SDN promises revolutionary benefits, but watch out for the traffic visibility challenge

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Ever since VMware bought Nicira last July the term software-defined networking (SDN) has taken off, with players like Cisco, Juniper, VMware and even HP and IBM jumping on the bandwagon.

SDN represents virtualization's evolutionary step from the server to networks. It is an emerging architecture that separates the control plane from the data plane in network switches and routers. SDN uses dynamic UDP (User Datagram Protocol) tunnels that are very similar to GRE (Generic Routing Encapsulation) tunnels, except that they can be turned on and off dynamically. SDN can be contrasted with traditional networks in which the control and data planes are jointly implemented.

TECHNOLOGIES TO WATCH IN 2013: Cisco products, more maturity for SDNs

The big advantage of SDN is that it lets you rapidly and dynamically carve up your network as you see fit. Why does that matter? Just picture today's typical programmer who thinks he's working on a development system. But unbeknownst to him, a faulty configuration has him actually working on a live production system. One simple typo could devastate the production system -- and therefore the entire business. SDN can solve this problem. The programmer can create a development system isolated in the sandbox, and then in two weeks instantly convert it to a production system.

Sounds abstract? Lets explore an analogy. When I drive my car from San Francisco to Los Angeles I take highway I-5 South -- a public road open to everyone. That represents today's network. With SDN, it's as if an engineer could quickly and inexpensively create private on-ramps, highways and exit lanes for each individual driver. And the engineer can authorize only some to get on and off. You can imagine the driving pleasure and efficiency with that type of road travel system. To do the equivalent in a traditional network would immediately become a cost-prohibitive nightmare.

What you lose: visibility

The only major drawback to SDN is you lose all visibility into your network traffic, making troubleshooting nearly impossible. As an example, imagine your users complaining about slow access to a database. Prior to SDN, the network team could quickly spot, for example, that a backup was slowing the network. The solution would be to simply reschedule it to after hours.

Unfortunately with SDN, you can see a tunnel source and a tunnel endpoint with UDP traffic, but crucially you cannot see who is using them. You cannot know if the culprit is the replication process, the general ledger, the email system or something else. The true top talker is shielded from view by the UDP tunnels, which means that when traffic slows and users complain, you can't readily identify where the problem lies in the network. With the loss of visibility, troubleshooting is hindered and a delay in resolution could be quite detrimental to the business.

What can you can do to stay ahead of SDN problems

Network engineers need to know about such problems, plan for them and have a tool to address them. Fortunately, some network performance management solutions let you know how packets are physically flying around the network and the logic behind the traffic. They can provide the best of both worlds as you get to see the physical network and peek inside the encapsulated SDN tunnels.

With insight into interactions among various virtual machines on each physical host, you can monitor all application traffic traversing the virtual switch, providing real-time and historical visibility into virtualized and private cloud environments. And once the packet and flow data is captured, it can be analyzed to detect end-user experience issues, TCP errors (retransmits, resets), server delay, top talking VMs, utilization and more. This is nirvana for the network manager who is now able to identify problems in the virtual network in a familiar fashion as he does in the physical network.

Love it or hate it, SDN is coming to networks everywhere, so network engineers need to determine where and how best to use the technology as well as consider how to address the network visibility challenge it imposes.

Join the discussion
Be the first to comment on this article. Our Commenting Policies