Simplifying the Network Edge with SDN

Active traffic redirection can be used to make network services and security assets accessible from anywhere in the entire network.

This new approach achieves these objectives by using SDN techniques and the strategic position of the network edge to optimize both the flow of traffic and the exposure of these flows to various network services. SDN also offers a more holistic approach to solving network problems by making the network less of a closed black-box and more of a programmable entity. As a result, it can make decisions based on criteria set by intelligent control software, interact in real-time with applications, and change its behavior based on the feedback and instructions it obtains from them.

Filtering traffic at the network edge can reduce wasted bandwidth and network servers by predigesting flows and optimizing their paths through the network, selectively running traffic only through the services required by policy, service level agreements, or network orchestration systems. By the same token, if all traffic isn’t forced through all the many network services implemented at the network edge, that traffic’s path—and therefore latency—through the network can be greatly reduced.

This approach can be used to significantly simplify network architecture and reduce costs by offloading key functions from expensive network appliances. Instead, these key functions can be run directly in network switches, where they can be more cost-effectively executed. These switches leverage programmable forwarding plane processors to deliver functions such as packet brokering, load balancing, service chaining and telemetry in the network fabric itself and, because they are software-based, their capabilities can easily be changed via software upgrades as needs evolve.

Benefits are multiplied in larger scale networks, especially multi-site and multi-domain networks. Active traffic redirection can be used to make network services and security assets (such as DDoS mitigation, firewalls, etc.) accessible from anywhere in the entire network. This also enables the pooling these network assets to eliminate costly over-provisioning. In addition, pooling traffic can reduce entry costs of new services as they build volume over time.

Programmable switches can reduce the costs of network equipment, connectivity, and network management by eliminating the need to physically install hardware TAPs at every point in the network where monitoring is desired.

The result is the simplification of the network edge. It’s a transformation of the edge from a source of bottlenecks, headaches and security problems into a key network resource, fully engaged as an enabler of network transformation and a driver for the effective deployment of Cloud Native Functions (CNFs).

So where are these Programmable Forwarding Planes?

As mentioned earlier, SDN, NFV and virtualization are driving the need for the transformation of proprietary, fixed-function networks to much more agile and adaptive cloud native networks. Still, the closed nature of conventional fixed pipeline networking hardware and the reluctance of incumbent network equipment vendors to disrupt their perpetually increasing sales volumes and traditional high margins has significantly hampered this transformation.

This reluctance has led to new entrants in the world of networking silicon and new forwarding plane products that leverage the performance and flexibility of programmable match-action logic on leading edge networking chips such as the Intel/Barefoot Tofino, deployed on economical white-box switching hardware. 

Specifically, the Intel/Barefoot Tofino platform applies software agility to ASICs to deliver flexible and fully programmable forwarding solutions that can be optimized for specific applications such as packet brokering, load balancing and cybersecurity. By employing the open P4 standard for software development instead of closed (and often prohibitively expensive) proprietary development kits, Tofino enables extensibility from a wide community of developer-contributors including vendors, users and academics.

These open API interfaces also ease integration with existing network and cybersecurity services and facilitate the repurposing of hardware based on application needs, thus extending both effective utilization rates and the total in-service lifetime.

The result is the ideal platform for use in building solutions that simplify the network edge, enable network transformation, and support the adoption of Cloud Native Functions (CNFs). 


Latest Updates

Subscribe to our YouTube Channel