This presentation everything you need to know about SDN architectures including the following topics:
- 5 Essential Elements of SDN architectures
- 6 Business benefits of software-defined network solutions
- Why software-defined networking is the future of legacy data centers
**Originally published here: https://info.5nine.com/webinar-sdn-management-and-security-best-practices
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Simplifying SDN Networking Across Private and Public Clouds
1. www.5nine.com
Tips, Tricks and Proven Methodologies to Simplify
Software-Defined Networking (SDN)Across
Private and Public Clouds
2. 5nineUnified CloudManagement andSecurity Platform
We simplify, centralize and secure the Microsoft Cloud – public, private and hybrid – so both enterprise IT and Service
Provider customers can focus on accelerating their business.
Certified for Windows Server 2016, 2012 R2, 2012, Microsoft Hyper-V, Microsoft Azure
1,000+
Customers
100+
Countries
100K+
Cloud & Virtualization
Administrators
5M+
Virtual Machines Managed &
Protected
ReduceSDNCosts.Accelerate SDNTimelines.
3. Agenda
Software Defined Networking (SDN) 101
• What is SDN?
• Who’s Responsible for SDN?
• Why Choose SDN?
• Potential SDN Challenges
Best Practices for SDN Configuration
• Planning
• Implementation
SDN Management Made Easy (HINT: Monitoring)
• Traditional Network Management vs. SDN
• SDN Management Best Practices
3 SDN Misconfigurations You Don’t Want to Make
• Common SDN Threats
• Common SDN Security Mistakes
• SDN Security Best Practices
How 5nine Can Save You Thousands of Hours Configuring
and Managing SDN
• What Sets 5nine Apart for SDN
• 5nine Demonstration
Closing Comments and Next Steps
• Q&A
• Next Steps
• Amazon Gift Card Giveaways
4. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
5. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered
6. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered
Each appliance must be manually configured
or updated by an IT admin
Data plane carries out decisions made in the control
plane/console and forwards traffic
7. Traditional Networking Software Defined Networking
Functionality implemented through a
dedicated hardware appliance
Decouples hardware from software
(separates the control plane from the data plane)
Uses routers, switches, firewalls or
application controllers
Control plane determines were to send traffic and how
the network is administered
Each appliance must be manually configured
or updated by an IT admin
Data plane carries out decisions made in the control
plane/console and forwards traffic
100%
Centrally Managed
8. Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model
9. Storage Admin
Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model
10. Storage Admin
Who is Responsible for Network
Configuration?
Virtualization Admin
Hardware Defined Model
Network Admin
11. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Higher
ROI
12. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Higher
ROI
13. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Higher
ROI
14. Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Higher
ROI
Who is Responsible for Network
Configuration?
15. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Know how to interact with open standards and protocols such as BGP
Higher
ROI
16. Who is Responsible for Network
Configuration?
Virtualization Admin
Software Defined Model
Knows how to bring up servers and virtual machines
Knows how to bring in storage (which is essentially on the network now)
Know how to interact with physical hardware
Know how to interact with open standards and protocols such as BGP
Higher
ROI
17. Advantages of SDN
Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer
18. Advantages of SDN
Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer
Centralize network management
• Manage entire network as a single unit
• Enterprise-wide optimization and planning, including dynamic network reconfiguration
• Provides a single place for apps to interact (auth, etc.)
• Provides a centralized security control point where security information can be distributed evenly through
business networks across multiple sites
19. Advantages of SDN
Increase operational agility and scalability
• More efficiently manage network resources
• Add bandwidth “on demand”
• Program directly into the software layer
Centralize network management
• Manage entire network as a single unit
• Enterprise-wide optimization and planning, including dynamic network reconfiguration
• Provides a single place for apps to interact (auth, etc.)
