There are many years in which software-defined networks technologies (SDN, SDA, SD-WAN) have been monopolizing the space of presentation in the ICT enviroment, but not so much the implementations in the real world. However, it seems that, finaly, bit by bit, they have reached a maturity level that has allowed them to get out of the pappers and inhabit the networks in production and the data processing centers. This significant maturation has not come alone but from their hand of two important Travel companions such as network functions virtualization (NFV) and the widespread commitment to automation and APIfication
The change that all these technologies have introduced seems profound, as much as it has even begun to modify the very structure of ICT organizations. Organizations that have traditionally been characterized for a strong compartmentalization of functions between the different technological groups and if we may say, a certain hostility between them. These groups now fase the need to evolve in their traditional way of working to take advantage of full technology power. Network technicians moving to áreas historically occupied by system technicians and developers, and these last ones assuming that network is not only an exogenous resource at the service of the application, but a resource that is programmed and can be an active subject of the applications they have developed.
In reference to this movement of organizational blocks, a curious surprise, at least in our experience at SATEC, has been the fact that the barriers and walls between them have begun to tear down from the les predictable side, the network. Thus, unexpectedly, it has been the networking engineers who are rapidly embracing the advantages derived from their espousal both at the engineering and operational levels, launching themselves into studying and incorporating into their work the different declarative and programming languages available (Phython, Ansible, YAML, YANG, etc.,) to optimize your daily tasks, either in new implementations or in the management and administration of networks in production
With this introduction and at risk of falling into repetition, we have been hearing and talking about it for many years, we are going to analyze the advantages and changes that the adoption of SDx solutions means for a company along three following axes:
- As far as they allow us to respond better and more securely to the specific needs of the applications.
- In the sense that the way of deplying and above all operating the networks is redefined and the consequent change that this implies, not only in the tools but fundamentally in the required knowledge and organization.
- Where we will review what things allow doing or improving these new technologies.
From the Business point of view
The offer in the production and pxploitation of new ICT services has been substantially transformed, allowing the services to be offered to both internal users and clients in a much more diverse way (public and/or private clouds, own lines vs. Internet Access…). At the same time, the introduction of agile methodologies in the development of applications and the spreading of the necessary DevOps environments have improved the production of nes applications, forcing infrastructure environments to improve the benefits that they must offer. It is this evolution that pushes the network to accompany this change, starting in Date Center environments, countinuing with the SDx management of WAN networks (SD. gWAN) and more recently with Campus LAN (SD-Access) environments.)
The promise of software-defined architectures is to allow the network to be redefined orto programme the network so that applications can be executed in an effective, efficient and safe way at all times. In relation to this last (security, in this case understood as Cybersecurity) Although an SDN solution does not replace traditional seurity architectures (firewalls, etc.,), it compliments them providing a significant advantage in terms of micro-segmentation and security improvement, cue to the own limitation of the attack footprint.
There are many organizations that check SD-WAN technology based on the idea of creating and operating a secure, reliable and flexible WAN network, using a broader set of type and in particular though the use of connections to internet, either as a main or backup line. In SD-WAN technology, organizations see the possibility of direct savings and also greater negotiation capacit with operators. On the other hand, and derived from the visibilit of network use that SD-WAN a mechanism to rationalize and manage the network more efficiently, which translates directly into the hiring of a lower Flow or a cheaper type of line, or indirectly into a better service and therefore greater satisfaction of the users employess). This satisfaction is the central axis to any digital transformation process.
Assuming the message (already hackneyed but true) that automation allows our technicians to dedícate their time to tasks of greater value, freeing them from the most repetitive workload, we would like to highlight that automation enables a significant improvement in relation to regulatory compliance by minimizing verification costs and especially by increasing the traceability of the carried out actions, in addition to reduce errors.
From the operation´s point of view
Programming in different languages such as Phython, Ansible or YANG is slowly making its way into the set of working tools for network engineers and tecnicians. It is not a simple change, since it requires dedicationg time and effort to learn programming languages but mainly because it involves a change in working habits (sometimes roughly learned). Despite this, the power is such that step by step, this new model is being adopted. To start with in the obvious tasks, checkups or masive configuration changes in all elements of a network; later identyfying those critical tasks that are very susceptible to error but can be well defined by an operator; then, test automation and do on and on. This is where te real revolution occurs, a paradgm change. The SDN enviroments, supported by an orchestrator that centralizes network decisión makingo and its interaction with the outside world through APls, enables the creation of a new culture of network operation and administration based on task automation.
Since the adoption process has begun, it is not surprising that new figures appear in ICT organizations such as automation and orchestration managers who are in charge of managing and controlling, but above all, institucionalizing the optimation and automation processes.
From the Technology´s point of view
In this last section, without focusing on the descriptions of SDx technology and stand out what it involves in terms of the abstraction of network infraestructures, to the separation of the control and forwarding planes, or the takingo of control by a central element based on the analysis of the data flows exchanged in real time, we prefer to count the list of advantages that, in our opinión, derive from its adoption:
- Zero Trust model and visibility: One of the main advantages of SDN is the ability to define the set of flows allowed for applications, who can talk to whom. This characteristic, which in no case means the ware out of firewalls (SDN only sights at the header of the packets and not the payload), allows limiting in datecenters, a priority path in the spread of attacks. Additionally, these new solutions have the ability to offer detailed network telemetry that can support the análisis and correlation of security events to be exploited by SIEM tools. Attack footprint reduction: Centralizing network control can be seen as either a problema or an opportunity.
- We will see it as a problem to the extent that we set a sole for the “bad guys”, as well as a unique point o design failure, and we will see it as an opportunity in assuming that we can dedicate all our efforts to manage an only element of the network, avoiding the need to act on all the elements of it (distributed and more complexed in a traditional architecture). In this case, we see the glass as half full, though it is true that this central element is the key, its fall does not mean the fall of the network, but only its capacity for reshaping (which is certainly not a small thing either)
- Adaptation of the network to the applications: Traditionally, it has been the network architecture and the security policies the ones that have conditioned the putting into production of the application (multiple network segments, a great number nof VLANs, infinite security rules among them,) The new SDN enviroments simplify the network architecture and delegate its logical segmentation to the orchestrator, allowing geater assets in terms of traffic classification (not based only on traditional WLANs or IP subnets), its micro-segmentation (thanks to the new treatment of the flows in the network elements) its individual routing within the SDN (service chaining) and its security policy (based on contracts executed within the SDN itself as the first security element) Automation of the provision and management of the network, already widely discussed in these lines.t
Briefely, it all seems to indicate that we are nofacing an increasement of technological evolution, but that we are witnessing a clear change in the paradigm of network architecture and operation that has to reshape traditional ways of working. From our humble point of view, this is a great opportunity that extends the competence of network engineers, and places them in the center f the transformation (digital, of course)
This article was published in the December Edition of the Magazine “A Nosa Rede” from the Official College of Telecommunications Engineers of Galicia. Yoou can download the Magazine through this link