Software Defined Networks: Issues and Challenges.
Bhargava Sokappadu Avishek Hardin
Dept. of Information and Dept. of Information and
Communication Technologies Communication Technologies
University of Mauritius University of Mauritius
Port-Louis, Mauritius Port-Louis, Mauritius
bhargava.sokappadu2@umail.uom.ac. avishek.hardin4@umail.uom.ac.mu
mu
Sheeba Armoogum
Dept. of Information and
Communication Technologies
University of Mauritius
Port-Louis, Mauritius
s.armoogum@uom.ac.mu
Abstract—Contemporary development of the Software
Defined Network technology (SDN) brings a number of key
challenges. Current issues such as performance, scalability,
security, interoperability are highlighted. In this paper, the
question of whether to adopt and capitalize on the concept of
SDN by enterprises, taking into consideration the cost
implications and whether it’s worth to invest on such state-of-
the-art methodology.
Keywords—Software-Defined Network (SDN), OpenFlow,
Network Virtualization, QoS, Security.
I. INTRODUCTION
With today’s advanced data center infrastructures,
Software Defined Networking (SDN) is no more a
buzzword and holds the roadmap for networking industries
towards Software Defined Data Center (SDDC) networks.
The concept of SDN, though technically complex but rather
simple to understand, consists of a full-fledged network
solution based on TCP/IP layered approach where all the
necessary switching, routing and firewalling aspects are
predefined and controlled from the SDN controller. The
latter is autonomous in the sense that it configures the nodes
such as routers, switches, firewalls and servers without the
need of manual intervention compared to legacy methods
[1].
Within a short period of time, SDN has rapidly taken
over the world of networking urging most firms to move
towards a SDN ready infrastructure. Though many
advantages like Centralized Network Provisioning, Holistic
Enterprise Management, Granular Security, Low Operating
Cost and Hardware savings & reduce Total Cost of
Ownership (TCO), it is a common complaint that, firms
claim a massive capital expenditure (CAPEX) whereby a
full network inventory refresh needs to be carried out prior
to adopting the concept of SDN, and this indeed is an area
of concern to radically leverage on the investment and
return on investment of such a huge project. On top, most
SDN vendors limit their SDN controller capabilities to
devices of their own brand which worsens the
interoperability among several vendor products solutions.
The key challenge in SDN relates to the segregation of
the control and data planes while maintaining the carrier
grade service such as Scalability, Reliability, Quality of
Service and Service Management within the framework via
978-1-7281-1460-6/19/$31.00 ©2019 IEEE
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on November 18,2023 at 18:14:24 UTC from IEEE Xplore. Restrictions apply.
Avinash Mungur
Dept. of Information and
Communication Technologies
University of Mauritius
Port-Louis, Mauritius
a.mungur@uom.ac.mu
a single pane of management. At present, there is limited
information available regarding the migration of an existing
legacy tiered network infrastructure towards SDN in terms
of costs, compatibility and issues explaining whether it is
worthwhile for a firm to migrate towards SDN and the
approach to be taken [2].
This paper is targeted towards those who are intending
to migrate an existing tiered network to SDN network and
aims at providing a deep insight on the pros and cons of
moving towards SDN with its associated cost factors,
feasibility and security aspects. In addition, the challenges
faced in SDN planning and deployment especially in terms
of multi-vendor interoperability will be addressed. Taking
into consideration of the existing issues like performance,
scalability, synchronized security and interoperability to
cater for future growth, the roadmap for the phased
migration and target architecture is proposed for generic
network environment.
This paper is structured as follows: - Section II provides
a description of how SDN concepts started and explains
how SDN has started and evolved. Section III illustrates the
different SDN solutions currently available on the market.
Section IV discusses the advantages and disadvantages of
SDN solutions with Section V explaining the challenges
faces in SDN implementation. Section VI provides a brief
description of the SDN best practices which can be
followed. Finally, Section VII concludes the paper.