• Provides a centralized security control point where security information can be distributed evenly through
business networks across multiple sites
Exert external control
• Enables network apps
• Provides easy integration to leverage existing knowledge, experience and tools
20. Advantages of SDN
Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers
21. Advantages of SDN
Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers
Easier to maintain
• Reduces the need for hardware refreshes and manual updates
22. Advantages of SDN
Vendor neutral with an open-standards base
• Reduces risk of getting locked in on the technical side because of vendor-specific hardware requirements
• Can interface with NetFlow’s, OpenFlow’s and others from switch manufacturers
Easier to maintain
• Reduces the need for hardware refreshes and manual updates
Lowers barrier of entry
• Network hardware becomes a commodity, driving down costs
24. Challenges of SDN
Controller reliability and stability
Unexpected interactions between features
25. Challenges of SDN
Controller reliability and stability
Unexpected interactions between features
Controller security (runs on a general purpose computer and OS)
26. Challenges of SDN
Controller reliability and stability
Unexpected interactions between features
Controller security (runs on a general purpose computer and OS)
Network sprawl
• SDNs virtual nature can make it tempting to create countless network segments, but each new network
segment introduces its own risk and security requirements
27. Challenges of SDN
Controller reliability and stability
Unexpected interactions between features
Controller security (runs on a general purpose computer and OS)
Network sprawl
• SDNs virtual nature can make it tempting to create countless network segments, but each new network
segment introduces its own risk and security requirements
Service or application sprawl
• New services can introduce security threats as programmers and network administrators may unwittingly
introduce at-risk code
• The introduction of new services can extend the threat network wide through a centralized or partially
distributed controller
28. How to Plan for SDN
1
Determine if your environment will match hardware
and software prerequisites
29. How to Plan for SDN
1
2
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
30. How to Plan for SDN
1
3
2
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Plan routing between networks
31. How to Plan for SDN
1
3
2
4
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Plan routing between networks
32. How to Plan for SDN
1
3
5
2
4
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Plan routing between networks
Map out access controls (including roles)
33. How to Plan for SDN
1
3
5
2
4
6
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Plan routing between networks
Map out access controls (including roles)
34. How to Plan for SDN
1
3
5
7
2
4
6
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Plan routing between networks
Map out access controls (including roles)
Determine peering
35. How to Plan for SDN
1
3
5
7
2
4
6
8
Determine if your environment will match hardware
and software prerequisites
Map out your proposed network
Determine vland or subject access
Address spaces on the vnet
Analyze projected traffic
Plan routing between networks
Map out access controls (including roles)
Determine peering
37. SDN Implementation
Build out your software-defined networks
Build resource groups (applications, etc.)
38. SDN Implementation
Build out your software-defined networks
Build resource groups (applications, etc.)
Build out your vnet(s)
39. SDN Implementation
Build out your software-defined networks
Build resource groups (applications, etc.)
Build out your vnet(s)
Perform comprehensive testing
• Sample methods (note: vnets lack built-in testing tools)
Build a VM for testing purposes
• Put the VM on the network
• Use Apache and open port 80
• Create a new VM and use it to ping the original VM
• Open SSH (secure shell) and use port 22
• Use the Azure Serial Console (currently in preview), especially for Linux VMs
Compare VM to historical stats
• Look at stats such as data disks, max IPS, local SSD, and load balancing
40. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Management: Traditional vs. SDN
41. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Set up alternate routs in case of failure Configure alternate forwarding device behavior in case
of failure
Management: Traditional vs. SDN
42. Traditional Networking Management SDN Management
Set up well-known protocol parameters and
track configuration changes
Configure customized and ever-evolving software, setup data
and control plane
Set up alternate routs in case of failure Configure alternate forwarding device behavior in case
of failure
Assign and reserve bandwidth. Enforce quality of
service configuration
Monitor performance of network applications and adjust
connection quality between data plane and control
plane
Management: Traditional vs. SDN
43. Traditional Networking Management SDN Management
Control network access and prevent intrusion,
spoofing and DoS attacks
Use cloud security components, such as virtual firewalls, to
grant isolation to network applications, prevent
eavesdropping and capture of traffic
Management: Traditional vs. SDN
44. SDN Monitoring Tips
Monitoring
• Important metrics to monitor:
Ingress and egress of vnets
45. SDN Monitoring Tips
Monitoring
• Important metrics to monitor:
Ingress and egress of vnets
Ingress and egress of your nics
46. SDN Monitoring Tips
Monitoring
• Important metrics to monitor:
Ingress and egress of vnets
Ingress and egress of your nics
Load balance network w/ a load balancer (Microsoft or 3rd party)
• Ensure the load matches your policy
• Easy to misconfigure
47. SDN Monitoring Tips
Monitoring
• Important metrics to monitor:
Ingress and egress of vnets
Ingress and egress of your nics
Load balance network w/ a load balancer (Microsoft or 3rd party)
• Ensure the load matches your policy
• Easy to misconfigure
Monitor uptime of solutions/ services
• Ensure it is functioning at the application level and all the way down to the network layer
48. Common SDN Threats
SDN specific threats (implement general security best practices and use cloud security solutions)
