0% found this document useful (0 votes)
12 views41 pages

Cyber Security 301 Software Defined Network

The document provides an overview of Software Defined Networks (SDN), detailing its architecture, components, and advantages over traditional networking. It explains the separation of control and data planes, the role of the SDN controller, and the benefits of centralized management and automation. Additionally, it outlines the historical evolution of networking from static hardware-based systems to flexible, software-driven architectures.

Uploaded by

jonahanthony47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
12 views41 pages

Cyber Security 301 Software Defined Network

The document provides an overview of Software Defined Networks (SDN), detailing its architecture, components, and advantages over traditional networking. It explains the separation of control and data planes, the role of the SDN controller, and the benefits of centralized management and automation. Additionally, it outlines the historical evolution of networking from static hardware-based systems to flexible, software-driven architectures.

Uploaded by

jonahanthony47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 41

CYB 301

SOFTWARE DEFINED NETWORKS


Course overview

 Introduction to computer network


 History, motivation and concept of SDN
 SDN architecture
 SDN Application
 Controller
 Datapath
 Control to Data-Plan Interface (CDPI)
 SDN Northbound Interfaces (NBI)
 Apllication areas of SDN
 Security using SDN
Introduction – what is a Computer
Network
 A computer network is a system that connects two or more computing
devices to transmit and share resources. The devices could be switch,
servers, firewalls etc.
 An example of a computer network at a large scale could be the traffic
monitoring systems in urban cities. These systems alert the officials and
emergency responders with information about traffic flow and incidents.
An easier or simpler example could be using collaborative software like
google drive where colleagues at work use to share documents
remotely.
Components of a computer network

1. Network Devices or nodes: are computing devices that need to be linked


in the network. Some network devices include computers, mobiles, servers,
routers, switches, gateways and other consumer devices
2. Links: these are the transmission media. lt can be wired or wireless
3. Communication protocols: thes are the set of rules followed by all nodes
involved in the information transfer. Some common protocols include
TCP/IP, Ethernet, wirleless LAN, HTTP etc
4. Network Defense: security is critical when unprecedented amounts of
data are generated, moved, and processed across networks. Example of
network defense tools include firewall, intrusion detection systems (IDS),
network access control (NAC), proxy severs, load balancers, etc.
The Traditional Network

 Traditional networks use a static and hardware-based architecture. It has control


