compsci 314: sdn: software defined networking...lecture 23. 314 sdn, nevil, 2015 2 current approach...

COMPSCI 314: SDN: Software Defined Networking

Nevil Brownlee

[email protected]

Lecture 23

mailto:[email protected]

314 SDN, Nevil, 2015 2

Current approach to building a network● Buy 802.3 (Ethernet) switches, connect

hosts to them using UTP cabling● Make tree of switches, using higher-

speed switches closer to root of tree● Buy firewall and router, use them to

connect root switch to Internet

314 SDN, Nevil, 2015 3

Current approach (2)● Switches maintain tables of MAC addresses for

reachable hosts per port● Routers maintain tables of address blocks

reachable per port● Routers have a data plane

– switching hardware that forwards packets● and a control plane

– applications that maintain the routing/switching tables

314 SDN, Nevil, 2015 4

Routers and switches are proprietary devices

● Switches implement 802.3, Spanning Tree, 802.11q, etc

● Routers implement routing protocols such as RIP, OSPF, BGP4

● Implementations a proprietary, i.e. closed-source

● Need a new protocol for anything new, that raises deployment issues

314 SDN, Nevil, 2015 5

Current network example

Specialized Packet Forwarding Hardware

App App App


App App App


App App App



OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

Closed

Slide from Deutsche Telekom SDN tutorial, 2011

314 SDN, Nevil, 2015 6

Network maintenance issues● Large networks of switches and routers are hard to maintain● Web interface only works for a few hosts, e.g. home networks● Several 'network management' systems/protocols exist, e.g.

SNMP (Simple Network Management Protocol)– every managed device runs an SNMP server– objects to be managed are addressed via an OID (seqence of dot-

separated integers)– manager application querys devices by making SNMP requests,

and maintaining a database from their SNMP responses● Netconf is emerging as a new standard way to configure and

manage devices and networks

314 SDN, Nevil, 2015 7

Towards an open network



App App App


App App App



OperatingSystem

OperatingSystem

OperatingSystem

OperatingSystem

Network Operating System

App App App


OperatingSystem

314 SDN, Nevil, 2015 8

The 'software-defined' network


App

Simple Packet Forwarding Hardware


App App

Simple Packet Forwarding Hardware Simple Packet

Forwarding Hardware

Network Operating System

1. Open interface to hardware

3. Well-defined open API2. At least one good operating system

Extensible, possibly open-source


314 SDN, Nevil, 2015 9

An SDN approach: OpenFlow● Seminal paper:

– OpenFlow: Enabling Innovation in Campus Networks. March 14, 2008.

Nick McKeown, Tom Anderson, Hari Balakrishnan

et al (8 authors)● Flows

– sets of packets with common properties– e.g. source/destination addresses and ports– OpenFlow switches use a table of flows

314 SDN, Nevil, 2015 10

Transition

Ethernet SwitchEthernet SwitchEthernet SwitchEthernet Switch


314 SDN, Nevil, 2015 11

Transition (2)

Data Path (Hardware)Data Path (Hardware)

Control PathControl PathControl Path (Software)Control Path (Software)


314 SDN, Nevil, 2015 12

Transition (3)

Data Path (Hardware)Data Path (Hardware)

Control PathControl Path OpenFlowOpenFlow

OpenFlow ControllerOpenFlow Controller

OpenFlow Protocol (SSL/TCP)


314 SDN, Nevil, 2015 13

OpenFlow example


Controller

PC

HardwareLayer

SoftwareLayer

Flow Table

MACsrc

MACdst

IPSrc

IPDst

TCPsport

TCPdport Action

OpenFlow Client

**5.6.7.8*** port 1

port 4port 3port 2port 1

1.2.3.45.6.7.8

314 SDN, Nevil, 2015 14

OpenFlow basics


SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

L4sport

L4dport

Rule Action Stats

1. Forward packet to zero or more ports2. Encapsulate and forward to controller

3. Send to normal processing pipeline4. Modify Fields

5. Any extensions you add!

+ mask what fields to match

Packet + byte counters

VLANpcp

IPToS

314 SDN, Nevil, 2015 15

Flow table usage examples


Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

* 00:1f:.. * * * * * * * port6

Flow Switching

port3

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

00:20.. 00:1f.. 0800 vlan1 1.2.3.4 5.6.7.8 4 17264 80 port6

Firewall

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * * * * * * * 22 drop

314 SDN, Nevil, 2015 16

Flow table usage examples (2)


Routing

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport

Action

* * * * * 5.6.7.8 * * * port6

VLAN Switching

*

SwitchPort

MACsrc

MACdst

Ethtype

VLANID

IPSrc

IPDst

IPProt

TCPsport

TCPdport Action

* * vlan1 * * * * *port6, port7,port9

00:1f..

314 SDN, Nevil, 2015 17

How OpenFlow works● A packet reaches an OpenFlow switch,

the switch tests whether the packet is part of an existing flow

● If it is, the switch just forwards it● If not, the switch sends the packet to its

controller● The controller determines a path to the

packet's destination, creates a flow table entry for it, and updates the switch tables

314 SDN, Nevil, 2015 18

SDN issues● So now the OpenFlow controller is a single point

of failure?– Well, yes – so we need several controllers with the

ability to co-operate● Can we do more than simple switching?

– Yes! There's a lot of interest in SDN in New Zealand, for example

– the WAND group have implemented a BGP router in their controller

– in Wellington VUW also have a strong SDN group

314 SDN, Nevil, 2015 19

Masters scholarship opportunities● Victoria University of Wellington have

some scholarship opportunities for Masters projects on software defined networking topics, more information here:

● http://sdnvuw.blogspot.co.nz/2015/08/ scholarships-available-to-work-on.html

http://sdnvuw.blogspot.co.nz/2015/08/

compsci 314: sdn: software defined networking...lecture 23. 314 sdn, nevil, 2015 2 current approach...

Documents