.png?width=40&height=40&name=search%201%20(1).png){kind=small}
When it comes to protecting and monitoring your network, there are several different ways to approach these critical tasks. In recent years, SDN and network virtualization have redefined the way in which some network engineers address these needs.
Relatively unproven and still largely misunderstood, has SDN replaced costly monitoring tools? Are they one in the same?
Software-defined networking can be used to replicate the functions of switches and load balancers, but it does not replace the functions and benefits of monitoring tools themselves.
SDN separates the control and forwarding planes to virtualize the function of forwarding network traffic from one part of your network to another. Using programmable policies, software dictates how and where your traffic flows.
It does not replace your monitoring tools; it changes the way in which you pass information from your physical network to these applications.
So, what's the benefit of using a software-defined network for packet forwarding?
SPAN and monitor ports have severe limitations. The risk of oversubscription and dropped packets has steered engineers toward network TAPs and packet monitoring switches instead, for their obvious benefits. The potential downside to these solutions is the relative cost. Many companies choose to seek more inexpensive alternatives, though often at the price of their network security, visibility, and data collection.
On the other hand, with an SDN controller and low-cost, bare-metal switches, you’re able to create a simple and dynamic packet monitoring system to analyze the traffic on your network.
The issue is whether or not this method is truly ready to functionally replace a system of pre-programmed switches from companies such as Cisco.
According to Lee Doyle of Doyle Research, via SearchSDN, “We often hear that SDN and network virtualization will optimize network performance and bring advanced capabilities to network management. That will be true in the long term, but first we must get through the early stages of these technologies, when the shift in network architecture could make monitoring and visibility even more challenging.”
The complications mostly revolve around the increasing network speeds. Data centers are migrating to 10 GbE environments, and with information traveling faster and faster, your network must be able to handle a greater load. In many cases, network TAPs and FABs (filtering aggregating load balancers) are used to dissect packet information and mitigate the risk of oversubscription. The added demand of monitoring both physical and virtual environments creates another layer of complication.
The need for complete network visibility is essential, and that may prove to be more difficult today. SDN might be more affordable if you’re designing an entirely new network. But, if you’ve already implemented a system of performance monitoring tools and switches, you have to undergo a complete overhaul of your network. And even when you do configure SDN, you must still ensure that you have a visibility plane into all of the data you need. Without it, no method is positioned to help you protect and monitor your network.
If you want to learn more about the promises of SDN, NFV and the importance of maintaining 100% network visibility as you make the transition, download our free white paper, Architecting Data Centers for SDN and NFV - In 40G and 100G Environments