SDN, or software-defined networking, is taking over the world—or at least if you listened to the marketers for the main purveyors of SDN and its cousin SD-WAN, you would think so. In fact, if you just listened to the marketers, you would be feeling pretty inadequate with your local data center; your physical network with its physical firewalls, load balancers, and VPN endpoints; and the rest of the vast plethora of networking tools that keep your corporate IT running smoothly. OK, maybe not smoothly, but well enough to make sure that your company can keep the lights on and pay your salary at the end of the month.
There is no denying that SDN products like NSX from VMware, ACI from Cisco, and those from Big Switch Networks are fully capable of delivering value and simplifying administration, but the fact remains that SDN is not ubiquitous in the networks of businesses around the world.
Yes, it is slowly gaining traction. It is true, for example, that in its Q2 YR18, VMware stated that NSX was on target for a $1 billion a year run rate. Cisco announced that the Nexus 9000 series was doing a $3B per annum run rate (admittedly, this will not all be ACI, as the 9000 series can run as a traditional router. These sound like large numbers, and they are, but compared to the annual network infrastructure spend of circa $43 billion, as stated by IDC, it is a drop in the ocean.
As we have said, the benefits of SDN are many and can result in real-world flexibility and agility, so why aren’t people jumping all over this and installing it in droves?
The number one reason given is security and performance monitoring. An SDN overlay will hide the underlying network. As a result, there is no obvious way to track the packets across the network. From the overlay’s point of view, there are no hops on the network; traffic moves from source to target and back again in a single hop, admittedly with a little bit of latency. There is no obvious way for a packet inspector to follow the route a packet takes from one end of the conversation to the other. However, this is no longer an issue. Big Switch Networks, NSX, and ACI can show the packet conversation flow from start to finish, revealing which underlying devices the packet traversed.
There is a perception of difficulty that is also perpetuated by network admins. This is not so; it is just a different skill set.
There is also a perception that the network will be unstable due to the ability to be agile and automated. This comes down to a worry about the mythical beast DevOps. Again, this is a misnomer. An automated process to create a network or to activate a port or flow path is free from human error and repeatable without the risk of fat-finger syndrome.
However, the fact is that the technical reasons are not game stoppers. The biggest reason for the lack of progress with SDN is a lack of familiarity with the product sets. People can do what they need with their current tool sets, and they also worry that they will not be able to do some things that they can currently can do. Network admins, like their storage cousins, are a conservative lot: if it ain’t broke, don’t fix it. They also worry that that it is not a standard, and they wonder which particular flavour of SDN will be dominant or even available eighteen months down the line.
SDN has not yet won the hearts and minds of networking teams across the world. Because of the criticality of the network to the business, sales cycles are long and slow. Inertia is real, and the horror stories abound, which in turn further fuels the negativity.
I firmly believe that SDN and its cousin SD-WAN are the future of networking. However, until there is a firm investment in educating the network admins rather than cozying up to the executives, it will not gain real traction. SDN will not be installed by stealth the way early Windows Servers were deployed. It cannot be sold like ESX was, as there is no obvious killer selling point. The lack of standards worries network engineers. NSX suffers from not being able to talk directly to physical assets, and ACI suffers from not being able to talk directly to virtual machines. Neither solution fully satisfies. The time is coming, but it will be evolution rather than revolution with SDN.