Software-defined networking (SDN) is a method of decoupling the software and algorithms that define the networking control plane from the underlying hardware that manages the forwarding plane.
SDN provides the industry methods to build, scale, and deploy significantly complex network architecture in a very flexible manner. Preceding all, this greatly reduces enterprise cost in network infrastructure since most of the services can run in the cloud.
This article is an excerpt from the book IoT and Edge Computing for Architects, Second Edition by Perry Lea – a completely revised and expanded edition that not only encompasses the entire spectrum of IoT solutions, from sensors to the cloud but also explores the latest advancements such as edge computing and modern sensor systems.
SDN is important for IoT deployments and should be considered when dealing with devices that must be segregated for security or performance reasons. For example, a mobile and moving edge system that is SDN capable can establish a secure cloud SDN host.
The edge system can move between different carriers and communication systems but always maintain a static IP address to the Internet.
The journal article “Software-Defined Networking: A Comprehensive Survey” by D. Kreutz et al. defines SDN as having four characteristics:
- The control plane is decoupled from the data plane. Data plane hardware becomes simple packet-forwarding devices.
- All forwarding decisions are flow-based rather than destination-based. A flow is a set of packets that match a criterion or filter. All packets in a flow are treated with the same forwarding and service policies. Flow programming allows for easy scaling and flexibility with virtual switches, firewalls, and middleware.
- The control logic is also known as the SDN controller. This software version of legacy hardware is capable of running on commodity hardware and cloud-based instances. Its purpose is to command and govern the simplified switching nodes. The reach from the SDN controller abstraction to the switching nodes is the southbound interface.
- Network application software can reside over the SDN controller through a northbound interface. This software can interact with and manipulate the data plane with services such as deep packet inspection, firewalls, and load balancers.
An SDN‘s infrastructure is similar to a traditional network since it utilizes similar hardware: switches, routers, and middleboxes. The principal difference, however, is that an SDN utilizes the fast server-class off-the-shelf computing power without complex and unique embedded control hardware.
These server platforms are usually in the cloud performing network services in software rather than custom ASICs.
The edge routers are essentially dumb without autonomous control. The SDN architecture separates the control plane (the logic and function control) and the data plane (that executes datapath decisions and forwards traffic). The data plane consists of routers and switches that have an association with an SDN controller.
Everything above the data plane forwarding hardware typically can reside in the cloud or on private data center hardware, as shown in the following figure:
The illustration shows simplified switching and forwarding nodes that reside on the data plane and marshal information along prescribed paths determined by an abstracted SDN controller that can live in a cloud instance. The SDN controller manages the control plane via a southbound interface to the forwarding nodes.
Network applications can reside on top of the SDN controller and manipulate the data plane with services such as threat monitoring and intrusion detection. These services typically require custom and unique hardware solutions to be deployed and managed by the customer.
A typical internetworking architecture will use a collection of managed hardware/software components that are single-purposed and contain embedded software/solutions. Often, these use no-commodity hardware and dedicated ASIC designs.
Typical functions include routing, managed switches, firewalls, deep packet inspection and intrusion detection, load balancers, and data analyzers. Such dedicated appliances need to be managed by the customer and staffed with trained network IT personnel to maintain and administer them.
These components may come from multiple vendors and require significantly different methods of management.
In this configuration, the data plane and control plane are unified. When the system needs to add or remove another node or set up a new data path, many of the dedicated systems need to be updated with new VLAN settings, QoS parameters, access control lists, static routes, and firewall pass-throughs.
This may be manageable when dealing with several thousand endpoints. However, when we scale to millions of nodes that are remote, moving and connecting/ disconnecting, such traditional technology regularly becomes untenable:
SDN Benefits for Mass IoT Deployments
An SDN model of networking should be considered for mass IoT deployments, especially when a customer needs to establish the provenance and security of a wide deployment of nodes. An architect should consider the following situations when using an SDN:
- Servers and data centers that IoT edge devices must communicate with can be thousands of miles away.
- The scale of IoT growth from millions of endpoints to billions of endpoints needs appropriate scaling technologies outside of the hub-and-spoke model of current Internet infrastructure.
There are numerous aspects of Software-defined networking that make it suitable for IoT deployments. However, there are three primary sides to SDN that play a crucial role:
This allows a customer or provider to sell services à la carte. Cloud network services such as firewalls, deep packet inspection, VPNs, authentication services, and policy brokers can be linked and used on a subscription basis. Some customers may want a full set of features, others may not choose any or may change their configuration routinely. Service chaining allows for significant flexibility in deployments.
Dynamic load management
An SDN enjoys the flexibility of cloud architecture, and by design it can scale resources dynamically depending on load. This type of flexibility is crucial for the IoT as architects need to plan for capacity and scale as the number of things grows exponentially. Only virtual networking in the cloud provides the ability to scale capacity when needed.
An example of this would be people-tracking at amusement parks and other venues. The number of people varies depending on the season, time of day, and weather. A dynamic network can adjust to the number of visitors without any change to the provider’s hardware.
This allows an operator to partition data bandwidth and usage to specified times and days. This is pertinent to IoT as many edge sensors only report data periodically or at a certain time of day. Sophisticated bandwidth sharing algorithms can be constructed to time slice capacity.
Later in the book (chapter 13) IoT and Edge Security, will explore Software-Defined Perimeters (SDPs) as another example of network function virtualization and how it can be used to create micro-segments and device isolation, which is critical for IoT security.
What more does the book explore?
In one of its chapters, IoT and Edge Computing for Architects, Second Edition sheds light on Software-Defined Perimeters (SDPs) as another example of network function virtualization and how it can be used to create micro-segments and device isolation, which is critical for IoT security.
In this article, we first looked at the situations where an architect should consider using SDNs. Once we covered the suitable conditions, we moved on to the three major aspects of SDN that make it essential and impactful for IoT deployments. Further, we came to know that there are other examples of network function virtualization that aspiring architects should explore.
About the Author
Perry Lea is a 30-year veteran technologist. He spent over 20 years at Hewlett-Packard as chief architect and distinguished technologist of the LaserJet business. He then led a team at Micron focusing on emerging compute using in-memory processing for machine learning and computer vision. At Cradlepoint, he pivoted the company into 5G and the IoT. He then co-founded Rumble, an industry leader in edge/IoT products. He is the principal architect for Microsoft’s Xbox business and works on emerging technologies and hyper scale game streaming, and has authored 40 patents, with 30 pending.