and data planes that are integrated into each device. If you want to change in this
network then you need manual intervention, which is time-consuming and tough.
 Traditional networks are used for dedicated hardware devices like switches,
routers, and firewalls to control network traffic. Each of these devices operates
independently and can have their own decisions about traffic flow. This technique
is old and it is used in many organizations today.
Components of a Traditional Network
 Network Devices − There are various physical hardware devices like routers and
switches. You can use devices to manage traffic within the network.
 Cabling − There are physical cables. These are used to connect devices to each
other. These form the backbone of the network.
 Protocols − There are various standard networking protocols like TCP/IP and
Ethernet for communication between devices.
Network Devices
Networking has always been very traditional. There are specific network devices like
routers, switches, and firewalls that are used for specific tasks.
These network devices are sold by networking vendors like Cisco and often use
proprietary hardware. Most of these devices are primarily configured through the CLI,
although there are some GUI products like CCP (Cisco Configuration Protocol) for the
routers or ASDM for the Cisco ASA firewalls.
A network device, for example, a router has different functions that it has to perform.
Below are some of the functions a router has to perform in order to forward an IP
packet:
 It has to check the destination IP address in the routing table in order to figure out
where to forward the IP packet to.
 Routing protocols like OSPF, EIGRP or BGP are required to learn networks that are
installed in the routing table.
 It has to use ARP to figure out the destination MAC address of the next hop or
destination and change the destination MAC address in the Ethernet frame.
 The TTL (Time to Live) in the IP packet has to be decreased by 1 and the IP header
checksum has to be recalculated.
 The Ethernet frame checksum has to be recalculated.
All these different tasks are separated by different planes. There are three planes:
.
The Management plane: any function concerned with the management
of the device like configuring it, happens in the management plane. Access
to this plane requires use of various protocols such as SSH, SFTF and SNMP.
This is the most important plane in terms of securing a device because any
breach on this plane will allow access to all data flowing through the
deviced and even the ability to reroute traffic.
The control plane: it’s like the brain of the device, more like the operating
system. Here, the device discovers its environment and builds the
foundation to do its work.
The Data plane: also called the forwarding plane, it manages how data
flows. For example, when a router receives a packet to route or a switch
receives a frame to switch, it does it on the data plane
 Management plane
 Control plane
 Data plane
Management plane: The management plane is used for access and management of our
network devices.
Control Plane: The control plane is responsible for exchanging routing information, building
the ARP table, etc. Here are some tasks that are performed by the control plane:
 Learning MAC addresses to build a switch MAC address table.
 Running STP to create a loop-free topology.
 Building ARP tables.
 Running routing protocols like OSPF, EIGRP, and BGP and building the routing table.
Data plane: The data plane is responsible for forwarding traffic. It relies on the information
that the control plane supplies. Here are some tasks that the data plane takes care of:
 Encapsulate and de-encapsulate packets.
 Adding or removing headers.
 Matching MAC addresses for forwarding.
 Matching IP destinations in the routing table.
 Change source and destination addresses when using NAT.
 Dropping traffic because of access-lists.
Advantages of Traditional Networking
 Well-Established − It is a tried-and-tested method. Because these
