Published On: October 25, 2021


Giulio Gnoato
Principal @Bip xTech and
Networks Expert

Davide Concio
Network Architect
@Bip xTech

In the ICT world, IP networking is often considered static and of low added value: old technology whose only requirement is to work without problems and perform adequately. Technological improvements and the evolution of ICT models with the increased adoption of Hybrid-Cloud architectures and ‘as-a-service’ paradigms are changing the world of networking and entitling it with a new and wider role. In this article we see how the introduction of the so-called Software Defined technologies is changing the landscape of enterprise networking solutions and services.

New needs, new opportunities

Chatting with a friend a few years ago, we noticed how networking technology was based on surprisingly old but still perfectly functional protocols. We jokingly called them technologies with “sidesticks” referring to their  origin in the 70s and in fact Cerf and Kahn’s paper on TCP/IP is from 1973, IPv4 was released in 1981 and MPLS in 2001.[1]

But what has changed since then in the world of ICT? Well, everything: from the complexity and number of applications, to the system platforms migration from private Data Centers to the cloud, the increase in threats to computer security, the widespread subscription to the ‘as-a-service’ paradigm, the demand for ever greater communication speeds (by orders of magnitude!) and the growing requirements in terms of Business Continuity.

On the other hand, important technological evolutions have become available, such as the development of IT infrastructure virtualization techniques and the availability of ever-increasing processing capacity.

This has led to the development, in the last 10 years, of the so-called Software-Defined technologies which, spreading in the various network areas, represent the biggest novelty in the world of IP networks, since their birth,  profoundly changing the architecture and its operation.

What are Software Defined Networks

To understand Software Defined architectures it’s better to refer to a functional model of IP networks.

Three logical planes can be identified to which different functions correspond:

  • The Data Plane has the task of receiving the packets that constitue the IP traffic, processing and forwarding them as quickly as possible.
  • The Control Plane defines the behavior of the data plane, establishing the rules that each device uses to forward packets.[2] 
  • The Management Plane give the administrator the ability to monitor and configure the network by providing the appropriate interfaces and tools.

A Software Defined architecture provides the separation between the control plane and the data plane. In practice, this implies the introduction of  a controller, which knows all the information of the network and uses them to centrally manage it. Basically, you move from a distributed network control to a centralized one. It should be noted that the controller, not requiring specialized HW, unlike the data plane, can often be virtualized and operated in the cloud, thus giving rise to the term ‘Software Defined’.

The different planes communicate with each other via standardized interfaces (APIs) which ensure a vendor-agnostic interoperability between them.

These interfaces can be grouped into two macro-categories:

  • Southbound interfaces between controller and data planes usually use OpenFlow which is a specific communication protocol.
  • Northbound interfaces between controller and management planes, usually via APIs, so as to make the network programmable from any orchestration and automation system.

In most cases, SDN solutions are based on some specific architectures and technologies. To name a couple:

  • Overlaying: It is the implementation of a virtual logical architecture separated from and running over the physical one. In these architectures, the overlay, which is the logical layer, realizes the SDN and provides its services by relying on the underlying layer, called underlay, consisting of the network elements and their connections such as datacenter switches, internet connectivity, 5G, etc. This separation between the physical and logical plane represents a  virtualization of the network.
  • Deep Packet Inspection (DPI). In a traditional IP network, the information for routing packets consists of the destination IP address alone. In SDN solutions, package analysis techniques extended to the application layer (DPI) are often introduced in order to recognize the application that generated it and allow it to be classified, prioritized and routed in an appropriate way, creating a so-called  application-centric[3]

Automation and programmability are key aspects of these solutions. Automating configurations and functionalities allows to reduce the management effort and the risks that typically accompany manual configuration; while thanks to the presence of API interfaces the network can be programmed by[4] external systems and applications.

Software Defined solutions in different network environments

But let’s now see how these technologies have been implemented in each domain of enterprise networking, what problems they face and what advantages they have brought. We will also see their degree of market maturity. For this exercise, we will use the original classification – Data Center, WAN and Campus.

Data Center: SDN

The Data Center domain is the first in which Software Defined technologies have been adopted and, not surprisingly, the term SDN (Software Defined Network) is normally interchanged with Data Center Networking solutions.

Different vendors offer SDN solutions, albeit with different approaches, and these solutions are now a reference for environments of a certain complexity that evolve towards the SDDC8 (Software Defined Data Center) or Hybrid-Cloud logic.

The main drivers are the growing complexity and size of the data centers, the increase in traffic within the data center (the so-called ‘east-west’ traffic) due to new application architectures[5], the needs of  application-visibility and micro-segmentation[6] and the requirements of Disaster Recovery and Business Continuity which extend DCs on multiple sites and on public clouds.

All this has led to the development of new architectures and protocols needed to overcome the limitations of traditional technologies in meeting new requirements, such as spine-leaf architecture and overlay architectures (ex: VXLAN-EVPN).

Although these solutions are not SDN, even if they are sometimes confused with it, SDNs combine synergically with them,  making them the main architectures with which SDN is introduced in the data center.

As mentioned, the implementation approaches are different and differ foremost in the relationship between controllers and network equipment, such as switches. Here we can mention:

  • Physical switches and controllers from the same vendor.
  • Controller integrated into the server virtualization layer and uses a combination of physical and virtual switches.
  • Switches and controllers manufactured by different vendors.[7]

As can be understood, the definition of an SDN solution is very complex and must be based on topics such as the overall SDDC[8] strategy, the system technologies, the cloud/multicloud strategy and the impacts in terms of operation and the related upskilling .


