In SDN, your network controller is the power broker

The role of network agents in a software defined network


by Jonathan Hassell

If you’re considering software-defined networking for your data center, consider network agents , which perform the critical translation work of the network, ensuring flexibility, scalablity and security.

Network agents are what some in the industry refer to as the future of the software-defined network. Agents bring a great deal of flexibility and control, and their work underlies the responsiveness and agility of a software-defined network.

Network agents are instrumental in this infrastructure shift known as software-defined networking (SDN). By abstracting hardware and virtualizing networking configuration in software, networks can be managed dynamically to respond to peak or declining loads. SDN enables a much more facile, flexible and scalable management of data center architecture. Network agents enable this brokering in the communication between applications and infrastructure.

What are network agents?

In almost all software-defined networks, an agent is the tool by which applications communicate with network controllers. In this way, administrators can modify a network configuration at any time.

Network agents can live on a software-defined network controller, enabling a controller to talk to various applications through its northbound interface. (Northbound interfaces are generally output; they communicate only outward to the individual SDN-aware applications.) Network agents can also live on different network elements, thereby creating a datapath. These elements work together to forward traffic through the datapath's external interfaces or to process or terminate traffic within the element itself.

One or more of these datapaths (an agent and an engine) may reside in a physical network element. This is a “bucket” of welded-together communication resources, which an SDN sees and manages as a unit. A datapath can also be defined across multiple physical network elements. This logical datapath doesn’t concern itself with how datapaths map to actual physical assets, how those physical resources are managed or how they are abstracted away. The agent is responsible for communicating with the SDN controller about what the datapath is supposed to represent and how its engine is supposed to behave. And the datapath network agents conduct this communication across the network controller’s southbound interface.

How are network agents deployed in a production SDN?

In some networks, administrators install virtual network agents on every hypervisor host. In that scenario, each hypervisor host is a network element. The virtual network agent on each host then directs traffic toward the virtual switch. If that virtual switch recognizes a particular flow of traffic and is able to match it with a prescribed action, it can adjust the configuration of the virtual machines on that host. This enables traffic to exit through the host’s physical network interface card. If the virtual switch doesn't recognize the flow, it sends a mapping request back to the agent. The agent then queries a mapping service in the network controller to figure out where that traffic is supposed to go.

In other scenarios, network agents help implement virtual functions on the network. Workloads such as load balancers, firewalls, threat monitors, intrusion detectors, packet captures and traffic-forwarding features, can be activated by network agents residing in different network elements. The controller can deploy, activate, deactivate, and redeploy these agents as needed whenever traffic flows in one direction or another. Large-scale SDNs can deploy multiple copies of these objects for multitenant scenarios or to respond to a breach, a distributed denial of service attack, an unusually large load during a peak period, or other onetime occurrences.

Putting it all together

With agents, it's important to remember what distinguishes a software-defined network from a physical network: Physical components --discrete switches and patch cables and port—are completely abstracted away. The only networking that matters is the traffic flow created by applications.

SDN cares about traffic flow, the purpose of the traffic and its outcome, rather than with which where to turn  or what t to do when traffic backs up. By focusing on the flows, the need of packets and data to get from one application to another, we get the concepts of agents, the bits that carry out the instructions from the control plane and translate those into action on the data plane. 

Agents are critical to the SDN experience, performing the vital translation of instructions from the control plane to the data plane. 

About the author

Ahmed Elbornou, Software Engineer

Jonathan Hassell

Jonathan Hassell is an author, consultant and speaker residing in Charlotte, N.C. His books include Windows Vista: Beyond the Manual.