II. HISTORY AND EVOLUTION OF SDN
The term SDN is quite ambiguous especially due to the
misconception that Software Defined Networking is
applicable only to conventional network devices such as
routers and switches. But in fact, a network is a whole
interconnectivity of routers, switches, security appliances,
hosts, servers and much more.
As such, the revolution towards a Software-Defined
infrastructure was available since around 10 years ago with
the advent of server virtualization platforms such as
VMware, Hyper-V, Citrix inter alia. Following the advent of
the next major trend which is Cloud Computing, the concept
of SDN has now spread across several segments which
include Network Function Virtualization (NFV), Software-
Defined Storage, Software-Defined WAN, Software-Defined
Access among many others but all these solutions can be
 englobed as a Software-Defined Data Center (SDDC) which
comprises of several software-defined solutions which can
be put in place [3].
The main reason behind such a paradigm shift towards
SDDC is mainly due to rising demands in network
utilizations over time. As mentioned in the Gartner Report, it
is expected that most data center networking access port
speeds will be shifting to 25Gbps during the first quarter of
2020 [4].
Gartner’s explanation of the term SDN relates “SDx is a
collective term that encapsulates the growing market
momentum for improved standards for infrastructure
programmability and data center interoperability driven by
automation inherent to cloud computing” [4]. Present day
software-defined trends are as follows:
• Software-Defined Networking (SDN) focuses on
automating the control plane for automatic data
plane traffic management.
• Network Function Virtualization (NFV) which aims
at automating network processes such as NAT,
Firewalling, Load Balancing etc. while running in
software. [5] [3]
• Software-Defined WAN (SD-WAN) provide high
granular policy-based WAN link load balancing in
tandem with security.
• Software-Defined Access (SD-Access) focuses on
the user policies and controlling their access to
different networks.
III. CURRENT SDN SOLUTIONS
Today, there exist several SDN solutions from multiple
vendors with major niche players like Cisco Application-
Centric Infrastructure (ACI) solution, VMware NSX, Cisco
SD-WAN, Fortinet SD-WAN and emerging solutions based
on the Open Flow opted by vendors such as Juniper
Networks, Dell Networks and Alcatel Lucent Networking.
Huawei itself plays a major role in Data Centre Networking
by being a direct challenger to the market leaders [6].
However, each of the SDN solution is closely based to a
particular type of development and a single solution might
not fit the different market needs. Below provides an
overview of the aforementioned solutions before performing
a critical analysis among these.
Cisco ACI was announced in end 2013 and under
implementation since around 2014 whereby the platform of
operation of the network is controlled by the SDN controller
known as APIC (Application Policy Infrastructure
Controller). Cisco’s concept of SDN is based on having a
network fabric over a spine-leaf architecture (ACI fabric)
which primarily signifies the underlay and such a network is
then predominantly controlled the APIC provides all the
automation, decision-making, management, policies for the
control plane. In such a topology, the data plane is still
contained within the network fabric itself in such a way that
the APIC instructs the flow of traffic among the Spine-Leaf
fabric and is therefore responsible for decision-making
among the network fabric architecture. Cisco’s ACI solution
involves significant changes with respect to traditional
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on November 18,2023 at 18:14:24 UTC from IEEE Xplore. Restrictions apply.
tiered networks with a major inclusion of spine and leaf
nodes and the APIC controller. [7]
VMware is the current global leader in providing
infrastructure virtualization on traditional and
hyperconverged virtualized infrastructures [8]. VMware’s
solution for software-defined is way different from Cisco’s
idea. Cisco’s APIC controls the whole network fabric
including routing, switching and security aspects through
the network including access among different physical and
virtual nodes. VMware NSX solution provides the handling
of network traffic throughout a virtualized VMware-based
infrastructure.
