their functions into a single, intelligent switch. The switch checks the integrity of both the data packets and their virtual machine destinations and moves the packets along. 3. Different models of SDN While the premise of centralized software controlling the flow of data in switches and routers applies to all software-defined networking, there are different models of SDN. Open SDN: Network administrators use a protocol like OpenFlow to control the behavior of virtual and physical switches at the data plane level. SDN by APIs: Instead of using an open protocol, application programming interfaces control how data moves through the network on each device. SDN Overlay Model: Another type of software-defined networking runs a virtual network on top of an existing hardware infrastructure, creating dynamic tunnels to different on-premise and remote data centers. The virtual network allocates bandwidth over a variety of channels and assigns devices to each channel, leaving the physical network untouched. Hybrid SDN: This model combines software-defined networking with traditional networking protocols in one environment to support different functions on a network. Standard networking protocols continue to direct some traffic, while SDN takes on responsibility for other traffic, allowing network administrators to introduce SDN in stages to a legacy environment. 4. Benefits of Software-Defined Networking (SDN) There are many benefits of software-defined networking (SDN) architecture, several of which stem from the centralization of network control and management as well as the ease of scalability, evolution and change implementation. Some of the benefits are as follows: Ease of network control via direct programming resulting from the separation from forwarding functions. Agility and the ability to dynamically use load balancing to manage the traffic flow as need and usage fluctuates. This reduces latency, increasing the efficiency of the network. Greater granularity of control over security. SDN lets network administrators set policies from one central location to determine access control and security measures across the network by workload type or by network segments. You can also use microsegmentation to reduce complexity and establish consistency across any network architecture — whether public cloud, private cloud, hybrid cloud or multicloud. Ease of configuration. With SDN, automated programs can be more easily written, enabling the organization to configure, secure and optimize resources as needed. Simplified network design and operation through the use of open controllers rather than vendor-specific devices and protocols. SDN technology combined with virtual machines and virtualization of networks provides efficiencies to service providers as well. With these resources, they can provide distinct network separation and control to customers. As a result, SDN is modernizing the telecommunications industry. Service providers can improve their flexibility and provide bandwidth on demand to customers who need greater flexibility and have variable bandwidth usage. Many of today’s services and applications, especially when they involve the cloud, could not function without SDN. SDN allows data to move easily between distributed locations, which is critical for cloud applications. Additionally, SDN supports moving workloads around a network quickly. For instance, dividing a virtual network into sections, using a technique called network functions virtualization (NFV), allows telecommunications providers to move customer services to less expensive servers or even to the customer’s own servers. Service providers can use a virtual network infrastructure to shift workloads from private to public cloud infrastructures as necessary, and to make new customer services available instantly. SDN also makes it easier for any network to flex and scale as network administrators add or remove virtual machines, whether those machines are on-premises or in the cloud. Finally, because of the speed and flexibility offered by SDN, it is able to support emerging trends and technologies such as edge computing and the Internet of Things, which require transferring data quickly and easily between remote sites. 5. Risks of software-defined networking Many security issues related to the traditional network architecture also apply to the SDN architecture. Unfortunately, the new features that provide great flexibility, real-time programmability and simplified controls through the centralized SDN controller also introduce new security challenges. In fact, SDN is exposed to various sources of security risk from its network architecture design perspective, which includes the control plane, application plane and data plane layers. One of the most significant security risk factors is the possibility of a compromised SDN controller attack at the control plane layer. Due to the centralization design of the SDN, the SDN controller becomes the brain of the SDN architecture. Attackers can focus on compromising the SDN controller in an attempt to manipulate the entire network. If the attacker successfully gains access, the compromised SDN controller can be used to direct the network devices it controls (e.g., switches) to drop all incoming traffic or launch serious attacks against other targets, such as sending useless traffic to a victim to deplete its resources. To mitigate this security risk, it is critical to harden the operating system that hosts the SDN controller and prevent unauthorized access to the SDN controller. Furthermore, the control plane layer is susceptible to a distributed denial-of-service (DDoS) attack. SDN switches may cause the SDN controller to be flooded with many queries that may potentially cause a delay or drop of queries. One possible defense against a