What is software-defined networking (SDN)? 
Explore IBM's SDN solution Subscribe to AI topic updates
Illustration with collage of pictograms of gear, robotic arm, mobile phone
What is SDN?

Software-defined networking (SDN) is a software-controlled approach to networking architecture driven by application programming interfaces (APIs). SDN leverages a centralized platform to communicate with IT infrastructure and direct network traffic. 

SDN creates and operates a series of virtual overlay networks that work in conjunction with a physical underlay network through the use of software. SDNs offer the potential to deliver application environments as code and minimize the hands-on time needed for managing the network.

Companies today are looking to SDN to bring the benefits of the cloud to network management and deployment. With network virtualization, organizations can achieve greater efficiency through new tools and technology, such as software as a service (SaaS), infrastructure as a service (IaaS) and other cloud computing services, as well as integrate via APIs with their software-defined network.

SDN also increases flexibility and visibility into network behavior. In a traditional environment, a router or switch—whether in the cloud or physically in the data center—is only aware of the status of network devices next to it. SDN centralizes this information so that organizations can view and control the entire network and devices.

Organizations can also segment different virtual networks within a single physical network or connect different physical networks to create a single virtual network, offering a high degree of flexibility.

Simply put, companies are using SDN because it’s a way to efficiently control traffic and scale as needed. 

Guide to enterprise-wide intelligent automation

Learn how intelligent automation can give your business operations a competitive advantage.

Related content

Register for the guide on observability

How SDN works 

To better understand how SDN works, it helps to define the basic components that create the network ecosystem. SDN architecture is made up of three layers that communicate using northbound APIs (interfaces that enable lower-level components to communicate with higher-level components) and southbound APIs that facilitate communication in the opposite direction. The three layers are:

Application layer

The application layer includes network applications and programs. The application layer communicates with the control layer through its northbound interface, informing the control layer of application resource needs. Traditional networks might use a dedicated appliance such as a firewall or load balancer, but software-defined networks instead use an application layer to control and manage the data plane. 

Control layer

The control layer serves as the brain, or network operating system that manages the movement of traffic and data. The control layer plays a key role in resource allocation throughout the network. It is the central layer that enables communication between the application layer and the infrastructure layer. 

Infrastructure layer

This layer consists of physical switches and routers that move data packets and network traffic through the network. 

In addition to these layers, software-defined networks are built with components that may or may not be located in the same physical area.  
These include:


Applications are tasked with relaying information about the network or requests for specific resource availability or allocation.

SDN controllers 

SDN controllers handle communication with the apps to determine the destination of data packets. The controllers are the load balancers within SDN.

Networking devices 

Networking devices receive instructions from the controllers regarding how to route the packets. 

Open-source technologies 

Programmable networking protocols, such as OpenFlow, direct traffic among network devices in an SDN network. The Open Networking Foundation (ONF) helped to standardize the OpenFlow protocol and other open source SDN technologies.

By combining these components, organizations get a simpler, centralized way to manage networks. SDN strips away the routing and packet forwarding functions, known as the control plane, from the data plane or underlying infrastructure. SDN then implements controllers, considered the brain of the SDN network, and layers them above the network hardware in the cloud or on-premises. This lets teams use policy-based management—a kind of automation—to manage network control directly.

SDN controllers tell switches where to send packets. In some cases, virtual switches embedded in software or hardware replace the physical switches. This consolidates their functions into a single, intelligent switch that can check data packets and their virtual machine destinations to ensure there are no issues before moving packets along.


Virtualization and SDN

The term “virtual network” is sometimes erroneously used to mean “SDN.” These two concepts are distinct, but they do work well together.

Network functions virtualization (NFV) segments one or many logical or virtual networks within a single physical network. NFV can also connect devices on different networks to create a single virtual network, often including virtual machines

SDN works well with NFV; it assists NFV by refining the process of controlling data packet routing through a centralized server, improving visibility and control.

Types of SDN 

There are four primary types of software-defined networking:

Open SDN

Open protocols are used to control the virtual and physical devices responsible for routing the data packets. Open SDN enables various teams of network operators, developers and vendors to work together on optimization.


Through programming interfaces, often called southbound APIs, organizations control the flow of data to and from each device. API SDN enables orchestration platforms, cloud management tools and network management systems to integrate with SDN infrastructure.     

Overlay Model SDN

Virtual networks run above existing hardware, creating tunnels with channels to both remote and on-premises data centers. This model then allocates bandwidth and assigns devices to each channel. 


Hybrid Model SDN

By combining SDN and traditional networking, the hybrid model assigns the optimal protocol for each type of traffic. Hybrid SDN is often used as an incremental approach to SDN, enabling enterprises to integrate SDN into legacy environments.


Benefits of SDN 

SDN architecture comes with many advantages, largely due to the centralization of network control and management. These benefits include:

Ease of network control

Separating the packet forwarding functions from the data plane enables direct programming and simpler network control. This includes configuring network services in real time, such as ethernet and firewalls, or quickly allocating virtual network resources to change the network infrastructure through one centralized location.


Because SDN enables dynamic load balancing to manage the traffic flow as need and usage fluctuates, it reduces latency and increases the efficiency of the network.


With a software-based control layer, network operators have more flexibility to control the network, change configuration settings, provision resources and increase network capacity. 

Greater control over network security

SDN lets network administrators set policies from one central location to determine access control and security policies across the network by workload type or by network segments. You can also use micro-segmentation to reduce complexity and establish consistency across any cloud network architecture—whether it’s public cloud, private cloud, hybrid cloud or multicloud.

Simplified network design and operation  

Administrators can use a single protocol to communicate with a wide range of hardware devices through a central controller. It also offers more flexibility in choosing networking equipment, since organizations often prefer to use open controllers rather than vendor-specific devices and protocols.

Modernizing telecommunications

SDN technology combined with virtual machines and network virtualization lets service providers offer distinct network separation and control to customers. This helps service providers improve their scalability and provide bandwidth on demand to customers who need greater flexibility and have variable bandwidth usage. 

The risks of software-defined networking 

SDN solutions come with significant benefits but can pose a risk if not implemented correctly. The controller is critical in maintaining a secure network. It is centralized and, therefore, a potential single point of failure. This potential vulnerability can be mitigated by implementing controller redundancy on the network with automatic failover. This may be costly but is no different from creating redundancy in other areas of the network to ensure business continuity.

SD-WAN advances cloud implementation 

Service providers and organizations alike can benefit from a software-defined wide area network or SD-WAN. A traditional WAN (wide-area network) is used to connect users to applications hosted on an organization’s servers in a data center. Typically, multiprotocol label switching (MPLS) circuits are used to route traffic along the shortest path to help ensure reliability. 

As an alternative, an SD-WAN is programmatically configured and provides a centralized management function for any cloud, on-premises or hybrid network topology in a wide area network. An SD-WAN can handle massive amounts of traffic and multiple types of connectivity, including SDN, virtual private networks, MPLS and others. 

Related solutions
IBM SevOne Network Performance Management

Designed for modern networks, IBM® SevOne® Network Performance Management (IBM SevOne NPM) provides application-centric, network observability to help NetOps spot, address and prevent network performance issues in hybrid environments

Explore IBM SevOne Network Performance Management Request a demo

SDN monitoring for Cisco ACI networks

Transitioning to SDN solutions such as Cisco ACI can be a great way to automate manual IT tasks, centralize management and enable greater network flexibility and scalability. However, to truly realize these benefits, you need a dynamic software-defined network monitoring solution that can seamlessly integrate with the varied segments of your network.

Explore SDN monitoring for Cisco ACI networks Request a demo
Resources What is network management?

Understand how network management helps to provision, monitor, secure, operate and maintain an organization’s data transfer channels.

What is networking?

Learn about computer networking, network types, important terms and concepts, and how networking impacts the organization.

What is network security?

Understand network security, the field of cybersecurity focused on protecting computer networks and systems from internal and external cyberthreats and cyberattacks.

What is an API (application performance interface)?

Discover how APIs simplify and accelerate application and software development by allowing developers to integrate data, services and capabilities from other applications.

What is virtualization?

Explore the value of virtualization, the foundation of cloud computing that enables more efficient use of physical computer hardware.

What is software as a service (SaaS)?

Learn about software as a service (SaaS), application software hosted on the cloud and used over an internet connection by way of a web browser, mobile app or thin client.

Take the next step

Designed for modern networks, IBM SevOne Network Performance Management (NPM) helps you spot, address, and prevent network performance issues early with machine learning-powered analytics. With real-time actionable insights, it helps proactively monitor multi-vendor networks across enterprise, communication and managed service providers.

Explore SevOne NPM Book a live demo