In a traditional network architecture (left), the data plane and the control plane are both located on the physical device. Traffic forward policies are set at the individual device level. Because each device does not have visibility to the entire network, these forwarding policies may not be the best.
In software-defined networking, or SDN (right), the control plane is separated from the physical device and moved to the controller layer. This controller can see the entire network, and thus allows network engineers make optimal forwarding policies based on the entire network. The controllers interact with the controller agent in the physical network devices (shown in brown) via an industry standard protocol. A common such protocol is OpenFlow. On the other end, the controller offers APIs that allow business applications to manage the network.
There are a number of benefits to the SDN approach:
Under SDN, network management can be done via a single interface as opposed to having to configure at each individual network device.
Ease of management and the flexibility of SDN means that both capital expenses and ongoing operating expenses can be reduced.
Forwarding decisions can be made globally across the SDN rather than at individual network device level.
There are several challenges that have been discussed:
Currently OpenFlow is the most common standard, and in fact there are controller vendors who build their business entirely on top of the OpenFlow protocol. On the other hand, there are several other competing standards, some being pushed by big network players.
How to implement security across the entire SDN is still unclear.
Because SDN is such a new technology, most likely the in-house IT staff does not have any experience. So it is often necessary to incur additional cost to leverage vendor's professional services team or to hire third-party consultants.