1. VIT University
Presentation by:-
Ankita Vinod Mandekar (13MIT0108)
2ndyear MTech IT(Networking),
School of Information Technology and Engineering,
VIT University
Guided by:-
Dr. Krishna Chandramouli
Associate Professor,
Division of Enterprise and Cloud Computing,
School of Information Technology and Engineering,
VIT University
1
2. Outline:
VIT University
1. Software Defined Network
2. Network Architecture
3. Openflow Standard
4. Mininet
5. Floodlight
6. Proposed work
7. Result
8. References 2
3. 1. Programmable network plays a wide role in decreasing the complexity for development of a fully
managed network at customer edge.
2. Software Defined Networking deals with programmable network using centralized policy while
network deployment.
3. It uses a controller with Southbound and Northbound API.
4. Openflow enabled switches provide the control parameter to controller for making forwarding
decisions.
5. Flow based forwarding is done between source and destination. This increases the throughput of
network.
6. The controller act as per used routing protocol provides the flow table entry.
VIT University
Software Defined Network
3
4. VIT University
Software Defined Network
1. SDN Controller : Floodlight
2. Network Virtualization 4
5. VIT University
OpenFlow Protocol
1. OpenFlow is a standard protocol defined for southbound of SDN controller.
2. It decouples the control plane from data plane.
3. The Flowtable entries for Openflow enabled routers are:-
4. There are two types of messages:-
a. Controller to Switch
b. Asynchronous
5
6. VIT University
Mininet
1. Mininet is a network emulator
2. Mininet creates a realistic virtual network, running real kernel, switch and
application code, on a single machine
3. Way to develop, share, and experiment with OpenFlow and Software-Defined
Networking systems
4. It is fast - starting up a simple network takes just a few seconds.
5. Create custom topologies as per network.
6. Using scripts-sudo
mn –controller = remote,ip=192.168.142.1
sudo mn –controller=remote,switches =ovsk linear,4
6
7. #topo_model.py VIT University
from mininet.net import Mininet
from mininet.util import createLink
net=Mininet()
#Create nodes in the network.
c0 = net.addController()
h2=net.addHost('h2')
s1=net.addSwitch('s1')
h3=net.addHost('h3')
#Creating links between nodes in network (2-way)
net.addLink(h2,s1)
net.addLink(h3,s1)
#configuration of IP addresses in interfaces
h2.setIP ('10.0.0.4',8)
h3.setIP ('10.0.0.5',8)
net.start()
net.pingAll()
net.stop()
7
8. VIT University
Floodlight Controller
1. Floodlight is the core of a commercial controller product from Big Switch Networks (link) and is
actively tested and improved by a community of professional developers.
2. It is an open source project for Software Defined Network on JAVA platform. So secure compared
to NOX- C++, POX-python controllers
3. It works with physical and virtual switches that speak the OpenFlow protocol.
4. Network Virtualization is done by creating multiple different network on top of a single physical
Controller.
5. Flowvisor technology is used for isolating those different network.
6. Different protocol are deployed once on controller instead of number of network devices.
8
10. VIT University
Rest API with FLC
Representational state transfer (REST) abstracts the network component
details such as routers, switches, SDN controller and host.
The FLC uses these REST API to monitor the failure, performance.
‘http://192.168.142.1:8080/wm/core/controller/summary/json’
http:// 192.168.142.1:8080/wm/core/memory/json’
Controller Memory Usage
Static entries to switch
‘http:// 192.168.142.1:8080/wm/staticflowentrypusher/json’
Details of switches
10
11. VIT University
FLC with Firewall
1. FIREWALL filters the incoming and outgoing traffic of the network.
2. The rules of the network with respect to host, timing and priority of
communication.
3. In SDN, the firewall is a Northbound API for FLC
4. Rest API for FLC:-
STATUS REST API: (get method)
‘http://192.168.142.1:8080/wm/firewall/module/status/json’
‘http://192.168.142.1:8080/wm/firewall/module/enable/json’
‘http://192.168.142.1:8080/wm/firewall/module/disable/json’
(put method)
#Allow traffic on 00:00:00:00:00:00:00:01 switch
‘ curl -X POST -d '{"switchid": "00:00:00:00:00:00:00:01"}'
http://localhost:8080/wm/firewall/rules/json’ 11
13. VIT University
Networking Slice
1. Dynamic allocation of IP for each tenant
2. The controller make IP address allocation scalable by using router exposed REST API
3. Make the required changes to ‘/etc/config/network’ directory of routers
13
14. Literature Survey:
1. In 2003, “The Beacon OpenFlow Controller” by David Erickson
VIT University
The Openflow and floodlight approach to the network traffic which proved as much efficient
than traditional network.
2. In 2005, “A denial of service attack against the Open Floodlight SDN controller” by Jeremy M.
Dover
Open Floodlight is an open-source software-defined network controller, the
brains of an OpenFlow-based network where the switches act as forwarding devices,
leaving the controller to make decisions about flows and routing. In this paper,
security threats which can attack over floodlight controller and there prevention is
explained.
3. In 2008, Enabling Innovation in Campus Network proposed by Nick McKeown, Tom Anderson,
Hari Balakrishnan. In this paper the campus network is design using OpenFlow protocol. The need
of programmable network and its advantages are explain
14
15. Experimental Results
VIT University
1. The FIREWALL Northbound API is designed on top of centralized FLC. This can monitor the
traffic across the network. The web based interface to FLC with Firewall allows user to check
status, enable and disable. This provide automate nature to network as customer required.
2. The NETWORK SLICE Northbound API can get the network device details to FLC. FLC can
reconfigure the network for whole network. This makes the network dynamic and scalable.
15
16. VIT University
Advantages
1. Network Slice is developed as a northbound API on top of controller. This provides secure
and multitasking network.
2. It makes scalable network for multiple tenants
3. Using single programmable Controller in the network is cost beneficial.
4. It is easy to implement the new protocol all over the network by using Floodlight
controller.
5. Firewall on the controller is used to take action as blocked or accepted as per policies
required to customer.
6. The network is managed as per customers requirement from a single point.
16
17. VIT University
Conclusion:
The network for campus is centralized with FLC. The filtering of traffic is done
successfully with the firewall Northbound API. The network is automate as well as secure
with centralization policy which makes network robust to failures. The Network Slice
Northbound API makes network scalable for multi tenancy.The network functions are
virtualized on top of FLC. The centralized FLC makes maintenance of network easy in
less cost.
17