DDoS attack is to implement multiple physical SDN controllers instead of just one. When switches are connected to multiple SDN controllers, one of these controllers can act as the master of the switches. When this master controller needs to process a high load of queries, it can direct the load to other lightly loaded controllers to be the master for some of its assigned switches. This keeps the load balanced among the SDN controllers, which mitigates DDoS attacks. If attackers compromise the SDN controller, they can hack the SDN applications to manipulate security applications to reprogram the network traffic flow through the SDN controller. At the data plane layer, switches are vulnerable to denial-of-service (DoS) attacks as well. A malicious user can flood the switches with large payloads, causing legitimate packets to be dropped when a switch’s buffering capability is exceeded. There are many ways to address this attack, including proactive rule caching, rule aggregation and decreasing the switch-to-SDN-controller communication delay. Also, increasing the switch’s buffering capability can mitigate the risk of a DoS attack. Communicating messages between the control plane layer and the data plane layer is subject to man-in-the-middle attacks. The attacker can potentially modify rules sent from the SDN controller to switches to take control of the switches. One of the most effective solutions to such attacks is to encrypt the messages with the use of digital signatures for securing and proofing the integrity and authenticity of the messages. The real-time programmability is also open to serious vulnerability at the application plane layer. Specifically, if the attacker can hack the SDN security applications, it can manipulate the network traffic flow through the SDN controller. If the SDN applications are compromised, the whole network is, too. To effectively mitigate such security risk, it is critical that security coding practices be enforced with comprehensive change management and integrity check processes as part of the software development life cycle. 6. Comparison between SDN and traditional network SDN stands for Software Defined Network which is networking architecture approach. It enables the control and management of network using software applications. Through Software Defined Network (SDN) networking behavior of entire network and its devices are programmed in centrally controlled manner through software applications using open APIs. Software Defined Network improves performance by network virtualization. In SDN software controlled applications or APIs work as basis of complete network management that may be directing traffic on network or to communicate with underlying hardware infrastructure. So in simple we can say SDN can create virtual network or it can control traditional network with the help of software. Traditional network refers to the old conventional way of networking which uses fixed and dedicated hardware devices such as routers and switches to control network traffic. Inability to scale and network security and Performance are the major concern nowadays in the current growing business situation so that SDN is taking control to traditional network. Traditional network is static and based on hardware network appliances. Traditional network architecture was used by many companies till recent years but nowadays due to its drawbacks Software Defined Network has been developed and in coming years it will be used more. The key difference between SDN and traditional networking is infrastructure: SDN is software-based, while traditional networking is hardware-based. Because the control plane is software-based, SDN is much more flexible than traditional networking. It allows administrators to control the network, change configuration settings, provision resources, and increase network capacity—all from a centralized user interface, without adding more hardware. There are also security differences between SDN and traditional networking. Thanks to greater visibility and the ability to define secure pathways, SDN offers better security in many ways. However, because software-defined networks use a centralized controller, securing the controller is crucial to maintaining a secure network, and this single point of failure represents a potential vulnerability of SDN. SDN Traditional Network Software Defined Network is virtual Traditional network is the old networking approach. conventional networking approach. Software Defined Network is centralized Traditional Network is distributed control. control. This network is programmable. This network is non programmable. Software Defined Network is open Traditional network is closed interface. interface. In Software Defined Network data plane In traditional network data plane and and control plane are decoupled by control plane are mounted on same plane. software. It supports automatic configuration so it It supports static/manual configuration so takes less time. it takes more time. It can prioritize and block specific It leads all packets in the same way no network packets. prioritization support. It is easy to program as per need. It is difficult to program again and to replace existing program as per use. Cost of Software Defined Network is low. Cost of Traditional Network is high. Structural complexity is low in Software Structural complexity is high in Defined Network. Traditional Network. Extensibility is high in Software Defined Extensibility is low in Traditional Network. Network. In SDN it is easy to troubleshooting and In Traditional network it is difficult to reporting as it is centralized controlled. troubleshoot and report as it is distributed controlled. Its maintenance cost is lower than Traditional network maintenance cost is traditional network. higher than SDN.