Useful Articles


How SDN Works?

How SDN works? - Overview

There are various compelling designs & architectures defined for SDN. This may include single vendor or multi vendor designs.  Majorly, whatever design a service provider may implement in its network, SDN technology centralizes the control of the network by separating the control plane and data plane for a particular networking device.

To understand how SDN operates, we should also know What is SDN? and the terminologies related to it as given below(also see figure): 

1. APIs
2. Orchestrator
3. Controller
4. Compute(VMs)

How SDN Works?

In SDN technology, APIs(Application Programming Interface) are used to interact with various layers of SDN architecture. Two Types of APIs are defined.

Northbound APIs: Northbound APIs are to communicate/interact with the applications and business tools(user interaction).  These help users or network administrators to programmatically deploy the network rules or to shape traffic and deploy services. In general terms Northbound APIs help the communication b/w the SDN Application layer and Control Layer.

Southbound APIs: Southbound APIs are to relay information to the networking devices switches, routers, firewalls, VMs(compute Nodes). OpenFlow/Open Stack is the most common protocol used for South bound communication. In general terms Southbound APIs help the communication b/w the SDN Control Layer and SDN Infrastructure layer.
Orchestrator: Orchestrator is a software application (sits at SDN application layer) that has ability to program automated behaviors in a network and to coordinate the required networking hardware and software elements to support applications and services.

SDN orchestration provides an interface using which customer can place their service orders throuh application-driven tools such as Business Support Systems/Operations Support Systems(BSS/OSS), or through a website. The application or service would then use SDN orchestration technology to provision the service. For example, customer can send a request for creating a virtual firewall. The Orchestrator tool will understand the customer request using APIs, convert them in the language format that is understandable by SDN control layer and also notifies the control layer to initiate the process of VM creation (virtual Firewall)

Controller:  SDN controller sits at the control layer of SDN architectrue/stack.  It is the heart and brains of the network, SDN Controllers provides a centralized view of the overall network, and enable network administrators to pass information (networking rules and polices) to the underlying systems (infrastructure layer - VMs, Virtual Routers & Switches) so that data plane is formed based on which the VM will route the traffic.

Compute: Compute is part the Infrastructure Layer in SDN architecture. Compute nodes are commodity hardware (say High end Dell servers) on which the Virtual Machines are created (VMs - virtual firewalls, virtual load balancers, virtual routers, switches etc.) that will will host/run the customer services.

SDN takes help of Network Function Virtualization (NFV) for its working.

What is Network Function Virtualization?

Network Function Virtualization a technique to create, distribute and operate networking services. It is the process of separating network functions from dedicated hardware appliances so that they may run in software on standardized hardware. These functions (such as a firewalls or load balancers) become virtual network functions (VNFs).

The virtualization of network services via software provides following benefits to the operators:

  • Helps reduce capital expenditure (CAPEX) by lowering the need to purchase purpose-built hardware.
  • Helps reduce operational expenditure(OPEX) through reduced equipment running requirements (e.g. space to house, power to run etc.), and simplifying roll-out.
  • Helps accelerate time-to-market to new opportunities.
  • Helps minimizing the risk of rolling out new services by allowing providers to trial and evolve, or even roll back services as the customer needs them
  • Helps become more agile and on-demand, driving a better customer experience.


See the below points to understand the VNF and NFV and their related difference.
  1. First you create a VM on commodity hardware (x86 servers) to host a service (say Firewall). 
  2. Once the VM is created, required software firewall image is installed in that VM, network configuration is done, and other related config is done to make it ready for operation and start handling the customer traffic. This can also be said that a VNF (virtual firewall) is ready for operation. 
  3. While we connect this VNF (Noun - virtual firewall) to the network (say with other VNFs - a virtual switch, router, or a load balancer - also called service chaining) and the VNF starts handling the customer traffic/service the network function (intially that could be run using a dedicated Hardware firewall - say Cisco ASA) is virtualized and now running the service which is called NFV (verb).
In Summary or plain english VNF is a Noun and NFV is a verb.

Click Here for other useful articles on SDN Technology(SDN/NFV/VNF/SD-WAN/Hypervisor/API/u-CPE)