1 00:00:00,000 --> 00:00:00,990 In this lesson, 2 00:00:00,990 --> 00:00:03,690 we're going to discuss Software-Defined Networking. 3 00:00:03,690 --> 00:00:06,030 Software-Defined Networking or SDN 4 00:00:06,030 --> 00:00:08,220 is revolutionizing our network architectures 5 00:00:08,220 --> 00:00:11,430 and is critical to the functioning of the cloud at scale. 6 00:00:11,430 --> 00:00:14,010 At its most basic level, software-defined networking 7 00:00:14,010 --> 00:00:15,570 allows us to use software to replace 8 00:00:15,570 --> 00:00:17,100 traditional network devices, 9 00:00:17,100 --> 00:00:19,080 but it's a little bit more complicated than that, 10 00:00:19,080 --> 00:00:20,250 so we're going to spend a little bit of time 11 00:00:20,250 --> 00:00:23,130 in this lesson discussing exactly how it works. 12 00:00:23,130 --> 00:00:25,650 Now software-defined networks or SDNs 13 00:00:25,650 --> 00:00:27,240 are defined as an approach to networking 14 00:00:27,240 --> 00:00:28,860 that uses software-based controllers 15 00:00:28,860 --> 00:00:31,800 or application programming interfaces known as APIs 16 00:00:31,800 --> 00:00:34,320 to communicate with underlying hardware infrastructure 17 00:00:34,320 --> 00:00:36,330 and then direct traffic on a network. 18 00:00:36,330 --> 00:00:37,920 The true magic of an SDN 19 00:00:37,920 --> 00:00:40,440 lies in its application aware capabilities, 20 00:00:40,440 --> 00:00:42,450 which allows the network to make intelligent decisions 21 00:00:42,450 --> 00:00:44,880 based upon the specific application requirements 22 00:00:44,880 --> 00:00:46,500 that it's trying to support. 23 00:00:46,500 --> 00:00:49,170 This ensures optimal performance for critical applications 24 00:00:49,170 --> 00:00:51,300 and efficient resource utilization. 25 00:00:51,300 --> 00:00:53,820 This is a critical aspect of cloud computing as well, 26 00:00:53,820 --> 00:00:55,703 because it allows organizations to more easily manage 27 00:00:55,703 --> 00:00:57,540 and control their network traffic, 28 00:00:57,540 --> 00:00:59,520 which can improve their scalability, security, 29 00:00:59,520 --> 00:01:01,650 and overall network performance. 30 00:01:01,650 --> 00:01:04,230 Software-defined networks are part of a larger concept 31 00:01:04,230 --> 00:01:07,170 known as Infrastructure as Code or IaC. 32 00:01:07,170 --> 00:01:08,460 Infrastructure as code 33 00:01:08,460 --> 00:01:10,170 includes the provisioning of architectures 34 00:01:10,170 --> 00:01:12,870 in which deployment of resources is going be performed 35 00:01:12,870 --> 00:01:15,330 by scripted automation and orchestration. 36 00:01:15,330 --> 00:01:16,950 With zero trust provisioning, 37 00:01:16,950 --> 00:01:18,600 SDNs can be configured and maintained 38 00:01:18,600 --> 00:01:20,550 with minimal manual intervention, 39 00:01:20,550 --> 00:01:22,110 and this dramatically reduces the time 40 00:01:22,110 --> 00:01:24,750 and complexity that's involved in setting up your networks 41 00:01:24,750 --> 00:01:26,970 and conducting network administration. 42 00:01:26,970 --> 00:01:30,030 Now SDNs are not the only type of infrastructure as code, 43 00:01:30,030 --> 00:01:32,700 but without SDNs, it would be truly impossible 44 00:01:32,700 --> 00:01:34,140 to use infrastructure as code 45 00:01:34,140 --> 00:01:36,360 with networking equipment and devices. 