Given the above Cisco and VMware solutions are geared
usually towards their own appliances, other vendors such as
Juniper’s Contrail SDN, Alcatel-Lucent Enterprise’s SDN
and Dell Network’s SDN have adopted the Open Network
Foundation solution to move towards an open-source SDN
and NFV control which provides vendor interoperability to
some extent given that these solutions are closely based on
the Open flow protocols [9].
Today’s buzzword is definitely SD-WAN with several
vendors rushing towards the integration of SD-WAN
solution in their network devices. Software-Defined WAN
deals with the basic concept of providing enhanced WAN
connectivity in terms of uptime, route redundancy,
compression, load balancing, and security in an automated
manner. The main target of SD-WAN was to address the
poor branch connectivity for several enterprise networks
towards the Internet and corporate network to the Head
office while leveraging on cheaper solutions compared to
leased lines. This software-defined is either contained within
the WAN Edge appliance or in another management
platform for the whole infrastructure. Based on the recent
Gartner’s report, some main vendors for SD-WAN solutions
are Cisco, Silver Peak, VMware and Fortinet [10].
IV. PROS AND CONS OF SDN
It has been a long debate whether the SDN solution
should be adopted and if yes, leveraging the advantages vis-
à-vis the disadvantages in the SDN implementation. This
section demonstrates the primary advantages and
disadvantages of moving towards SDN.
A. Advantages
For several years, the traditional network methods were
using routers, switches, security devices and these
necessitated initial configurations and change in
configurations as and when required. This was indeed a
cumbersome activity because of the manual intervention
required for every configuration on every node through
which the traffic flows (the control plane had to be
configured manually). However, with SDN, this issue is
refrained by automatic network configuration and any
changes need can be either automated to take any actions
following an event or an intervention on the controller only
– the configuration on all the other prevalent nodes are then
controlled through the controller itself which indeed
provides rapid deployment, troubleshooting and
maintenance with the minimal human intervention possible
 that today accounts for 95% of network management
changes [12].
In line with the above, another much awaited
functionality was the single management platform for
application, monitoring and troubleshooting for all the
devices in the network. Previous management solutions such
as Network Monitoring platforms were not as powerful and
granular as provided by SDN controllers such as the Cisco
APIC even provide application, fault, event and
performance management on all the nodes [8].
As an example, SDN solutions such as Cisco ACI and
the VMware NSX provide management of virtualized
networks, their integration with the physical network nodes
and their respective configurations. This provides a unique
and single network fabric which was not possible earlier
with the hypervisor infrastructure having its own
configuration and the physical nodes a separate one which
made configuration management tough.
B. Disadvantages
The main disadvantage of moving towards an SDN
solution is undoubtedly the huge investment involved in the
implementation of such a project. SDN-capable equipment
is tremendously costly compared to a conventional network
offering almost no backward compatibility with tiered
networks. This means that implementing and deploying an
SDN solution involve full infrastructure refresh rather than a
phased hardware inventory refresh and is definitely a big
discouragement for enterprises willing to move towards
SDN.
Furthermore, current SDN solutions offer very limited if
no multi-vendor solution compatibility which points back to
the drawback of high initial cost since the whole network
would need to be harmonized to a single vendor network to
optimize the SDN solution at most. Relative to conventional
hierarchical networks, multi-vendor compatibility is not an
issue in terms of operation of a solution, even though this
comes into play when dealing with unified network
management or synchronized security.
V. CHALLENGES AND ISSUES
A missing highlight in today’s current publications on
SDN implementations is the lack of an implementation plan
suited for each different enterprise network or data center
topology. No significant information is available in the
approach to be adopted towards moving to SDN nor the
phased-migration approach. Usually enterprise / data center
networks are multi-vendor based as a single vendor does not
cater the whole integrity of the solution or due to price
constraints several vendor equipment were used.