• Manipulation of information (data forging)
• Software, firmware, and API exploits
• Remote SDN app exploits
• Malicious software like viruses and malware
• Unauthorized access
• Traffic sniffing and diversion
49. Common SDN Threats
SDN specific threats (implement general security best practices and use cloud security solutions)
• Manipulation of information (data forging)
• Software, firmware, and API exploits
• Remote SDN app exploits
• Malicious software like viruses and malware
• Unauthorized access
• Traffic sniffing and diversion
General network virtualization threats (implement general security best practices)
• Virtualized host abuse
• Network virtualization bypassing
50. Common SDN Threats
General network infrastructure threats (generally covered by cloud provider)
• Physical threats
• Damage/ loss
• Failures/ malfunctions
• Outages
• Disasters
• Legal
52. Common SDN Security Mistakes
Using public IPs in your network
Opening up network rules to the world
53. Common SDN Security Mistakes
Using public IPs in your network
Opening up network rules to the world
Over-relying on open source packages without researching known or suspected vulnerabilities
54. SDN Security Best Practices
Secure your own data
• By default, protect access to your VMs
55. SDN Security Best Practices
Secure your own data
• By default, protect access to your VMs
Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer
56. SDN Security Best Practices
Secure your own data
• By default, protect access to your VMs
Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer
Control routing behavior
57. SDN Security Best Practices
Secure your own data
• By default, protect access to your VMs
Use network security groups in Azure
• Control what objects and ports can ingress and egress
• Second layer
Control routing behavior
Enable forced tunneling
58. SDN Security Best Practices
Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
Intrusion detection
Vulnerability management
Application control
Network-based anomaly detection
Web filtering
Agentless Antivirus
Botnet protection
59. SDN Security Best Practices
Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
Intrusion detection
Vulnerability management
Application control
Network-based anomaly detection
Web filtering
Agentless Antivirus
Botnet protection
Avoid exposure to the Internet with dedicated WAN links
60. SDN Security Best Practices
Deploy virtual network appliances and DMZs
• Use built-in virtual firewalls or 3rd-party firewalls
• Use a security solution that includes capabilities such as:
Intrusion detection
Vulnerability management
Application control
Network-based anomaly detection
Web filtering
Agentless Antivirus
Botnet protection
Avoid exposure to the Internet with dedicated WAN links
Optimize uptime and performance
• Use load balancing
Traditional Networking
Functionality implemented through a dedicated hardware appliance
Involves routers, switches, firewalls or application controllers
Each appliance must be manually configured or updated by an IT admin
Software-Defined Networking
Decouples hardware from software (separates the control plane from the data plane)
Control plane: Administration of the network, including setting up packet processing rules, which determines where to send traffic
Data plane: Carries out decisions made in the control plane/console and forwards traffic (packet processing)
SDN enables hardware to be controlled and managed from a centralized software application
Traditional Networking
Functionality implemented through a dedicated hardware appliance
Involves routers, switches, firewalls or application controllers
Each appliance must be manually configured or updated by an IT admin
Software-Defined Networking
Decouples hardware from software (separates the control plane from the data plane)
Control plane: Administration of the network, including setting up packet processing rules, which determines where to send traffic
Data plane: Carries out decisions made in the control plane/console and forwards traffic (packet processing)
SDN enables hardware to be controlled and managed from a centralized software application
Traditional Networking
Functionality implemented through a dedicated hardware appliance
Involves routers, switches, firewalls or application controllers
Each appliance must be manually configured or updated by an IT admin
Software-Defined Networking
Decouples hardware from software (separates the control plane from the data plane)
Control plane: Administration of the network, including setting up packet processing rules, which determines where to send traffic
Data plane: Carries out decisions made in the control plane/console and forwards traffic (packet processing)
SDN enables hardware to be controlled and managed from a centralized software application
Traditional Networking
Functionality implemented through a dedicated hardware appliance
Involves routers, switches, firewalls or application controllers
Each appliance must be manually configured or updated by an IT admin
Software-Defined Networking
Decouples hardware from software (separates the control plane from the data plane)
Control plane: Administration of the network, including setting up packet processing rules, which determines where to send traffic
Data plane: Carries out decisions made in the control plane/console and forwards traffic (packet processing)
SDN enables hardware to be controlled and managed from a centralized software application
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Determine if your environment will match hardware and software prerequisites
Physical network
Ensure you have access to your physical network devices to configure VLANs, Routing, BGP, Data Center Bridging (ETS) if using an RDMA technology, and Data Center Bridging (PFC) if using a RoCE based RDMA technology
Physical compute hosts
Review your Network Interface Cards (NICs) and switches to make sure they support certain capabilities, IETF standards and tagging protocol
Ensure you have Windows Server 2016 installed, Hyper-V enabled, and an external Hyper-V virtual switch created with at least one physical adapter connected to the Management logical network
Map out your proposed network
How many subnets will you create?
