Network Convergence: What's Next For SDN?
A technology leader with more than 25 years of experience, Jacqueline is responsible for technology and digital capabilities for customers and internal staff. She boasts an experience plinth of conducting significant technology transformations across large and complex organizations.
The evolving digital business landscape involves an increasing number of integrated components across disparate edges and end points. Combinations of cloud native, IOT devices, 5G, Wi-Fi, collaboration tools, virtual workspaces, telecommuting, remote services, new protocols and digital native models are being added to networks every day. It is therefore no surprise that over the years, enterprise IT networks and network operations look more like a convergence of multiple networks.
What’s more is that digital business requires faster delivery of services, ultimately requiring enterprises to change network operations processes and tooling. In truth, many enterprises have already adopted SDN which enables networks to be programmable, allowing the data and control planes to scale independently. Network services that are usually delivered at the network’s edge (such as DDoS, firewalls, load balancers, etc.) can now be pooled together and made accessible from anywhere in the entire network. This takes us to an important question towards the near future, what’s next for SDN? Let’s go through a few coordinates.
Intent Based Networking (IBN) & Intent Driven Networks (IDN)
IBN and IDN will become an integral part of digital transformation. The concept that networks can learn, adapt and evolve has been around for years. More recently, there has been a surge in the market of IBN/ IDN vendors. IBN controllers build on SDN by continuously adapting the network (workloads, configurations, service performance requirements, operational policies, and security policies etc.) to achieve business intent for multiple services simultaneously.
The IBN controller captures and translates intent into policies the network can act on. It manages network infrastructure via multiple mechanisms such as Secure Shell (SSH), Simple Network Management Protocol (SNMP), Network Configuration (NETCONF)/ Yet Another Next Generation (YANG) and APIs. It pulls real-time network status for systems under its administrative control via multiple mechanisms, while being protocol- and transport-agnostic. It continuously validates (in real time) against expected network behavior models that the intent of the system is being met and can take corrective actions (such as adding/removing capacity or notifying) when intent is not met (or prevent changes from occurring). IBN/IDN will itself bring a few further trends to network operations. Let’s discuss a few of them.
Increased network virtualized functions: The increase in network virtualized functions (bridges, router, & switches) will be requiring management as software, instead of physical elements.
Monitoring based on Intent: Monitoring will be now focused on the successful achievement of the intent, where intent may originate from a network or element manager or an application.
Multi-domain intents also introduce new security concerns, including secure flow provisioning, optimal security for the intent, dynamic microsegmentation etc
Multi-domain intents: Multi-domain intents (crucial for scalability and resilience) inherently require decentralized intent resolution of conflict and priority. Managing such complexity necessarily requires machine learning, not just rules based automation. Multi-domain intents also introduce new security concerns, including secure flow provisioning, optimal security for the intent, dynamic microsegmentation etc.
Integration of the network plane: Integration of the network plane across BranchOps (VLAN, WiFi, 5G, campus, outdoor), WANOps (SDWAN, MPLS, Corporate WAN, and Internet), DCOps (SDDC, Cloud Ops) and IT Application Ops (SaaS, Virtual private cloud, & on prem).
SD-WAN before IBN? Digital business models have increased WAN traffic tremendously. This continued growth of hybrid networking (on prem, virtual private cloud, vendor cloud, public cloud) will drive many businesses to adopt SD-WAN capabilities for intelligent routing, optimized edge/branch security policies, application-aware path selection among multiple links, centralized orchestration.
New software skills for Network engineers: With IBN, network engineers now need to program updates, rollouts, changes etc. using centralized networking controllers, with no need to work directly with devices or their own unique interfaces. But such new networks are run by software that is able to create digital profiles of devices, end points, and applications and the network will be able to place these devices into virtual networks automatically, invoke the correct rule set to protect those devices and provision the flows. As such, network engineers would need to become familiar with e.g. devsecops practices for code management, API development and management and core programming skills, essentially acquiring software engineering skills. However, retraining network engineers is expensive, and not everyone will adapt. And current software engineers may not be able to bridge the intimate knowledge of networking required either.