A. Choosing the SDN solution
The first challenge that such an enterprise would face is
to choose an SDN solution which is best suited to adapt to
the current environment which in turn means choosing the
vendor (Cisco currently occupies a market share of almost
53.4% in switching solutions which is why we have focused
on a Cisco-based switched and routed network [13].) In this
case, it is believed that the trend to continue with Cisco
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on November 18,2023 at 18:14:24 UTC from IEEE Xplore. Restrictions apply.
solutions might still prevail. Under such circumstances,
Cisco ACI fabric is a good option for data center networks
to cater for infrastructures for a Cisco-based infrastructure.
However, if the same network includes part of a campus
network, the Cisco SD-Access solution such as Cisco DNA
Center is highly recommended as well. The SDN controller
for the data center infrastructure to control the ACI fabric is
the Cisco APIC whilst the SDN controller for campus
network traffic is the Cisco DNA center solution. The
advantage with a Cisco Software Defined Data Center
architecture is that the Cisco ACI solution can cater for the
east-west and northbound traffic offering firewalling
features with the integration of the Cisco Firepower with the
Cisco ACI fabric whereby the Cisco APIC controller would
be responsible for the whole management while integrating
security [14].
However, if the user has a highly virtualized data center
environment, considering the fact that VMware holds the
largest market share [15], this opens up several solutions
which are best fit for VMware infrastructures. A good
option would be to move towards VMware NSX solution
which is optimal of course given it is from VMware itself.
However, VMware NSX is capable of controlling only
server traffic among virtual machines or hypervisor hosts
while offering limited resources in terms of traditional
routing, switching and security among other network
appliances which do not form part of the virtualized
environment such as routers and switches. This can be
remediated by deploying Cisco ACI fabric in tandem with
VMware NSX. In this solution, the Cisco ACI acts as the
underlay network and NSX works atop the fabric as an
overlay network but this still involves to some extent two
separate control/ management planes and the price of two
separate infrastructures.
B. Security for the solution
Security is a primordial aspect not to be missed when
sizing any network solution. SDN security solutions consist
of Edge Firewalling, Intra-zone firewalling, user access
control amongst others. Again, several vendors come into
play with the main players being Cisco, Fortinet when it
comes to SDN [16]. Cisco ACI solution integrates security
features in all the Software Defined Solutions namely Cisco
ACI which is compatible with Firepower firewalling
solutions, Cisco SD-Access and Cisco SD-WAN as well as
offering an embedded security control mechanism within
the SDN controller at the fabric layer itself.
Fortinet, however covers a niche market since its
presence in the SDN market focuses on the security aspect
and its integration within an SDN solution while it however
provides security interoperability with both major SDN
solutions: Cisco ACI and VMware NSX. This also means
that to some extent two control planes are involved- one for
the network fabric and one for the firewalling side. The
same approach is brought by CheckPoint Technologies, Palo
Alto Networks and others to offer security for both ACI and
NSX network fabrics. [17]
 C. Inter-operability
As highlighted throughout this paper, SDN vendor
interoperability is one of the significant drawback of moving
towards any SDN solution. Currently, there exist limited
compatible solutions which can easily integrate seamlessly
with minimal overhead among multiple vendor networks.
Even though security is provided by several firewalling
vendors, it still does not provide a single management
platform for the whole network unless a single- vendor full-
fledged solution is opted for. Several vendors have joined
the Open Networking Foundation (ONF) with a view to
provide a consortium to move towards an open SDN
solution such as Dell and Juniper as partners and Cisco as
innovator, however interoperability among different vendor
solutions is an issue due to limited resources or use cases of
a multi-vendor deployment. As at date, the only vendor
integration can be done by major modifications of each of
the available APIs for a vendor to allow integration but
again not to the maximum extent to provide a synchronized
architecture. To summarize, among the several SDN
vendors, there exist very limited inter-operability feature as
at date.