46 00:01:36,360 --> 00:01:39,390 With IaC, the infrastructure could be a network device 47 00:01:39,390 --> 00:01:41,130 such as what we use in SDNs, 48 00:01:41,130 --> 00:01:43,050 or it can be servers, databases, 49 00:01:43,050 --> 00:01:45,690 and other virtualized compute instances too. 50 00:01:45,690 --> 00:01:48,120 Now to better understand software-defined networking, 51 00:01:48,120 --> 00:01:50,010 you first have to understand the three portions 52 00:01:50,010 --> 00:01:52,080 of a typical network architecture. 53 00:01:52,080 --> 00:01:54,240 These are the control plane, the data plane, 54 00:01:54,240 --> 00:01:55,890 and the management plane. 55 00:01:55,890 --> 00:01:58,200 Now the control plane is going to be responsible for carrying 56 00:01:58,200 --> 00:02:01,080 the traffic that provides the signals to and from a router, 57 00:02:01,080 --> 00:02:02,790 such as those used in sharing information 58 00:02:02,790 --> 00:02:04,710 and building routing tables. 59 00:02:04,710 --> 00:02:07,740 Transport agnostic systems like SDNs are not limited 60 00:02:07,740 --> 00:02:09,780 by the underlying network technology though, 61 00:02:09,780 --> 00:02:11,070 whether that's going to be ethernet, 62 00:02:11,070 --> 00:02:13,410 Wi-Fi or something else entirely. 63 00:02:13,410 --> 00:02:15,300 And so this allows for the seamless integration 64 00:02:15,300 --> 00:02:19,140 and operation across multiple diverse transport media types. 65 00:02:19,140 --> 00:02:20,910 The control plane will make its decisions 66 00:02:20,910 --> 00:02:23,340 about how traffic should be prioritized and secured 67 00:02:23,340 --> 00:02:25,770 and where it should be switched to in the network. 68 00:02:25,770 --> 00:02:27,180 If you think about traditional router 69 00:02:27,180 --> 00:02:29,430 or switch or a quality of service device, 70 00:02:29,430 --> 00:02:32,130 these all operate at the control plane layer. 71 00:02:32,130 --> 00:02:34,950 Now the second plane we have is known as the data plane, 72 00:02:34,950 --> 00:02:36,270 and the data plane is used to carry 73 00:02:36,270 --> 00:02:37,950 user traffic on the network. 74 00:02:37,950 --> 00:02:40,590 This is often called the forwarding plane as well. 75 00:02:40,590 --> 00:02:41,775 This data plane is where the bulk 76 00:02:41,775 --> 00:02:43,860 of our network traffic is going to reside. 77 00:02:43,860 --> 00:02:46,050 That's where the actual switching and routing of the traffic 78 00:02:46,050 --> 00:02:48,090 and the imposition of access control list 79 00:02:48,090 --> 00:02:49,980 or ACLs are going to be implemented 80 00:02:49,980 --> 00:02:52,290 to provide some security in our networks. 81 00:02:52,290 --> 00:02:54,030 Now to make this a bit easier to understand, 82 00:02:54,030 --> 00:02:56,252 remember that the control plane is making all the decisions 83 00:02:56,252 --> 00:02:58,650 for how that data is going to be moved, 84 00:02:58,650 --> 00:03:00,150 but it's actually the data plane 85 00:03:00,150 --> 00:03:02,970 that's actually going to move that data around the network. 86 00:03:02,970 --> 00:03:04,170 Therefore, as you can imagine, 87 00:03:04,170 --> 00:03:07,530 these two planes are going to work very closely together. 88 00:03:07,530 --> 00:03:08,790 Now the third plane we have 89 00:03:08,790 --> 00:03:10,620 is known as the management plane. 90 00:03:10,620 --> 00:03:12,210 The management plane is used to administer 91 00:03:12,210 --> 00:03:14,400 the routers and switches inside of the network, 92 00:03:14,400 --> 00:03:16,020 and it's used to monitor traffic conditions 93 00:03:16,020 --> 00:03:17,850 and the status of your network. 