Greg Ferro

Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

SDN Is Business, OpenFlow Is Technology

Many people don't understand the difference between OpenFlow and software-defined networking (SDN). This isn't surprising because the two technologies are closely related. However, they aren't interchangeable. OpenFlow is protocol that configures network switches using a process like an API. SDN is a term that describes providing programmable interfaces within a network infrastructure to enable a high degree of automation in provisioning network services. The SDN term is being abused by marketers who want to apply it to a wide range of technologies.

In fact, SDN can be explicitly defined. There are three architectural layers to an SDN network: the physical network, the SDN applications and the SDN controller. Let's look at each.

More Insights


More >>

White Papers

More >>


More >>

Physical Network. The lowest layer consists of the physical devices in your network that form the foundation of all IT infrastructure. We use the term "switch" because OpenFlow changes the way Ethernet switches work. For this article, you can also consider virtual switches part of the physical infrastructure.

SDN Applications. The most visible layer in an SDN design is the applications that deliver services, such as switch/network virtualization, firewalls and flow balancers. (Note that OpenFlow-based load balancers are called flow balancers. They aren't traditional load balancers because they can't read packet contents.) These applications are similar to or the same as those in use today where the software runs on dedicated hardware. Most of the coming innovation in networking will occur in SDN applications.

SDN Controller. The SDN controller is the middleware that serves as the linchpin of the entire architecture. The controller must integrate with all the physical and virtual devices in the network. The controller abstracts the physical network devices from the SDN software that works with those devices. There is a high degree of integration between the controller and network devices. In an OpenFlow environment, the controller will use the OpenFlow protocol and the NETCONF protocol to communicate with switches. (OpenFlow is the API for sending flow data to the switch, and NETCONF is the network configuration API).

SDN: Basic Architecture
SDN: Basic Architecture

In current SDN approaches, vendors provide applications and a controller in a single product. For example, Nicira/VMware packages its applications and controller into a single proprietary application stack. Cisco will package its controller into the OnePK product by embedding the controller in IOS software on the devices. I also expect Cisco to deliver a master controller in the near future. Big Switch Networks, which recently launched the commercial version of its SDN controller, offers two applications that run on the controller: Big Virtual Switch and Big Tap.

Clearly the controller is a key element in the network architecture. It must present APIs to the applications that represents usable functions, and it's here that the battle for SDN dominance will be fiercest among the vendors.

SDN APIs: The New Battleground

An SDN architecture has two distinct networking APIs: northbound and southbound. OpenFlow is a southbound API. OpenFlow describes an industry-standard API that configures the frame-forwarding silicon in an Ethernet switch and defines the flow path through a network. In addition, the Open Networking Foundation (ONF), the standards body overseeing the OpenFlow protocol, announced an API for device configuration called OF-CONFIG. OF-CONFIG uses the NETCONF XML data format to define the language.

Cisco's OnePK is also a southbound API. There is much discussion around whether OpenFlow is enough to meet all the needs of networking, especially with regards to migrating from a packet-based network to a flow-based network. There are unresolved issues that will hinder that migration, such as the need for interoperability with existing protocols such as STP and OSPF.

SDN: Basic Architecture
Northbound and Southbound APIs

The northbound API provides a mechanism in an SDN architecture to present services or applications to the business. Each application will develop a view of the flow tables for network devices and then send requests to the controller for distribution to the network devices.

For example, a virtual switching application would build a network graph/database of all points in the network of physical and virtual switches. In a multitenant Ethernet network, the app would develop a set of flow rules that emulate Ethernet VLANs while maintaining full isolation for each tenant's flows. The flow rules would consist of values based on ingress and egress ports, plus the source and destination MAC address.

Next page: API uncertainty

Page:  1 | 2  | Next Page »

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Next Gen Network Reports

Research and Reports

Network Computing: April 2013

TechWeb Careers