Understanding Software Defined Networking (SDN)
PitsSoftware Defined Networking, or SDN, is changing the way networks are built and managed. Traditional networks rely heavily on physical devices like routers and switches, each making its own decisions. SDN separates the network control from the devices, allowing you to manage the network more flexibly and efficiently through software. This approach makes it easier to adapt to changing needs, automate tasks, and simplify network management. In this blog, we’ll break down SDN in simple terms, explain how it works, and explore why it matters in today’s networking world.
SDN Review
Software Defined Networking, or SDN, is a way to manage networks more easily. In traditional networks, every device like a switch or router decides on its own how to handle traffic. SDN changes this by using a central controller that tells all the devices what to do. This makes the network easier to control, faster to change, and simpler to automate.
Southbound Interface (SBI)
The Southbound Interface, or SBI, is how the controller talks to the network devices. You can think of it like a remote control sending commands to your devices. Common protocols like OpenFlow, NETCONF, and SNMP are used to send instructions and get information from the devices so the controller can manage traffic efficiently.
Northbound Interface (NBI)
The Northbound Interface, or NBI, is how apps and software talk to the controller. It’s like the apps sending requests to the brain of the network. Using NBI, developers can automate tasks, build custom tools, or control the network without touching the hardware directly. It makes SDN flexible and easy to integrate with other systems.
SDN Architecture
SDN architecture is usually divided into three layers:
Application Layer
This is the top layer where network applications and services live. These apps tell the network what it should do, like controlling traffic or monitoring performance. They communicate with the controller through the Northbound Interface (NBI).Control Layer
The control layer is the brain of the SDN. It’s called the SDN controller. The controller makes all the decisions and manages the flow of data in the network. It talks to the devices using the Southbound Interface (SBI) and to applications using the NBI.Infrastructure Layer
This is the bottom layer, made up of the physical network devices like switches and routers. These devices forward data based on instructions from the controller. They don’t make decisions on their own like in traditional networks.
By separating these layers, SDN makes networks easier to manage, more flexible, and faster to adapt to changes.
Software-Defined Access (SD-Access)
Software-Defined Access, or SD-Access, is a solution from Cisco that applies SDN principles to manage the network in offices, campuses, or large organizations. Its main goal is to make networks easier to operate, more secure, and more flexible.
Key ideas in SD-Access:
Automation: SD-Access automates network tasks, like setting up new users or devices, so network administrators don’t have to do everything manually.
Segmentation: It divides the network into separate segments for different types of users or devices. This improves security because devices in one segment can’t access another segment unless allowed.
Policy-Based Management: Administrators can set policies for users, devices, or applications. The network automatically enforces these rules everywhere, which saves time and reduces mistakes.
Centralized Control: All of this is managed from a single controller, so administrators can see and manage the entire network from one place.
SD-Access takes the benefits of SDN and applies them to real-world networks, making them simpler to manage and more secure without changing the underlying hardware.
Cisco ACI (Application Centric Infrastructure)
Cisco ACI is a solution for data centers that uses SDN principles. It focuses on applications rather than just devices. Instead of managing switches and routers individually, ACI lets you define what your applications need, and the network automatically adjusts to meet those requirements. This makes data center networks easier to manage, faster, and more efficient.
Key points:
Policies are application-focused.
Automates network setup for applications.
Improves efficiency and security in the data center.
SD-WAN (Software-Defined Wide Area Network)
SD-WAN applies SDN principles to wide-area networks (WANs), which connect offices across cities or countries. It makes managing these networks easier and more flexible. SD-WAN can automatically choose the best path for data, improving speed and reliability while reducing costs.
Key points:
Connects multiple sites efficiently.
Improves performance by choosing the best route for traffic.
Reduces dependence on expensive private lines.
Cisco DNA (Digital Network Architecture)
Cisco DNA is a broader framework that applies SDN concepts across an entire enterprise network, including campus, branch, and data center networks. It focuses on automation, security, and analytics to simplify management and improve network performance.
Key points:
Centralized control for the entire network.
Automates configuration, policy enforcement, and troubleshooting.
Provides insights through analytics for better decision-making.
SD-Access Underlay
The underlay in SD-Access is the physical network that forms the foundation for the entire solution. It includes routers, switches, and links that carry traffic between devices. Even though SD-Access adds automation and intelligence, the underlay must be stable and well-designed because it supports all the virtual network (overlay) traffic.
Key components of the SD-Access underlay:
Edge Nodes
These are the access switches where users and devices connect to the network. They handle data coming in and out from end devices. Think of them as the doors through which all users enter the network.Border Nodes
Border nodes connect the SD-Access network to external networks, like the internet or other campuses. They act as gateways, making sure traffic can flow in and out of the SD-Access fabric safely.Control Nodes
Control nodes manage the information about the network, such as device locations and routing information. They help edge and border nodes find the right paths for traffic. You can think of them as the traffic coordinators, ensuring data reaches the correct destination efficiently.
Other key points:
IP Routing: The underlay uses protocols like OSPF or EIGRP to allow all devices to communicate reliably.
