SlideShare a Scribd company logo
1 of 75
Download to read offline
SDN Architecture and Ecosystem
S. Kingston Smiler
kingstonsmiler@gmail.com
Course Objective
SDN Architecture and Ecosystem
SDN switch Ecosystem
SDN Controller Ecosystem
Placement of Controller
SDN Migration Plan
SDN Security
Hands-On with RYU Controller
SDN Architecture Model
SDN Switch Ecosystem
Introduction to OpenFlow Switches
• Hardware-based OpenFlow Switches
– Commercial hardware switches with OpenFlow capability
• Network abstraction is realized by firmware upgrading
– Show high processing speed
– Have space limitation on saving the flow table entries
• Approximately store 1500 flow entries (due to expensive CAM)
– Not easy to upgrade
• Most switches only support OpenFlow up to version 1.0
• Software-based OpenFlow Switches
– OpenFlow enabled software switch (runs on x86 commodity computer)
– Performance is relatively low
– Store large amount of flow entries with bound (theoretically)
– Under active development, support most recent OpenFlow spec.
• Hybrid OpenFlow Switch
– Supports both openflow as well as traditional routing / switching
– Much faster than software-based switches
Hardware-based OpenFlow Switches
Software-based OpenFlow Switches (1/3)
• OpenvSwitch (OVS)
– Overview
• A virtual switch or Virtual Ethernet Bridge (VEB)
• User-space: configuration, control
• Kernel-space: datapath (included in main Linux kernel from v3.3)
– Features
• Support OpenFlow protocol
• Support multiple tunneling protocols
– VxLAN, Ethernet over GRE, IPsec, GRE over IPsec
• Fine-grained QoS
– Main components
• ovs-vswitchd: a daemon that implements the switch
• ovsdb-server: lightweight database server that ovs-vswitch queries to
• ovs-vsctl: a utility for querying and updating the config. of ovs-vswitchd
• ovs-dpctl: a tool for configuring and monitoring the switch kernel module
• ovs-ofctl: a tool for monitoring and administering OpenFlow switches
• ovs-controller: a simple OpenFlow controller reference implementation
• openvswitch.ko: OpenvSwitch switching datapath
Hybrid Switch Approaches
SIN – With Default Gateway
Hybrid Switch – OFNormal
Hybrid Switch based on Port + Vlan
SDN Controller Ecosystem & Anatomy
Controller Architecture
Imperative Declarative
Legacy Architecture Next-Gen Architecture
Imperative Vs Declarative
• Declarative : A programming paradigm that expresses the logic of a
computation without describing its control flow. Many languages
applying this style to minimize or eliminate side effects by describing
what the program should accomplish, rather than describing how to
go about accomplishing it
• Imperative : A programming paradigm that describes computation in
terms of statements that change a program state. Imperative
programs define sequences of commands for the computer to
perform
Imperative Controller Architecture
• Imperative is a top down approach
to managing the network
• where network state is held and
managed by the controller and
pushed down to the network
elements
• This may lead to scale limitations
for the controller as the network
grows
• Openflow is an example of an
implementation of the
imperative model
Declarative Controller Architecture
• Declarative model uses bottom up
approach to manage the network
• where the physical switches
handle the network state and the
state is defined by the policies
created by the controller
• The “Declarative” model scales
much better
• APIC controller is an example of
an implementation of the
Declarative model
Centralized vs De-centralized vs Distributed Models
Centralized vs De-centralized vs Distributed Models
Anatomy of SDN Controllers
Anatomy of SDN Controllers
Anatomy of SDN Controllers
• SDN-enabled Applications
– Communicate their requirements/polices to the network
– Can monitor network state and adapt accordingly
• SDN Network Controller
– Controller translates from app requirement to low-level rules
– Controller summarizes the network state for applications
• SDN Datapath
