What is SD-LAN?
In my recent series on the software-defined LAN (SD-LAN), I discussed the requirements, features, and benefits that the SD-LAN strategy brings to IT managers and, ultimately and even more importantly, end-users everywhere.
But, to be fair, I didn’t provide a formal definition of SD-LAN, and we clearly need one if SD-LAN is going to become recognized and broadly adopted. And we really need something concrete here; for example, look at SDN, which is often defined by an adoption of certain protocols (most notably OpenFlow) and the rather vague “separation of control and data planes.” Nothing about clear benefits, value, improvements over what came before, and thus nothing that truly serves as a definition.
So, in the interest of making sure this doesn’t happen to SD-LAN, let’s start with five key attributes proposed as the backbone of a definition for SD-LAN, as follows, examining each in turn.
1. Application optimization
The first of these is application optimization. SD-LAN implements a number of mechanisms that optimize network traffic flow and other performance behaviors to assure optimal application visibility and control.
These include quality of service (QoS) optimization to assure that all available network capacity and services are properly applied to meet applications needs and demands, with the goal of optimizing end-user quality of experience (QoE). Such must, of course, work across the entire LAN, including the access layer, with control distributed across APs, and other network elements as required.
The bottom line here is that we ultimately judge network performance based on the ability of a given installation to meet end-user needs, and, using only a small abstraction, this is best accomplished by meeting the needs of the applications that those users depend upon.
Next is identity. This is the permissions part of authorization, a key security capability that forms the backbone of security strategies when coupled with encryption and physical security. Identity must be applied to (and enforced across) individuals and groups, and all devices, wireless and otherwise. The benefits of an SD-LAN identity implementation include simplified implementation and administration of role-based access rights, location- and time-time-based authorization, bandwidth allocation and prioritization, and the secure generation of per-user security keys for encryption. Software-defined elements are important here because multiple identity mechanisms can be required, and the ability to modify or replace identity implementations quickly and easily can be critical when flaws are identified or new technologies are readied for production deployments.
The third is adaptability. All we really need to know about just how important networks are can be summed up in the observation that the network is really the circulatory system of the organization, with information, then, analogous to blood. Inability to reliably deliver the latter across the organization is similarly analogous to a heart attack, thrombosis, aneurism, or worse. None of these, clearly, are in any way desirable, so using SD-LAN techniques to enhance the ability of the network to adapt to changing traffic flows, security issues, growing service demands, and a wide variety of related but very common conditions is clearly beneficial. And everyday “normal” operations benefit from networks that are self-configuring (and, as required, re-configuring), self-optimizing, and self-healing. Adaptability can also be driven by expected changes to and the evolution of operational policies.
4. Cloud-based management
Fourth is cloud-based management. The multi-person network operations center (NOC) replete with big-board visibility and 24/7/365 staffing has given way to cloud-based management systems that can provide everything needed via a handset – and anytime, anywhere, of course. SD-LAN can be characterized by single-point-of-control operations, providing improved visibility, operations staff productivity, and faster time-to-solution when problems do occur.
5. Extensibility and APIs
And, finally, we have extensibility in the form of open application programming interfaces (APIs). If there is one great truth in IT overall, it’s that while growth, change, and evolution are inevitable, specific changes are indeed very difficult to predict. SD-LAN, being based on APIs, provides the hooks required to build new capabilities as desired or required, to customize specific capabilities to meet local needs, and to integrate with other operational systems (again, even those that might just be emerging on not even on the horizon yet). In short – SD-LAN enables a degree of future-proofing never before possible.
I’m not saying the above list of defining characteristics is complete at this point. But we do at the very least have here a stake in the ground that represents a good start in defining the capabilities that any SD-LAN implementation must have in order to qualify as a member of this new class of networking technology.
The bottom line for me, though, is simple: making the access layer softer in the interest of enhancing current functionality, enabling new technologies as they become available, and lowering TCO.
If there’s a better way to get this done than SD-LAN, well – let’s talk about it.