Skip to content
Report Cyber Incident
Daisie RegisterMay 8 20174 min read

Campus Networks: The Next Frontier for SDN?

There is no disputing that software-defined networking (SDN) has brought new levels of capabilities to networking in the data center while reducing operator errors, overhead, and complexity. These same benefits can be extended to campus networking for many customers.

Campus networks actually do share many of the same network challenges as data centers but for different reasons. For instance, campus networks are not being stressed by compute virtualization or cloud operational models, but rather the explosion of connectivity due to the Internet of Things (IoT) and bring your own device (BYOD). Additionally, there is a need for improved security and visibility based on quantifiable data that indicates most threats are actually originating from inside the network rather than externally.

Most traditional data center networks are based on large Layer-2 domains using legacy-based protocols that introduce non-deterministic behavior with very high-touch, decentralized configurations. The same constructs, such as manual trunking, virtual local area network (VLAN) management, and spanning tree, also plague campus networks and limit their ability to provide agile and reliable services to end users.

The concept of introducing a routed network overlay to a campus to abstract and simplify it aligns with what is already being accomplished with SDN in the data center. Building networks using a Layer-3 based construct has proven to be a much more reliable and robust method of architecting. Using a routed network overlay provides a very important distinction that was traditionally not possible, which is decoupling the subnet/VLAN from the underlying network, therefore making it completely mobile and able to be provisioned anywhere without repercussions on the underlying infrastructure.

Campus networks have traditionally been built using sets of VLANs and associated broadcast domains that can span large numbers of switches. These technologies are not only cumbersome to maintain but very indeterministic in nature. This means the network behavior can often be unpredictable under various real-life scenarios such as changes or failures despite performing the appropriate engineering.

A network overlay via SDN directly addresses this shortcoming in traditional campus networks by enabling an intelligent routed overlay that can uniformly provide network services across the entire campus without requiring any changes to the core. This benefit closely resembles the same benefits you achieve when building a virtual private network (VPN) over the Internet that removes any burden from the underlying transport other than just reliable IP connectivity. The VPN carries all context and user data such that the end-user is still connected to the enterprise network just the same as if he or she were on premises.

Many network professionals have grown to expect these downfalls, and rather than prevent damage from happening, they reduce risk by simply limiting the failure domain or exposure to the network in the case a spanning-tree loop or broadcast storm was to occur. Campus networks are now being further stretched in terms of their breadth of connectivity due to the onslaught of additional devices, which again is placing additional stress on the network as well as the operator to maintain and design an architecture that can be appropriately operated and secured.

SDN can help to improve this operational model by leveraging the network overlay to transparently extend connectivity. Secondly, with the introduction of centralized control and management, the provisioning model for IoT and users can be streamlined so that the operator is not burdened with the increasing demands revolving around endpoint connectivity in the campus.

Security is now becoming inherently part of the network. This trend towards zero-trust networking is a concept that is rapidly approaching and can actually be deployed rather than just talked about. The idea that we can dramatically limit the attack surface by applying policy to all endpoints that touch the network uniformly applies to both workloads in the data center as well as users in the campus. SDN in the campus can be used as a platform for driving a much stronger end-to-end security posture by enabling enhanced visibility, context-aware network segmentation, and the ability to dynamically respond to security related events.

SDN can deliver enhanced security telemetry and network segmentation with the introduction of an SDN controller along with an intelligent network overlay. An SDN controller can provide a foundation for improved centralized management as well as dramatically improving visibility to every endpoint that is connected to the network.

SDN will likely prove useful in just about any campus network whereby there is a need to streamline and improve the operations as well as provide more robust capabilities natively in the network to tie it to the needs of the business or mission. Unfortunately, many IT professionals aren’t aware of the SDN applications in the campus space.

The controller-based networking paradigm shift, for example, is already proving to be a much more effective way to operate and manage networks in the data center. These SDN-born benefits equally apply to campus networks, whereby organizations and agencies can centralize, automate, and simplify network management.

SDN in the campus can enhance security and decrease management complexities, but can also reduce and streamline operator overhead, meaning organizations and agencies can spend more time and fewer funds on tasks that affect their bottom line and impact missions for the better.

To learn more about how Iron Bow and Cisco are partnering to streamline campus networks with SDN-capabilities visit: https://www.ironbow.com/solutions_serv/network-defense

COMMENTS