software defined networking › martignon › documenti › rim › sdn_eng.pdf · software defined...
TRANSCRIPT
Software Defined Networking
Software Defined Networking
Software Defined Networking
Software Defined Networking
So#ware-Defined Networking (SDN) refers to a newapproach for network programmability, that is, thecapacity to ini?alize, control, change, and managenetwork behavior dynamically via open interfaces.[RFC7426]
Software Defined Networking
So#ware-Defined Networking (SDN) refers to a newapproach for network programmability, that is, thecapacity to ini?alize, control, change, and managenetwork behavior dynamically via open interfaces.[RFC7426]
Adifferentwayofthinkingaboutnetworks
X
Software Defined Networking
SpecializedPacketForwardingHardware
STP ICMP OSPF
OperaCngsystem
Typical network node 6
Software Defined Networking
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App
App
App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
OperaCngSystem
OperaCngSystem
OperaCngSystem
OperaCngSystem
OperaCngSystem
App App App
Typical network 7
AllnodesareequalPeer-to-peerprotocls
Software Defined Networking
Protocolli peer-to-peer
Peer-to-peer are excellent: • They can be easily extended • robust • scalable (think about the Internet!)
But… • They are quite “expensive” to run • problems are difficult to localize • very very difficult to update and innovate
Software Defined Networking 9
SeparateDataPlanefromControlPlane
SpecializedPacketForwardingHardware
App App App SpecializedPacketForwardingHardware
App
App
App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
OperaCngSystem
OperaCngSystem
OperaCngSystem
OperaCngSystem
App App App
ControlPlane
DataPlaneSpecializedPacket
ForwardingHardware
App App App
OperaCngSystem
Basic idea of SDN 9
Software Defined Networking
SDN moves network functionalities in a Network Operating System 10
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
OperaCngSystem
OperaCngSystem
OperaCngSystem
OperaCngSystem
OperaCngSystem
App App App
Software Defined Networking
SDN moves network functionalities in a Network Operating System 11
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
SpecializedPacketForwardingHardware
App App App
NetworkOperaCngSystem
Software Defined Networking
SDN moves network functionalities in a Network Operating System 12
SpecializedPacketForwardingHardware
SpecializedPacketForwardingHardware
SpecializedPacketForwardingHardware
SpecializedPacketForwardingHardware
SpecializedPacketForwardingHardware
NetworkOperaCngSystem
App App App
Software Defined Networking
App
Switch
Switch
Switch
App App
SwitchSwitch
Controller
Northboundinterface
Southboundinterface
SDN stack: 3 layers, 2 interfaces 13
Deviceslayer
Networkservicelayer
ApplicaConlayer
Software Defined Networking
Software Defined Networking
Software di controllo
Router
Forwarding Hardware
Software Defined Networking
Software di controllo
Router
Forwarding Hardware
Authentication, Securit
y, Access Control
HELLO
IPV6 multicast Mobile IP
L2 VPN VLAN OSPF-TE
RSVP-TE HELLO HELLO
Firewall
IPSec
Software Defined Networking
Software di controllo
Router
Forwarding Hardware
Authentication, Securit
y, Access Control
HELLO
IPV6 multicast Mobile IP
L2 VPN VLAN OSPF-TE
RSVP-TE HELLO HELLO
Firewall
IPSec
InfrastructurenodesdomanythingsOSPF,BGP,mul?cast,differen?atedservices,TrafficEngineering,NAT,firewalls,MPLS,redundantlayers,…
TheyshoulddolessthingsWELL!
Software Defined Networking
Number of published RFCs
Software Defined Networking
Protocols implemented in a generic switch
Software Defined Networking
Windows(OS)Windows(OS)
Linux MacOS
x86(Computer)
Windows(OS)
AppApp
LinuxLinuxMacOSMacOS
VirtualizaConlayer
App
Controller1
AppApp
Controller2
VirtualizaConor“Slicing”
App
OpenFlow
Controller1ONOS(NetworkOS)
Controller2NetworkOS
Technological Trend
ComputerIndustry NetworkIndustry
Hardwaresublayersimpleandstable,programmability,isolaConandcompeCConinupperlayers
Software Defined Networking
Abstractions
Abstractions allow programs easier to write and maintain Data plane abstractions: • the OSI stack Control plane abstractions? They must be developed: • Devices layer • Network services layer
Software Defined Networking
Software Defined Networking
Devices Abstraction
Currentdevices
RouterIP
SwitchEthernet
Firewall
NATbox
L4switch
Abstractdevice
Flowtable
TheFlowTableabstracConisindependentofthelayerinwhichthedevicewilloperateAflowisdefinedbyapacketclassificaConrule,basedontheheadervalues
Software Defined Networking
Flow table abstraction
Software Defined Networking
Astrazione a tabella di flussi 25
Rule AcCon Stats
Rule AcCon Stats
Rule AcCon Stats
Rule AcCon Stats
highestpriority
lowestpriority
Ognipacche\ovieneclassificatoinbaseaunaregola
DefaultRule
AcCon:SendtoController Stats
Software Defined Networking
Flow table abstraction 26
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
L4sport
L4dport
Rule AcCon Stats
1. Forwardpackettozeroormoreports2. Encapsulateandforwardtocontroller3. Sendtonormalprocessingpipeline4. ModifyFields5. Anyextensionsyouadd!