– Programmatic low-level control of all fwd’ing and configuration
– API for Capabilities advertisement and publishing statistics
– No resource contention with other entities
– Controller “owns” this device, subject to capabilities advertisement /
negotiation
Controller Redundancy
• Single Switch can be controlled by more than one controller for load
balancing or redundancy purpose
• The controller takes anyone of the following role
– Master
– Slave
– Equal
Controller Redundancy
Master Equal Master - Slave
Controller Topology Discovery
Topology Discovery Protocols
OFDP LLDP
OpenFlow Discovery Protocol
• Implemented by most SDN
controllers and de facto
standard
• OFDP leverages the packet
format of LLDP
• OFDP operates completely
differently
Link Layer Discovery Protocol
• IEEE 802.1AB
• Used in traditional Ethernet
network devices
Topology Discovery Operations
OpenFlow Discovery Protocol
• Controller injects LLDP
packets (Link Layer
Discovery Protocol)
• Switches flood them to all
ports
Topology Discovery Operations
OpenFlow Discovery Protocol
• Other switches receive
packets and report packet-
in to controller.
• Controller learns topology
from information about
incoming ports
Topology Discovery Operations
SDN – North Bound Interface
SDN – First Stage
SDN – Second Stage
SDN – Third Stage
Intent Based SDN
Controller Placement – Who Cares
SDN Controller Placement Considerations
Single
Controller /
Multiple
Controllers?
Redundant /
Load Sharing?
Cluster /
Independent?
Inband / Out
of Band
Challenges in SDN
Scalability
Reliability
Inter-operability
Fault Tolerance
Controller Scalability – Handling Multiple Switches
Controller Scalability – Handling Multiple Switches
• Is it really a problem?
– Nox can handle more than 30k requests / sec with multicore CPU
– This is fine for decent size enterprise, however for data center this is a
problem.
• Solution
– Multiple Controllers with auxiliary connections
– Proactive programming of Flow table entries
– Deploy hybrid switch with locally scoped application / protocol in the switch
itself
– Keep the controller close to the switch network.
Controller Scalability – Handling Flow Events from Switch
Controller Scalability – Handling Flow Events From Switch
• Is it really a problem?
– Performance of first three step depends on the capability and positioning of
controller
• When the controllers are placed on close proximity it is negligible
– Performance of last step depends on the Switch
• OVS is capable of installing Tens of thousands of flows per second
• Most of the hardware supports few thousands of flows per second
• Solution
– Proactive programming of Flow table entries
– Keep the controller close to the switch network.
Controller Reliability
Fault Tolerance
Fault Tolerance – Link Failure
• Is it really a problem?
– Takes 5 steps to detect and recover from the link failure
– Traditional network devices detects the link failure very fast. However the
link failure event is flooded across the network via some protocols.
– In SDN network it is not required.
– The failure recovery process in SDN is no worse than in traditional network.
• Solution
– Proactive programming of Flow table entries
– Keep the controller close to the switch network.
In-Band Vs Out-of-Band
• Out-of-Band: Separate network / link for controller switch
connections
• In-Band: Attaching controller to a switch in a data plane
SDN Migration Plan
Key Questions to be asked
• What are my goals for migrating to open SDN?
• What are the initial steps I should take to achieve my goals for
SDN?
• What are my migration options?
• How have others performed the migration , and how different
from their strategies is my current SDN migration plan?
Key Steps for Migration
• Identify and prioritize the core requirements of the target
network
• Prepare the starting network for migration
• Implement a phased network migration
• Validate the results
Migration Approaches: Greenfield
Migration Approaches: Mixed
Migration Approaches: Hybrid
