In 2012 OpenFlow discussions turned into SDN ones. Related although different in significant ways, both OpenFlow and SDN drove a significant level of attention in the networking industry as Nicira’s Acquisition and Cisco’s moves served to establish the commercial value of SDN. In 2013, we are witnessing serious momentum in terms of discussions and start-ups around SDN. However, the questions remain as to which solutions will be successful and which solutions will become available in the market place first?
In the IT industry in general, and more specifically in the networking industry, experience tells us that revolutions do not happen. Instead, change takes the form of evolution, and capabilities are introduced gradually through an exercise of cautious risk management. That said, SDN and OpenFlow related products have to find a way to coexist with existing network infrastructures in order to gain significant market traction. There is obviously the case of isolated experimental networks, but this is not market traction.
The reluctance to revolutionize networks aligns well with the adoption of overlay network technology (i.e. Nicira), which sees no significant barriers. However, there are only going to be a certain amount of overlay network technologies that will end up being purchased by end customers and competing in this market. Certainly the SDN market is much larger than that.
So what technologies are we going to be seeing throughout 2013? First, these technologies will be able to solve current customer problems. Second, these technologies will be able to integrate into existing customer networks. But what are the problems that can be solved best by adding network programmability on top?
From the Radware vantage point, we can strongly state that customer networks need to be better secured. One of the biggest barriers in implementing proper security, especially with the dynamic network traffic nature introduced by server virtualization and mega datacenters, is network integration and placement. Networks are becoming huge fabrics of stateless connectivity, and maintaining state consistently, at the scale required by these networks, is not trivial and is almost impossible. The network security services must be able to act in separation from the existing physical network constraints and be able to sample and configure the entire network.
For an edge security device, all network edge points must be representing a unified threat and risk view, and be able to logically behave as a single network edge. This way network security can be more effective in configuring the network to forward traffic to the right security device or to discard traffic if needed. SDN can potentially turn a distributed network with a large amount of signaling into a streamlined, unified, distributed forwarding edge that can make uniform decisions throughout the network. In addition, security services can be scaled and managed to effectively mitigate risk and improve uptime and visibility.
Most likely, solutions encompassing a set of technologies that can autonomously be implemented in existing networks will be the first to sell.