DevOps firehose reaches Networking!

Jason Man 9th February 2017

With the increased inclusion of Security under the DevOps umbrella, the focus has now shifted to the world of Networking. And, given the fact that networks are becoming increasingly more complex and reliant upon manual, coordinated changes (a challenge when employees often work in silos), a networking approach that opens communications and makes automation possible is key for businesses. Enter Software Defined Networking (SDN).


DevOps and Networks: The perfect match

DevOps is focused on the full end-to-end delivery of an application. After the increased inclusion of Security within DevOps, the next logical (and probably one of the most difficult) focus area is Networks.

The Networks side of IT has long been a very regimented and specialised area. Software Defined Networks (SDN) enable organisations to quickly create and manage virtual networks, dramatically decreasing provisioning time and providing far greater flexibility.

Many organisations have now reached a level of maturity where infrastructure can be provisioned and applications deployed quickly through automation. Configuring access to those environments still commonly relies on manual configuration changes resulting in networks appearing to inhibit agility, a problem caused by the fact that networks haven’t reached the same level of maturity as other areas due to the lack of component programmability. This has led to an increasing number of companies exploring the possibility of integrating SDN alongside their existing, or planned, DevOps strategies.

One of the first indications that this is the latest, fast-growing trend, is the fact many config management tools are extending their capability into Networks and opening up with APIs to better integrate with the ecosystem around them. A good example of this can be found when looking at the Ansible and Red Hat or Puppet and Cisco DevOps networking partnerships.

The main challenge faced here is that config management typically sits in a Sys Admin role whereas Networks would sit with Network specialists. The transition may be far greater as Networking specialists typically have little development background. However, it is clear that the ability to create a framework where changes can be standardised, repeatable and automatable will improve many areas of the software delivery lifecycle.


How SDN truly helps you build, test and run in an isolated environment

DevOps focuses largely on deploying higher quality software, faster. The need for speed and agility has caught up with Networks, and it’s become infeasible to create segregated environments at such speed without automation. SDN is proving to be a disrupter in this area, as seen in Nuage Networks’ new Nuage X cloud environment.

DevOps provides the environment in which SDN can flourish. It fosters and encourages communication and collaboration between developers, operations teams and infrastructure professionals, for unified and automated IT development, implementation and management. And in return, SDN enables engineers to apply software control to network elements, centralising management and the provisioning of virtual and physical infrastructures.

DevOps can also leverage SDN to further hybridise IT employees: a critical process as security, systems and networking all become more intertwined with development.


Relationship takeaway:

At this early, blossoming stage of the SDN-DevOps relationship, and given the inherent cultural, and technical challenges that businesses experience when moving to a new working environment, it’s important to recognise what the

SDN is still a relatively new concept. Much like the early days of Config Management and now Containers, there are many pros and cons, some of which we’ve outlined below:


Pros Cons
Lower costs once a base infrastructure is in place Requires a new type of engineering/specialist resource
Faster and repeatable provisioning capabilities Specifically, in the Devops community, there is a lack of understanding on how to configure firewalls, routing protocols etc due to the intrinsic complexities of these technologies & protocols
A single mode of deployment/orchestration, dependent on provider (VMWARE NSX, Cisco ACI etc) Networks doesn’t follow the same structured approach to abstraction layers that other IT areas have. There is a gap in the ‘programmability’ of each layer and how non-standardised the relationships, setups and implementations are.
By making networks more directly scriptable through the use of APIs for products or service, data centre automation is easier Advanced capabilities and features are not all available as you’d get on a physical network appliance (yet)
Managing virtual packet forwarding Specialised appliances such as a web application firewall (WAF), Encryptors, IDS/IPS from leading vendors are not yet available
The ability to implement and manage a virtual/logical network and create a layer of abstraction, building a software managed network that looks independent to the underlying infrastructure. There is no ‘true’ physical security or air gapping of systems – no formal CESG or federal accreditation.


Before SDN, not only were network devices configured manually, but, without considering individually the applications and operations related to the infrastructure. SDN allows IT teams to configure masses of network devices at the same time and at scale, applying granular segmentation to users and applications when needed. Its whole purpose is to implement changes, taking infrastructure, applications and operations into consideration at the same time. As such, SDN will be the ‘go-to’ for DevOps teams to work their magic on Networks.

If you are to take away anything from the above information, let it be this:

“Networks has been waiting for years for this change to come; where tasks can be automated and repeated without the overhead and risk of human intervention and DevOps is the perfect conductor to achieve this”.

Ignasi Pizarro, Principal Consultant, ECS

DevOps has been proven to add real benefit to other areas of IT, and now DevOps teams are looking at how to improve networking. We think that SDN will be key to this. The transformation may take time, will surely be challenging and will clearly impact the way networks are built and managed. But, the reality is that SDN represents a company’s best means to achieving the scalability and efficiency now required in the modern IT environment.


Our recent article, Building Security into DevOps: Is DevSecOps the beginning of the future?co-authored by ECS Security, explores the changing relationship between Security and DevOps, as mentioned at the beiginning of this article. 

Found this interesting? Why not share it: