Day 29 - Cyber Snacks (SDN)
Back in the day, traditional networks had a single goal of moving data as fast as possible and over time this focus transitioned towards the quality of service (QoS) they provided. QoS is similar to speed, but instead of ensuring everything is fast, companies would prioritize the services that needed more speed than others (e.g. file transfer, video streaming, VoIP, etc.). Over the last couple of years, networks have decided to make another transition towards “Software Defined Networks” (SDN), which is simply separating the brains from the power within networks.
A traditional network is made up of many devices such as routers, switches, bridges, wireless access points, etc. and all these devices need to be configured individually. This distributed intelligence and configuration creates a lot of work, slowing down a companies ability to quickly re-configure its network for a specific customer or employee needs.
SDN helps with this problem. Whenever encountering new terminology always say it backward, which usually helps with understanding its purpose. Let’s do it together… “Networks defined via software”. See easy, right?
An SDN separates the brains (control plane) from the power (data plane) of a network, enabling you to configure your network from a single location. All the devices I’ve listed above will be dumb devices now, with the sole purpose of moving packets of information around because they’ve outsourced their brains to the central controller.
There are many reasons why companies are moving towards the SDN architecture for their networks, some of the more well-known reasons are…
- Cloud - The cloud is a big forcing function that’s causing this whole SDN movement to come about due to all of the hardware being outsourced to these cloud providers.
- Flexible Configuration - Once your network is programmable that means you’re able to shift resources when needed turning a static network into something much more dynamic.
- Speed - Instead of needing to re-configure every single device with its own brains, we’re able to do all the configurations from a single location, reducing the time dramatically.,
- Security - Security policies (e.g. rules) are difficult to keep uniform across an entire network, especially when they’re frequently being updated, but with a central controller keeping your network updated on security policies gets much easier.
The SDN strategy comes with benefits, but like any decision, there are always tradeoffs. The one main tradeoff between risk and security is the transition from distributed intelligence to centralized intelligence. By placing all the brains of your network into a central controller (or cluster of controllers) you’re giving the attacker a very valuable target. If an attacker is able to access the centralized controller, then its possibly game over for the entire network.
But it seems that the security provided by this SDN strategy outways the possibility of risk.