Migration Approaches: Hierarchical
Migration Approaches: Hierarchical
SDN Migration Case Study (Google)
Key Questions to be asked
• What are my goals for migrating to open SDN?
• What are the initial steps I should take to achieve my goals for
SDN?
• What are my migration options?
• How have others performed the migration , and how different
from their strategies is my current SDN migration plan?
Two Kind of Networks
To improve scalability, flexibility, and agility in managing the Internet-facing
WAN fabric to enhance Google’s user-based services, including Google+,
Gmail, YouTube, Google Maps, and others
Internet
-facing
user traffic
Internal
traffic between
Google’s global data
centers
Starting Network
Fully distributed monolithic control and data plane hardware architecture to
a physically decentralized (though logically centralized) control plane
architecture
Phased deployment
A subset of the nodes in the network were OpenFlow-enabled and controlled
by the logically centralized controller utilizing Paxos, an OpenFlow controller,
and Quagga open source routing stack that Google adapted to its
requirements
Complete OpenFlow
All nodes were OpenFlow-enabled. In the target network, the controller controls the
entire network. There is no direct correspondence between the data center and the
network. The controller also has a TE server that guides the traffic engineering in the
network.
Final Deployment
SDN Security Challenges
Threat Challenges
Centralized Control
Programmability
Cross Domain
Connection
Challenge of Integrating
Legacy Protocols
Centralized Control
• Exposes a high-value asset to attackers
• Attackers may attempt to manipulate the common network
services or even control the entire network by tricking or
compromising a controller
• Unauthorized Access to centralized controller using Password
Brute-Forcing or Password-Guessing Attacks
• Unauthorized Access Using Remote Application Exploitation
Attacks
Programmability
• Traffic and resource isolation
• Trust between third party
applications and the
controller
• Interface Security protection
across controllers
SDN Threat Models
Generic network
infrastructure threats
SDN specific Threats
Network Virtualization
Threats
Generic network infrastructure threats
Generic Threats
Physical threats
Damage/loss.
Failures/malfunctions
Outages / Disaster / Legal
Generic network infrastructure threats
Traffic
diversion
DOS
Data
forging
Flooding
attack
Side
channel
attack
Software
exploits
API
exploita
tion
Identity
spoofing
Traffic
sniffing
Memory
scraping
SDN Reference Architecture Threats
Hands-on
Course Objective
How to run RYU Controller
How to run RYU features
Creating a network with Mininet
Programming a flow entry with RYU
Ping and test the Network
How to start RYU Controller
 Run the given VM in
Virtual Box
 Goto
/home/ubuntu/ryu
 cd /home/ubuntu/ryu
 Run ./bin/ryu-manager
ryu/app/simple_switch.
py ryu/app/ofctl_rest.py
 Run ./bin/ryu-manager ryu/app/simple_switch.py ryu/app/ofctl_rest.py
Mininet
 Mininet creates a realistic OpenFlow network, running real
kernel, switch and application code, on a single machine (VM,
cloud or native), in seconds, with a single command
 sudo mn --topo single,3 --mac --switch ovsk --controller remote
 sudo ovs-ofctl -O OpenFlow13 dump-flows s1
 sudo ovs-vsctl show
Postman
 Postman is a most popular HTTP Request composer that makes
it easy to call web services.
 Search postman firefox in google. There will be a link for
Firefox addon.
 Install that link and open the window.
 You will get a window similar to this
Postman
 To add a flow in the switch
 http://127.0.0.1:8080/stats/flowentry/add
{
"dpid": 1,
"cookie": 42,
"priority": 45000,
"match": {
"in_port": 3
},
"actions": []
}
Postman
 To add a flow in the switch
 http://127.0.0.1:8080/stats/flowentry/delete_strict
{
"dpid": 1,
"actions": [],
"idle_timeout": 0,
"cookie": 42,
"hard_timeout": 0,
"priority": 45000,
"table_id": 0,
"match": {
"in_port": 3
}
}
Thank you