networks are used for years in many network administrators.
 Predictable Performance − Its network performance is consistent and
predictable. Because it is based on specific configurations and hardware.
 Familiarity − It is easy to use because of minimal training is required.
Disadvantages of Traditional Networking
 Limited Scalability − These networks are harder to scale due to their
reliance on physical hardware.
 Manual Configuration − If you need to change in this network, then you
need to do this manually. But it can be time-consuming and can cause
errors.
 Rigid Architecture − These networks are difficult to adapt because
business needs change.
 Poor User experience
Software Defined Network
Traditional networking uses a distributed model for the control plane. Protocols
like ARP, STP, OSPF, EIGRP, BGP and other run separately on each network device.
These network devices communicate with each other but there is no central device
that has an overview or that controls the entire network.
The fundamental problem with the traditional network is that it was static, the
network administrator needed to physically configure each of the devices manually
one after the other no matter the quantity it was. This was time consuming and
complex, hence the concept of software defined network. A concept that uses
software applications to control and manage the network from a centralized
location. Software-Defined Networking (SDN) is a modern approach to building
networks.
With SDN, we use a central controller for the control plane. Depending on the
vendor’s SDN solution, this could mean that the SDN controller takes over the
control plane 100% or that it only has insight in the control plane of all network
devices in the network. The SDN controller could be a physical hardware device or a
virtual machine.
You can use SDN to manage the network devices by separating the control logic
(control plane) from the physical devices (data plane). With the help of SDN,
network administrators can control the network from a central location using
software to manage, automate, and optimize the network.
A brief History of SDN
 The history of Software-Defined Networking (SDN) traces the evolution of networking
from traditional, hardware-based, static systems to more flexible, software-driven,
programmable architectures. From the early days around 1980s where we have the
traditional network in which Devices like routers and switches were manually
configured to forward traffic based on static rules. The control and data planes were
tightly coupled, meaning the hardware devices were responsible for both decision-
making (control) and forwarding of data (data plane).
 In the early 2000s, As data centers and large-scale networks grew, the need for more
flexible network management emerged. Virtualization technologies like VLANs (Virtual
LANs) allowed networks to be divided into logical segments, but it still relied on
traditional hardware for forwarding. As networks grew more complex, managing
devices and traffic flows with traditional methods became cumbersome.
 The concept of SDN began to take shape around 2008, particularly from research at
institutions like Stanford University. Researchers such as Nick McKeown and his team
published papers discussing the idea of separating the control and data planes to make
networks more flexible and programmable. The concept of SDN is that it allows the
network to be programmed from a centralized point. As cloud computing, data centers,
and the Internet of Things (IoT) grew, SDN began to gain traction. SDN promised easier
management, faster provisioning, and more efficient resource allocation
SDN Architecture
The architecture of SDN is structured and well-defined components and
interfaces. These components work together to give you flexibility,
centralized control, and efficient network management. Each of these
components has a role with their functions, inputs, and outputs. These
components are just similar to components of an operating system.
SDN Architecture Cont’d

