Software Defined Networks
What Are Software Defined Networks?
Software defined networks (SDN) are a network architecture approach that separates the control plane from the data plane, allowing network administrators to manage traffic flows through software rather than through device-specific hardware configurations. First articulated as a coherent discipline in the early 2000s and formalized through the OpenFlow protocol, SDN emerged from university research as a response to the rigidity of traditional network infrastructure. By centralizing network intelligence in software-based controllers, SDN makes networks programmable, adaptable, and easier to manage at scale.
In a conventional network, each router or switch contains both the logic for deciding where packets should go (the control plane) and the mechanism for forwarding them (the data plane). SDN decouples these two functions. A dedicated SDN controller maintains a global view of the network and pushes forwarding rules down to the underlying switches, which handle traffic according to those instructions. This separation gives operators the ability to reconfigure the network dynamically without touching individual devices.
OpenFlow and the Control-Data Plane Split
OpenFlow is the foundational protocol that enabled practical SDN deployment. It defines a standardized communication channel between the SDN controller and the forwarding hardware, specifying how flow tables are populated and how the controller queries device state. An OpenFlow-enabled switch does not make autonomous routing decisions; instead, it matches incoming packets against rules installed by the controller and forwards, drops, or modifies them accordingly. This design makes the network's behavior an explicit, inspectable artifact of software rather than an emergent property of distributed routing protocols.
SDN Controllers and APIs
The SDN controller is the operational core of the architecture. Controllers such as OpenDaylight, ONOS, and Floodlight expose northbound APIs that allow applications to query and configure the network, and southbound APIs (including OpenFlow) that communicate with physical and virtual switches. This layered API structure is what makes SDN programmable: a traffic engineering application, a security policy engine, and a load balancer can all coexist as controller applications, each expressing its requirements through the same programmatic interface. NIST's guidance on SDN highlights how this separation of concerns simplifies the enforcement of network-wide security policies.
Network Virtualization and Cloud Architecture
SDN is a key enabler of network virtualization, the technique of running multiple logical networks over shared physical infrastructure. In cloud environments, tenants need isolated network segments with their own addressing, routing, and security rules. Overlay protocols such as VXLAN and NVGRE, managed through SDN controllers, accomplish this without requiring physical reconfiguration. Hyperscale cloud providers rely on SDN to provide each customer with a virtual private network that behaves as though it were dedicated hardware. The Open Networking Foundation describes this programmability as the defining characteristic that allows operators to treat the network as a composable resource rather than a fixed topology.
Service Function Chaining
Service function chaining (SFC) is an SDN capability that routes traffic through an ordered sequence of network services, such as firewalls, intrusion detection systems, and WAN optimizers, without requiring those services to be inline in the physical path. The controller defines the chain and installs the appropriate forwarding rules, allowing the sequence to be modified in software as requirements change. This is particularly valuable in telecommunications and enterprise networks where different traffic classes require different treatment policies.
Applications
- Cloud data centers use SDN to provision virtual networks for tenants on demand, reducing provisioning time from days to minutes.
- Wide-area network operators apply SDN-based traffic engineering to optimize bandwidth utilization across backbone links.
- Mobile network operators use SDN alongside network function virtualization to build flexible 4G and 5G core networks.
- Campus and enterprise networks deploy SDN controllers to enforce role-based access policies centrally rather than per-switch.
- Research testbeds such as GENI use SDN to give experimenters programmable control over network behavior without dedicated hardware.