More Related Content

What's hot

Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefZivaro Inc
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkTim4PreStartup
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorialopenflow
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)rjain51
 
Introduction To OpenStack
Introduction To OpenStackIntroduction To OpenStack
Introduction To OpenStackHaim Ateya
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)Ahmed Ayman
 
Software defined networks and openflow protocol
Software defined networks and openflow protocolSoftware defined networks and openflow protocol
Software defined networks and openflow protocolMahesh Mohan
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
Software Defined Networking (SDN)
Software Defined Networking (SDN)Software Defined Networking (SDN)
Software Defined Networking (SDN)NetProtocol Xpert
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVCoreStack
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingAnkita Mahajan
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
Software Defined networking (SDN)
Software Defined networking (SDN)Software Defined networking (SDN)
Software Defined networking (SDN)Milson Munakami
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentMichelle Holley
 

What's hot (20)

Software Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology BriefSoftware Defined Networking (SDN) Technology Brief
Software Defined Networking (SDN) Technology Brief
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual Network
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
OpenFlow tutorial
OpenFlow tutorialOpenFlow tutorial
OpenFlow tutorial
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Introduction To OpenStack
Introduction To OpenStackIntroduction To OpenStack
Introduction To OpenStack
 
Introductionto SDN
Introductionto SDN Introductionto SDN
Introductionto SDN
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
 
Software defined networks and openflow protocol
Software defined networks and openflow protocolSoftware defined networks and openflow protocol
Software defined networks and openflow protocol
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
 
Software Defined Networking (SDN)
Software Defined Networking (SDN)Software Defined Networking (SDN)
Software Defined Networking (SDN)
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
Introduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined NetworkingIntroduction to SDN: Software Defined Networking
Introduction to SDN: Software Defined Networking
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
 
Software Defined networking (SDN)
Software Defined networking (SDN)Software Defined networking (SDN)
Software Defined networking (SDN)
 
Network virtualization
Network virtualizationNetwork virtualization
Network virtualization
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
Introduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application DevelopmentIntroduction to OpenDaylight & Application Development
Introduction to OpenDaylight & Application Development
 

Viewers also liked

[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote ShellcodeAj MaChInE
 
Graduating To Go - A Jumpstart into the Go Programming Language
Graduating To Go - A Jumpstart into the Go Programming LanguageGraduating To Go - A Jumpstart into the Go Programming Language
Graduating To Go - A Jumpstart into the Go Programming LanguageKaylyn Gibilterra
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migrationRogue Wave Software
 
Scale Up with Lock-Free Algorithms @ JavaOne
Scale Up with Lock-Free Algorithms @ JavaOneScale Up with Lock-Free Algorithms @ JavaOne
Scale Up with Lock-Free Algorithms @ JavaOneRoman Elizarov
 
In-Memory Computing Essentials for Architects and Engineers
In-Memory Computing Essentials for Architects and EngineersIn-Memory Computing Essentials for Architects and Engineers
In-Memory Computing Essentials for Architects and EngineersDenis Magda
 
Communication hardware
Communication hardwareCommunication hardware
Communication hardwareHans Mallen
 
Advanced memory allocation
Advanced memory allocationAdvanced memory allocation
Advanced memory allocationJoris Bonnefoy
 
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Patricia Aas
 
What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?Black Duck by Synopsys
 
DevRomagna / Golang Intro
DevRomagna / Golang IntroDevRomagna / Golang Intro
DevRomagna / Golang IntroSimone Gentili
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesMaxim Suhanov
 
Deep dive into Coroutines on JVM @ KotlinConf 2017
Deep dive into Coroutines on JVM @ KotlinConf 2017Deep dive into Coroutines on JVM @ KotlinConf 2017
Deep dive into Coroutines on JVM @ KotlinConf 2017Roman Elizarov
 
Scaling and Transaction Futures
Scaling and Transaction FuturesScaling and Transaction Futures
Scaling and Transaction FuturesMongoDB
 

Viewers also liked (20)

Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode[若渴計畫] Challenges and Solutions of Window Remote Shellcode
[若渴計畫] Challenges and Solutions of Window Remote Shellcode
 
Graduating To Go - A Jumpstart into the Go Programming Language
Graduating To Go - A Jumpstart into the Go Programming LanguageGraduating To Go - A Jumpstart into the Go Programming Language
Graduating To Go - A Jumpstart into the Go Programming Language
 
Walk through an enterprise Linux migration
Walk through an enterprise Linux migrationWalk through an enterprise Linux migration
Walk through an enterprise Linux migration
 
Scale Up with Lock-Free Algorithms @ JavaOne
Scale Up with Lock-Free Algorithms @ JavaOneScale Up with Lock-Free Algorithms @ JavaOne
Scale Up with Lock-Free Algorithms @ JavaOne
 
