Modern enterprise networks are evolving from traditional static configurations to intelligent, automated, and programmable systems. Controller-based and software-defined architectures (SDN) simplify network management by separating control and data functions, enabling automation and centralized policy enforcement.
Controller-Based and Software-Defined Network Architecture
In a controller-based architecture, a dedicated controller (or controllers) centrally manages the network’s control logic. Devices in the network (switches, routers) become simpler forwarding elements, relying on the controller for decisions. The controller issues flow rules, policy instructions, or configurations to these devices.
Software-Defined Architecture separates the control plane (logic and decision-making function) from the data plane (packet forwarding functions). The controller becomes the centralized “brain” that controls all the network devices, while the devices themselves act as forwarding nodes following the controller’s instructions. This architecture increases agility, reduces configuration errors, and allows for policy-based management using APIs and automation tools.
Advantages of Controller-Based and SDN Architecture
- Centralized management through controllers.
- Faster network changes and policy implementation.
- Enhanced visibility and analytics.
- Reduced operational cost through automation.
- Better scalability and flexibility for cloud and virtual networks.
Underlay, Overlay, and Fabric Architecture
To understand controller-based networks, it’s essential to know how traffic is carried across underlay, overlay, and fabric layers.
What is an Underlay Network?
An Underlay Network is the physical foundation of a network infrastructure that includes the actual routers, switches, cables, and physical links that move data packets between devices. It provides the basic connectivity and routing on which overlay networks (like SDN or virtual networks) are built.
Key Characteristics of an Underlay Network:
- Physical Infrastructure: The underlay consists of real hardware devices — routers, switches, and transmission links — that form the network’s backbone.
- IP Routing & Forwarding: It uses traditional routing protocols such as OSPF, EIGRP, or BGP to forward packets based on IP addresses.
- Reliable Connectivity: The underlay ensures all network devices have a stable and consistent path to communicate.
- Supports Overlay Networks: It provides the transport mechanism for overlay tunnels (like VXLAN, GRE, or MPLS) used in modern virtualized environments.
Example of Underlay Network
Let us take an example of a corporate data centre: Physical switches and routers form the underlay network. On top of it, a virtual network (overlay) is built using VXLAN tunnels to connect virtual machines across different physical hosts.
What is an Overlay Network?
An Overlay Network is a virtual network built on top of an existing physical (underlay) network. It uses tunnelling technologies to create logical connections between devices, regardless of where they are physically located in the underlay infrastructure.
Key Characteristics of an Overlay Network:
- Virtual Connectivity: The overlay creates logical links between devices or virtual machines (VMs) over the underlay, as if they were directly connected — even across different physical locations.
- Tunnelling Mechanisms: Uses encapsulation technologies like VXLAN, GRE, or NVGRE to wrap network traffic inside other packets for transport across the underlay.
- Simplified Management: Network policies, segmentation, and automation can be applied through a centralized controller — often used in Software-Defined Networking (SDN).
- Flexibility and Scalability: Enables rapid deployment of new virtual networks without changing the physical infrastructure.
Example of Overlay Network:
The overlay network runs on top of underlay network and uses VXLAN tunnels to connect virtual machines (VMs) on different physical servers, creating a seamless logical network for applications.
Comparison between Underlay and Overley Networks:
| Feature | Underlay Network | Overlay Network |
|---|---|---|
| Type | Physical | Virtual |
| Components | Routers, switches, cables | VXLAN, GRE, virtual switches |
| Purpose | Provides basic connectivity | Enables virtualized, flexible networking |
| Configuration | Device-based | Controller/software-based |
| Example | IP routing via OSPF | VXLAN tunnel between VMs |
What is a Fabric Network?
A Fabric Network is a modern network architecture where multiple switches and devices are interconnected in a mesh-like structure, operating as a single logical network. It is designed to provide high performance, scalability, automation, and seamless connectivity across large enterprise or data center environments.
Key Characteristics of a Fabric Network:
- Single Logical System: All interconnected devices (switches, routers) act as one unified system, simplifying configuration and management.
- Automated Path Selection: Traffic automatically finds the most efficient route through the network using dynamic path optimization.
- Scalability: New devices can be added easily without major reconfiguration — ideal for growing data centers.
- High Availability & Redundancy: Multiple paths exist between devices, so if one link fails, traffic reroutes instantly — ensuring continuous service.
- Centralized Control: In SDN or controller-based architectures (like Cisco SD-Access or VXLAN EVPN fabric), a network controller manages the entire fabric for consistency and automation.
Example of Fabric Networks:
Cisco’s SD-Access (Software Defined Access) is an example of a fabric-based architecture that uses Cisco DNA Center as its controller.
In a Cisco SD-Access Fabric, the fabric edge nodes connect users and devices. The fabric control plane (based on LISP or VXLAN) manages endpoint identity and traffic routing and the fabric border nodes link the fabric to external networks. Together, they form a secure, flexible, and automated fabric that supports intent-based networking.
Comparison between Fabric vs Traditional Networks:
| Feature | Fabric Network | Traditional Network |
|---|---|---|
| Architecture | Mesh-like, unified system | Hierarchical (core, distribution, access) |
| Control | Centralized and automated | Manual, device-by-device |
| Scalability | High — add nodes easily | Limited by topology |
| Redundancy | Built-in multipath connectivity | Often single path |
| Management | Through controllers or SDN | Manual CLI configuration |
Separation of Control Plane and Data Plane
In networking, every device (like a router or switch) has different functions that manage how data is handled and moved. These functions are divided into two main parts — the Control Plane and the Data Plane.