94 00:03:17,850 --> 00:03:19,800 Basically, the management plane provides us 95 00:03:19,800 --> 00:03:21,240 with the oversight of the network 96 00:03:21,240 --> 00:03:22,896 and allows us to make configuration changes 97 00:03:22,896 --> 00:03:25,800 to make sure that things are working the way they should. 98 00:03:25,800 --> 00:03:27,720 This type of central policy management 99 00:03:27,720 --> 00:03:29,130 allows administrators to define 100 00:03:29,130 --> 00:03:32,280 and enforce networking policies from a single control point, 101 00:03:32,280 --> 00:03:33,870 and this streamlines network operations 102 00:03:33,870 --> 00:03:35,370 and ensures consistency across 103 00:03:35,370 --> 00:03:37,530 your entire network infrastructure. 104 00:03:37,530 --> 00:03:39,750 Now, in a traditional or conventional network, 105 00:03:39,750 --> 00:03:41,160 these different planes all exist 106 00:03:41,160 --> 00:03:42,750 in a physical piece of hardware 107 00:03:42,750 --> 00:03:44,550 that implements these functions through firmware 108 00:03:44,550 --> 00:03:47,370 in that device like a router or a switch. 109 00:03:47,370 --> 00:03:49,320 But with software-defined networking, 110 00:03:49,320 --> 00:03:50,790 these functions are actually moved out of 111 00:03:50,790 --> 00:03:52,680 the physical devices in their firmware. 112 00:03:52,680 --> 00:03:54,630 And instead, these functions are incorporated 113 00:03:54,630 --> 00:03:57,540 into a virtualized device or a decoupled device 114 00:03:57,540 --> 00:04:00,540 that's going to focus on a single planes function at one time 115 00:04:00,540 --> 00:04:02,400 using APIs provided by the vendors 116 00:04:02,400 --> 00:04:05,010 to communicate between these three planes. 117 00:04:05,010 --> 00:04:06,960 Now, to set up a software-defined network, 118 00:04:06,960 --> 00:04:09,510 your organization is going to use an SDN application 119 00:04:09,510 --> 00:04:11,520 to define the policy decisions. 120 00:04:11,520 --> 00:04:13,170 This occurs on the management plane, 121 00:04:13,170 --> 00:04:15,180 and then those rules and policies are going to be deployed 122 00:04:15,180 --> 00:04:16,649 and operated within the control plane 123 00:04:16,649 --> 00:04:18,180 of the different devices. 124 00:04:18,180 --> 00:04:20,459 Of course, the data planes are still going to be there 125 00:04:20,459 --> 00:04:23,340 to move all that traffic across the network too. 126 00:04:23,340 --> 00:04:26,370 Using SDNs has advantages over conventional networks 127 00:04:26,370 --> 00:04:27,840 because you now have the ability to mix 128 00:04:27,840 --> 00:04:29,520 and match products from different vendors 129 00:04:29,520 --> 00:04:31,710 because they're all using common API calls 130 00:04:31,710 --> 00:04:33,660 to create the needed functionality. 131 00:04:33,660 --> 00:04:36,060 Software-defined networks also provide organizations 132 00:04:36,060 --> 00:04:38,280 with increased choices in their network development, 133 00:04:38,280 --> 00:04:39,390 and this adds to the speed 134 00:04:39,390 --> 00:04:41,550 and agility in which you can establish a network, 135 00:04:41,550 --> 00:04:43,950 as well as the ability to add increased layers of automation 136 00:04:43,950 --> 00:04:45,480 and policy management into 137 00:04:45,480 --> 00:04:47,220 our organization's network functions 138 00:04:47,220 --> 00:04:48,600 by easily using programming 139 00:04:48,600 --> 00:04:51,030 to automate all this stuff for us. 140 00:04:51,030 --> 00:04:53,070 Now, the best benefit of an SDN though 141 00:04:53,070 --> 00:04:55,170 is that it can allow for the fully automated deployment 142 00:04:55,170 --> 00:04:57,000 of a network within the cloud. 