🌐

Networking and Software-Defined Networking Overview

May 26, 2025

Key Concepts in Networking and Software-Defined Networking (SDN)

Physical Isolation in Networking

  • Objective: Preventing attackers from moving between devices.
    • Example: Air gap between switch A and switch B to prevent access from one to the other.
  • Scenario: If devices on switch A need to communicate with devices on switch B:
    • Requires some form of connectivity (direct connection, another switch, or a router).
  • Use Cases:
    • Web servers in one rack, database servers in another with air gap isolation.
    • Managed Service Providers using physical isolation for customers to provide security by placing customers on separate switches.
    • Limitation: Requires one physical switch per customer, which doesn’t scale well.

VLANs (Virtual Local Area Networks)

  • Function: Allows segmentation on the same physical switch:
    • Interfaces are configured to belong to different VLANs.
    • VLANs cannot directly communicate with each other, mimicking the effect of separate physical switches.
    • Simplifies network design and reduces the number of physical switches needed.

Planes of Operation in SDN

  • Data Plane:
    • Handles actual data forwarding between devices.
    • Involves Network Address Translation (NAT), encryption, trunking, etc.
  • Control Plane:
    • Manages routing tables and updates, dictates data flow.
    • Includes dynamic routing updates, NAT tables.
  • Management Plane:
    • Where configuration changes are made (via SSH, etc.).
    • Dictates control plane management which in turn influences the data plane.

SDN (Software-Defined Networking)

  • Concept: Breaking down physical operations into software for cloud-based applications.
  • Infrastructure Layer Components:
    • Data Plane: Physical aspect (interfaces on the switch).
    • Control Plane: Handles necessary lookups and translations.
    • Management Plane: Interfaces for changing configurations.
  • Cloud Integration:
    • Allows dynamic creation of infrastructure (e.g., adding firewalls via SDN).
    • Simplifies configuration and deployment of network resources.

Cloud-Based Architecture Example

  • Components:
    • Internet connection, load balancer, web servers, database server.
    • Firewalls can be added dynamically to control traffic between components.
  • Technology: Enabled through Software-Defined Networking which allows easy and quick infrastructure adjustments and deployments.

Full transcript