Docker Networking
Docker NetworkingDocker Networking
Docker Networking
 
In-Memory Computing Essentials for Architects and Engineers
In-Memory Computing Essentials for Architects and EngineersIn-Memory Computing Essentials for Architects and Engineers
In-Memory Computing Essentials for Architects and Engineers
 
Communication hardware
Communication hardwareCommunication hardware
Communication hardware
 
Advanced memory allocation
Advanced memory allocationAdvanced memory allocation
Advanced memory allocation
 
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
Linux Security APIs and the Chromium Sandbox (SwedenCpp Meetup 2017)
 
What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?
 
DevRomagna / Golang Intro
DevRomagna / Golang IntroDevRomagna / Golang Intro
DevRomagna / Golang Intro
 
numPYNQ @ NGCLE@e-Novia 15.11.2017
numPYNQ @ NGCLE@e-Novia 15.11.2017numPYNQ @ NGCLE@e-Novia 15.11.2017
numPYNQ @ NGCLE@e-Novia 15.11.2017
 
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
OCCIware, an extensible, standard-based XaaS consumer platform to manage ever...
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Go Execution Tracer
Go Execution TracerGo Execution Tracer
Go Execution Tracer
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry files
 
Deep dive into Coroutines on JVM @ KotlinConf 2017
Deep dive into Coroutines on JVM @ KotlinConf 2017Deep dive into Coroutines on JVM @ KotlinConf 2017
Deep dive into Coroutines on JVM @ KotlinConf 2017
 
Scaling and Transaction Futures
Scaling and Transaction FuturesScaling and Transaction Futures
Scaling and Transaction Futures
 

Similar to SDN Architecture & Ecosystem

lect4_SDNbasic_openflow.pptx
lect4_SDNbasic_openflow.pptxlect4_SDNbasic_openflow.pptx
lect4_SDNbasic_openflow.pptxJesicaDcruz1
 
sdnppt-140325015756-phpapp01.pptx
sdnppt-140325015756-phpapp01.pptxsdnppt-140325015756-phpapp01.pptx
sdnppt-140325015756-phpapp01.pptxAamirMaqsood8
 
Software Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptiSoftware Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptitrups7778
 
Software defined networking
Software defined networkingSoftware defined networking
Software defined networkingGoogle
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3Wen-Pai Lu
 
F14_Class1.pptx
F14_Class1.pptxF14_Class1.pptx
F14_Class1.pptxSameer Ali
 
Software Defined Networking - 2
Software Defined Networking - 2Software Defined Networking - 2
Software Defined Networking - 2Pradeep Kumar TS
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentationAbdullah Salama
 
Software Define Networking (SDN)
Software Define Networking (SDN)Software Define Networking (SDN)
Software Define Networking (SDN)Pradeep Kumar TS
 
btNOG 5: Network Automation
btNOG 5: Network AutomationbtNOG 5: Network Automation
btNOG 5: Network AutomationAPNIC
 
Open Flow Protocol
Open Flow ProtocolOpen Flow Protocol
Open Flow ProtocolVishal S M B
 
btNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingbtNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingAPNIC
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...APNIC
 

Similar to SDN Architecture & Ecosystem (20)

lect4_SDNbasic_openflow.pptx
lect4_SDNbasic_openflow.pptxlect4_SDNbasic_openflow.pptx
lect4_SDNbasic_openflow.pptx
 
sdnppt-140325015756-phpapp01.pptx
sdnppt-140325015756-phpapp01.pptxsdnppt-140325015756-phpapp01.pptx
sdnppt-140325015756-phpapp01.pptx
 
Software Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_truptiSoftware Defined Networking(SDN) and practical implementation_trupti
Software Defined Networking(SDN) and practical implementation_trupti
 
Software defined networking
Software defined networkingSoftware defined networking
Software defined networking
 
SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3SDN Security Talk - (ISC)2_3
SDN Security Talk - (ISC)2_3
 
