1. Market Research
  2. > IT Services
  3. > Hosting Market Trends
  4. > The Network Security Implications of Software Defined Networks (SDN)


Software Defined Networking (SDN) is among the buzzwords of the day. SDN is a new approach to network architecture that will generate dividends to network operators. Communications Service Providers (CSPs) have set their sights on SDN and network function virtualization (NFV) as the vehicles for achieving an unprecedented, and now increasingly necessary, level of automation and programmability.
The ramifications of implementing a new network architecture are enormous. The purpose of this report is to understand the impact of SDN on network security.

What is SDN?

In a typical networking router or switch, the control plane (or software) and the data plane (or hardware) are resident within a single hardware “box.” Software Defined Networking decouples the network control and data planes of associated IP equipment such as routers and switches. SDN also provides a new centralized intelligence and control layer. Conceptually, this decoupling is similar to the abstraction and virtualization of components that has already happened extensively in data center servers. Server virtualization has transitioned server processors and storage into abstract services, providing for the dynamic allocation of resources, as needed.

The Four Planes of Networking

The SDN impact needs to be described in terms of the four planes networking. These four planes, or layers, can be found in every network router, switch or firewall. The planes include:
• Forwarding – Forwarding provides the core functionality of moving packets as fast as possible. The forwarding plane can be accomplished in software, but forwarding is more efficiently accomplished using parallel processors within dedicated semiconductor devices (hardware).
• Control – Control is the “brains” of the network. The control plane makes network traffic routing decisions, acting as a network “traffic cop.” The control plane learns the network by talking to peer devices.
• Services – Not all networking devices have a services plane, such as a simple switch. For devices such as routers and firewalls, the services plane performs the tasks that cannot be accomplished by the forwarding hardware. Services may include stateful firewalls or data loss prevention (DLP) controls. Whenever network traffic requires additional processing, the services plane is employed.
• Management – The management plane provides the basic instructions of how each network device interacts with the rest of the network. While the control plane learns from the network itself, the management plane is often manually configured on each individual networking device. This manual engagement is prone to human error; and mistakes can result in costly stoppages of network traffic.

Implications of the Four Planes

As noted earlier, the forwarding plane uses parallel processors within dedicated semiconductor devices. The control, services, and management planes typically run on standard x processors. As a result, the forwarding plane functions optimally in dedicated silicon devices residing locally on networking devices.

network to be operated as a synchronized system instead of a mass of heterogeneous nodes. Often, network security services will be implemented in these planes through virtualization.


Virtualization separates the logical from the physical components of the workload. Application code and associated operating system are packaged neatly into a virtual machine (VM). Multiple VMs, regardless of operating system, can share a physical server. A hypervisor installed on the server allocates resources and acts as a translator, making each VM believe it has full access to the server resources.
The virtualized workload is self-contained and highly portable. Like a turtle or a motor home, the virtualized workload carries all its needs on its “back”—operating system and application code—and isn’t fussy about where it sets up housekeeping. Thus, IT technicians do not have to custom-configure a server exoskeleton for a virtualized workload.

Stages of Implementing SDN

Implementing SDN is not a simple undertaking. The implementation can almost be viewed as a Herculean task, as SDN is essentially a replacement networking architecture. As a replacement, implementation should be approached in phases:
• Management Centralization – Centralize network management, analytics, and configuration functionality into a single network master that can then configure all networking devices.
• Remove Services from Dedicated Network and Security Devices – Implement services by utilizing virtual machines on centralized industry-standard x86 servers.
• Create a Centralized Controller – A centralized controller enables “SDN Service Chaining,” which, in turn, enables networks to be dynamically reconfigured to respond to changeable network conditions. SDN service chaining also reduces the time, cost, and risk for customers to design, test and deliver new services.
• Optimize performance – The performance of the network and security solutions needs to be optimized.

What is NFV?

