Software defined networking provides a number of advantages over traditional networking. In this video, you’ll learn about the fundamentals of software defined networking and how SD-WAN can be used to optimize cloud-based application traffic.
One of the challenges with the virtual world is we have to somehow take the functions that we would normally use in our physical devices and move it into a more virtualized environment. This challenge exists for our servers and operating systems, but it also exists for our routers, switches, and other networking devices.
If we were to break out the different functions of these networking components, we would see there was a data plane, a control plane, and a management plane. If we could take those individual functions that are handled in hardware and create virtualized software versions of each of those, we would be able to deploy this nearly anywhere in a virtual environment. This would not only provide us with a way to create these virtualized systems, but it would also give us additional functionality on the network.
If we were to take a switch or a router and look at how that device functions and how it forwards data, we would categorize that particular capability into the infrastructure layer or the data plane. This is the part of the device that does the heavy lifting. It does the forwarding of traffic, it transfers information from one interface to another, and it provides forwarding, trunking, encrypting, and network address translation.
These networking devices also need to reference other data to determine how to perform this function in the data plane. This ability to control where the data may be going is part of the control layer or the control plane. So if you look at routing tables, switching tables, network address translation tables, or anything else that determines how this device functions, it’s probably located in the control plane.
And ultimately, you as the network administrator will need to manage this device. We do this through the application layer or the management plane. Any time you SSH into a console or control a device from a web-based front end, you’re using this management plane.
So let’s take a physical networking device and turn it into this software-defined networking device. Let’s start with a physical firewall. A firewall generally has functionality within it to be able to connect different networks together. We have logic inside that is able to determine how information is forwarded from one interface to another. And we have ways to manage the device on the front console or through a web-based front end.
We’ll start with all of the interfaces on the front of the firewall, where we will connect all of our networks. This is the data plane or the infrastructure layer, and this is where all of the data is forwarded from one interface to another. Inside of the firewall itself, we have tables that allow us to control what traffic is forwarded and what traffic is not forwarded. We might also keep routing tables or switching tables inside of this control plane. And any time we’re managing the device, either by connecting directly to the console or through a web-based management front end, we are using the management plane.
One of the ways that we’re able to take advantage of this software-based networking functionality is through the use of an SD-WAN. This stands for Software-Defined Networking in a Wide Area Network. This is a wide area network that was specifically built to manage the complexities of a cloud-based environment. We’ve created this SD-WAN because we’ve changed where we manage and connect to all of the different resources on our network.
We used to have everything in one data center, and anytime we needed to access our email or perform a query on a database, we simply accessed those resources in our existing data center. But now we’ve taken those email services, and we’ve put them into the cloud. We’ve taken our applications, and we’ve also moved those to the cloud. It’s now not quite as simple as connecting to a central data center to gain access to all of our resources because our emails, databases, and other applications might exist anywhere in the cloud. And that location may change at any time.
Here’s a view of what we had before the cloud, where all of our services were in one centralized data center. If we had remote locations, we would simply have wide area network links from that remote site to our centralized data center. This made it very easy to set up wide area network connections. That connection was always connected between the remote site and the data center. And that provided everyone with access to the data that they needed.
But now we’ve moved much of that data from our data center into the cloud. So the cloud may have databases, it might have web services, it might have our email access. And these cloud-based services may be located in multiple cloud providers anywhere in the world.
SD-WAN was created because we needed some type of wide area network that was application aware. It would know if we were using email, and it would be able to immediately send our data to the closest email service specific to us. An important characteristic of an SD-WAN is its ability to know what application is being transmitted through the network. If it knows the application, it will know where to forward that application data to gain access to an email, a database, or some other application.
Since these cloud-based services can move anywhere at any time, we need all of the systems that are connected to this wide area network to automatically update themselves any time there happens to be a change. This is called zero-touch provisioning, and it allows us to have all of our remote routers and switches know exactly how to reach those services wherever they might be and wherever they might be moved. This means if anything changes with the network or anything changes with the location of these services, our SD-WAN routers will automatically update themselves without any type of user intervention.
We also need to keep in mind that the connectivity to these sites may be very different based on the cloud provider. Some cloud providers might be accessible through high-speed fiber, whereas others may be connected through 5G or DSL-type connections. For that reason, SD-WAN is designed to be agnostic to the transport type. So no matter how you’re connected, we’ll be able to connect to that remote location.
And instead of configuring the policies used for this network through each individual SD-WAN router, we have central policy management where we make all of those changes on one central management console, and those changes are pushed out to all of those SD-WAN routers automatically.
So if there are resources in the data center that need to be accessed from a remote site, those locations can still go directly to the data center. But if someone in a remote site needs to access a database or their email system, they can go directly to that cloud-based service using this SD-WAN technology.