F14_Class1.pptx
F14_Class1.pptxF14_Class1.pptx
F14_Class1.pptx
 
4_SDN.pdf
4_SDN.pdf4_SDN.pdf
4_SDN.pdf
 
Software Defined Networking - 2
Software Defined Networking - 2Software Defined Networking - 2
Software Defined Networking - 2
 
SDN Introduction
SDN IntroductionSDN Introduction
SDN Introduction
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
Software Defined Networking: Primer
Software Defined Networking: Primer Software Defined Networking: Primer
Software Defined Networking: Primer
 
Software-Defined Networking Layers presentation
Software-Defined Networking Layers presentationSoftware-Defined Networking Layers presentation
Software-Defined Networking Layers presentation
 
Software Define Networking (SDN)
Software Define Networking (SDN)Software Define Networking (SDN)
Software Define Networking (SDN)
 
C2C communication
C2C communicationC2C communication
C2C communication
 
btNOG 5: Network Automation
btNOG 5: Network AutomationbtNOG 5: Network Automation
btNOG 5: Network Automation
 
Open Flow Protocol
Open Flow ProtocolOpen Flow Protocol
Open Flow Protocol
 
btNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined NetworkingbtNOG 9 presentation Introduction to Software Defined Networking
btNOG 9 presentation Introduction to Software Defined Networking
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
Introduction to Software Defined Networking (SDN) presentation by Warren Finc...
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 

Recently uploaded

Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)ICT Watch - Indonesia
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...vmzoxnx5
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...rrouter90
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...ICT Watch - Indonesia
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 

Recently uploaded (9)

Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
 
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 

SDN Architecture & Ecosystem

  • 1. SDN Architecture and Ecosystem S. Kingston Smiler kingstonsmiler@gmail.com
  • 2. Course Objective SDN Architecture and Ecosystem SDN switch Ecosystem SDN Controller Ecosystem Placement of Controller SDN Migration Plan SDN Security Hands-On with RYU Controller
  • 5. Introduction to OpenFlow Switches • Hardware-based OpenFlow Switches – Commercial hardware switches with OpenFlow capability • Network abstraction is realized by firmware upgrading – Show high processing speed – Have space limitation on saving the flow table entries • Approximately store 1500 flow entries (due to expensive CAM) – Not easy to upgrade • Most switches only support OpenFlow up to version 1.0 • Software-based OpenFlow Switches – OpenFlow enabled software switch (runs on x86 commodity computer) – Performance is relatively low – Store large amount of flow entries with bound (theoretically) – Under active development, support most recent OpenFlow spec. • Hybrid OpenFlow Switch – Supports both openflow as well as traditional routing / switching – Much faster than software-based switches
  • 7. Software-based OpenFlow Switches (1/3) • OpenvSwitch (OVS) – Overview • A virtual switch or Virtual Ethernet Bridge (VEB) • User-space: configuration, control • Kernel-space: datapath (included in main Linux kernel from v3.3) – Features • Support OpenFlow protocol • Support multiple tunneling protocols – VxLAN, Ethernet over GRE, IPsec, GRE over IPsec • Fine-grained QoS – Main components • ovs-vswitchd: a daemon that implements the switch • ovsdb-server: lightweight database server that ovs-vswitch queries to • ovs-vsctl: a utility for querying and updating the config. of ovs-vswitchd • ovs-dpctl: a tool for configuring and monitoring the switch kernel module • ovs-ofctl: a tool for monitoring and administering OpenFlow switches • ovs-controller: a simple OpenFlow controller reference implementation • openvswitch.ko: OpenvSwitch switching datapath
  • 9. SIN – With Default Gateway
  • 10. Hybrid Switch – OFNormal
  • 11. Hybrid Switch based on Port + Vlan
  • 13. Controller Architecture Imperative Declarative Legacy Architecture Next-Gen Architecture
  • 14. Imperative Vs Declarative • Declarative : A programming paradigm that expresses the logic of a computation without describing its control flow. Many languages applying this style to minimize or eliminate side effects by describing what the program should accomplish, rather than describing how to go about accomplishing it • Imperative : A programming paradigm that describes computation in terms of statements that change a program state. Imperative programs define sequences of commands for the computer to perform
  • 15. Imperative Controller Architecture • Imperative is a top down approach to managing the network • where network state is held and managed by the controller and pushed down to the network elements • This may lead to scale limitations for the controller as the network grows • Openflow is an example of an implementation of the imperative model
  • 16. Declarative Controller Architecture • Declarative model uses bottom up approach to manage the network • where the physical switches handle the network state and the state is defined by the policies created by the controller • The “Declarative” model scales much better • APIC controller is an example of an implementation of the Declarative model
  • 17. Centralized vs De-centralized vs Distributed Models
  • 18. Centralized vs De-centralized vs Distributed Models
  • 19. Anatomy of SDN Controllers
  • 20. Anatomy of SDN Controllers
  • 21. Anatomy of SDN Controllers • SDN-enabled Applications – Communicate their requirements/polices to the network – Can monitor network state and adapt accordingly • SDN Network Controller – Controller translates from app requirement to low-level rules – Controller summarizes the network state for applications • SDN Datapath – Programmatic low-level control of all fwd’ing and configuration – API for Capabilities advertisement and publishing statistics – No resource contention with other entities – Controller “owns” this device, subject to capabilities advertisement / negotiation
  • 22. Controller Redundancy • Single Switch can be controlled by more than one controller for load balancing or redundancy purpose • The controller takes anyone of the following role – Master – Slave – Equal
  • 25. Topology Discovery Protocols OFDP LLDP OpenFlow Discovery Protocol • Implemented by most SDN controllers and de facto standard • OFDP leverages the packet format of LLDP • OFDP operates completely differently Link Layer Discovery Protocol • IEEE 802.1AB • Used in traditional Ethernet network devices
  • 26. Topology Discovery Operations OpenFlow Discovery Protocol • Controller injects LLDP packets (Link Layer Discovery Protocol) • Switches flood them to all ports
  • 27. Topology Discovery Operations OpenFlow Discovery Protocol • Other switches receive packets and report packet- in to controller. • Controller learns topology from information about incoming ports
  • 29. SDN – North Bound Interface
  • 30. SDN – First Stage
  • 31. SDN – Second Stage
  • 32. SDN – Third Stage
  • 35. SDN Controller Placement Considerations Single Controller / Multiple Controllers? Redundant / Load Sharing? Cluster / Independent? Inband / Out of Band
  • 37. Controller Scalability – Handling Multiple Switches
  • 38. Controller Scalability – Handling Multiple Switches • Is it really a problem? – Nox can handle more than 30k requests / sec with multicore CPU – This is fine for decent size enterprise, however for data center this is a problem. • Solution – Multiple Controllers with auxiliary connections – Proactive programming of Flow table entries – Deploy hybrid switch with locally scoped application / protocol in the switch itself – Keep the controller close to the switch network.