Software-Defined Networking is structured around three key layers. Each of these


layers has different functions in the network.
 Application Layer
This is the topmost layer. It is similar to the user-level processes in an operating
system. It includes various network applications, like security systems (firewalls), load
balancers, and intrusion detection systems. These applications communicate with the
SDN controller to request specific network behaviors, like routing, access control, and
traffic optimization. For example, a security application requests the SDN Controller to
block certain types of traffic, and load balancer can direct the SDN Controller to
distribute traffic across network paths. So network administrators can deploy and
manage tough services without manual changes to each device.
Functions of the Application Layer :
 It Requests specific network actions from the controller.
 It implements policies like quality of service (QoS) and firewall rules.
 You can Automating network configuration for dynamic responses to changing
conditions.
 It monitors and adjusts network performance based on real-time analytics.
Control Layer
The control layer has the SDN controller. It acts as the central decision-making unit of
the network. It collects information from the devices in the data plane and makes
decisions about how the network should function.
The controller communicates with the devices in the data plane through APIs. It directs
these on how to forward data based on predefined rules and policies. In SDN, the
Control Plane is separated from the physical hardware. It is centralized within the SDN
controller. So you can have centralized management and easier to configure.
The Control Plane oversees tasks like determining the best path for data, managing
network policies, and handling routing protocols. It communicates with the Data Plane
to enforce these decisions. The data is forwarded correctly across the network. For
example, if a data packet needs to be redirected due to congestion. Then the Control
Plane sends instructions to the relevant switches for dynamic adjustments.
Functions of the control layer
 It manages routing and switching logic.
 It determines traffic flows based on policies.
 It communicates with the SDN controller to update forwarding rules.
 It keeps network-wide policies for optimal data flow.
Diagrammatical representation of the SDN control plane
Infrastructure Layer
The infrastructure layer has the physical and virtual devices that make up the data
plane. These devices (like switches and routers) are responsible for forwarding data
according to the instructions given by the SDN controller. These do not make any
decisions about traffic but execute the commands they receive from the controller.
The Infrastructure Layer is analogous to the hardware layer in an operating system.
SDN Controller interacts with devices through open interfaces. This separation is
used for greater flexibility. Because you can upgrade and replace the physical
hardware without affecting the control logic. For example, an organization can
replace an old switch with a good one with a higher-capacity model without re-
programming the network.
Functions of the Infrastructure Layer
 It forwards data according to flow rules set by the SDN controller.
 It supports communication with the SDN controller through open interfaces.
 Both physical and virtual network devices to function within an SDN
environment.
 It integrates new devices seamlessly into the existing network structure.
SDN Controller
Software-Defined Networking (SDN) Controller is a basic component in SDN architecture. It
is used to manage the flow of network traffic using centralized control. Networking devices
like routers and switches use distributed control planes. Each of these devices manages its
own control decisions.
The SDN Controller has centralized management for network. The SDN Controller acts as a
central point. It works similarly to how an operating system manages hardware and
software interactions. It manages the interactions between the control and data planes for
communication between applications and network devices.

