My SDN soapbox (now with IPv6!)

This week there was a lot of buzz about SDN (as usual). There was a lightreading thread that I commented on and a fantastic read by Brent Salisbury about being the steamroller and not the road that got me thinking about OpenFlow and SDN in a way I had not before.



All that is old is new again. I remember when internal networks were small and routing protocols were taboo in many internal environments. RIP (AKA routing by rumor) was about as innovative as we got, OSPF was “too complex” and was “software changing the network topology”, according to some folks I worked with in what seems like a lifetime ago. Clearly they didn’t have the entire picture and were clouded by FUD. Now using a link state protocol is a standard and one would probably not consider building a complex, production layer 3 network without an IGP like ISIS or OSPFv[2/3] (or even EIGRP…I guess).

This is simple evolution and progression. The more folks try to resist, the further behind they’ll be left.

SDN and OpenFlow are not unlike IPv6 in many ways when viewed from a technology implementation perspective, and in fact, we can probably learn from the resistance to IPv6 to help us with the acceptance of SDN and OpenFlow. V6 has been coming for years. It’s mostly here. Backbones have been running it for a very long time and we actually need it on the client side to account for the huge number of hosts now connecting to the public Internet.

Many entities, especially very risk averse enterprises, are struggling to resist it (IPv6) and hold onto NAT and IPv4 as long as possible.  While this will almost certainly buy them a handful of years, it’s futile.  Translation and transition tech geared toward the folks that refuse to adapt will allow them to grasp onto legacy methodologies for a bit longer, but as the Borg say, “resistance is futile”.


These same things are all going to happen with SDN.

What we say is “OpenFlow is simply an open protocol for creating flow based forwarding.  It allows for the inclusion of other factors such as Layer4 to make those decisions more tunable and granular.”

What skeptics hear is “There is a hole in the boat, we’re all going to die” or “Network Engineers are all going to be out of a job!” or “your job is going to be replaced by software” or even “software and applications will make the way we think about and do everything obsolete”, all of which translate to “dramatic and drastic change”.

Most of this is just sensationalism and FUD. In my opinion, though, it is all based in truth .  It may be “drastic” but it’s not dramatic.  It’s natural evolution.  It will happen slowly.  We will have to change they way we do things. The proven fact we as networking and security professionals need to remember is that change going to happen with or without SDN, it’s the nature of an innovative field like technology to change.  None of us would be doing what we do without being inquisitive enough to figure out problems, challenge norms and shift thinking.

SDN, just like IPv6, is happening.  Personally I’d rather be knowledgeable about as opposed to in the dark and scrambling to learn about them at the 11th hour. 






  1. Brent Salisbury says:

    Thanks Nick! You bring up a good point. What do you have to lose in just being open minded. I guess one could say we are being closed minded by not thinking that we can efficiently scale networks for the rest of our careers doing it how we have always done it. Not sure I want to be the guy evangelizing mainframes in 1995 though.

    Innovating at the speed of software rather than hardware is much more attractive.

    Managing state is horrid today. We both are responsible for huge networks. We had a huge power outage the other day. So after power came back and the network converged, it was the normal thing. Hmm, I wonder if everything is working? Well ICMP says yes… but you only have two options. A) Call every tenant to see if people that have nothing do do with IT see anything wrong (e.g. nurses, admin assistants, researchers) or (B. Wait until someone calls and tells you something still isn’t working…

    Both suck, one doesn’t scale and both are bad service.

    Btw, that goth chick picture is classic. Thats how I feel when I used to hit the enter button on a major change. Modeling and debugging networks programmatically some day will be win.

    Great post,

    • Totally agree. Work smarter not harder, it’s a good idea and it makes sense. Is it different? Yup. Is it better? Maybe not now, but eventually it will be. Look at the state of routing hardware in 1995. Now look at it. It was a totally different experience and it was not even a real shift in thinking.
      10 years from now we will be saying “remember when we had to touch every device” just like we did with wireless APs not 7-8 years ago.

  2. Dustin Burns says:

    Totally agree with everything your saying. Too many people are getting comfortable in their field. I got into the field because I am a huge supporter of continual learning. Like Brent mentioned, we WILL be moving at the speed of software. There is no question about that. The networking field is in dire need of a reboot. The speed of hardware innovation has allowed people to get to comfortable with a particular technology. If your worried about being replaced by software, you probably will be.
    Survival of the fittest.

  3. Engineer Z says:

    I agree with Brent… The complexity of networks is getting to the point where they are extremely difficult to manage. Some of the WAN networks I work on are moving to a virtualized model with VRFs and DMVPN tunnels. This model provides a lot of cool functionality, especially with respect to partitioning and securing traffic. However, the router configuration is getting so complicated it seems that fewer and fewer engineers understand what’s going on. There are too many opportunities for mistakes.

    We have to get out of the mindset of implementing complex traffic management schemes by configuring one router at a time. There has got to be a better way to manage traffic on the network.

  4. Wow! A comment by the Z man! The original Starlight Engineer! I’m in 100% agreement Paul, “We have to get out of the mindset of implementing complex traffic management schemes by configuring one router at a time. There has got to be a better way to manage traffic on the network.” is an amazingly accurate statement.

  5. Lennie says:

    I really don’t like talking about ‘have to do [something]’.

    My mindset is that all these new developments are extremely interesting and exciting. And I want to learn everything about them. :-)

© 2019 The Forwarding Plane. All rights reserved.

Copyright 2016 Nick Buraglio, ForwardingPlane, LLC

%d bloggers like this: