17 October, 2013 Posted by Dave Corley Posted in SDN, Software Defined Networking

What Today’s SDN is not Doing for Distributed Enterprises

Today’s software-defined networking (SDN) and virtualized networking solutions focus on virtualizing network functionality within the data center and the metropolitan area network (MAN). But for typical enterprises, and those managed and cloud service providers that cater to them, these solutions are not optimized for local area network (LAN) and wide area network (WAN) edge environments within today’s highly-distributed infrastructures.

Where the Problem Resides

A highly-distributed enterprise, such as the 50-site company depicted in the figure below, is composed of multiple inter-connected sites. The user count and device capacity at any of these sites can vary by several orders of magnitude across the enterprise. An edge router connects its site to other sites through off-site WAN services (e.g., dedicated internet or MPLS), typically provided by a separate service provider. The enterprise office (campus, branch) sites contain a preponderance of corporate end users and end devices requiring access to each other and to internet, intranet and extranet resources.

distributed-enterprise-network
A 50-Site Distributed Enterprise Network

Each site’s LAN provides access connectivity to a site’s users and devices. The LAN, while a shared resource, is normally implemented through highly available, high-bandwidth layer 2 and layer 3 switches and wireless access points. Bandwidth into and out of the WAN edge is normally much more expensive and therefore, constrained, requiring resource sharing and prioritization of the services delivered over the edge router. Each of the edge routers depicted in the diagram above is normally managed as an autonomous device, meaning that any other edge router has no awareness of the configuration of service state of every other router.

Today’s legacy, hardware-based SDN approach for the distributed enterprises does not address the following requirements:

• Reduced and predictable maintenance/support costs through centralized network management and automated lifecycle network management processes (hands-free installation, simple GUI, no CLI,   no truck rolls)
• Flexible logical addressing for both local subnetting, routing and locally-hosted public servers using integrated DHCP, NAT and port forwarding services
• Diverse off-net access per site through multiple routing interfaces to the site’s local internet/intranet/extranet connections
• Inter-site quality of service (QoS) and security/privacy using DSCP marking, priority queuing, rate limiting, secure inter-site tunnels and site-specific VLAN flexibility
• Secure access to local networks by client and server devices such as printers, laptops, local servers and BYOD via network access control (NAC) and authentication, authorization and accounting (AAA)

The problems that arise from not meeting these requirements boil down to higher costs and a lack of flexibility, agility and control required in today’s dynamic distributed networking environments, including:

• Greater capital expenses in acquiring high-end network devices
• Higher and unpredictable lifecycle cost to deploy, install, provision and operate these individual, autonomous network devices due to the high labor expense involved in separately administering each edge router
• Legacy single-purpose networking hardware not supporting any application other than network functions
• Lengthy vendor hardware development cycles promote vendor lock-in and stifle agile software innovation

What is the Solution?
To deliver on these requirements and solve the problems of the distributed enterprise, requires an end-to-end SDN approach that supports the entire network infrastructure out to the furthest edge. In Part 2 of this blog, we’ll talk about a virtualized networking approach that is specifically optimized for the highly-distributed enterprise and the service providers that support it.