Networking the Application, Exists With or Without SDN

Published: Tue 25 Jun 2013
A blog entry by Michael Holdmann

Contributed by:

Michael Holdmann
EVP | Strategy | Alliance
Coversant, Inc.

Michael Holdmann's Blog

There is a great deal of focus on Software Defined Networks (moving control plane to the server, virtualizing the router, switch) these days.   The fault in this is that the architecture continues to leave data and applications susceptible to attacks in layer 2 and 3.  People are also of the belief that SDN will someday allow “Networking the Application”.


Application centric networking is not a function of a device but rather of a protocol, including where in the stack the protocol resides.  Application centric networking decouples network-dependent applications from the network and enables parts of an application or a group of related applications to be distributed safely around the network using XMPP to tie the components together and enable them to act as a single unit.

Coversant logical (646x399)

This capability is accomplished by moving the networking control and forwarding functionality to Layer 7 (application layer in the OSI stack).  Each end-point is assigned a domain address, which is used for identification as opposed to traditional IP addressing; XMPP endpoints are tunneled to those within the domains they are assigned to. Additionally, the presence feature of XMPP is a powerful concept that can be used for nodes in the application network to be aware of the states of the other nodes.

XMPP also enables a very secure coupling between the application nodes.  A compromise of the physical network, or even the software defined network (SDN), does not mean a compromise of the application.  The application network may be disrupted by denial of service (DoS) but the data stream will not be compromised if an attacker is able to hack a router or attempt a man-in-the-middle attack.

Additional benefits of using a protocol for networking is the ability to

  • Close all incoming ports on the firewall for less intrusion points on a network
  • Reduce need for external load balancing appliances, some commercial platforms accommodate this function
  • Consolidate your SOA, ESB platforms into the communications platform for reduction of overall infrastructure, saving  in power, space, HVAC and equipment.
  • Need for less intelligent routers and switches allowing reduction in costs of equipment

The need for secure network communication between end points, man or machine, is not accomplished by throwing more points of failure/intrusion points into a network.  The functionality needs to be in the protocol itself that is allowing the connection between endpoints and bi-directional transport of the data.