Software-defined networking (SDN) is an agile network architecture designed to streamline IT management and centralize control—and to help organizations keep pace with the dynamic nature of today’s applications. It separates network management from underlying network infrastructure, allowing administrators to simplify the provisioning of network resources.
Explore additional software-defined networking topics:
SDN architecture is centered around the need to provide fast, reliable access to business applications. It’s a response to the dynamic nature of today’s apps, which depend on interactions between servers and the underlying network to be delivered with the right kind of connectivity. As organizations transition to delivering a mix of SaaS, web and cloud apps, traditional network service providers have lagged behind when it comes to automation and programmability. In response, SDN technology has been developed to equip organizations with new capabilities.
While there’s no single model for software-defined networking, this type of network architecture has evolved over time.
One of the first SDN communication protocols was the OpenFlow model, which was foundational to the early development and standardization of SDN. Managed by the Open Networking Foundation (ONF), this approach requires organizations to deploy network devices—such as SDN controllers, routers and switches—that are built specifically to support the OpenFlow protocol. As SDN evolved, many found this initial model to be limiting—and developed alternative solutions.
The result was network virtualization models that allowed the creation of virtual networks. These virtual networks can be decoupled from the underlying network hardware, and controlled programmatically.
In software-defined networking, a software application controller manages the network and its activities. Instead of using hardware to support network services, SDN allows network administrators to virtualize physical network connectivity.
This network virtualization is made up of three layers—the application layer, the control layer and the infrastructure layer—connected through northbound and southbound APIs.
The application layer includes a set of applications and network functions that help improve application performance, simplify IT and increase security. Examples include application firewalls, wide-area network (WAN) optimization controllers (WOCs), load balancing, authentication and application delivery controllers (ADCs). Traditional networks use a specialized appliance for these functions, while a software-defined network uses the controller to manage data-plane behavior. The application layer contains programs that communicate specific network instructions to the SDN controller.
The control layer manages policies and the flow of traffic throughout the network. It consists of the SDN controller, which connects the application layer to the infrastructure layer. This layer processes the requirements sent by the application layer via the southbound API, and then passes them on to the actual network infrastructure via the northbound API. It also communicates information extracted from the infrastructure layer back to the application layer to optimize functionality.
The infrastructure layer contains the network’s physical switches and routers in the data center. These network devices control important forwarding functions and data processing capabilities, and are responsible for collecting critical information—such as network usage and topology—to send back to the control layer.
The SDN Controller
The SDN controller is the app that communicates with network devices and apps within a software-defined network. It serves as the core of the network by connecting the application and infrastructure layers, controlling the flow of data between northbound and southbound APIs.
Northbound API
The northbound API enables communications between the control and application layers.
Southbound API
The southbound API enables communications between the control and infrastructure layers.
Network functions virtualization (NFV)
NFV is a process for virtualizing hardware-based functions such as load balancers, firewalls and routers—and packaging them as virtual machines (VMs). With NFV, the organization doesn’t need to invest in hardware for each individual network function.
Network and security services
This refers to functionality that enables business applications to perform efficiently and securely. Possibilities include a wide range of virtual network functions including the aforementioned ADCs, WOCs and firewalls, as well as security capabilities such as intrusion detection systems (IDS), intrusion protection systems (IPS) and distributed denial-of-service (DDoS) protection.
Pure SDN switch
In a pure SDN switch, all of the control functions of a traditional switch (such as routing protocols that are used to build forwarding information bases) are run in the central controller. The functionality in the switch is restricted entirely to the data plane.
Hybrid switch
In a hybrid switch, SDN technologies and traditional switching protocols run simultaneously. A network manager can configure the SDN controller to discover and control certain traffic flows while traditional, distributed networking protocols continue to direct the rest of the traffic on the network.
Hybrid network
A hybrid network is a network in which traditional switches and SDN switches, whether they are pure SDN switches or hybrid switches, operate in the same environment.
Citrix helps organizations of all sizes successfully transition to software-defined networking with flexible options, allowing you to:
Additional resources