Software-defined networking

[6] The history of SDN principles can be traced back to the separation of the control and data plane first used in public switched telephone networks.

[citation needed] This provided a manner of simplifying provisioning and management years before the architecture was used in data networks.

[8] Additional early standards from the IETF that pursued separating control from data include the Linux Netlink as an IP services protocol[9] and a path computation element (PCE)-based architecture.

Another reason is that vendors were concerned that creating standard application programming interfaces (APIs) between the control and data planes would result in increased competition.

The use of open-source software in these separated architectures traces its roots to the Ethane project at Stanford's computer science department.

[18][failed verification] Beyond academia, the first deployments were by Nicira in 2010 to control OVS from Onix, codeveloped with NTT and Google.

In distributed approaches,[35][36] controllers operate on their local view or they may exchange synchronization messages to enhance their knowledge.

A major advantage in proactive mode is that all packets are forwarded in line rate (considering all flow table entries in TCAM) and no delay is added.

If a packet arrives without a corresponding match rule in the flow table, the SDN agent sends a request to the controller for further instruction it the reactive mode.

The controller examines the SDN agent requests and provides instructions, installing a rule in the flow table for the corresponding packet if necessary.

[50] Since 3GPP Rel.14, a Control User Plane Separation was introduced in the Mobile Core Network architectures with the PFCP protocol.

[53] SD-LAN decouples control management, and data planes to enable a policy driven architecture for wired and wireless LANs.

[54] SDN architecture may enable, facilitate or enhance network-related security applications due to the controller's central view of the network, and its capacity to reprogram the data plane at any time.

Another kind of security application leverages the SDN controller by implementing some moving target defense (MTD) algorithms.

In traditional networks, implementing MTD algorithms is not a trivial task since it is difficult to build a central authority able of determining - for each part of the system to be protected - which key properties are hidden or changed.

[63] Another application can simulate some fake opened/closed/filtered ports on random hosts in the network in order to add significant noise during reconnaissance phase (e.g. scanning) performed by an attacker.

Following this approach the same hardware resources can be used for production and development purposes as well as separating monitoring, configuration and internet traffic, where each scenario can have its own logical topology which is called slice.

SDN controller applications are mostly deployed in large-scale scenarios, which requires comprehensive checks of possible programming errors.

NFV deployments typically use commodity servers to run network services software versions that previously were hardware-based.

[73] SDN-NFV hybrid program was provided for high efficiency, elastic and scalable capabilities NFV aimed at accelerating service innovation and provisioning using standard IT virtualization technologies.

The new SDN based network architecture should consider all the capabilities that are currently provided in separate devices or software other than the main forwarding devices (routers and switches) such as the DPI, security appliances [77] When using an SDN based model for transmitting multimedia traffic, an important aspect to take account is the QoE estimation.

A high-level overview of the software-defined networking architecture