Functions of SDN Controller


 1. Centralized control: In traditional networks, control functions like routing decisions
are distributed across multiple devices. So there can be tough network management.
But, the SDN Controller centralizes these control functions. SDN brings all control logic
into one software application. So SDN has easier network management because you
can modify all network behavior from a single location.
 The SDN Controller takes the control plane off the hardware devices and runs it as
software. It uses this control to manage the data plane. It remains on the physical,
virtual switches and routers. For example, the controller can propagate this policy
across all relevant devices in the network when a new routing policy is required.
2. Communication Through APIs:
The SDN Controller communicates with both applications and network devices using
Application Programming Interfaces (APIs). You can interact between different layers of
the SDN architecture.
3. Flow Management:
The SDN Controller is responsible for managing data flows throughout the network. So
packets are routed through the most efficient paths based on predefined policies and
real-time conditions. Flow management is a critical function. Because it allows the
network to adapt dynamically to changes in traffic patterns.
For example, if a certain link in the network becomes congested, the SDN Controller
can automatically reroute traffic using an alternative path with minimal latency and
maximum performance. This dynamic flow control is one of the key advantages of using
an SDN Controller over traditional networking methods. Because it requires manual
reconfiguration in traditional networking methods.
4. Network Visibility:
The SDN Controller has a centralized view of the entire network. It is used for
administrators to monitor and manage network performance. It is important for tasks
like troubleshooting, capacity planning, and security monitoring. The SDN Controller
gathers data from all connected devices. It gives network operators a real-time view of
traffic patterns, device statuses, and issues.
5. Automation:
Automation is another advantage of the SDN Controller. You can automate routine tasks
like device configuration, network monitoring, and traffic adjustments without need for
manual intervention. For example, the controller can adjust bandwidth allocation for
given applications during peak usage times for consistent performance without human
intervention.
6. Redundancy and fault tolerance:
Many networks use multiple SDN Controllers in a redundant setup to ensure high
availability and reliability. So if one controller fails and loses connectivity, then another
can take over to prevent network disruptions. This redundancy is important for large
networks where continuous availability is critical.
Examples of SDN controllers:
There are various uses of SDN Controllers in commercial and open-source options. Some
of these are given as below −
 Commercial SDN Controllers − Vendors like Cisco, Juniper Networks, VMware, and
HP Enterprise have SDN controllers with enterprise-grade features, like integration
with existing network management tools and support for large-scale deployments.
 Open Source SDN Controllers − Open-source controllers, like OpenDaylight, ONOS
(Open Network Operating System), and POX, are used in research and custom
deployments. You can modify network operators controller functionality.
SDN controller cont’d
 SDN controllers use a REST API (Representational State Transfer). The
REST API uses HTTP messages to send and receive information between the
SDN controller and another application. It is similar browsing a webpage,
only this time, you are not requesting a webpage or picture but a particular
object from the SDN controller, for example, a list with all VLANs in the
network.
When the SDN controller receives the HTTP GET request, it will reply with an
HTTP GET response with the information that was requested. This information is
delivered in a common data format. The two most used data formats are:
 JSON (JavaScript Object Notation)
 XML (eXtensible Markup Language)

Below is an example to help you visualize this:


Below we have a python script that is using HTTP GET to fetch the following URL through the API:
https://192.168.1.1:8443/sdn/v2.0/net/nodes
This URL will retrieve some of the variables that are available, for example, information about all nodes (hosts) on the
network.
The API will respond with an HTTP GET response message below, The variables that were
requested will be supplied in JSON format.
The SDN controller uses two special interfaces to communicate. The interfaces are:
Northbound interface (NBI)
Southbound interface (SBI)
SDN Northbound

The northbound interface is used to access the SDN controller itself. This allows
a network administrator to access the SDN to configure it or to retrieve
information from it. This could be done through a GUI but it also offers an API
which allows other applications access to the SDN controller. Its also connect
the SDN Controller with applications, like firewalls, load balancers, monitoring
tools, etc. So applications can request specific networks and controllers with
policies that it should enforce. For example, load-balancing applications can use
northbound API to ask the controller to distribute traffic across multiple paths.
The Following are the functions of the APIs:
 Applications can interact with the network through the controller.
 You can configure network devices.
 You can automate adjustments to the network in response to changing
conditions.
SDN Southbound
The SDN controller has to communicate with our network devices in order to
program the data plane. This is done through the southbound interface. This is
not a physical interface but a software interface, often an API (Application
Programming Interface). Southbound APIs enable communication between
controllers and network devices. They allow routers to:
 Identify network topology
 Determine network flows
 Implement requests sent to them via northbound interfaces
 Deliver network virtualization protocols
 Interact with the switch fabric
 Integrate distributed computing network

