Software-defined networking (SDN) is networking, so it must connect things, right?
Yes, but SDN doesn’t connect elements by routing IP packets. Counter to many rumors, IP routing is still very much a part of the SDN equation. IP routing connects point A in the network with point B, hop by hop, and it scales, doing so by constantly propagating structured addressing information (subnets) through network links, capturing knowledge about the link topology.
But what if point B is not a point? What if it is a network function, content, or a service? And what if we want the network to pick the best, most available (elastically, dynamically, etc.) point B, one that fits A the best at this very moment? Subnet routing cannot figure these types of abstracted coordinates.
Until quite recently, IP routing was the most scalable thing around—far more scalable then circuit switching, or any client-server software control structure we could think of. So when it came to the above requirements, we had to just get by, perhaps with the help of policy routes, DPI and DNS tricks.
But that’s not the case anymore. From the requirements side, resource mobility, elasticity and abstraction become the norm rather than exception. From the industry abilities side, based on IP networking, incredibly scalable software lookup technologies evolved for Internet applications. They can now be used to connect identities, content and functions, and do so dynamically, elastically, and with personalized virtualization of applications and network functions.
As a simple example, we can think of the service provider network access control list (ACL)—today an extra burden of configuration on IP interfaces, susceptible to errors and broken by any entity movement or network topology change. Using SDN technology and scalable global software lookup, access control becomes a policy record, like an electronic medical record that follows identities around.
Building NFV Graphs
A more sophisticated network functions virtualization (NFV) example is the virtualization of the mega evolved packet core (EPC) and IP multimedia subsystem (IMS) core functional boxes for subscriber mobility or voice-over-IP. The trend is to unbundle such “big” functional network junction form-factors in favor of micro virtual machines and to do so by capacity and features. These micro components can be assembled dynamically by SDN connectivity. This means SDN steering and mapping the right flows, to the right NFV virtual machine, at the right sequence, in what is known as the NVF Forwarding Graph (NFV-FG). NFV-FG chains, balances, functions and protects the consistent long-lived states created in them.
However, there are two notions to keep in mind about these hot new networking software technologies:
1. Software-defined lookups can only scale as an overlay to an IP underlay. This means they cannot route flows hop-by-hop instead of IP without introducing exponential complexity. They must also use some type of distributed hash or directory to scale the number of lookups per second, distributed by IP routing. This aspect of SDN control makes IETF standards work on IP overlays and mapping underlays such as LISP, VXLAN and NVO3 key to the scale of SDN technology.
2. Software-defined lookup decisions are global and costly and therefore cannot be applied per packet. They must be applied per flow or network conversation. This is key for an efficient lookup-to-packets transaction ratio, for reasonable footprint of SDN gear, and for clean separation of technology disciples and suppliers. This separation makes the Open Networking Foundation (ONF) OpenFlow-related work in standard bodies and the flow instruction set defined by switch NIC vendors also key for the success of SDN technology. The term SDN switching chip is not an oxymoron.
These two points define the key demarcations that will make SDN robust, scalable, highly functional, and cost-effective as a new programmable fabric of connectivity for users, network functions, content, and services. Separating control from forwarding using OpenFlow and overlay separation of identities from routing locations enable vendors and service providers to embrace SDN and to succeed, as demonstrated by announced, large-scale, real-life SDN deployments in fixed-mobile carrier functions.