280 likes | 295 Views
Software-Defined Networking is a new network architecture that facilitates easier network programming, with software controlling network hardware in a distributed system. Learn about SDN, its components, mechanisms, and use cases in this comprehensive guide.
E N D
3.6 Software-Defined Networks SDN (Software-defined networking) is a new network architecture for the Internet • that’s makes it easier to program networks. • with the core idea that software controls network hardware in a distributed system.* • *) I thank Professor Dr. David Hausheer for letting me use some of his transparencies.
From Vertically Integrated to … Feature Feature Network OS Operating System Specialized Packet Forwarding Hardware Operating System Feature Feature Feature Feature Feature Feature Feature Feature Feature Feature Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware Operating System Specialized Packet Forwarding Hardware
Constructs a logical map of the network … Software-DefinedNetworking Well-defined open API Feature Feature Network OS Open vendor-agnostic protocol OpenFlow Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware
Network OS • Network OS: a distributed system that creates a consistent, up-to-date network view. The network OS • runs on servers (controllers) in the network • uses an open protocol to • get state information from forwarding elements • give control directives to forwarding elements.
OpenFlow • OpenFlow • is a protocol for remotely controlling the forwarding table of a switch or router • is an element of SDN.
Control Path vs. Data Path Control Path Control Path (Software) Data Path (Hardware)
OpenFlow Protocol OpenFlow Controller OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)
MAC src MAC dst IP Src IP Dst TCP sport TCP dport * * * 5.6.7.8 * * port 1 Action OpenFlow Protocol Example PC OpenFlowClient Software Layer Controller Flow Table Hardware Layer port 2 port 1 port 3 port 4 5.6.7.8 1.2.3.4
OpenFlow Basics: Flow Table Entries Rule Action Statistics packet + byte counters • Forward packet to zero or more ports • Encapsulate and forward to controller • Send to normal processing pipeline • Modify fields • any extensions you may add! Eth type Switch Port IP Src IP Dst IP Prot L4 sport L4 dport IP ToS VLAN pcp MAC src MAC dst VLAN ID
Switch Port Switch Port Switch Port MAC src MAC src MAC src MAC dst MAC dst MAC dst Eth type Eth type Eth type VLAN ID VLAN ID VLAN ID IP Src IP Src IP Src IP Dst IP Dst IP Dst IP Prot IP Prot IP Prot TCP sport TCP sport TCP sport TCP dport TCP dport TCP dport Action Action Action Examples (1) Switching 00:1f:.. * * * * * * * * * port6 Flow Switching port3 00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6 Firewall 22 drop * * * * * * * * *
Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot TCP sport TCP dport Action Examples (2) Routing * * * * * * 5.6.7.8 * * * port6
Secure Channel and Discovery Protocol • A secure channel from the switch to the controller is needed. Security is important because opening the interface to remote software opens up new possibilities for attacks. • An SSL connection with a site-specific key. Provides encryption and authenti-cation. • A controller discovery protocol is needed • When a new switch is installed it initially has an empty forwarding table and does not know how to forward packets. • The discovery protocol broadcasts the presence of a switch so that a controller can establish an association with the switch and configure its forwarding table.
Main Concepts of the SDN Architecture • Separate data from control: Establish a standard protocol between data and control. • Define a generalized flow table • avery flexible and generalized flow abstraction • Open control API • for control and management applications • Virtualization of the data and control plane • Backward compatible to existing hardware and software
OSPF Over SDN Example(2) IS-IS OSPF = Dijkstra IS-IS OSPF Network OS Distributed System Packet Forwarding Distributed System Distributed System Packet Forwarding OS Packet Forwarding Packet Forwarding Custom Hardware
Other SDN Use Cases • Energy conservation, routing and management in large data centers • Seamless use of diverse wireless networks • Network-based load balancing • Traffic engineering • Experimentation with new approaches and protocols • Run a virtual shadow network for traffic analysis and re-configuration • and many more …
Distributed State Abstraction • Shield control mechanisms from state distribution • Natural abstraction: global network view • An annotated network graph provided through an API • Implemented with the Network Operating System • The control mechanism is now program using an API • No longer a distributed protocol, now just a graph algorithm • E.g. use Dijkstra rather than Bellman-Ford for shortest paths
Traditional Control Mechanisms A distributed algorithm running between neighbors Closed Boxes
Software Defined Network (SDN) e.g. routing, access control Control Program Global Network View Network OS
A Major Change in the Networking Paradigm • We no longer design distributed control protocols. We now design one distributed system (the NOS) and use it for all our desired control functions.
Virtual Networks with SDN (1) Control Program Global Network View Network OS
Virtual Networks with SDN (2) Control Program Abstract Network Model Network Virtualization Global Network View Network OS
Virtual Networks with SDN (3) Specifies behavior Control Program Abstract Network Model Network Virtualization Compiles to topology Global Network View Transmits to switches Network OS
Two Examples Uses • 1. Scale-out router • The abstract view is a single router. • The physical network is collection of interconnected switches. • Allows routers to “scale out, not up”. • We use standard routing protocols on top of this router. • 2. Multi-tenant networks • Each tenant has control over their “private” network. • A network virtualization layer compiles all of these individual control requestsinto a single physical configuration. • Both hard to do without SDN, easywith SDN!
The Forwarding Abstraction in SDN • Switches have two “brains” • A management CPU (smart but slow) • A forwarding fabric (fast but dumb) • We need a forwarding abstraction for both • CPU abstraction can be almost anything • OpenFlow • We control the switch by inserting the <header;action> entries shown above. • This essentially gives the NOS remote access to the forwarding table.
How Well Does SDN Work? • Is it modular, i.e., does it allow new protocols?Yes!! • Is it incrementally deployable? Yes • Is it scalable? Yes • Is it more responsive than traditional routing?Yes • Does it create a single point of failure? No • Is it inherently less secure? No
Status of SDN • The Open Networking Foundation is standards body • SDN was now endorsed by 49 companies. • Almost everyone who matters… • A few products on the market, many more coming soon.
Conclusion • Software-DefinedNetworking is a newarchitecturefornetworks. • It separates thenetworkimplementationinto a distributedsystemofswitchingnodesand a network OS on top ofthem. • The switchingnodehardwareconsistsof a fast but dumbswitchfabricand an intelligent slow general-purpose CPU on top of it. • OpenFlowis a protocoltorun on top of a networkof SDN switches. Itisbasedon header:actionentries.