Transport for Overlay Traffic: The underlay carries all virtual network (overlay) traffic.
Stability is Key: Problems in the underlay can affect the whole SD-Access network, so redundancy and proper IP design are important.
In short, the underlay provides the backbone for SD-Access, while edge, border, and control nodes make sure the network works efficiently and securely.
SD-Access Overlay
The overlay in SD-Access is the virtual layer built on top of the physical underlay. It creates logical paths for traffic, making the network more flexible, secure, and easy to manage without touching every physical device.
Key technologies and terms:
VXLAN (Virtual Extensible LAN):
VXLAN is a technology that encapsulates user traffic into virtual tunnels. This allows the overlay to create separate, flexible networks over the same physical infrastructure. You can think of VXLAN as putting each data packet into its own envelope so it can travel safely across the network.Cisco TrustSec:
TrustSec provides security for the overlay. It labels traffic based on user roles or device types instead of IP addresses. This helps the network enforce policies consistently and securely, no matter where the user or device is located.LISP (Locator/ID Separation Protocol):
LISP separates the identity of a device from its location in the network. This makes it easier to move devices around or scale the network without reconfiguring the entire routing system. It’s like giving each device a permanent ID while letting it change addresses as needed.
Nodes in the overlay:
Edge Nodes: Encapsulate user traffic into VXLAN tunnels.
Border Nodes: Handle traffic going in and out of the fabric.
Control Nodes: Maintain mappings of device identities and their locations, ensuring traffic reaches the right place.
Segmentation and Security:
The overlay allows grouping users or devices into secure segments, making policy enforcement and security simpler and more effective.
In simple terms:
The overlay is like a virtual layer of roads and tunnels on top of the physical roads. VXLAN builds the tunnels, TrustSec keeps traffic secure, and LISP helps devices move without causing traffic problems. Together, they let SD-Access deliver a flexible, automated, and secure network.
Cisco DNA Center
Cisco DNA Center is the central management platform for SD-Access and Cisco’s Digital Network Architecture. It acts like the brain of the network, giving administrators a single place to control, monitor, and automate the network.
Key features:
Centralized Management:
DNA Center allows you to manage the entire network from one dashboard. You can see all devices, users, and traffic in real time, instead of logging into each switch or router individually.Automation:
Tasks like device configuration, policy enforcement, and network provisioning can be automated. This reduces human errors and speeds up network deployment.Assurance and Analytics:
DNA Center collects data from the network and provides insights on performance, health, and security. It can alert you to issues before they affect users and help troubleshoot problems faster.Policy-Based Control:
Administrators can set policies for users, devices, or applications, and DNA Center ensures they are applied consistently across the network.
In simple terms:
Cisco DNA Center is like the control tower for your network. It automates repetitive tasks, monitors network health, enforces security policies, and gives administrators a clear view of the entire network.
DNA Center vs. Traditional Network Management
Traditional network management involves configuring each device individually. You log into switches and routers, apply settings manually, and troubleshoot problems one device at a time. This approach can be slow, prone to human errors, and hard to scale as networks grow.
Cisco DNA Center changes this by centralizing control and automating many tasks. Here’s how they compare:
| Feature | Traditional Network | Cisco DNA Center |
| Configuration | Manual, device by device | Automated, centralized |
| Policy Enforcement | Configured on each device individually | Defined once and applied across the network automatically |
| Troubleshooting | Reactive, done per device | Proactive, with analytics and insights for faster resolution |
| Scalability | Difficult to scale | Easy to scale with automation and templates |
| Visibility | Limited, often requires multiple tools | Full network view in a single dashboard |
| Security | Manual and inconsistent | Role-based, policy-driven, consistent across the network |
In simple terms:
Traditional networks are like managing traffic lights at each intersection one by one. Cisco DNA Center is like a central traffic control system that can automate signals, monitor traffic, and fix problems before they cause jams. It makes the network faster, safer, and easier to manage.
Summary
Software Defined Networking (SDN) changes how networks are built and managed by separating the control from the physical devices. The underlay forms the physical foundation with routers, switches, and links, while the overlay creates a virtual, flexible network on top, using technologies like VXLAN, LISP, and Cisco TrustSec for traffic management and security.
SD-Access applies SDN principles to enterprise networks, making them easier to manage, more secure, and automated. Key nodes in SD-Access: edge, border, and control nodes ensure traffic flows efficiently and policies are consistently enforced.
Cisco DNA Center acts as the brain of the network, centralizing management, automating tasks, enforcing policies, and providing analytics and insights. Compared to traditional network management, DNA Center simplifies operations, improves scalability, and reduces errors.
Wrap-Up
SDN and SD-Access are transforming networks from complex, device-focused systems into flexible, software-driven architectures. With overlays, underlays, and intelligent controllers like DNA Center, network administrators can manage traffic, enforce policies, and troubleshoot issues more efficiently. Understanding these concepts is essential for anyone looking to work with modern networks, as they are the foundation for automation, security, and scalable network management.
Subscribe to my newsletter
Read articles from Pits directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by