Cyber Security 301 Software Defined Network
Cyber Security 301 Software Defined Network
The northbound interface is used to access the SDN controller itself. This allows
a network administrator to access the SDN to configure it or to retrieve
information from it. This could be done through a GUI but it also offers an API
which allows other applications access to the SDN controller. Its also connect
the SDN Controller with applications, like firewalls, load balancers, monitoring
tools, etc. So applications can request specific networks and controllers with
policies that it should enforce. For example, load-balancing applications can use
northbound API to ask the controller to distribute traffic across multiple paths.
The Following are the functions of the APIs:
Applications can interact with the network through the controller.
You can configure network devices.
You can automate adjustments to the network in response to changing
conditions.
SDN Southbound
The SDN controller has to communicate with our network devices in order to
program the data plane. This is done through the southbound interface. This is
not a physical interface but a software interface, often an API (Application
Programming Interface). Southbound APIs enable communication between
controllers and network devices. They allow routers to:
Identify network topology
Determine network flows
Implement requests sent to them via northbound interfaces
Deliver network virtualization protocols
Interact with the switch fabric
Integrate distributed computing network
6. Access network
SDN principles are also used to access networks, like fiber-to-the-home (FTTH) and
mobile networks. Generally, access networks depend on specialized hardware. So
it is tough to modify and upgrade. But if you use SDN, network operators can
decouple the control plane from the data plane management of access devices.
Advantages Of Sdn In Access Networks:
You can centralize control of access devices to reduce management complexity.
It has easier service provisioning and updates.
You can accelerate innovation through software-driven updates.
Network Virtualization
There are three layers of the architecture of network virtualization just like the SDN architecture.
These layers work together to decouple network functions from physical infrastructure.
1. Application Layer
In this layer, network virtualization applications communicate with virtual network controllers to use
network requirements. These requirements include how virtual machines (VMs) and other
workloads should connect and interact with each other. The applications define network policies like
VLANs, firewall rules, and load balancing configurations, etc. These are then passed to the control
layer for implementation.
2. Control Layer
The control layer in network virtualization is managed by a virtual network controller. This layer
centralized controller translates the high-level requirements of the application layer into given
network configurations. You can create and manage virtual network elements like virtual switches,
virtual routers, and security policies. So network resources are allocated according to the defined
policies.
3. Infrastructure Layer
This layer consists of the physical network components, like switches, routers, and servers. The
infrastructure layer acts as the packet-forwarding backplane in the virtualized network. The control
and data plane functions are decoupled and handled by software at higher layers.
Network virtualization overlays, like VXLAN (Virtual Extensible LAN) and GENEVE (Generic Network
Virtualization Encapsulation) are used to create virtual network layers. These overlays decouple the
virtual network addressing from the physical network for movement of VMs across the data center
Advantages of Network Virtualization
Increased Agility − You can create, modify, and remove virtual networks in
minutes. So you can respond very fast in changing application requirements.
Cost Savings − You can consolidate network functions onto virtual
infrastructure. So it can reduce the need for expensive hardware, like dedicated
routers and switches.
Simplified Managemen − Virtual network environments are managed
centrally. You can define and enforce network policies across the entire
infrastructure from a single point of control.
Scalability − Virtual networks can grow dynamically as new workloads are
deployed. So it does not need to change the physical network infrastructure.
Improved Security − Virtual networks can be segmented into isolated
environments for traffic between different virtual machines and applications to
keep secure. Policies like micro segmentation allow for fine-grained control over
network communication between virtual machines.
Disadvantage of Network Virtualization
s/ Feature SDN VN
n
1 Control vs. SDN separates control and NV decouples network
Forwarding Plane forwarding planes for centralized functions from
management. hardware for virtual
networks.
2 Network Focus SDN manages the entire network NV focuses on creating
infrastructure and services. and managing virtual
networks on shared
hardware.
3 Functionality SDN has broad functionality NV focuses on routing,
Scope across the network. firewall, and lower-level
network functions.
S/ Feature SDN VN
N
5 Technology SDN centralizes control and NV virtualizes
Foundation programmability. network services
like routing and load
balancing.
6 NV uses overlays
Communication SDN uses OpenFlow for device- like VXLAN and
Protocols controller communication. GENEVE for network
encapsulation.
7 NV is governed by
Standards and SDN is supported by the Open
the ETSI NFV
Governance Networking Foundation (ONF).
Working Group.
8 NV scales by adding
SDN scales dynamically and virtual networks
Scalability and Agility
adjusts to traffic demands. without altering
physical
9 NV cuts costs by
SDN reduces hardware costs by
replacing physical
Cost Efficiency minimizing dedicated device
Full meaning of the following:
) ASDM - Adaptive Security Device Manager
ii) OSPF - Open Shortest Path First
iii) EIGRP - Enhanced Interior Gateway Routing Protocol
iv) BGP - Border Gateway Protocol
v) ARP - Address Resolution Protocol
Security considerations in SDN
The centralized nature of the SDN Controller has various advantages. But
it also has various security challenges. Since the controller has access to
the entire network and can change networks. It is important point of
security. If the controller is compromised, the entire network may be at
risk.
Network administrators must:
Implement robust security measures for the SDN Controller, like strong
authentication mechanisms,
Encryption,
Access controls to mitigate these risks. Only authorized personnel can
access and modify the controller settings.
Regular security audits and updates are necessary to protect the SDN
Controller from emerging threats