Matchescanbeexactorwithawildcard
Packet+bytecounters
VLANpcp
IPToS
…
Software Defined Networking
One table, many possible behaviors 27
Name Port MACSrc
MACDst
EthType
VLANID
IPSrc IPDst IPProt UDP/TCPSport
UDP/TCPDport
AcLon
Switchboard p1 * * * * * * * * * port2
PortMirroring p1 * * * * * * * * * port2,port3
L2Switching * * 00:1f... * * * * * * * port2
VLANSwitching * * 00:1f… * vlan3 * * * * * port2
IPRouCng * * * * * 5.6.7.8/16
* * * writeMAC,port2
Firewall * * * * * * * * * 22 drop
FlowSwitching p3 00:20... 00:1f... 0800 vlan3 1.2.3.4 5.6.7.8 4 17264 80 port2
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
port4port3port2port1
Reactive installation of Rules 28
✗Packet1only
1.2.3.45.6.7.8
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
port4port3port2port1
Reactive installation of Rules 29
✗Packet1only
1.2.3.45.6.7.8
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
80123455.6.7.81.2.3.456:7812:34 port1
port4port3port2port1
Reactive installation of Rules 30
✗Packet1only
1.2.3.45.6.7.8
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
80123455.6.7.81.2.3.456:7812:34 port1
port4port3port2port1
Reactive installation of Rules 31
✗ ✓Packet1only
Packets2ton
1.2.3.45.6.7.8
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
port4port3port2port1
Proactive installation of Rules 32
1.2.3.45.6.7.8
Software Defined Networking
Controller
PC
HardwareLayer
SoiwareLayer
FlowTable
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport AcCon
OpenFlowAgent
**5.6.7.8*** port1
port4port3port2port1
Proactive installation of Rules 33
Everypacket1.2.3.45.6.7.8
Software Defined Networking
Software Defined Networking
Abstraction of Network Services
CurrentServices
Topologydiscovery
PathcomputaCon
StatedisseminaCon
Faultrecovery
AbstractServices
NetworkMap
Intent-basedNetworking
Software Defined Networking
Flowtable
NetworkMap
L4L3L2.5L2L1
TablesforidenLfiersandacLons
FlowsarecombinaLonof
NorthboundAPI
NetworkApplicaLonsrouLng,access-control,mobility,traffic-engineering,guarantees,recovery,bandwidth-on-demand…
SouthboundAPI
ControlPlane
StateCollecLonStateDisseminaLon&ApplicaLonIsolaLon
BuiltforPerformanceScale&Reliability
SDN Abstractions
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2
Host1 Host2
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2 1. Discover network topology
Host2Host1
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2 1. Discover network topology 2. Determine the path
Host2Host1
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2 1. Discover network topology 2. Determine the path 3. Write the rules that define the flows and corresponding actions
Host1 Host2
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2 1. Discover network topology 2. Determine the path 3. Write the rules that define the flows and corresponding actions 4. Install rules on devices
Host1 Host2
Software Defined Networking
Example of network application Classic imperative approach
Objective: establish a connection between Host 1 and Host 2 1. Discover network topology 2. Determine the path 3. Write the rules that define the flows and corresponding actions 4. Install rules on devices
Host1 Host2
Software Defined Networking
Example of network application Problems
This approach may fail in several ways
Host1 Host2
Software Defined Networking
Example of network application Problems
This approach may fail in several ways Missing rules, refused or cancelled • Continuosly control that devices can be reached • Guarantee that a consistent state is reached between two updates
Host1 Host2
Software Defined Networking
Example of network application Problems
This approach may fail in several ways Missing rules, refused or cancelled • Continuously control that devices can be reached • Guarantee that a consistent state is reached between two updates Topology Modifications • Listen to failure events from all devices and links • Compute new paths and new flows
Host1 Host2
Software Defined Networking
Programming Network Applications
Each application requires the calculation of routing paths, the installation of rules, the updating of state machines
In the event of failures, we risk inconsistent behavior Bugs need to be fixed at various points in the network Updating algorithms involving multiple applications is expensive Difficult to resolve conflicts between applications
Software Defined Networking
Programming Network Applications Declarative Programming (intent-based networking)
Network intentions are a high-level interface that describes which result you want to achieve and delegates how to get it to the network services layer
It hides the complexity of the network from applications It guarantees the maintenance of the result even in the presence of
topology changes
Software Defined Networking
Intent Example
Host to Host Intent
Software Defined Networking
Intent Example
Host to Host Intent
IntentServiceAPI
submit()
Software Defined Networking
Intent Example
COMPILATION
Path Intent
Path Intent
Host to Host Intent
Software Defined Networking
Intent Example
COMPILATION
INSTALLATION
Flow Rule Batch
Flow Rule Batch Flow Rule Batch
Flow Rule Batch
Path Intent
Path Intent
Host to Host Intent
Software Defined Networking
Software Defined Networking
SDN in action
Software Defined Networking
Google’s B4 Architecture
SiteA
DataCenter
OFASwitch
OFASwitch
OFASwitch
OFASwitch
DataCenter
SiteB
DataCenter
SiteC
B4WAN
Servers
RAPTE-AGENTOFC
paxosQuaggaQuaggaQuagga Paxos SiteBControllers
Servers
SiteCControllers
Servers
Switchhardware
iBGP
eBGP
Sitecontrollers
GatewayGatewayCentralTEServersCentralTEServers
GlobalTE