Containers Expo Blog Authors: Derek Weeks, Liz McMillan, Pat Romanski, Sematext Blog, Jim Kaskade

Related Topics: SDN Journal, Java IoT, Microservices Expo, Containers Expo Blog, @CloudExpo, @BigDataExpo

SDN Journal: Blog Feed Post

Agility, SDN and Service Frameworks

It's that time in the SDN hype cycle where people are beginning to lay out a more solid vision of what it means to them

It's that time in the SDN hype cycle where people are beginning to lay out a more solid vision of what it means to them. Themes are beginning to emerge on the foundations laid by ONF that include the necessary separation of control and data (forwarding) planes, but some are still missing critical components - the ones that enable agility of the business, not just the network.

Juniper's Bob Muglia recently published a post called "Decoding SDN" that expounds upon Juniper's vision of SDN. It's a well written lengthy piece that's definitely worth a read if you not only want to understand Juniper's strategy but if you want to gain a bit more insight into how SDN is being approached.

One thing that jumped out at me was Bob's "Four Planes of Networking". Generally speaking it was an excellent distillation of the SDN concept. But something was missing, in my opinion. It did not adequately encapsulate the notion of how or where SDN enables one of its most important purported benefits: agility.

Let's review the basic definition of agility, shall we?


1.the power of moving quickly and easily; nimbleness: exercises demanding agility.

A fairly nebulous definition and Bob's description of the four planes of networking certainly can be construed to fulfill the requirements of agility. After all, merely separating control from data (forwarding) plane combined with a standardized management plane enables a fair amount of agility in the network, certainly more than what existed before the concept of SDN began disrupting the entire networking community.

But agility isn't just about being able to rapidly change forwarding tables, it's about being able to respond to operational and business conditions. It's about being able to implement new functionality, if necessary, that enables innovative business ideas to be realized in the network, which almost always must deliver that business idea to customers, employees, or partners.

What I found missing from Bob's discussion was programmability of the network, that is, not just the ability to programmatically modify configuration, but to programmatically modify the behavior (and thus the delivery mechanisms) of the network.

Bob's diagram and explanation (shortened for brevity):

The Four Planes of Networking

Inside every networking and security device – every switch, router, and firewall - you can separate the software into four layers or planes.  As we move to SDN, these planes need to be clearly understood and cleanly separated.  This is absolutely essential in order to build the next generation, highly scalable network.

The bottom plane, Forwarding, does the heavy lifting of sending the network packets on their way.

Control. If the Forwarding plane is the brawn of the network, Control is the brains.  The Control plane understands the network topology and makes the decisions on where the flow of network traffic should go.

Services. Sometimes network traffic requires more processing and for this, the Services plane does the job.  Not all networking devices have a Services plane – you won’t find this plane in a simple switch.  But for many routers and all firewalls, the Services plane does the deep thinking, performing the complex operations on networking data that cannot be accomplished by the Forwarding hardware.  Services are the place where firewalls stop the bad guys and parental controls are enforced.

Management. Like all computers, network devices need to be configured, or managed.  The Management plane provides the basic instructions of how the network device should interact with the rest of the network.



I hope Bob does not take it amiss if I modify and expand upon his network plane diagram.

First, I think management should not be portrayed as part of the network planes. It's not part of the network - not really - nor should it be. The separation of management from network plane as a matter of technical architecture and implementation is well-established as a best practice to ensure continued access to devices that have failed or are overwhelmed. I don't think Bob's intention was to imply the management plane was coupled to the network plane in such a manner, but diagrams using an east or west-bound management placement tend to disseminate the actual separation a bit better, so I've moved it off to the side and broadened it to ensure it covers not only control but services as well.

Which is the next layer I think needs some expansion.


One of the core premises of SDN is the ability to programmatically extend the functionality of the "network" through plug-ins, add-ons, or applications - whatever you want to call them, they're the same thing - I'm going to refer to them as services as I think Bob took the right approach with the service nomenclature. But rather than use the all encompassing "services" I think we should view that layer as a service framework, upon which new services can be deployed - whether through plug-ins or a direct programmatic interface or through a less coupled API. However it occurs, a set of base network services are available in the framework that can be extended. That's where additional value is added, where new network functionality is deployed, and what makes it possible to use the same network "equipment" to deploy a variety of functions. The same "equipment" should be distilled down to a common set of networking services but be able to support firewall services on one, application acceleration on another, and load balancing on yet another.

This concept draws from the idea of a platform in the development world. Developers do not write their own network stacks, or even application-transport (HTTP) stacks. They develop functionality atop a common framework that enables them to modify behavior such that a highly secure, banking application can be deployed on the same common platform as a completely open picture sharing application. The platform is deployed, managed, configured and operated in the same way but the applications, ah, the applications have very different profiles.

The same concept must be applied to the network and to SDN-enabled solutions. It's not enough to provide separation of control and forwarding to enable agility. To enable true agility requires the inclusion of a services platform capable of extending functionality without introducing additional operational overhead into the core "stack".

There's a lot more in Bob's discussion, including an interesting view of "SDN Chaining" which I will not get into here because this is long enough that your coffee is likely cold by now. Suffice it to say it's an interesting read and I find valuable nuggets in his discussion and think such posts are necessary to start really figuring out where this SDN thing is going to go.

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
Intelligent machines are here. Robots, self-driving cars, drones, bots and many IoT devices are becoming smarter with Machine Learning. In her session at @ThingsExpo, Sudha Jamthe, CEO of IoTDisruptions.com, will discuss the next wave of business disruption at the junction of IoT and AI, impacting many industries and set to change our lives, work and world as we know it.
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The Open Connectivity Foundation (OCF), sponsor of the IoTivity open source project, and AllSeen Alliance, which provides the AllJoyn® open source IoT framework, today announced that the two organizations’ boards have approved a merger under the OCF name and bylaws. This merger will advance interoperability between connected devices from both groups, enabling the full operating potential of IoT and representing a significant step towards a connected ecosystem.
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
SYS-CON Events announced today that Cloudbric, a leading website security provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Cloudbric is an elite full service website protection solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Sys...
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, will draw together recent research and lessons learned from emerging and established ...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, will discuss how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team a...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, discussed the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filterin...
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...