An SDN model of networking should be considered for mass IoT deployments, especially when a customer needs to establish the provenance and security of a wide deployment of nodes. An architect should consider the following situations when using an SDN:

• Servers and data centers that IoT edge devices must communicate with can be thousands of miles away
• The scale of IoT growth from millions of endpoints to billions of endpoints needs appropriate scaling technologies outside of the hub-and-spoke model of current internet infrastructure

Three aspects of SDN makes it attractive to IoT deployments:

• Service chaining: This allows a customer or provider to sell services a la carte. Cloud network services such as firewalls, deep packet inspection, VPNs, authentication services, and policy brokers can be linked and used on a subscription basis. Some customers may want a full set of features, others may not choose any or may change their configuration routinely. Service chaining allows for significant flexibility in deployments.
• Dynamic load management: An SDN enjoys the flexibility of cloud architecture, and by design it can scale resources dynamically depending on load. This type of flexibility is crucial for the IoT as architects need to plan for capacity and scale as the number of things grows exponentially. Only virtual networking in the cloud provides the ability to scale capacity when needed. An example of this would be people-tracking at amusement parks and other venues. The number of people varies depending on the season, time of day, and weather. A dynamic network can adjust to the number of visitors without any change to the provider's hardware.
• Bandwidth calendaring: This allows an operator to partition data bandwidth and usage to specified times and days. This is pertinent to IoT as many edge sensors only report data periodically or at a certain time of day. Sophisticated bandwidth sharing algorithms can be constructed to time slice capacity.

Later in this book, the Chapter 12, IoT Security, will explore Software-Defined Perimeters (SDP) as another example of network function virtualization and how it can be used to create micro-segments and device isolation, which is critical for IoT security.