1. Market Research
  2. > Software Market Trends
  3. > The Network Security Implications of Software Defined Networks (SDN)


Software Defined Networking (SDN) is among the buzzwords of the day. SDN is a new approach to network architecture that will generate dividends to network operators. Communications Service Providers (CSPs) have set their sights on SDN and network function virtualization (NFV) as the vehicles for achieving an unprecedented, and now increasingly necessary, level of automation and programmability.
The ramifications of implementing a new network architecture are enormous. The purpose of this report is to understand the impact of SDN on network security.

What is SDN?

In a typical networking router or switch, the control plane (or software) and the data plane (or hardware) are resident within a single hardware “box.” Software Defined Networking decouples the network control and data planes of associated IP equipment such as routers and switches. SDN also provides a new centralized intelligence and control layer. Conceptually, this decoupling is similar to the abstraction and virtualization of components that has already happened extensively in data center servers. Server virtualization has transitioned server processors and storage into abstract services, providing for the dynamic allocation of resources, as needed.

The Four Planes of Networking

The SDN impact needs to be described in terms of the four planes networking. These four planes, or layers, can be found in every network router, switch or firewall. The planes include:
• Forwarding – Forwarding provides the core functionality of moving packets as fast as possible. The forwarding plane can be accomplished in software, but forwarding is more efficiently accomplished using parallel processors within dedicated semiconductor devices (hardware).
• Control – Control is the “brains” of the network. The control plane makes network traffic routing decisions, acting as a network “traffic cop.” The control plane learns the network by talking to peer devices.
• Services – Not all networking devices have a services plane, such as a simple switch. For devices such as routers and firewalls, the services plane performs the tasks that cannot be accomplished by the forwarding hardware. Services may include stateful firewalls or data loss prevention (DLP) controls. Whenever network traffic requires additional processing, the services plane is employed.
• Management – The management plane provides the basic instructions of how each network device interacts with the rest of the network. While the control plane learns from the network itself, the management plane is often manually configured on each individual networking device. This manual engagement is prone to human error; and mistakes can result in costly stoppages of network traffic.

Implications of the Four Planes

As noted earlier, the forwarding plane uses parallel processors within dedicated semiconductor devices. The control, services, and management planes typically run on standard x processors. As a result, the forwarding plane functions optimally in dedicated silicon devices residing locally on networking devices.

network to be operated as a synchronized system instead of a mass of heterogeneous nodes. Often, network security services will be implemented in these planes through virtualization.


Virtualization separates the logical from the physical components of the workload. Application code and associated operating system are packaged neatly into a virtual machine (VM). Multiple VMs, regardless of operating system, can share a physical server. A hypervisor installed on the server allocates resources and acts as a translator, making each VM believe it has full access to the server resources.
The virtualized workload is self-contained and highly portable. Like a turtle or a motor home, the virtualized workload carries all its needs on its “back”—operating system and application code—and isn’t fussy about where it sets up housekeeping. Thus, IT technicians do not have to custom-configure a server exoskeleton for a virtualized workload.

Stages of Implementing SDN

Implementing SDN is not a simple undertaking. The implementation can almost be viewed as a Herculean task, as SDN is essentially a replacement networking architecture. As a replacement, implementation should be approached in phases:
• Management Centralization – Centralize network management, analytics, and configuration functionality into a single network master that can then configure all networking devices.
• Remove Services from Dedicated Network and Security Devices – Implement services by utilizing virtual machines on centralized industry-standard x86 servers.
• Create a Centralized Controller – A centralized controller enables “SDN Service Chaining,” which, in turn, enables networks to be dynamically reconfigured to respond to changeable network conditions. SDN service chaining also reduces the time, cost, and risk for customers to design, test and deliver new services.
• Optimize performance – The performance of the network and security solutions needs to be optimized.

What is NFV?