In discussing SDN, Network Function Virtualization (NFV) is commonly mentioned. The difference between NFV and SDN is important to be understood.
At the most basic level, NFV is a way to leverage standard, low cost, but high-performing servers as replacements for expensive, proprietary hardware currently in use in operator networks. Too often in operators’ networks, complexity from proprietary hardware grows with each new service introduction. NFV allows routers, switches, firewalls, load balancers, content delivery systems, end-user devices, IMS nodes, and almost any other network function to be run as software in virtual machines—often on shared servers, and using shared storage.

Table Of Contents

The Network Security Implications of Software Defined Networks (SDN)
Table of Contents
The Network Security Implications of Software Defined Networks (SDN)
What is SDN?
The Four Planes of Networking
Implications of the Four Planes
Stages of Implementing SDN
What is NFV?
The SDN Beachhead
Why SDN?
Need for Greater Operational Efficiency
Explosion of the Boundaries of the “Traditional” Network
From Walls to Membranes
A Note about Definitions
SDN Impact on Security
Security Improvement Inherent in SDN Architectural Approach
Security High on the List of SDN Services
Steps for Adapting to SDN Provisioning of Network Security Services
Convert Software to an x86 Instruction Set
Security Products as Virtual Appliance
No New Concepts?
Remember the Data Path
In the Data Path
Not in the Data Path (Services Plane)
Potential Danger Points with Implementing Security in an SDN Network
Introduction of Complexity
Human Error
Heightened Importance of Controlling Access
Hypervisor Tax
Security Bypass
Communication Protocols between Network Security Services
SDN Emerging Standards
Open Daylight
The Importance of Hooking
Multiple Controllers?
Flow Actions to be Avoided
OpenFlow and Security
Data Path Encryption
Controller Auto-Discover
Transport Layer Security (TLS) Encryption
SSL/TLS Private Key Configuration
Implication of the TCP-based Protocol
Security with SDN is a Different Approach
Innovative Approaches to SDN Security
Juniper Firefly
The Last Word

List of Figures

Figure 1: SDN Features and Benefits
Figure 2: NFV and SDN

View This Report »

Get Industry Insights. Simply.

  • Latest reports & slideshows with insights from top research analysts
  • 24 Million searchable statistics with tables, figures & datasets
  • More than 10,000 trusted sources
24/7 Customer Support

Talk to Ahmad

+1 718 618 4302

Purchase Reports From Reputable Market Research Publishers
Network orchestration and management systems: worldwide forecast 2016–2020

Network orchestration and management systems: worldwide forecast 2016–2020

  • $ 7999
  • Industry report
  • December 2016
  • by Analysys Mason

"Communications service providers should not go too far down the network virtualisation path without implementing a network orchestration strategy." Spending on traditional network management systems (NMS) ...

Network management and orchestration systems: worldwide market shares 2015

Network management and orchestration systems: worldwide market shares 2015

  • $ 7999
  • Industry report
  • November 2016
  • by Analysys Mason

"Next-generation virtual network management and orchestration spending increased to USD530 million in 2015, reflecting significantly increased operator investment in virtual networks." This report assesses ...

Top 10 SDx and Networking Technologies

Top 10 SDx and Networking Technologies

  • $ 5650
  • Industry report
  • February 2017
  • by MarketsandMarkets

“The increasing need for simplified network architecture and enhanced security is expected to drive the growth of the software-defined everything and networking technologies” The top 10 Software-Defined ...

Download Unlimited Documents from Trusted Public Sources

SDN Industry

  • March 2017
    2 pages
  • SDN  

    Cloud Computing  

View report >

Cloud Computing Industry in Europe

  • March 2017
    34 pages
  • Cloud Computing  

  • Europe  

View report >

Data Center Industry - Forecast

  • March 2017
    30 pages
  • Data Center  

  • United States  

    United Kingdom  


View report >

Related Market Segments :



Reportlinker.com © Copyright 2017. All rights reserved.

ReportLinker simplifies how Analysts and Decision Makers get industry data for their business.