SDN promises revolutionary benefits, but watch out for the traffic visibility challenge
- 04 January, 2013 22:03
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
SDN represents virtualization's evolutionary step from the server to networks. It is an emerging architecture that separates the control plane from the data plane in network switches and routers. SDN uses dynamic UDP (User Datagram Protocol) tunnels that are very similar to GRE (Generic Routing Encapsulation) tunnels, except that they can be turned on and off dynamically. SDN can be contrasted with traditional networks in which the control and data planes are jointly implemented.
TECHNOLOGIES TO WATCH IN 2013: Cisco products, more maturity for SDNs
The big advantage of SDN is that it lets you rapidly and dynamically carve up your network as you see fit. Why does that matter? Just picture today's typical programmer who thinks he's working on a development system. But unbeknownst to him, a faulty configuration has him actually working on a live production system. One simple typo could devastate the production system -- and therefore the entire business. SDN can solve this problem. The programmer can create a development system isolated in the sandbox, and then in two weeks instantly convert it to a production system.
Sounds abstract? Lets explore an analogy. When I drive my car from San Francisco to Los Angeles I take highway I-5 South -- a public road open to everyone. That represents today's network. With SDN, it's as if an engineer could quickly and inexpensively create private on-ramps, highways and exit lanes for each individual driver. And the engineer can authorize only some to get on and off. You can imagine the driving pleasure and efficiency with that type of road travel system. To do the equivalent in a traditional network would immediately become a cost-prohibitive nightmare.
What you lose: visibility
The only major drawback to SDN is you lose all visibility into your network traffic, making troubleshooting nearly impossible. As an example, imagine your users complaining about slow access to a database. Prior to SDN, the network team could quickly spot, for example, that a backup was slowing the network. The solution would be to simply reschedule it to after hours.
Unfortunately with SDN, you can see a tunnel source and a tunnel endpoint with UDP traffic, but crucially you cannot see who is using them. You cannot know if the culprit is the replication process, the general ledger, the email system or something else. The true top talker is shielded from view by the UDP tunnels, which means that when traffic slows and users complain, you can't readily identify where the problem lies in the network. With the loss of visibility, troubleshooting is hindered and a delay in resolution could be quite detrimental to the business.
What can you can do to stay ahead of SDN problems
Network engineers need to know about such problems, plan for them and have a tool to address them. Fortunately, some network performance management solutions let you know how packets are physically flying around the network and the logic behind the traffic. They can provide the best of both worlds as you get to see the physical network and peek inside the encapsulated SDN tunnels.
With insight into interactions among various virtual machines on each physical host, you can monitor all application traffic traversing the virtual switch, providing real-time and historical visibility into virtualized and private cloud environments. And once the packet and flow data is captured, it can be analyzed to detect end-user experience issues, TCP errors (retransmits, resets), server delay, top talking VMs, utilization and more. This is nirvana for the network manager who is now able to identify problems in the virtual network in a familiar fashion as he does in the physical network.
Love it or hate it, SDN is coming to networks everywhere, so network engineers need to determine where and how best to use the technology as well as consider how to address the network visibility challenge it imposes.
Read more about lan and wan in Network World's LAN & WAN section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- NBN begins FTTB trials in Melbourne
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
Cost of a Privacy Act breach could extend to ongoing audits: legal expert
If you haven't retired Windows XP and haven't been fired yet, get busy
Turnbull asks how the NBN got that way
Turnbull asks how the NBN got that way
Vodafone launches smartphone app for encrypted calls