What is the Control Plane?
The Control Plane is the “brain” of a network device. It is responsible for making decisions about where and how traffic should be sent.
Its Keys Functions is to:
- Builds and maintains the routing table and MAC address table
- Runs routing protocols (like OSPF, EIGRP, BGP)
- Exchanges control messages between devices
- Determines the best path for traffic forwarding
Example of Control Plane: When a router receives new routing information, the control plane processes it, updates the routing table, and decides the next hop for each destination network.
What is the Data Plane?
The Data Plane (also called the Forwarding Plane) is the “muscle” of a network device. It handles the actual movement of data packets based on the instructions received from the control plane.
Key Functions of the Data Plane is to:
- Forwards user traffic from source to destination
- Applies access control lists (ACLs), QoS policies, and NAT translations
- Uses the forwarding table to make packet-forwarding decisions
Example of Data Plane: Once the control plane determines the best route, the data plane uses that information to forward real-time user traffic (like video, emails, or web data).
Separation of Control Plane and Data Plane
In traditional networks, both planes exist inside the same device — each router or switch makes its own decisions and forwards packets independently.
In Software-Defined Networking (SDN), these planes are separated:
- The Control Plane is centralized in a network controller (software).
- The Data Plane stays in the individual devices (switches, routers), which follow instructions from the controller.
Benefits of Separation
- Centralized control: Easier to manage large networks.
- Automation: Quick deployment of policies and configurations.
- Improved security: Consistent enforcement of rules across all devices.
- Scalability: Simplifies network growth and multi-site management.
Comparision between Traditional and SDN Network:
| Feature | Traditional (Integrated) | SDN (Separated) |
|---|---|---|
| Control Location | In each device | Centralized controller |
| Configuration | Manual (per device) | Automated (via controller) |
| Scalability | Limited | High |
| Management | Complex | Simplified |
| Innovation | Vendor-dependent | Software-based, flexible |
Northbound and Southbound APIs
In controller-based or software-defined networking (SDN), the intelligence of the network is centralized in a controller, which manages all devices using APIs — Application Programming Interfaces.
Among these, the two most important types are Northbound APIs and Southbound APIs.These APIs allow the controller to communicate upward with applications and downward with network devices, creating a bridge between the network software and hardware layers.
What Are APIs in Networking?
An API (Application Programming Interface) is a set of rules that allows one piece of software to interact with another.
In SDN, APIs help different layers of the network — applications, controllers, and devices — exchange information and commands in an automated way. So instead of manually configuring devices, APIs enable programmatic communication and automation.
What is a Northbound API?
Northbound APIs connect the SDN controller to the applications and orchestration systems above it.
Key Points of Northbound API:
- They allow applications (like monitoring tools, automation scripts, or business software) to request or retrieve network information from the controller.
- Typically use RESTful APIs or HTTP/HTTPS for communication.
- Provide a high-level, abstracted view of the network, so apps don’t need to know device-level details.
- A network monitoring application can use a northbound API to get traffic statistics, device health, or link status from the controller — without logging into each switch or router.
- Example Technologies:
- REST APIs (Representational State Transfer)
- JSON or XML for data exchange
- Cisco DNA Center APIs
- OpenDaylight Controller APIs
Advantages of Northbound API:
- Simplifies automation and integration
- Enables third-party applications
- Improves visibility and analytics
- Reduces complexity for developers
What is a Southbound API?
Southbound APIs connect the SDN controller to the network devices (such as switches, routers, and firewalls) below it.
Key Points of Southbound API:
- They carry instructions from the controller down to devices.
- Help the controller manage configurations, routing, forwarding tables, and policies.
- Provide a device-level control interface for the controller.
- When an SDN controller wants to create a new VLAN or route, it sends that command to the switch using a southbound API protocol like OpenFlow.
- Common Southbound Protocols:
- OpenFlow: The most common protocol for SDN control.
- NETCONF: For device configuration and management.
- gRPC / gNMI: Used in modern programmable networks.
- Cisco OpFlex: Used in Cisco ACI environments.
Advantages of Southbound API:
- Enables centralized control over all devices
- Standardized communication between controller and devices
- Allows automation of configuration and policy deployment
- Reduces the need for CLI-based management
Conclusion
Controller-based and software-defined architectures fundamentally change how networks are built and managed. By separating control logic from forwarding hardware, they deliver agility, consistent policies, and automation. While controller-based models provide centralized management over “smart” devices, SDN pushes the abstraction further with full programmability and software-defined control. As networks grow in scale and complexity, mastering these architectures becomes essential for any network professional.
Related posts:
![how automation impacts network management]()
How Automation Impacts Network Management
![characteristics of rest based api]()
Characteristics of REST-Based APIs
![ai and ml in network operation]()
Artificial Intelligence and Machine Learning in Network Operations
![understanding roles and functions of network devices]()
Understanding Roles and Functions of Network Components
![configuring and verifying ipv4 address]()
Configuring and Verifying IPv4 Addressing and Subnetting
![network devices]()
Network Devices
![what is an ip address]()
What is an IP Address
![traditional campus device management vs cisco dna centre]()
Traditional Campus Device Management and Cisco DNA Centre
![configuring and verifying layer discovery protocol cdp and lldp]()
Configuring and Verifying Layer 2 Discovery Protocols
Today, I went to the beach with my children. I found a sea shell and gave it to my 4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is entirely off topic but I had to tell someone!