-
Network Device Planes of Operation:
-
Data (Forwarding) Plane
-
Forwarding data to the next-hop
- ACLs
- TCAM
- CAM
- IP Routing Table
-
Control Plane
-
How forwarding decisions are made on the device:
- Spanning-Tree Protocol
- OSPF
- SDM Templates
-
Management Plane
-
How configuration changes are managed on the device:
- SSH
- OpenFlow
- SNMP
-
Networking Systems Models
-
Networking systems may be designed such that the three plane functions of the devices that make them up operate in one of two ways:
-
Distributed Systems
- A device is responsible for all three planes.
-
Centralized Systems
- The control plane, and potentially the management plane, are operated from a centralized location for many devices in a network.
-
SDN Information Management
- Software-Defined Networking (SDN) network models and technologies use a centralized system.
-
Using a centralized model, information is managed differently from traditional networking models in two ways:
-
Southbound API
-
Information is communicated between the SDN controller and networking devices, using:
- OpenFlow
- SNMPv3
- Cisco OpFlex
- NETCONF over SSHv2
-
Northbound API
-
Information is communicated between the SDN controller and services and applications running over the network. These services and applications are used to automate tasks and allow network programmability.
- Puppet
- Salt
- Chef
- Ansible
-
SDN Security Benefits and Concerns
-
Benefits:
- SDN allows fine-grained network configuration.
- Strong security practices that are typically difficult or impractical to deploy can be accomplished through SDN.
- SDN allows faster responses to network security issues.
-
Concerns:
- SDN increases network complexity.
- Even more than in traditional distributed systems, SDN requires the use of strong access controls. This is required to protect its centralized controller against attacks.