Will you use shield subnets, end user subnets, product subnets, or others?
Plan routing between networks
Map out connections between networks
Determine vland or subject access
Always ask yourself the who, what, when and where of access
Map out access controls (including roles)
Address spaces on the vnet
Determine peering
Will your network be vnet to vnet?
Will you use other networks for peering?
Analyze projected traffic
Will any traffic or data ingress or egress from the internet?
Will I be using only VPN access to Azure?
Configuration
Traditional: Set up well-known protocol parameters and track configuration changes
SDN: Configure customized and ever-evolving software, setup data and control plane
Availability
Traditional: Set up alternate routs in case of failure
SDN: Configure alternate forwarding device behavior in case of failure
Performance
Traditional: Assign and reserve bandwidth. Enforce quality of service configuration
SDN: Monitor performance of network applications and adjust connection quality between data plane and control plane
Isolation and Security
Traditional: Control network access and prevent intrusion, spoofing and DoS attacks
SDN: Use cloud security components, such as virtual firewalls, to grant isolation to network applications, prevent eavesdropping and capture of traffic
Bottom Line = SDN solves classical network management problems, but also creates new ones
Configuration
Traditional: Set up well-known protocol parameters and track configuration changes
SDN: Configure customized and ever-evolving software, setup data and control plane
Availability
Traditional: Set up alternate routs in case of failure
SDN: Configure alternate forwarding device behavior in case of failure
Performance
Traditional: Assign and reserve bandwidth. Enforce quality of service configuration
SDN: Monitor performance of network applications and adjust connection quality between data plane and control plane
Isolation and Security
Traditional: Control network access and prevent intrusion, spoofing and DoS attacks
SDN: Use cloud security components, such as virtual firewalls, to grant isolation to network applications, prevent eavesdropping and capture of traffic
Bottom Line = SDN solves classical network management problems, but also creates new ones
Configuration
Traditional: Set up well-known protocol parameters and track configuration changes
SDN: Configure customized and ever-evolving software, setup data and control plane
Availability
Traditional: Set up alternate routs in case of failure
SDN: Configure alternate forwarding device behavior in case of failure
Performance
Traditional: Assign and reserve bandwidth. Enforce quality of service configuration
SDN: Monitor performance of network applications and adjust connection quality between data plane and control plane
Isolation and Security
Traditional: Control network access and prevent intrusion, spoofing and DoS attacks
SDN: Use cloud security components, such as virtual firewalls, to grant isolation to network applications, prevent eavesdropping and capture of traffic
Bottom Line = SDN solves classical network management problems, but also creates new ones
Configuration
Traditional: Set up well-known protocol parameters and track configuration changes
SDN: Configure customized and ever-evolving software, setup data and control plane
Availability
Traditional: Set up alternate routs in case of failure
SDN: Configure alternate forwarding device behavior in case of failure
Performance
Traditional: Assign and reserve bandwidth. Enforce quality of service configuration
SDN: Monitor performance of network applications and adjust connection quality between data plane and control plane
Isolation and Security
Traditional: Control network access and prevent intrusion, spoofing and DoS attacks
SDN: Use cloud security components, such as virtual firewalls, to grant isolation to network applications, prevent eavesdropping and capture of traffic
Bottom Line = SDN solves classical network management problems, but also creates new ones