1.

Centralized Control
An SDN controller is the application that acts as a strategic
control point in a software-defined network. Essentially, it is
the “brains” of the network.

Software-defined networking (SDN) is the separation of a

network’s control functions from its forwarding functions.
When SDN is used in conjunction with network functions
virtualization (NFV), the two create virtual network
overlays that exist on top of the physical network
infrastructure. SDN architecture relies on controllers to allow
network administrators to manage the network.

An SDN controller manages flow control to the

switches/routers “below” (via southbound APIs) and the
applications and business logic “above” (via northbound APIs)
to deploy intelligent networks. They consolidate and mediate
between different controller domains using common
application interfaces.

Two of the most well-known protocols used by SDN controllers

to communicate with the switches/routers are OpenFlow and
open virtual switch database (OVSDB). Other controller
protocols are being currently developed, many of them open-
standard and collaborative. For example, the Internet
Engineering Task Force (IETF) working group — the Interface
to the Routing System (i2rs) — developed an SDN standard
that enables a controller to leverage proven, traditional
protocols, such as OSPF, MPLS, BGP, and IS-IS, across a
variety of SDN platforms.

The type of protocols supported can influence the overall

architecture of the network — for example, while OpenFlow
attempts to completely centralize packet-forwarding
decisions, i2rs splits the decision making by leveraging
traditional routing protocols to execute distributed routing and
allowing applications to modify routing decisions.

OpenFlow
OpenFlow, an open source standard supported by many vendors, is the first
software defined networking (SDN) control protocol. It separates the control
plane (decision-making) from the forwarding plane (packet routing).

OpenFlow is a network control protocol. Network traffic does not go through

the OpenFlow protocol. Instead, OpenFlow sends the control signals that tell
the network switches how to route the network traffic.

SDN architecture enabled by OpenFlow separates the network into three distinguishable layers,
connected via northbound and southbound APIs.

In traditional network design, each switch would contain a routing table that it
used to decide how to route each packet. This routing table is largely static; it
would be updated by the administrator individually on each router.
In OpenFlow, an SDN controller is the control plane. The SDN controller
contains the logic and does the decision-making for how the network traffic
should flow between the switches. The SDN controller establishes a
connection to each switch to pass messages. This connection uses
Transmission Control Protocol (TCP) and is often encrypted with Transport
Layer Security (TLS). It uses port 6653 with earlier versions using 6633.

The controller sends commands to the OpenFlow switches, which handle the
network data. The OpenFlow commands change the switch's flow
routing table. The flow table is the OpenFlow equivalent of the routing
and MAC address forwarding tables. It contains all the instructions for how the
switch will handle network traffic.

The flow table contains many rows of flow entries which tell the switch how to
handle each packet. The flow entries can use each OSI layer of a packet,
including MAC address match, IP address match, protocol match or port
match. These rules can be multilevel and combined to create complex rules.
This level of flexibility allows each OpenFlow switch to act as a
basic firewall as well. Switches can forward packets that do not match any
rules to the SDN controller for the controller to inspect and create a new flow
rule for it.

Flow tables can be delivered proactively or reactively. In proactive delivery the

controller sends the flow table to all switches. In reactive mode the controller
only sends new flow entries when requested by the switch. This can help to
reduce the amount of data stored on each switch and improve performance.

The OpenFlow SDN controller can communicate with higher-level

applications. These higher-level applications contain the business logic and
can be configured more easily by a technician. This is then put on
a northbound interface API to the controller. The controller then makes the
flow rules.
 - Scalability
In hybrid SDN control, the scalability largely depends on performance of central SDN controller
and efficient mechanisms used for interoperability between legacy distributed control and
centralized SDN controller.

Security:
SDNs need efficient and powerful security mechanisms to avoid security vulnerabilities across the data,
control, and application planes. A number of securities mechanisms have been proposed for SDNs. A
security mechanism generally involves three phases, namely monitoring the network (this generates
extra traffic both at the control and data planes), detecting the security breach (this takes some time for
algorithm execution), and the recovery (once the attack is detected, this phase incurs both time delay
and traffic overhead by taking the proper counter measures against the detected attack).
The scalability of the existing security mechanisms is a big concern as the number of hosts, switches,
controllers, flows, and attackers increases. The existing approaches typically attempt to achieve the
scalability by improving the performance of an individual phase. For example, Fawcett et al. in
TENNISON: A distributed SDN framework for scalable network security in this SI reduce the traffic
overhead and the execution time of the monitoring phase. Similarly, the Athena approach [9] focuses on
avoiding security vulnerabilities in the data plane. The main open research challenge is to develop
holistic security approaches that improve the performance of all phases across all planes. These holistic
approaches should reduce the execution time and increase the accuracy for increasing numbers of
controllers and flows