In discussing SDN, Network Function Virtualization (NFV) is commonly mentioned. The difference between NFV and SDN is important to be understood.
At the most basic level, NFV is a way to leverage standard, low cost, but high-performing servers as replacements for expensive, proprietary hardware currently in use in operator networks. Too often in operators’ networks, complexity from proprietary hardware grows with each new service introduction. NFV allows routers, switches, firewalls, load balancers, content delivery systems, end-user devices, IMS nodes, and almost any other network function to be run as software in virtual machines—often on shared servers, and using shared storage.

Table Of Contents

The Network Security Implications of Software Defined Networks (SDN)
Table of Contents
The Network Security Implications of Software Defined Networks (SDN)
What is SDN?
The Four Planes of Networking
Implications of the Four Planes
Stages of Implementing SDN
What is NFV?
The SDN Beachhead
Why SDN?
Need for Greater Operational Efficiency
Explosion of the Boundaries of the “Traditional” Network
From Walls to Membranes
A Note about Definitions
SDN Impact on Security
Security Improvement Inherent in SDN Architectural Approach
Security High on the List of SDN Services
Steps for Adapting to SDN Provisioning of Network Security Services
Convert Software to an x86 Instruction Set
Security Products as Virtual Appliance
No New Concepts?
Remember the Data Path
In the Data Path
Not in the Data Path (Services Plane)
Potential Danger Points with Implementing Security in an SDN Network
Introduction of Complexity
Human Error
Heightened Importance of Controlling Access
Hypervisor Tax
Security Bypass
Communication Protocols between Network Security Services
SDN Emerging Standards
Open Daylight
The Importance of Hooking
Multiple Controllers?
Flow Actions to be Avoided
OpenFlow and Security
Data Path Encryption
Controller Auto-Discover
Transport Layer Security (TLS) Encryption
SSL/TLS Private Key Configuration
Implication of the TCP-based Protocol
Security with SDN is a Different Approach
Innovative Approaches to SDN Security
Juniper Firefly
The Last Word

List of Figures

Figure 1: SDN Features and Benefits
Figure 2: NFV and SDN

View This Report »

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 24 Million searchable statistics with tables, figures & datasets
  • More than 10,000 trusted sources
24/7 Customer Support

Talk to Amrita

+1 718 303 2019

Purchase Reports From Reputable Market Research Publishers
The Analytics software systems: worldwide market shares 2015

The Analytics software systems: worldwide market shares 2015

  • $ 7 999
  • Industry report
  • September 2016
  • by Analysys Mason

"The telecoms industry is increasing its spending on analytics software systems, but not to the extent that we predicted last year." This report assesses which vendors are leading in the analytics software ...

The LPWA networks for IoT: worldwide trends and forecasts 2015–2025

The LPWA networks for IoT: worldwide trends and forecasts 2015–2025

  • $ 7 999
  • Industry report
  • July 2016
  • by Analysys Mason

Low-power, wide-area (LPWA) networks have the potential to grow to 3.5 billion connections, but no single sector is driving overall growth. This is in contrast to M2M networks, where automotive and transport ...

Mass Notification System Market by Solution, by Application - Global Forecast and Analysis to 2021

Mass Notification System Market by Solution, by Application - Global Forecast and Analysis to 2021

  • $ 7 150
  • Industry report
  • July 2016
  • by MarketsandMarkets

“Need for increased operational awareness and public safety and security is driving the Mass Notification Systems (MNS) market” The Mass Notification Systems (MNS) market size is expected to grow from ...

Download Unlimited Documents from Trusted Public Sources

The future of the Mobile Application Industry in the US

  • October 2016
    6 pages
  • Mobile Applicat...  

  • United States  

View report >

Food Statistics in the US

  • October 2016
    8 pages
  • Food  


  • United States  

    North America  


View report >

Open Source Statistics in the US

  • October 2016
    8 pages
  • Open Source  


  • United States  

    North America  

View report >


Reportlinker.com © Copyright 2016. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.