In order to understand software defined networks, we need to understand the various planes involved in networking.
All the activities involving as well as resulting from data packets sent by the end user belong to this plane. This includes:
- Forwarding of packets
- Segmentation and reassembly of data
- Replication of packets for multicasting
All activities necessary to perform data plane activities but do not involve end user data packets belong to this plane. In other words, this is the brain of the network. The activities of the control plane include:
- Making routing tables
- Setting packet handling policies
In a traditional network, each switch has its own data plane as well as control plane. The control plane of various switches exchange topology information and hence construct a forwarding table which decides where an incoming data packet has to be forwarded via the data plane.
Software defined networking (SDN) is an approach via which we take the control plane away from the switch and assign it to a centralised unit called the SDN controller. Hence, a network administrator can shape traffic via a centralised console without having to touch the individual switches. The data plane still resides in the switch and when a packet enters a switch, its forwarding activity is decided based on the entries of flow tables, which are pre-assigned by the controller. A flow table consists of match fields (like input port number and packet header) and instructions. The packet is first matched against the match fields of the flow table entries.
Then the instructions of the corresponding flow entry are executed. The instructions can be forwarding the packet via one or multiple ports, dropping the packet or adding headers to the packet. If a packet doesn’t find a corresponding match in the flow table, the switch queries the controller which sends a new flow entry to the switch. The switch forwards or drops the packet based on this flow entry.
A typical SDN architecture consists of three layers.
- Application layer:
It contains the typical network applications like intrusion detection, firewall, and load balancing
- Control layer:
It consists of the SDN controller which acts as the brain of the network. It also allows hardware abstraction to the applications written on top of it.
- Infrastructure layer:
This consists of physical switches which forms the data plane and carries out actual movement of data packets.
The layers communicate via a set of interfaces called the northbound APIs(between application and control layer) and southbound APIs(between control and infrastructure layer).
Advantages of SDN:
- Network is programmable hence can easily be modified via the controller rather than individual switches.
- Switch hardware becomes cheaper since each switch only needs a data plane.
- Hardware is abstracted, hence applications can be written on top of controller independent of switch vendor.
- Provides better security since the controller can monitor traffic and deploy security policies. For example, if the controller detects suspicious activity in network traffic, it can reroute or drop the packets.
Disadvantages of SDN:
The central dependency of the network means single point of failure, i.e. if the controller gets corrupted, the entire network will be affected.