 An API is a software interface that allows an application to give access to


other applications by using pre-defined functions and data structures.
Some popular southbound interfaces are:
 OpenFlow: The most popular southbound interface, developed by the Open
Networking Foundation (ONF). It's an open source protocol that allows direct
manipulation of flow tables. OpenFlow is one of the most widely used
southbound protocols that facilitates communication between the SDN
controller and the data plane devices (such as switches and routers). It allows
the controller to manage the forwarding behavior of the data plane by
installing flow entries in the network devices' flow tables. It supports dynamic
updates to the flow tables on network devices, enabling the controller to
modify how traffic is handled in real-time. It is widely adopted and supported
by most SDN controllers and switches. OpenFlow is commonly used in SDN
environments to provide fine-grained control over packet forwarding and traffic
management
 Network Configuration Protocol (NetConf): Uses Extensible Markup
Language (XML) to communicate with switches and routers.
 Lisp: Promoted by ONF, this supports flow mapping.
 Open vSwitch Database Management Protocol (OVSDB): Another
protocol.
 Path Computation Element Communication Protocol (PCEP): Another
protocol.
 Interface to the Routing System (I2RS): Another protocol.
Control to Data Plane Interface
(CDPI)
 The SDN CDPI is defined as the interface between an SDN
Controller and an SDN Datapath.
Key functionalities provided by CDPI include:
 Programmatic Control: CDPI allows the controller to programmatically
control all forwarding operations within the network.
 Capabilities Advertisement: It facilitates the exchange of information
about the capabilities of the network devices (datapaths).
 Statistics Reporting: CDPI enables reporting of network statistics, such as
traffic volume, latency, and error rates.
 Event Notification: It notifies the controller about relevant events, such as
link failures or topology changes.
Components Involved:
 SDN Controller: The central intelligence in SDN, responsible for making high-level
decisions and managing the network.
 SDN Datapath: The network devices (switches, routers, etc.) responsible for
forwarding data packets.
 CDPI Agent: The component within the SDN datapath that exposes its capabilities
through the CDPI.
 NorthBound Interface (NBI) Drivers: SDN applications communicate their
requirements via these drivers to the controller.
Controller’s Role:
 The SDN controller translates application requirements into low-level instructions for
the SDN datapaths.
 It configures forwarding rules, monitors network performance, and responds to
events.
 The controller interacts with the CDPI agents to achieve desired network behavior.
Benefits of CDPI:
 Openness: CDPI components are designed to be open, interoperable, and vendor-
neutral.
 Granular Control: CDPI allows fine-grained control over forwarding behavior.
 Event-Driven: Event notifications enable dynamic adaptation to network changes.
Application Areas of SDN
 1. Network virtualization:
Network virtualization was the first notable use case for SDN. With SDN, you can
create virtual networks that operate independently of the physical network. In
traditional networking, if you want to create virtual networks then you need
manual configurations. But. in SDN, you can use network virtualization to
program. So you can create, modify and delete virtual networks using software,
without manual intervention on switches and routers.
Each of these virtual networks in SDN can operate within its own environment.
Each of these virtual networks has its unique address spaces, security policies,
and traffic management rules. For example, you can create separate virtual
networks for different departments for their traffic to secure with the same
physical infrastructure.
Benefits Of SDN In Network Virtualization
 Isolated virtual networks for different departments.
 Programmatic control than virtual network creation.
 It also enhanced flexibility in deploying and removing virtual networks as
needed.
 2. Cloud computing:
Cloud service providers depend on SDN to dynamically manage and provision
network resources. SDN has flexibility needed to support on-demand, scalable
cloud services because you can automate the network infrastructure.
For example, when a cloud user requests a new virtual machine and service, then
SDN can automatically configure the necessary network resources, like IP
addresses, firewalls, and load balancers. These configurations are used to support
the new instance. So you can accept the changes without requiring manual
intervention. Once the resources are no longer needed, the SDN controller can
automatically release that. So it also gives you efficient resource utilization.
Advantages of SDN in cloud computing
 On-demand network provisioning for new services and virtual machines.
 Automation of network configurations to reduce manual effort.
 Scalability to adapt to changing workloads and growth.
 3. SD-WAN (Software-Defined Wide-Area Networks):
With SD-WAN, you can deploy, configure, and manage remote locations from a
central controller. For example, a new branch office can be brought online using
Zero-Touch Provisioning. SD-WAN appliances are shipped to the location. Central
controller can configure these automatically. So you do not need on-site
technical expertise and so speed up deployment times. You can also encrypt
tunnels between sites to improve security and better traffic management. So
high-priority applications receive the bandwidth these need.
Advantages of using SD-WAN
 You can centralize control of WAN traffic to manage remote sites.
 You can have Zero-Touch Provisioning for deployment of new locations.
 You can enhance security using encrypted tunnels and traffic prioritization.
 4. Data Centers
Another advantage of SDN in data centers is multi-tenancy. Different customers can
share the same infrastructure while operating in isolated environments. These can have
their own network configuration, security policies, and resource allocations for their
activities that do not interfere with one another.
Advantages of SDN in data centers:
 You can centralize management of network resources.
 It has dynamic resource allocation for optimal performance.
 It has secure isolation for multi-tenancy environments.
 5. Traffic engineering like in Wide-Area Networks
You can use SDN in Traffic engineering like in Wide-Area Networks (WANs) that connect
data centers across large geographical areas. In general WANs, traffic flows can be
tough to optimize because routing decisions are done independently by each device.
But with SDN, traffic engineering becomes more efficient because the SDN controller
has a global view of the network and can direct traffic in real-time based on network-
wide conditions.
For example, large cloud providers like Google and Microsoft have built SDN-powered
WANs to optimize traffic between their data centers. So if a link fails and is congested,
the SDN controller can reroute traffic dynamically along the most efficient path so that
no link is overloaded.
Benefits of SDN for traffic engineering:
 Real-time traffic optimization based on overall network conditions.
 Dynamic rerouting of traffic to avoid congestion and failed links.
 You can also enhance network performance and resource utilization.