  • 39. Controller Scalability – Handling Flow Events from Switch
  • 40. Controller Scalability – Handling Flow Events From Switch • Is it really a problem? – Performance of first three step depends on the capability and positioning of controller • When the controllers are placed on close proximity it is negligible – Performance of last step depends on the Switch • OVS is capable of installing Tens of thousands of flows per second • Most of the hardware supports few thousands of flows per second • Solution – Proactive programming of Flow table entries – Keep the controller close to the switch network.
  • 43. Fault Tolerance – Link Failure • Is it really a problem? – Takes 5 steps to detect and recover from the link failure – Traditional network devices detects the link failure very fast. However the link failure event is flooded across the network via some protocols. – In SDN network it is not required. – The failure recovery process in SDN is no worse than in traditional network. • Solution – Proactive programming of Flow table entries – Keep the controller close to the switch network.
  • 44. In-Band Vs Out-of-Band • Out-of-Band: Separate network / link for controller switch connections • In-Band: Attaching controller to a switch in a data plane
  • 46. Key Questions to be asked • What are my goals for migrating to open SDN? • What are the initial steps I should take to achieve my goals for SDN? • What are my migration options? • How have others performed the migration , and how different from their strategies is my current SDN migration plan?
  • 47. Key Steps for Migration • Identify and prioritize the core requirements of the target network • Prepare the starting network for migration • Implement a phased network migration • Validate the results
  • 53. SDN Migration Case Study (Google)
  • 54. Key Questions to be asked • What are my goals for migrating to open SDN? • What are the initial steps I should take to achieve my goals for SDN? • What are my migration options? • How have others performed the migration , and how different from their strategies is my current SDN migration plan?
  • 55. Two Kind of Networks To improve scalability, flexibility, and agility in managing the Internet-facing WAN fabric to enhance Google’s user-based services, including Google+, Gmail, YouTube, Google Maps, and others Internet -facing user traffic Internal traffic between Google’s global data centers
  • 56. Starting Network Fully distributed monolithic control and data plane hardware architecture to a physically decentralized (though logically centralized) control plane architecture
  • 57. Phased deployment A subset of the nodes in the network were OpenFlow-enabled and controlled by the logically centralized controller utilizing Paxos, an OpenFlow controller, and Quagga open source routing stack that Google adapted to its requirements
  • 58. Complete OpenFlow All nodes were OpenFlow-enabled. In the target network, the controller controls the entire network. There is no direct correspondence between the data center and the network. The controller also has a TE server that guides the traffic engineering in the network.
  • 61. Threat Challenges Centralized Control Programmability Cross Domain Connection Challenge of Integrating Legacy Protocols
  • 62. Centralized Control • Exposes a high-value asset to attackers • Attackers may attempt to manipulate the common network services or even control the entire network by tricking or compromising a controller • Unauthorized Access to centralized controller using Password Brute-Forcing or Password-Guessing Attacks • Unauthorized Access Using Remote Application Exploitation Attacks
  • 63. Programmability • Traffic and resource isolation • Trust between third party applications and the controller • Interface Security protection across controllers
  • 64. SDN Threat Models Generic network infrastructure threats SDN specific Threats Network Virtualization Threats
  • 65. Generic network infrastructure threats Generic Threats Physical threats Damage/loss. Failures/malfunctions Outages / Disaster / Legal
  • 66. Generic network infrastructure threats Traffic diversion DOS Data forging Flooding attack Side channel attack Software exploits API exploita tion Identity spoofing Traffic sniffing Memory scraping
  • 69. Course Objective How to run RYU Controller How to run RYU features Creating a network with Mininet Programming a flow entry with RYU Ping and test the Network
  • 70. How to start RYU Controller  Run the given VM in Virtual Box  Goto /home/ubuntu/ryu  cd /home/ubuntu/ryu  Run ./bin/ryu-manager ryu/app/simple_switch. py ryu/app/ofctl_rest.py  Run ./bin/ryu-manager ryu/app/simple_switch.py ryu/app/ofctl_rest.py
  • 71. Mininet  Mininet creates a realistic OpenFlow network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command  sudo mn --topo single,3 --mac --switch ovsk --controller remote  sudo ovs-ofctl -O OpenFlow13 dump-flows s1  sudo ovs-vsctl show
  • 72. Postman  Postman is a most popular HTTP Request composer that makes it easy to call web services.  Search postman firefox in google. There will be a link for Firefox addon.  Install that link and open the window.  You will get a window similar to this
  • 73. Postman  To add a flow in the switch  http://127.0.0.1:8080/stats/flowentry/add { "dpid": 1, "cookie": 42, "priority": 45000, "match": { "in_port": 3 }, "actions": [] }
  • 74. Postman  To add a flow in the switch  http://127.0.0.1:8080/stats/flowentry/delete_strict { "dpid": 1, "actions": [], "idle_timeout": 0, "cookie": 42, "hard_timeout": 0, "priority": 45000, "table_id": 0, "match": { "in_port": 3 } }

Editor's Notes

  1. http://networkstatic.net/configure-an-hp-openflow-switch-for-floodlight/
  2. http://developer.huawei.com/ict/en/site-sdn/article/04