D. Budget constraints
Several theories prevail regarding the budgetary
constraints of an SDN implementation project. Gartner
research claims that moving towards SDN will provide
savings of 30 – 70% in terms of CAPEX and over 30% in
terms of OPEX. [18] At the same time, a report by Garland
Technology claims that major expenses in an SDN solution
are in Ensuring network security, Dynamic provisioning and
Automation and the lack of expertise in the SDN domain
[19]. The main issue comes to the fact that an SDN solution
requires a full hardware refresh at one go and phase
migration is not possible as such where a phased migration
would definitely reduce the huge one-time investment. In
addition, currently there is no vendor solution which can
cater for a full network infrastructure entirely maintained by
a single controller and fabric which in turn means that more
than one SDN solution would need to be adopted implying
the costs for at least two solutions. Another significant
player in the SDN’s price is the sizing of the solution in
itself and the approach vendors bring. For example, addition
of the SDN controllers means additional hardware cost by
default and being a strategic part of the infrastructure
undeniably means that they should be redundant and always
available as a means of processing and redundancy an in
turn, this means an additional overhead in the budget to
cater for several controllers together with their licenses [8]
VI. RECOMMENDATIONS AND BEST PRACTICES
Currently even though there exist several vendors
proposing SDN solutions, there is still no single solution
that can cater for the whole network demands of an
enterprise or data center. As such, a compromise needs to
be done while opting for an SDN solution in terms of which
part of the network infrastructure would need software-
defined automation while other parts could be considered at
a later stage. For example, if a topology consists of both
data center and campus network topology, it is vital to
consider about current equipment scalability, lifetime and
capacity to understand whether to automate the data center
Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on November 18,2023 at 18:14:24 UTC from IEEE Xplore. Restrictions apply.
infrastructure rather than the campus topology or vice versa.
Similarly, it is a recommendation to choose a vendor that
makes up most of the expected network infrastructure to
cater and offer maximum operability for the single vendor
solution. The major pint of concern is definitely a trade-off
between budgetary constraints and technological
advancement which means that the solution should be well
calculated in terms of CAPEX, OPEX, TCO and ROI over
5-7 years at least compared to a conventional solution via
phased upgrade. Similarly, it is recommended for new
networks to consider opting the SDN solution itself as it
represents a lower TCO over years [18]. The
recommendation for an existing data center infrastructure
with a conventional network would be to perform a phased
migration by initially moving towards a hardware refresh
which are SDN capable but can also support conventional
protocols. Once the switching and routing has been
refreshed over a few years, the SDN controllers can
thereafter be included to automate the processes. This
approach is currently already brought by Cisco ACI with
Nexus Spine-Leaf switches and even Cisco SD-Access with
SD-access ready switches and routers [8] [12].
On the other hand, there are SDN solutions such as the
SD-WAN which are already available and offer the service
at almost the same cost of a hardware refresh while offering
several advantages such as compression, high uptime,
intelligent bandwidth management and security amongst
others.
VII. CONCLUSION
In this paper, key issues and challenges related to SDN
have been highlighted, particularly from vendors and
industries perspective. Most SDN vendors adopts
proprietary standards rather than open standards though still
on the streamline, which at some extents confines the SDN
controller functionalities, resulting interoperability issues
between competitors, limiting users to a single vendor
solution. This in turns causes an adverse effect to firm
decision-makers who intend to migrate, whether for “Go” or
“No-Go” decision toward SDN solutions. Subsequently, this
involves full infrastructure replacement as legacy networks
are not SDN compatible and also does not provide backward
compatibility with tiered networks. At present, there exist
very limited solutions to an open SDN architecture while
those offering the highly-featured solutions are vendor-
specific. It is a trade-off to be done for companies whether
to migrate towards an SDN solution gradually or perform a
full network refresh. At the same time, it is recommended
that new Data Center Infrastructure opts a full SDN solution
to minimize the TCO as compared to a traditional tiered
network. Consequently, for firms opting for a single vendor
solution it is worth capitalizing on a proprietary based SDN,
alternatively, it is better for firms with multi-vendor
solutions worth waiting for the open standard SDN solutions
prior investing.
