While core functions differ across networking, a very basic explanation of what Software Defined Networking (SDN) does includes the separation of the control and forwarding planes of a network and centralization of control into an SDN controller that provides programming instructions to the switching infrastructure. This effectively decouples the network from the underlying hardware and allows the network to better integrate with and support virtualized data centers.
Network Functions Virtualization (NFV) encompasses precisely what its name implies and involves the virtualization of network functions such as application delivery controllers (ADCs) and web application firewalls (WAFs). This implementation of network functions in software removes the need for these middle boxes to be physical, proprietary pieces of hardware, as they traditionally have been, and allows the network to more fully benefit from the virtualization technology that has now been leveraged by the compute side of the data center for some time. NFV makes ADC and WAF virtualized functions more easily accessible to the rest of the virtual infrastructure and provides the framework for programmatic service chaining of multiple network services. By placing these virtual appliances in a hypervisor environment, you create a centrally programmable infrastructure that reduces cost (because you don’t have to maintain and support scores of physical appliances) and improves reliability (as misconfiguration and operator errors become smaller issues).
So, how do you determine whether or not implementation of NFV along with SDN makes sense for your business? While there is the promise that implementing SDN and NFV in concert could mean lower costs, easier management, and higher reliability, as with any IT infrastructure change, there is also an investment and risk that must be weighed in the balance with the potential benefits.
Capex, Reliability, and Management
The lower-cost part of the equation is clear when you consider that SDN and NFV reduce capex incurred and vendor lock-in to expensive and proprietary networking infrastructure. Additionally, by reducing this infrastructure, your data center environment becomes more centrally managed. Power and cooling costs go down, and potential failure risks are minimized.
Reliability is another key driver for moving toward virtualizing network functions and building the framework for a software-defined network. A reduced need to configure individual physical devices means a reduction in the number of potential sources of misconfiguration as well as the overhead associated with administering each individual device in the network separately.
However, something to keep in mind is that an SDN controller or orchestration plane either providing instruction sets to switches or configuring complex service chains does not have the capability to confirm the validity and soundness of what’s being programmed. It is still up to administrators to gather the appropriate business requirements, ensure that the correct actions are entered into the program, and monitor for anomalies.
The mitigating risk of misconfiguration value comes from reducing the number of physical network devices, and automating orchestration of commands. Instead of the network manager being required to make changes to dozens or even hundreds of appliances, each one multiplying the chance of a mistake and degradation, the manager needs only to invoke a few changes to the virtualized network infrastructure. In addition, most changes to the network functions are handled programmatically by applications residing on, or working with, the SDN controller, with no manual access required.
This reduced need for manual intervention into the network infrastructure also means that the requirement for network management is reduced. When most network infrastructure changes are made to virtualized infrastructure by the SDN controller, there’s less reason to require manual access for many routine functions.
SDN and NFV as Partners
While it’s clearly not a conceptual requirement to implement SDN and NFV together, the capabilities of both technologies complement one another and work well together in supporting a software-defined data center (SDDC) model. As an example, implementing the concepts of SDN without virtualizing network functions would tie the network to the world of hardware. This conflicts with the spirit of SDN, which has a focus of putting network intelligence in software. ADC-NFV integration with SDN adds significantly more intelligence to the datas tream so that the SDN controller can make not only faster decisions, but also way more informed decisions in terms of what pathways are optimal for the application.
With NFV, you can take advantage of emerging standards such as OpenFlow, which allows separation of packet forwarding and the routing decisions within the infrastructure, and in the process opens the communications chain inside of the platform to additional functions such as load balancing, edge security, or application delivery. Another benefit of the SDN-NFV combo is the ability to “service chain” all NFV services — for example, load balancing to web app security, or firewall to IDS — in a more easily programmatic and flexible way. This approach not only provides data compatible with the SDN controller but can also influence SDN decisions about the underlying network infrastructure. In each case, the NFV and SDN ecosystem can use best of breed applications for each function.
Another important factor to consider in the SDN-NFV better-together equation is what impact you can expect to your applications — will you see the same level of high availability and performance assurance as you do in a traditional data center if you implement SDN? Even with the advent of SDN, a need still exists for bridging the gap between the lower-network-layer information that an SDN controller has access to with the upper-layer, application-focused visibility that a middle box has. Since NFV services like ADCs are able to provide feedback on application health status, user access, and application instance performance, they are in a prime location to inform the SDN controller about metrics that would generally be out of view — resulting in better decision making.
While transitioning from a traditional network to one utilizing SDN and NFV technologies is no trivial task and may require a huge uplift and implementation, the flexibility that comes as a result of a SDN-NFV implementation helps to simplify operational maintenance and provides the framework for better automating the network to respond and steer traffic based on real time conditions. This also means that a migration to a fully virtualized environment with both SDN and NFV can be done incrementally. While the cutting edge brings technological and operational benefits, the bleeding edge of new technologies can be painful. By reducing implementation risk, improving efficiency, and lowering the barriers to success, using both SDN and NFV means that your data center can be efficient, cost effective and reliable, while also providing greater flexibility to drive hyper-performance at hyper-speed-to-market. In short, the complementary nature of SDN and NFV makes them perhaps two sides of the same valuable coin, and equally critical parts of a modern, efficient network.