The introduction of SDN in the WAN[9] changes the traditional network model especially in terms of network services.

SDWAN solutions are part of the family of the so-called Edge WAN, that is WAN defined only by their border elements and therefore agnostic with respect to the characteristics of the WAN itself and which is characterized only by its transport parameters.

An example of Edge WAN is the Internet VPN[10]. These are challenged by private networks based on MPLS technology and provided as managed service  by TLC operators, who provide VPNs with much more advanced features, characterized by high levels of  resilience,  differentiation and  prioritization  of  traffic,  etc.

With SDWAN you can create VPNs with features that are close to and/or even more advanced than those of MPLS networks  (for example application based performance optimization and routing), combining different connection technologies  (internet, MPLS, mobile, etc.).

Being made only by border elements and with the management simplification due to automation, it is possible to create MPLS-like networks that can be managed by the enterprise or by one of its integrators, making it independent of the specific network operator.

The main benefits can be summarized in:

  1. Possibility to combine, at site level, “valuable” links (e.g. MPLS) and “cheap” links (internet, mobile) and distribute, intelligently and dynamically, the traffic on them in order to optimize the bandwidth consumption and the associated cost. This approach is also called Hybrid Network.

  1. Application-visibility and advanced security In Hybrid scenarios it is essential to provide end-to-end visibility of application flows, both to ensure operation in terms of performance (think of the use of collaboration tools sensitive to jitter / latencies) and to secure the information that passes through them.
  2. Simple and automated management of links of different types, provided by different operators both at a single site and globally.

It should be noted that, for its features and specifically for the aforementioned third advantage, SDWAN has become the reference solution for international enterprise WAN networks.

Due to the success of the cloud model and its as-a-service paradigms, a process of transformation of WAN requirements is underway, in which traffic from  locations will increasingly be directed to Cloud Providers  rather than  to  corporate DCs. In addition, this traffic is increasingly directed to the internet  due to various phenomena such as the increase of  SaaS services  and  smartworking. In this context, SDWAN can be integrated within the so-called  SASE[11] architectures and is a valid solution for the distribution of traffic in multicloud contexts.

It should also be noted the role that SDWAN can have in the development of mobile private networks, especially if developed via 5G technology.

The landscape of SDWAN solutions is wide. If the solution market was initially characterized mainly by start-ups, quickly acquired and merged by market leaders, now a third phase is underway that emphasizes the security features. In general, the market is not yet fully mature, the differences between the various products are significant and their selection requires an accurate identification of the drivers and the definition of the specific requirements and constraints imposed by as-is solutions.

LANs and Campuses: SDA

Within Campus networks, the spread of technology has been slower, especially because the benefits are weaker and make it more difficult to justify the adoption of SDN solutions as it introduces additional costs and requires a radical change of skills amongst the operational staff.

The advantages brought to the campus environment are in part those already seen, such as easy scalability, application visibility and very granular security and segmentation features to which are added the management of the mobility of users between locations and integration with  WiFi.

As for the other areas, the possibility of automating and simplifying management based on the ubiquitous application of policies applies. It is understood that in a context that is normally simpler (for example at the level of privileges to users) and static,  such as that of campus, the perceived advantages are lower and the use-cases limited to dynamic environments, with particular requirements of scalability, security or mobility.

Not all vendors offer SD solutions in the Campus area also because some of the most frequent requirements, such as automation and application-visibility, can be achieved with more traditional technologies. Also in this case the real benefits for the enterprise must be balanced with the higher costs and technical complexity of the solution.

xTech and Software Defined Networks

xTech is a center of excellence of the Bip Group, with a long history in the definition of strategies, service analysis, design and governance of solutions in the TLC field.

The opportunities for introducing new Software Defined Network technologies will have to be analyzed keeping in mind the business objectives, the market and the rapidly evolving technology and always with a look at how to enhance and integrate company assets.

We are, as always, alongside our customers to help them seize the opportunities offered by new IP networking technologies, also by virtue of our strong skills on Automation and Cloud, which will increasingly merge with transmission technologies to revolutionize the range of services available to companies.

If you are interested in learning more about our offer or would like to have a conversation with one of our experts, please send an email to with “IP networks” as subject, and you will be contacted promptly.

[1] Multi Protocol Label Switching, the basis of current private network services for Enterprise.

[2] For example, the control plane populate tables of routing, also using appropriate routing protocols.

[3] The network will optimize and will monitor the operation of the applications.

[4] Application Programming Interface.

[5]Approaches such as: virtualization, containerization and micro services architectures.

[6] Ensure logical separation of single server or service.

[7] This goes to realize the Interoperability between the various components (HW/Date PlaneSW/Control Plane), of several vendors, known as Open Networking and was, as seen, one of the original principles of the SDN.

[8] Software Defined Data Center: is the approach of virtualization and separation of logical and physical layers adopted on all the components of a Data Center (networking, compute, storage).

[9] Wide-Area-Network is the network who connects different sites, geographically distributed.

[10] Virtual Private Network: private networks created virtually on a shared physical layer (connections, devices).

[11] Sase (Secure Access Service Edge): family of security services that replace security perimeter services with services provided in the cloud. These allow, among other things, secure access via the internet to the main cloud services.