📘CCNP security (350-701)
1. Introduction to SDN (Software-Defined Networking)
Traditional networks use network devices (routers, switches, firewalls) that make decisions and forward traffic by themselves. This makes networks:
- Hard to manage
- Hard to automate
- Hard to secure consistently
Software-Defined Networking (SDN) solves this problem by separating:
- Control plane – decides what to do
- Data plane – forwards traffic based on instructions
In SDN, a central controller makes decisions, and network devices follow those decisions.
2. SDN Architecture Overview
An SDN architecture has three main layers:
1. Application Layer
- Network applications and services
- Examples:
- Network security applications
- Monitoring tools
- Automation scripts
- Policy engines
2. Control Layer
- SDN Controller (the “brain” of the network)
- Examples:
- Cisco DNA Center
- Cisco ACI APIC
- OpenDaylight
3. Infrastructure Layer
- Physical or virtual network devices
- Examples:
- Switches
- Routers
- Firewalls
3. What Is an API?
An API (Application Programming Interface) allows software components to communicate with each other.
In SDN:
- APIs allow applications to talk to controllers
- APIs allow controllers to talk to network devices
There are two main types of APIs in SDN:
- Northbound APIs
- Southbound APIs
4. Northbound APIs (Controller → Applications)
Definition
Northbound APIs allow applications and management tools to communicate with the SDN controller.
They are used to:
- Request network services
- Define policies
- Automate network behavior
Where Northbound APIs Are Used
- Between Application Layer and Control Layer
- Applications send requests north → south direction logically
Purpose of Northbound APIs
Northbound APIs allow applications to:
- Ask for network resources
- Define security policies
- Automate configuration
- Monitor network status
The application does not need to know how switches work internally.
Common Functions of Northbound APIs
Northbound APIs allow applications to:
- Create network policies
- Define security rules
- Request network segmentation
- Get network statistics
- Automate access control
- Integrate with orchestration tools
Northbound API Protocols
Common technologies used:
- REST APIs (most common)
- HTTP / HTTPS
- JSON or XML data formats
IT-Based Example (Easy to Understand)
A security management application sends a request to the SDN controller:
- “Create a secure network segment for finance systems”
- “Apply firewall rules to block unauthorized access”
- “Give me traffic statistics for this application”
The application uses Northbound APIs to communicate these requests.
The SDN controller then decides how to implement them.
Why Northbound APIs Are Important
- Enable automation
- Enable programmability
- Reduce manual configuration
- Improve security consistency
- Allow integration with DevOps and security tools
5. Southbound APIs (Controller → Network Devices)
Definition
Southbound APIs allow the SDN controller to communicate with network devices like switches, routers, and firewalls.
They are used to:
- Install forwarding rules
- Configure devices
- Collect device statistics
Where Southbound APIs Are Used
- Between Control Layer and Infrastructure Layer
- Controller sends instructions south → down to devices
Purpose of Southbound APIs
Southbound APIs allow the controller to:
- Tell devices how to forward traffic
- Apply access control rules
- Configure VLANs and routing
- Enforce security policies
- Monitor device status
Common Southbound API Protocols
Important protocols include:
- OpenFlow (very common in SDN)
- NETCONF
- RESTCONF
- SNMP (monitoring)
- gRPC
- CLI-based APIs (vendor-specific)
IT-Based Example (Easy to Understand)
The SDN controller sends instructions to switches:
- “Send traffic for this application through a firewall”
- “Block traffic from this IP address”
- “Forward traffic using this path”
- “Apply access control list (ACL) rules”
These instructions are sent using Southbound APIs.
Why Southbound APIs Are Important
- Allow centralized control
- Enable dynamic configuration
- Improve network security enforcement
- Reduce manual device configuration
- Enable faster response to threats
6. Key Differences Between Northbound and Southbound APIs
| Feature | Northbound API | Southbound API |
|---|---|---|
| Communicates with | Applications | Network devices |
| Direction | Application → Controller | Controller → Devices |
| Used by | Developers, admins | SDN controller |
| Purpose | Policy and automation | Device configuration |
| Complexity | Simple and abstract | Low-level and detailed |
| Common formats | REST, JSON | OpenFlow, NETCONF |
7. Role of APIs in SDN Security (Exam-Critical)
For the 350-701 exam, it is important to understand how APIs improve security.
Security Benefits of Northbound APIs
- Security tools can:
- Automatically apply policies
- Detect threats and request mitigation
- Integrate with SIEM and SOC platforms
Security Benefits of Southbound APIs
- Controllers can:
- Push firewall rules instantly
- Block malicious traffic dynamically
- Enforce segmentation and isolation
- Apply zero-trust policies
8. Relationship Between SDN, APIs, and Automation
SDN uses APIs to enable:
- Network automation
- Policy-based security
- Centralized management
- Rapid response to attacks
- Consistent enforcement across devices
Without APIs, SDN cannot function effectively.
9. Exam-Focused Key Points to Remember
For the Cisco 350-701 exam, remember:
- SDN separates control plane and data plane
- Northbound APIs:
- Connect applications to controllers
- Used for policies and automation
- Southbound APIs:
- Connect controllers to network devices
- Used to configure and control traffic
- REST APIs are common northbound
- OpenFlow and NETCONF are common southbound
- APIs enable security, automation, and scalability
10. Simple Summary (For Non-IT Learners)
- SDN uses a central controller to manage networks
- Northbound APIs let applications talk to the controller
- Southbound APIs let the controller talk to devices
- This makes networks:
- Easier to manage
- Easier to secure
- Faster to automate
