Agencies eye the possibilities of SDN
Software-defined networking is still in its infancy, but science-oriented networks already see the potential.
Welcome to the next IT transition. Agencies have cycled through server and desktop virtualization, mobile computing and the cloud. Network infrastructure is next in line for a sweeping change, and it might be coming in the form of software-defined networking.
An SDN deployment creates a software layer that absorbs many of the complexities of managing a network. Proponents say the benefits include greater flexibility, lower costs and ease of management.
The approach has a few drawbacks. The technology is in its infancy, reference installations are few and far between, and standards are still emerging. And then there is the potential deal breaker: the price tag of pursuing a new networking architecture during a time of budget constraints.
Nevertheless, some industry executives believe SDN's potential upside will eventually outweigh the drawbacks. What's more, the pressure to support key initiatives, such as cloud computing, with a more flexible networking approach and the ability to save dollars down the road will compel agencies to pursue SDN.
In the meantime, science-oriented networks in government and academia are exploring SDN. The Energy Department's Energy Sciences Network (ESnet) is evaluating the technology, and the National Science Foundation is funding SDN research at universities.
"There are a lot of experiments going on where they are trying to figure out what works," said Bryan Lyles, program director in NSF's Division of Computer and Network Systems. "But we are still early in the game."
Why it matters
The typical agency might not have an SDN upgrade in its immediate plans, but ongoing research could pave the way for eventual mainstream adoption.
DOE's ESnet links scientists at national laboratories and other research groups. Inder Monga, chief technologist and area lead for network engineering, tools and research at ESnet, said science applications generate large data flows that are measured in petabytes. SDN provides the ability to direct those flows to the most efficient network tier. It could move a large flow to the optical transport layer or route flows around packet bottlenecks, for example.
"Data-intensive science workflows are heavy users of the network, especially due to the increasingly large datasets they are generating," Monga said. "By using SDN, we're trying to make sure we provide better predictability for these science applications."
One of ESnet's SDN demonstration projects uses OpenFlow, an SDN-enabling communications protocol, to match science data flows to the optimal transport tier. Another project aims to stretch typically self-contained SDN deployments to interact with the Internet.
"In order to successfully deploy SDN, you cannot deploy it as an island," Monga said.
But officials have yet to integrate SDN into ESnet on a larger scale. When the network was upgraded to 100G technology in 2012, SDN was not sufficiently mature to play a major role. However, officials will keep looking for situations where SDN, in its current form, provides a good fit.
"We are very much interested in exploring and introducing SDN opportunistically," Monga said. "I am excited about the potential of SDN, and we're using these demonstrations to see what it can possibly do. But we are clearly still exploring what's possible."
Meanwhile, the NSF-backed Global Environment for Network Innovations initiative supports research and education in areas including SDN. Indeed, several universities are field testing the technology under the auspices of GENI.
In addition, NSF awarded more than $20 million last year to 34 campus networking projects under its Campus Cyberinfrastructure-Network Infrastructure and Engineering program. One activity involves transitioning SDN prototypes to "distributed scientific environments and campus infrastructure," according to NSF.
"I think we are going to learn a lot from these deployments, and people will adjust exactly how they do it based on the outcomes," Lyles said.
The Defense Department is also looking into the possibility of using SDN to support its mission, he added.
Sudhir Verma, chief technology officer at federal IT solutions provider Force 3, cited the intelligence community as an early adopter. Overall, he said he expects SDN to significantly influence government networks, although most agencies won't feel an immediate impact.
"Like any new technology that is this disruptive, the adoption rate is not going to be full-fledged on Day One," Verma said. "But SDN is definitely going to change the way we look at networks."
The fundamentals
SDN separates the task of determining how traffic will traverse a network from the task of delivering the data. An application called an SDN controller manages the flow of traffic, and the various network devices -- routers and switches -- focus on moving the data around.
That division of labor allows IT managers to program all the devices on a network via a single software controller. Thus, SDN promises to simplify network administration by speeding up traditionally time-consuming, labor-intensive tasks and potentially saving money. Programmability also makes the network more flexible and responsive to changes, such as shifting traffic patterns.
SDN "moves the complexity of the network...up into the software layer," said Joe Brown, president of Accelera Solutions. "That gives you much more flexibility. You can make quick configuration changes."
In addition, SDN dovetails with the scalability of cloud computing.
"SDN is a key component in building out both public and private clouds," said Patrick Stevenson, systems engineering manager at Citrix Systems' U.S. Public Sector. "It brings the network and applications together into a cohesive ecosystem and wraps it with a solution where automation and programmatic changes can easily occur in order to scale and meet customer demand."
SDN is the latest in a series of steps to make networks more agile. Its technological forerunners have been around for years, and NSF has funded many of those earlier developments, Lyles said. He cited programmable connections and networks and the use of dynamic circuits as examples. Dynamic circuits let organizations allocate networking resources on the fly to accommodate particularly demanding applications.
"The high-performance computing community has been setting up dynamic circuits -- layer 2 and, to some extent, layer 1 dynamic circuits -- for a number of years," Lyles said. "So dynamic circuits and the programmatic environment for setting them up are things the government is already involved in."
The hurdles
Like most emerging technologies, SDN faces a few obstacles. Monga pointed to network topology -- specifically, mapping a virtual topology to a physical one -- as an area that needs additional focus. Another gap is the manageability of SDN networks.
"As the technology matures, being able to manage it and being able to build a management structure around it [are] extremely important," Monga said. For instance, technology adopters will need mechanisms for debugging SDN installations.
The security of SDN networks is another field ripe for study, he added. SDN represents a change in architecture and, because of that shift, calls for a deeper investigation of security. Activities are already in the works, including an SDN program review scheduled for December that will consider the security gap and provide recommendations for how federal agencies can deal with it, Monga said. DOE, NSF and the Networking and Information Technology Research and Development program will host the review.
Standards are another issue. Many SDN projects use the OpenFlow protocol, but other protocols are being discussed and new ones might enter the market as more vendors develop SDN hardware. However, Monga said his preference would be to have fewer protocols.
"I don't want to deal with the complexity of the choice and the variability of what each vendor implements," he said.
Furthermore, cost is always a concern when it comes to network upgrades. SDN requires a programmable software layer and routers and switches designed for SDN environments. So agencies would likely approach the technology in a step-wise progression.
Clark DeHaven, senior director of corporate strategy at LGS Innovations, an independent subsidiary of Alcatel-Lucent that focuses on federal networking, said agencies will move through the following phases: studying the technology, getting a handle on the security issues, exploring use cases and evaluating different solutions. Next, agencies will launch pilot projects and then slowly introduce elements of SDN.
He said he anticipates a significant movement to SDN in the next three to six years.
DeHaven said he expects to see SDN adoption unfold "much like we saw with cloud, much like we saw with mobile devices."