It's that time in the SDN hype cycle where people are beginning to lay out a more solid vision of what it means to them. Themes are beginning to emerge on the foundations laid by ONF that include the necessary separation of control and data (forwarding) planes, but some are still missing critical components - the ones that enable agility of the business, not just the network.

Juniper's Bob Muglia recently published a post called "Decoding SDN" that expounds upon Juniper's vision of SDN. It's a well written lengthy piece that's definitely worth a read if you not only want to understand Juniper's strategy but if you want to gain a bit more insight into how SDN is being approached.

One thing that jumped out at me was Bob's "Four Planes of Networking". Generally speaking it was an excellent distillation of the SDN concept. But something was missing, in my opinion. It did not adequately encapsulate the notion of how or where SDN enables one of its most important purported benefits: agility.

Let's review the basic definition of agility, shall we?

a·gil·i·ty

1.the power of moving quickly and easily; nimbleness: exercises demanding agility.

A fairly nebulous definition and Bob's description of the four planes of networking certainly can be construed to fulfill the requirements of agility. After all, merely separating control from data (forwarding) plane combined with a standardized management plane enables a fair amount of agility in the network, certainly more than what existed before the concept of SDN began disrupting the entire networking community.

But agility isn't just about being able to rapidly change forwarding tables, it's about being able to respond to operational and business conditions. It's about being able to implement new functionality, if necessary, that enables innovative business ideas to be realized in the network, which almost always must deliver that business idea to customers, employees, or partners.

What I found missing from Bob's discussion was programmability of the network, that is, not just the ability to programmatically modify configuration, but to programmatically modify the behavior (and thus the delivery mechanisms) of the network.

Bob's diagram and explanation (shortened for brevity):

The Four Planes of Networking

Inside every networking and security device – every switch, router, and firewall - you can separate the software into four layers or planes.  As we move to SDN, these planes need to be clearly understood and cleanly separated.  This is absolutely essential in order to build the next generation, highly scalable network.

Forwarding. The bottom plane, Forwarding, does the heavy lifting of sending the network packets on their way.

Control. If the Forwarding plane is the brawn of the network, Control is the brains.  The Control plane understands the network topology and makes the decisions on where the flow of network traffic should go.

Services. Sometimes network traffic requires more processing and for this, the Services plane does the job.  Not all networking devices have a Services plane – you won’t find this plane in a simple switch.  But for many routers and all firewalls, the Services plane does the deep thinking, performing the complex operations on networking data that cannot be accomplished by the Forwarding hardware.  Services are the place where firewalls stop the bad guys and parental controls are enforced.

Management. Like all computers, network devices need to be configured, or managed.  The Management plane provides the basic instructions of how the network device should interact with the rest of the network.

 

http://forums.juniper.net/t5/The-New-Network/Decoding-SDN/ba-p/174651

I hope Bob does not take it amiss if I modify and expand upon his network plane diagram.

First, I think management should not be portrayed as part of the network planes. It's not part of the network - not really - nor should it be. The separation of management from network plane as a matter of technical architecture and implementation is well-established as a best practice to ensure continued access to devices that have failed or are overwhelmed. I don't think Bob's intention was to imply the management plane was coupled to the network plane in such a manner, but diagrams using an east or west-bound management placement tend to disseminate the actual separation a bit better, so I've moved it off to the side and broadened it to ensure it covers not only control but services as well.

Which is the next layer I think needs some expansion.

A SERVICE FRAMEWORK

One of the core premises of SDN is the ability to programmatically extend the functionality of the "network" through plug-ins, add-ons, or applications - whatever you want to call them, they're the same thing - I'm going to refer to them as services as I think Bob took the right approach with the service nomenclature. But rather than use the all encompassing "services" I think we should view that layer as a service framework, upon which new services can be deployed - whether through plug-ins or a direct programmatic interface or through a less coupled API. However it occurs, a set of base network services are available in the framework that can be extended. That's where additional value is added, where new network functionality is deployed, and what makes it possible to use the same network "equipment" to deploy a variety of functions. The same "equipment" should be distilled down to a common set of networking services but be able to support firewall services on one, application acceleration on another, and load balancing on yet another.

This concept draws from the idea of a platform in the development world. Developers do not write their own network stacks, or even application-transport (HTTP) stacks. They develop functionality atop a common framework that enables them to modify behavior such that a highly secure, banking application can be deployed on the same common platform as a completely open picture sharing application. The platform is deployed, managed, configured and operated in the same way but the applications, ah, the applications have very different profiles.

The same concept must be applied to the network and to SDN-enabled solutions. It's not enough to provide separation of control and forwarding to enable agility. To enable true agility requires the inclusion of a services platform capable of extending functionality without introducing additional operational overhead into the core "stack".

There's a lot more in Bob's discussion, including an interesting view of "SDN Chaining" which I will not get into here because this is long enough that your coffee is likely cold by now. Suffice it to say it's an interesting read and I find valuable nuggets in his discussion and think such posts are necessary to start really figuring out where this SDN thing is going to go.