6.2 Controller-Based and Software-Defined Architectures
Key Takeaways
- SDN separates the control plane (decision-making) from the data plane (packet forwarding).
- The controller is the centralized 'brain' that programs forwarding rules into network devices.
- Northbound APIs connect applications to the controller; southbound APIs connect the controller to devices.
- Cisco DNA Center (now Catalyst Center) is Cisco's enterprise SDN controller for campus networks.
- Overlay networks run on top of the physical underlay, providing abstraction and flexibility.
Last updated: March 2026
Controller-Based and Software-Defined Architectures
Traditional vs. Controller-Based Networks
Traditional Network Architecture
In traditional networks, each device has its own control plane and data plane:
- Control plane: Makes decisions (routing protocols, STP calculations, MAC learning)
- Data plane (forwarding plane): Forwards packets based on control plane decisions
Each device operates independently, making its own decisions. Configuration is done device-by-device.
Controller-Based Architecture (SDN)
In Software-Defined Networking (SDN), the control plane is centralized in a controller:
- The controller makes decisions for the entire network
- The controller programs forwarding rules into network devices
- Network devices focus only on forwarding (data plane)
- Configuration and policy are managed centrally
SDN Architecture Layers
Application Layer
- Business applications that consume network services
- Examples: Security monitoring, traffic analytics, network optimization
- Communicates with the controller via Northbound APIs
Control Layer (Controller)
- The SDN controller — the "brain" of the network
- Makes forwarding decisions, applies policies, monitors network health
- Communicates UP to applications via Northbound APIs (REST APIs)
- Communicates DOWN to devices via Southbound APIs (NETCONF, RESTCONF, OpenFlow)
Infrastructure Layer (Data Plane)
- Physical and virtual network devices (routers, switches, APs)
- Focus on forwarding packets based on instructions from the controller
- Receives forwarding rules via Southbound APIs
Northbound and Southbound APIs
| API Direction | Connects | Protocol Examples | Purpose |
|---|---|---|---|
| Northbound | Applications ↔ Controller | REST API (HTTP/HTTPS) | Apps request network services, get network data |
| Southbound | Controller ↔ Devices | NETCONF, RESTCONF, OpenFlow, CLI | Controller configures and monitors devices |
| Eastbound/Westbound | Controller ↔ Controller | Proprietary | Multi-controller synchronization |
Overlay, Underlay, and Fabric
| Concept | Definition | Example |
|---|---|---|
| Underlay | The physical network infrastructure (cables, switches, routers) | Campus switches, WAN routers |
| Overlay | A virtual network built on top of the underlay using tunneling | VXLAN tunnels between switches |
| Fabric | The combination of underlay + overlay, managed as a single entity | Cisco SD-Access fabric |
How Overlay Networks Work
- Underlay provides basic IP connectivity between all network devices
- Overlay creates virtual tunnels (e.g., VXLAN) on top of the underlay
- Traffic is encapsulated in the overlay tunnel, transported across the underlay, and decapsulated at the destination
- Benefit: Network segments (VLANs, subnets) can span the entire fabric regardless of physical topology
Cisco DNA Center (now Catalyst Center)
Cisco DNA Center (rebranded as Cisco Catalyst Center) is Cisco's intent-based networking controller for enterprise campus networks.
Key Features
| Feature | Description |
|---|---|
| Intent-based networking | Define business policies, controller translates them to device configs |
| Automated provisioning | Deploy configurations to hundreds of devices automatically |
| SD-Access | Software-defined campus fabric with micro-segmentation |
| Assurance | AI/ML-driven monitoring, analytics, and troubleshooting |
| Policy enforcement | Centralized security policy applied across the network |
| Network plug-and-play | Zero-touch provisioning for new devices |
DNA Center vs. Traditional Management
| Aspect | Traditional (CLI) | DNA Center |
|---|---|---|
| Configuration | Device-by-device CLI | Policy-based, automated |
| Provisioning | Manual, time-consuming | Zero-touch, template-based |
| Monitoring | SNMP/syslog, reactive | AI-driven, proactive |
| Troubleshooting | Manual investigation | Automated root cause analysis |
| Compliance | Periodic manual audit | Continuous automated checks |
On the Exam: Understand the three SDN layers (application, control, infrastructure) and the APIs that connect them (northbound for apps-to-controller, southbound for controller-to-devices). Know that Cisco DNA Center/Catalyst Center is Cisco's SDN controller for campus networks.
Loading diagram...
Test Your Knowledge
In an SDN architecture, what connects the controller to the network devices?
A
B
C
D
Test Your Knowledge
What is the key difference between a traditional network and an SDN controller-based network?
A
B
C
D
Test Your Knowledge
What is the network overlay in a software-defined architecture?
A
B
C
D