143 00:04:57,000 --> 00:04:59,640 By using an SDN, you can have the ability to provision 144 00:04:59,640 --> 00:05:01,740 all of your network links, your appliances, 145 00:05:01,740 --> 00:05:03,420 and even your servers automatically 146 00:05:03,420 --> 00:05:05,490 through the use of orchestration. 147 00:05:05,490 --> 00:05:07,530 So if you're running servers in the cloud 148 00:05:07,530 --> 00:05:08,610 and you need to horizontally 149 00:05:08,610 --> 00:05:11,010 or vertically scale up to create more capacity, 150 00:05:11,010 --> 00:05:12,570 the system can actually detect that 151 00:05:12,570 --> 00:05:15,060 and then actually spin up those additional resources for you 152 00:05:15,060 --> 00:05:18,000 and add them into your network using SDN. 153 00:05:18,000 --> 00:05:21,030 Because of all this automated capability and scalability, 154 00:05:21,030 --> 00:05:23,550 SDNs are critical when you're dealing with high velocity 155 00:05:23,550 --> 00:05:25,500 or high availability architectures, 156 00:05:25,500 --> 00:05:26,940 or if you're doing a lot of things 157 00:05:26,940 --> 00:05:29,310 inside the disaster recovery space. 158 00:05:29,310 --> 00:05:31,950 Also, because everything is treated as software, 159 00:05:31,950 --> 00:05:33,540 you can also make it easier for yourself 160 00:05:33,540 --> 00:05:36,330 to collect security data across your entire network too, 161 00:05:36,330 --> 00:05:37,980 'cause everything is just software 162 00:05:37,980 --> 00:05:40,620 and it's just ones and zeros going across the network. 163 00:05:40,620 --> 00:05:42,780 This allows your security teams to more easily detect 164 00:05:42,780 --> 00:05:44,247 the different traffic patterns in your network. 165 00:05:44,247 --> 00:05:46,650 And if they start deviating from normal baselines, 166 00:05:46,650 --> 00:05:48,870 you'll be able to detect that too. 167 00:05:48,870 --> 00:05:50,370 Software-defined networks do have some 168 00:05:50,370 --> 00:05:52,680 disadvantages though that you need to be aware of. 169 00:05:52,680 --> 00:05:56,100 For example, if we lose connectivity to the SDN controller, 170 00:05:56,100 --> 00:05:58,140 then our entire network could go down 171 00:05:58,140 --> 00:06:01,170 or we could lose our ability to control our network. 172 00:06:01,170 --> 00:06:03,210 Also, the use of a centralized controller 173 00:06:03,210 --> 00:06:06,780 and SDNs does create a real target for attackers to focus on 174 00:06:06,780 --> 00:06:08,520 because they can cripple our entire network 175 00:06:08,520 --> 00:06:10,950 by taking over that singular controller. 176 00:06:10,950 --> 00:06:12,360 So if you're going to be working 177 00:06:12,360 --> 00:06:14,220 as a cybersecurity professional one day, 178 00:06:14,220 --> 00:06:15,960 you really need to ensure you know how to harden 179 00:06:15,960 --> 00:06:18,330 and protect that SDN controller. 180 00:06:18,330 --> 00:06:20,370 Now, when it comes to software-defined networks, 181 00:06:20,370 --> 00:06:22,020 there are three main types. 182 00:06:22,020 --> 00:06:26,520 We call these Open SDN, Hybrid SDN, and SDN Overlay. 