SDN represents virtualization's evolutionary step from the server to networks. It is an emerging architecture that separates the control plane from the data plane in network switches and routers. SDN uses dynamic UDP (User Datagram Protocol) tunnels that are very similar to GRE (Generic Routing Encapsulation) tunnels, except that they can be turned on and off dynamically. SDN can be contrasted with traditional networks in which the control and data planes are jointly implemented.
The big advantage of SDN is that it lets you rapidly and dynamically carve up your network as you see fit. Why does that matter? Just picture today's typical programmer who thinks he's working on a development system. But unbeknownst to him, a faulty configuration has him actually working on a live production system. One simple typo could devastate the production system -- and therefore the entire business. SDN can solve this problem. The programmer can create a development system isolated in the sandbox, and then in two weeks instantly convert it to a production system.
Sounds abstract? Lets explore an analogy. When I drive my car from San Francisco to Los Angeles I take highway I-5 South -- a public road open to everyone. That represents today's network. With SDN, it's as if an engineer could quickly and inexpensively create private on-ramps, highways and exit lanes for each individual driver. And the engineer can authorize only some to get on and off. You can imagine the driving pleasure and efficiency with that type of road travel system. To do the equivalent in a traditional network would immediately become a cost-prohibitive nightmare.
What you lose: visibility
The only major drawback to SDN is you lose all visibility into your network traffic, making troubleshooting nearly impossible. As an example, imagine your users complaining about slow access to a database. Prior to SDN, the network team could quickly spot, for example, that a backup was slowing the network. The solution would be to simply reschedule it to after hours.
Unfortunately with SDN, you can see a tunnel source and a tunnel endpoint with UDP traffic, but crucially you cannot see who is using them. You cannot know if the culprit is the replication process, the general ledger, the email system or something else. The true top talker is shielded from view by the UDP tunnels, which means that when traffic slows and users complain, you can't readily identify where the problem lies in the network. With the loss of visibility, troubleshooting is hindered and a delay in resolution could be quite detrimental to the business.
Sign up for Computerworld eNewsletters.