REFERENCES
[1] G. A. A. Santana, “VMware NSX Network Virtualization
Fundamentals,” vmware Press, Palo Alto , 2017.
[2] M. Marden, “IDC Business Value Brief : Cisco ACI,” International
Data Corporation, Framingham, 2014.
 [3] Fortinet, “The Fortinet SDN Security Framework,” Fortinet Inc., Results Bode Well for Year Ahead, International Data Corporation,
Sunnyvale, 2016. 2018.
[4] A. Lerner, “Data Center Networking Magic Quadrant 2018,” Gartner [14] Cisco, “Cisco Firepower Threat Defense Quick Start Guide for APIC
Inc, 2018. Integration, 1.0.2,” 6 December 2017. [Online]. Available:
[5] Gartner, “Gartner Identifies the Top 10 Strategic Technology Trends https://www.cisco.com/c/en/us/td/docs/security/firepower/APIC/quick
for 2014,” Gartner Inc., Orlando, 2013. -start/guide/ftd-apic-qsg-102/ftd-apic-qsg-102_chapter_00.html.
[Accessed 10 November 2018].
[6] SDXCentral, “What is NFV – Network Functions Virtualization –
Definition?,” 15 November 2018. [Online]. Available: [15] Infotech Reseach Group Inc, “Vendor Landscape: Server
https://www.sdxcentral.com/nfv/definitions/whats-network-functions- Virtualization,” 2013. [Online]. Available:
virtualization-nfv/. https://www.citrix.com/content/dam/citrix/en_us/documents/products-
solutions/vendor-landscape-server-virtualization.pdf. [Accessed 10
[7] G. Danilo Ciscato, “Magic Quadrant for Data Center Networking,” November 2018].
Gartner, Orlando, 2017.
[16] J. D. R. K. Adam Hils, “Magic Quadrant for Enterprise Network
[8] Cisco, “Cisco Application Policy Infrastructure Controller Data
Firewalls,” 4 October 2018. [Online]. Available:
Sheet,” Cisco Inc, San Francisco, 2018.
https://www.gartner.com/doc/reprints?id=1-
[9] Globe Newswire, “VMware Named a Leader in 2018 Magic Quadrant 5J7ZPYL&ct=181008&st=sb&elqTrackId=23f70889e9664194997cb
for Hyperconverged Infrastructure,” Globe Newswire, Palo Alto, 4534889f383&elq=b691379800be48c89c2d0dbf1882846c&elqaid=1
2018. 2239&elqat=1&elqCampaignId=. [Accessed 2018 November 15].
[10] Open Networking Foundation, “Open Networking Foundation Stragic [17] Palto Alto Networks, “VM-Series 8.0 Deployment Guide,” Palto Alto
Plan,” ONF, Menlo Park, 2018. Networks Inc., Palo Alto, 2018.
[11] C. C. A. L. M. T. Joe Skorupa, “Gartner 2018 Magic Quadrant for [18] KEMP, “The Economics of SDN,” 2018. [Online]. Available:
WAN Edge Infrastructure,” Gartner, Orlando, 2018. https://kempsdn.com/sdn-for-adc/the-economics-of-network-sdn/.
[12] Cisco, “Cisco Software-Defined Access - Introducing an entirely new [Accessed 15 November 2018].
era in networking,” Cisco, San Francisco, 2018. [19] C. Bihary, “Unveiling The True Cost Of Software-Defined
[13] P. J. M. S. Rohit Mehra, IDC's Worldwide Quarterly Ethernet Switch Networking,” 2 November 2015. [Online]. Available:
and Router Trackers Show Marked Improvement for Q1 2018; https://www.garlandtechnology.com/blog/unveiling-the-true-cost-of-
software-defined-networking. [Accessed 15 November 2018].

Authorized licensed use limited to: NATIONAL INSTITUTE OF TECHNOLOGY TIRUCHIRAPALLI. Downloaded on November 18,2023 at 18:14:24 UTC from IEEE Xplore. Restrictions apply.