Network Monitoring and Analytics

In an SDN environment, a central controller manages the network, while the forwarding
devices, such as switches and routers, handle the data plane. This separation allows for
more flexibility and control over how the network operates. Software-Defined Networking
(SDN) is a network architecture approach that enables the network to be intelligently and
centrally controlled, or 'programmed,' using software applications. This helps operators
manage the entire network consistently and holistically, regardless of the underlying
network technology.
The basic idea behind SDN network management is to separate the control plane from the data
plane, enabling the network to be managed in a more centralized and programmable way.
 In an SDN environment, a central controller manages the network, while the forwarding
devices, such as switches and routers, handle the data plane.
 This separation allows for more flexibility and control over how the network operates. Instead
of having to configure each piece of hardware in the network manually, the control plane can
be managed through software, which can be more efficient and scalable.
 The controller receives input from various devices on the network and uses that information
to make decisions about how data should be routed. This allows for more efficient traffic
management and can help prevent bottlenecks and network congestion.
  Because the control plane is separate from the data plane, it's possible to implement policies
and rules that apply to the entire network, rather than just individual devices. This can help
ensure consistent security and quality of service (QoS) across the entire network.

SDN architectures are often used in large-scale networks, such as data centers and cloud
computing environments, where managing network traffic can be a complex and time-consuming
task. By automating many of these processes through SDN monitoring software, SDN can help
reduce the workload on network administrators and improve overall network performance.

- Integration with Existing Systems

- APIs and Programmability

An API, or application programming interface, is a set of defined rules that enable different
applications to communicate with each other. It acts as an intermediary layer that processes data
transfers between systems, letting companies open their application data and functionality to
external third-party developers, business partners, and internal departments within their
companies.

The definitions and protocols within an API help business connect the many different
applications they use in day-to-day operations, which saves employees time and breaks down
silos that hinder collaboration and innovation. For developers, API documentation provides the
interface for communication between applications, simplifying application integration.

Types of APIs

Today most APIs are web APIs that expose an application's data and functionality over the
internet. Here are the four main types of web API:

 Open APIs are open-source application programming interfaces you can access with the
HTTP protocol. Also known as public APIs, they have defined API endpoints and request
and response formats.

 Partner APIs connect strategic business partners. Typically, developers access these
APIs in self-service mode through a public API developer portal. Still, they need to
complete an onboarding process and get login credentials to access partner APIs.

 Internal APIs remain hidden from external users. These private APIs aren't available for
users outside of the company and are instead intended to improve productivity and
communication across different internal development teams.

 Composite APIs combine multiple data or service APIs. They allow programmers to
access several endpoints in a single call. Composite APIs are useful in microservices
 architecture where performing a single task may require information from several
sources.

Separation of Control Plane and Data Plane

Decoupled architecture planes

A classic communication network architecture consists of three main
components:
 The Control Plane

refers to the network architecture component that defines the traffic

routing and network topology.

The control plane is an integral part of a network. It governs

everything related to forwarding data packets, or how data is
sent from a source to a destination. The control plane is
responsible for various functions and processes such as
routing table creation, maintenance, forwarding, establishing
network policies, managing routing protocols and creating the
network topology.
(These functions and processes are all part of the larger
concept of managing network configuration.)
The control plane utilizes several protocols such as

 OSPF
 RIP
 BGP

They enable the control plane to exchange routing details and

determine the optimal paths for directing network traffic.
Usually, the control plane is separated from the data plane,
allowing it to become more efficient and scalable.
Furthermore, there are distributed and centralized control
planes. Those centralized planes are managed by a central
controller responsible for making decisions and managing the
behavior of network devices

The Data Plane

is the network architecture layer that physically handles the traffic based
on the configurations supplied from the Control Plane.

The data plane is the part of networking that forwards network

packets between source and destination devices.
As simple analogy to the data and control planes, think of
these in a transportation sense:

The control plane works as the traffic controller that controls

and routes traffic.

Meanwhile, the data plane acts as the vehicle that transports

passengers to the correct destination. (Hence why the data
plane is also called the ‘forwarding plane.’)