6. Access network
SDN principles are also used to access networks, like fiber-to-the-home (FTTH) and
mobile networks. Generally, access networks depend on specialized hardware. So
it is tough to modify and upgrade. But if you use SDN, network operators can
decouple the control plane from the data plane management of access devices.
Advantages Of Sdn In Access Networks:
 You can centralize control of access devices to reduce management complexity.
 It has easier service provisioning and updates.
 You can accelerate innovation through software-driven updates.
Network Virtualization

Network virtualization separates network services from the physical


devices like routers and switches. You can abstract these functions into
software. You can create virtual networks that run on top of a physical
network. These virtual networks can operate independently. So many
virtual networks coexist on the same physical hardware for a single
physical network to be partitioned into multiple virtual layers.
Physical devices like routers and switches are still responsible for
forwarding traffic in a virtualized network. But the control over network
functions, like routing, switching, and security policies, is shifted to a
software-based virtual control layer. So there can be dynamic, flexible, and
scalable network management same as server virtualization.
Architecture of Network Virtualization

There are three layers of the architecture of network virtualization just like the SDN architecture.
These layers work together to decouple network functions from physical infrastructure.
 1. Application Layer
In this layer, network virtualization applications communicate with virtual network controllers to use
network requirements. These requirements include how virtual machines (VMs) and other
workloads should connect and interact with each other. The applications define network policies like
VLANs, firewall rules, and load balancing configurations, etc. These are then passed to the control
layer for implementation.
 2. Control Layer
The control layer in network virtualization is managed by a virtual network controller. This layer
centralized controller translates the high-level requirements of the application layer into given
network configurations. You can create and manage virtual network elements like virtual switches,
virtual routers, and security policies. So network resources are allocated according to the defined
policies.
 3. Infrastructure Layer
This layer consists of the physical network components, like switches, routers, and servers. The
infrastructure layer acts as the packet-forwarding backplane in the virtualized network. The control
and data plane functions are decoupled and handled by software at higher layers.
Network virtualization overlays, like VXLAN (Virtual Extensible LAN) and GENEVE (Generic Network
Virtualization Encapsulation) are used to create virtual network layers. These overlays decouple the
virtual network addressing from the physical network for movement of VMs across the data center
Advantages of Network Virtualization

 Increased Agility − You can create, modify, and remove virtual networks in
minutes. So you can respond very fast in changing application requirements.
 Cost Savings − You can consolidate network functions onto virtual
infrastructure. So it can reduce the need for expensive hardware, like dedicated
routers and switches.
 Simplified Managemen − Virtual network environments are managed
centrally. You can define and enforce network policies across the entire
infrastructure from a single point of control.
 Scalability − Virtual networks can grow dynamically as new workloads are
deployed. So it does not need to change the physical network infrastructure.
 Improved Security − Virtual networks can be segmented into isolated
environments for traffic between different virtual machines and applications to
keep secure. Policies like micro segmentation allow for fine-grained control over
network communication between virtual machines.
Disadvantage of Network Virtualization

 Complexity − There can be complexity in implementing network virtualization


when you integrate it with existing physical networks. So managing virtual
overlays and physical underlays can require skills and tools.
 Performance Overheads − Virtualizing network functions can introduce more
processing overhead on host servers. For example, virtual switches may
consume CPU resources, impacting performance.
 Compatibility Issues − Not all physical network devices may support the
overlays and encapsulation methods used by virtual networks. It can
complicate integration with legacy systems.
Difference between Software-Defined Networking and Network Virtualization

s/ Feature SDN VN
n
1 Control vs. SDN separates control and NV decouples network
Forwarding Plane forwarding planes for centralized functions from
management. hardware for virtual
networks.
2 Network Focus SDN manages the entire network NV focuses on creating
infrastructure and services. and managing virtual
networks on shared
hardware.
3 Functionality SDN has broad functionality NV focuses on routing,
Scope across the network. firewall, and lower-level
network functions.

4 Primary Use Case SDN is primarily used in data NV is used by service


centers and cloud environments providers and
operators for network
service virtualization.
Difference between Software-Defined Networking and Network Virtualization

S/ Feature SDN VN
N
5 Technology SDN centralizes control and NV virtualizes
Foundation programmability. network services
like routing and load
balancing.
6 NV uses overlays
Communication SDN uses OpenFlow for device- like VXLAN and
Protocols controller communication. GENEVE for network
encapsulation.
7 NV is governed by
Standards and SDN is supported by the Open
the ETSI NFV
Governance Networking Foundation (ONF).
Working Group.
8 NV scales by adding
SDN scales dynamically and virtual networks
Scalability and Agility
adjusts to traffic demands. without altering
physical
9 NV cuts costs by
SDN reduces hardware costs by
replacing physical
Cost Efficiency minimizing dedicated device
 Full meaning of the following:
) ASDM - Adaptive Security Device Manager
ii) OSPF - Open Shortest Path First
iii) EIGRP - Enhanced Interior Gateway Routing Protocol
iv) BGP - Border Gateway Protocol
v) ARP - Address Resolution Protocol
Security considerations in SDN

 The centralized nature of the SDN Controller has various advantages. But
it also has various security challenges. Since the controller has access to
the entire network and can change networks. It is important point of
security. If the controller is compromised, the entire network may be at
risk.
Network administrators must:
 Implement robust security measures for the SDN Controller, like strong
authentication mechanisms,
 Encryption,
 Access controls to mitigate these risks. Only authorized personnel can
access and modify the controller settings.
 Regular security audits and updates are necessary to protect the SDN
Controller from emerging threats

You might also like