183 00:06:26,520 --> 00:06:28,740 The first one is open SDN. 184 00:06:28,740 --> 00:06:30,840 Open SDN is an open source variant 185 00:06:30,840 --> 00:06:32,370 of software-defined networking 186 00:06:32,370 --> 00:06:34,647 that relies on open source technologies like OpenFlow, 187 00:06:34,647 --> 00:06:37,500 OpFlex, and OpenStack to operate. 188 00:06:37,500 --> 00:06:39,420 The second is known as hybrid SDNA. 189 00:06:39,420 --> 00:06:41,670 A hybrid SDN is a network that employs 190 00:06:41,670 --> 00:06:44,400 traditional SDN protocols to operate itself. 191 00:06:44,400 --> 00:06:45,510 This allows the network to use 192 00:06:45,510 --> 00:06:47,760 open SDN technologies like OpenFlow, 193 00:06:47,760 --> 00:06:49,380 as well as traditional protocols used 194 00:06:49,380 --> 00:06:51,240 in physical network devices. 195 00:06:51,240 --> 00:06:53,340 The third is SDN Overlay. 196 00:06:53,340 --> 00:06:55,560 SDN Overlay is a method of using software 197 00:06:55,560 --> 00:06:57,510 to create layers of network abstraction 198 00:06:57,510 --> 00:06:59,010 that can be used to run multiple separate 199 00:06:59,010 --> 00:07:00,551 and discrete virtualized network layers 200 00:07:00,551 --> 00:07:02,670 on top of your physical network. 201 00:07:02,670 --> 00:07:04,230 By using SDN Overlay, 202 00:07:04,230 --> 00:07:05,550 you can create virtual connections 203 00:07:05,550 --> 00:07:06,600 between different endpoints 204 00:07:06,600 --> 00:07:09,450 and provide additional security benefits using it too. 205 00:07:09,450 --> 00:07:10,641 From a security standpoint, 206 00:07:10,641 --> 00:07:13,260 using an SDN can really add additional security 207 00:07:13,260 --> 00:07:15,570 and logical isolation into your network. 208 00:07:15,570 --> 00:07:17,730 For example, to add additional security 209 00:07:17,730 --> 00:07:19,440 such as implementing zero trust, 210 00:07:19,440 --> 00:07:21,120 you can use SDN overlay 211 00:07:21,120 --> 00:07:23,400 to securely create logical peer-to-peer connections 212 00:07:23,400 --> 00:07:25,200 across a physical network device 213 00:07:25,200 --> 00:07:27,660 using these additional layers of abstraction. 214 00:07:27,660 --> 00:07:29,100 This is a great use of SDN 215 00:07:29,100 --> 00:07:30,690 to increase the security of your network, 216 00:07:30,690 --> 00:07:32,160 and it'll be really hard to replicate 217 00:07:32,160 --> 00:07:34,290 without the orchestration and automation 218 00:07:34,290 --> 00:07:35,790 that's provided to us through the use 219 00:07:35,790 --> 00:07:37,650 of a software-defined network. 220 00:07:37,650 --> 00:07:39,810 So remember, software-defined networks 221 00:07:39,810 --> 00:07:41,760 or SDN are a way of managing 222 00:07:41,760 --> 00:07:43,620 and controlling networks using software 223 00:07:43,620 --> 00:07:46,080 instead of using traditional hardware devices. 224 00:07:46,080 --> 00:07:48,540 This allows for greater flexibility, scalability, 225 00:07:48,540 --> 00:07:50,490 and security in our networks. 226 00:07:50,490 --> 00:07:53,310 Software-defined networking is made up of three planes, 227 00:07:53,310 --> 00:07:56,670 the control plane, the data plane, and the management plane. 228 00:07:56,670 --> 00:07:58,980 The control plane is responsible for making decisions 229 00:07:58,980 --> 00:08:01,320 about how traffic should be routed and secured. 230 00:08:01,320 --> 00:08:02,700 The data plane is responsible 231 00:08:02,700 --> 00:08:04,350 for carrying the actual traffic. 232 00:08:04,350 --> 00:08:05,820 And the management plane is responsible 233 00:08:05,820 --> 00:08:07,820 for monitoring and managing the network.