The data plane performs tasks like receiving and inspecting

the packets, forwarding them to the correct destination,
queuing network packets during network congestion, and
ensuring the safe delivery of packets to the correct
destination. Similar to the control plane, the data plane also
uses protocols such as Internet Protocol (IP) and Ethernet to
carry out its functions. The data plane operates at a lower
abstraction level than the control plane — forwarding packets
based on the routing configured by the control plane.

The Management Plane

takes care of the wider network configuration, monitoring and

management processes across all layers of the network stack.

- Programmability and Automation

he promise of software-defined networking (SDN) is to create
an infrastructure that is much more agile and flexible through
‘SDN automation’ to create programmable networks.

Through SDN automation and SDN programmability, SDN

programming should drive network automation and
orchestration that better supports the ever-changing demands
of users, as well as the devices and data accessing the
network. One of the ways SDN delivers this agility and
flexibility is by making the network more automatic and
programmable, however, that can mean different things to
different organizations.

Three use cases defining need for SDN

programmability and SDN programming:
 SDN Programming to adjust network flows – This use
case focuses on protocols — such as OpenFlow — that
enable SDN Controllers to interact with routers and
switches in the forwarding plane so adjustments can be
made as to how the traffic flows through SDN networks.
This helps SDN networks automatically respond to
changing demands.
 SDN Programmability enables DevOps to automatically
program the network to support applications – This use
case is interested in concerned with the coordination,
automation, and exception handling of a network to,
better align with the needs of the applications running on
it. Typically for this use case, network operators are
looking to extend network capabilities to automate the
configuration of the routers and switches in a scalable
manner to support rapid deployment of a large number of
new applications, services, and infrastructure to quickly
meet an organization’s requirements as it changes. Nick
Lippis, co-founder of the Open Networking Users Group
(ONUG) points out “Since we are moving into a model of
automated workload creation, enterprises want to do
what you can do in Amazon [Web Services] – put up a
workload and configure storage and network [and] the
whole cloud infrastructure. But they can’t because…they
need a way in which a dependency map gets created
automatically.” There needs to be a language, such
as Javascript Object Notation (JSON) or Extensible
Messaging and Presence Protocol (XMPP) that can be
 shared to generate a ‘cross-domain’ response to these
needs.
 SDN programmability enables automated networking
via SDN automation – This use case focuses on SDN
networks doing what they are supposed to do without
interference from a network administrator. When
something changes, the network should figure out how to
address the change automatically.

Much of the SDN automation and programmability of the

network relies on the northbound and southbound open
application programmable interfaces (APIs) communications
between the SDN Controller and the applications and
switches/routers, respectively. Regardless of which camp an
organization fits into, additional programmability of the
network can enable better bandwidth utilization, improved
application performance, and maximum operational efficiency.

- Network Virtualization
Network virtualization (NV) transfers network resources from hardware to software. Network
virtualization can integrate many physical networks into a single virtual, software-based
network. Or it can divide a single physical network into separate, independent virtual networks.
Network virtualization software lets network managers move virtual machines between domains.

They can do this without having to reconfigure the network. The programme generates a network
overlay. This overlay allows many virtual network layers. These layers run on top of a single
physical network fabric.

Network virtualization is altering the rules for the delivery of services. It does so from the
software-defined data centre to the cloud and all the way to the periphery. This method
transforms networks from rigid and inefficient to dynamic and agile.

Modern networks need to keep up with the need for cloud-hosted, distributed apps. Also, they
need to keep up with the growing threats posed by hackers. This must take place while providing
the speed and agility required for a faster time to market the applications. Network virtualization
eliminates the need to spend extra time in setting up the infrastructure. The user can launch apps
and modify them in minutes, resulting in a quick time to value.
 - Process of Network Virtualization
Network virtualization decouples network services. It does this from the underlying hardware. It
enables virtual network deployment across an entire network. Network virtualization enables
creating provisioning and managing networks. This takes place in software while retaining the
underlying physical network. This underlying physical network acts as the packet-forwarding
backplane.

Switching, routing, firewall, load balance, VPN, and other physical network resources get
pooled. They are given as software. It requires Internet Protocol (IP) packet forwarding from the
underlying physical network.

In software, network and security services need deployment to a virtual layer. The virtual layer
can also be understood as hypervisors in the data centre. These services are then attached to
particular workloads. These workloads can be such as your virtual machines or containers.

They are in line with networking & security policies set for each linked application. As a
workload transfers to a new host, network services and security policies follow. More workloads
develop to grow an application. This results in the application of relevant policies to these new
workloads. Thus resulting in increased policy consistency and network agility