While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Software-defined networking can be a difficult concept to grasp. The words seem simple, but SDN entails a very specific way of building networks — one that enterprise wireless architects will find easy to understand. That’s because many of the concepts of SDN map directly to the way most enterprise wireless networks are being built.
With so much overlap, what can emerging SDN technology learn from the experiences of enterprise Wi-Fi? Here’s some advice.
Traditional wired networks use distributed protocols such as Open Shortest Path First and static routes to make routing decisions. But SDN replaces these distributed protocols with centralized control and management of data flows. Enterprise wireless networks all use a similar technique, not to manage data flows, but to handle access point power levels and frequency choices.
Wi-Fi manufacturers started out by using a very controller-centric model, but discovered that it doesn’t work well in all environments, especially on very large campuses where overall bandwidth can be a constraint. Now, enterprise IT managers have a wide variety of architectures to choose from, depending on their own requirements.
Network manufacturers pushing SDN may have to relearn the same lessons. Although one of the advantages of SDN is vendor interoperability, one can easily predict that the dominant SDN architecture (based on OpenFlow standards) will not work in all enterprises. No two networks have identical requirements, and enterprise IT managers may have to shop around to find an SDN to fit their needs. Don’t assume that there’s only one way to build things.
Why replace 30 years of distributed networking protocols? So you can do something smarter with your network. SDN’s central controllers provide a convenient point to inject something new into network design and control, just as enterprise wireless LAN controllers bring security and quality of service to WLANs.
Over the history of Wi-Fi, manufacturers have learned that not everything can be centrally controlled. Some decision-making has to be pushed out to the edge of the network, especially when it comes to device mobility and quality of service. Modern Wi-Fi networks often mix central and distributed algorithms.
SDN vendors don’t have many LAN installations yet because they’re more data center– focused, so some of these issues haven’t come up yet. But by pushing switches with commodity components at the absolutely lowest cost, some SDN proponents are boxing themselves into a corner when it comes to network architecture and aiming at a very narrow environment.
Enterprise IT managers looking at SDN in their networks should be very careful to specify exactly what environment SDN will be used for — LAN, WAN or data center, for example — and what the constraints and requirements are. This way, they can be sure that SDN will deliver all the features they’re seeking and properly match capabilities and needs.
A third area that enterprise Wi-Fi equipment manufacturers learned about the hard way was security, starting from the disappointment of the Wireless Encryption Protocol to the many ways that hackers have discovered to abuse and misuse wireless. SDN vendors have focused on performance and innovation, which can leave the door open to security problems down the road.
This security design gap can be especially dangerous when SDN’s scope grows. A network repurposed from a relatively secure and constrained deployment, such as within enterprise-controlled data centers, to a more general and less controlled environment has very different security requirements.
Enterprise IT managers should hesitate before considering SDN deployments in areas where networks may come under heavy attack from insiders or outsiders. There’s nothing inherent in SDN that reduces overall network security, but because SDN products have not been the subject of intensive analysis and years of probing and prodding, it’s better to hang back and give the security experts and hackers their chance to find problems — just as they did with Wi-Fi.