Uploaded byDanishMahmood23
PPTX, PDF20 views

10. Lec X- SDN.pptx

- SDN is defined as separating the network control plane from the forwarding plane, allowing a single control plane to control multiple forwarding devices. (Paragraph 1) - Key dimensions of SDN include disaggregating the control and data planes, having a centralized vs decentralized control plane, and using fixed-function vs programmable data planes. SDN has progressed through phases of network operators taking ownership of the control plane and now also the data plane. (Paragraph 2) - SDN enables use cases like network virtualization, SD-WAN, traffic engineering, bare metal switching, and in-band network telemetry. (Paragraph 3)

Embed presentation

Download to read offline
Bruce Davie Systems Approach, LLC Software-Defined Networks A Systems Approach
• There’s a simple answer: • SDN (software-defined networking) is the separation of control and data planes • The separation allows control topology to be independent of physical network topology • The more interesting question is: • Why would anyone want to do this? • That question has a lot of answers… Logically centralized control plane Data Plane e.g. OpenFlow What is SDN?
• History of SDN • Challenges faced by IP networks • SDN architecture • Case Studies: • Network Virtualization • Traffic Engineering • SD-WAN • Bare metal switching Outline
A Revolution in Networking
• 4D, Greenberg et al. – part of a broader set of “Clean Slate” initiatives • Ipsilon General Switch Management Protocol – RFC 2297 (1996) • IETF Forces WG (2001-2015!!) • Ethane (2007) Foundations of SDN
• Lack of abstractions • Inability to express intent • Unpredictable outcome from complex distributed algorithms • Interactions among protocols (e.g. IGP & EGP) • Can’t manage a device unless it’s properly configured • bootstrap issue – control & management plane dependent on correct data plane • Fragility, risk of change • Glacial pace of innovation Challenges with IP networks
Terminal Protocol: Telnet Terminal Protocol: SSH 1996 2016 Evolution of network provisioning: 1996-2016
• Centralizing the control plane enables more powerful abstractions • E.g. X and Y should be able to communicate • Express intent network-wide • Distributed systems techniques to make central control scalable and fault tolerant • Central control means a single API for the network, rather than an API per box • Networks provisioned by software, not humans • Disaggregation → innovation • Network-wide intent → better security Key SDN Insights
Specialized OS Specialized Hardware App App App App App App Specialized Applications Open Interface Linux Mac OS Windows or or Open Interface Microprocessors Disaggregation of computing Industry
Specialized OS Specialized Hardware App App App App App App Specialized Applications Open Interface Open Interface Merchant Silicon Switching Chips Network OS or or Network OS Network OS Disaggregation of networking Industry
• Just because an idea has been tried before without success doesn’t mean it’s a bad idea Random side observation
SDN Architecture
Routing Table (RIB) Forwarding Table (FIB) Data Plane Control Plane Traditional Control and Data Planes Control Plane • Protocols: BGP, OSPF, RIP • RIB: Collection of Link/Path Attributes • Northbound Configuration Interface − e.g., Cisco CLI Data Plane • Protocols: IP • FIB: Optimized for Fast Lookup • Northbound Control Interface − Historically Private/Internal
Control App . . . Control Plane Data Plane Flow Rules Control App Control App Control App Network OS Global Network Map SDN Control and Data Planes
OpenFlow Switch Table 0 Table 1 Table n Execute Action Set . . . Packet In Packet Out Action Set = {} Action Set Packet + Metadata Action Set Packet OpenFlow-style data plane (MAC) (VLAN) (IP) MAC Header … Payload … IP Header TCP/UDP Header Src Addr Dst Addr Type Src Addr Dst Addr Proto … … … Src Port Dst Port … VLAN ID Ctl Type Optional 802.1Q VLAN Tag
Programmable Parser Programmable Deparser Programmable Match-Action Pipeline Memory Memory Memory Memory Memory Memory ALU ALU ALU ALU ALU ALU Memory Memory Memory Memory Memory Memory ALU ALU ALU ALU ALU ALU Memory Memory Memory Memory Memory Memory ALU ALU ALU ALU ALU ALU Memory Memory Memory Memory Memory Memory ALU ALU ALU ALU ALU ALU PISA: Protocol Independent Switching Architecture
Programmable Switch API Merchant Silicon Stratum + ONL gNMI + gNOI + P4Runtime/OpenFlow Tofino (Barefoot), Tomahawk (Broadcom) forward.p4 arch.p4 P4 Compiler Control App Control App Control App gRPC Trellis Network Operating System gRPC API Switch OS ONOS gNMI + gNOI + FlowObjectives SDN Software Stack
Scaling the Central Control Plane Controller Controller Controller Controller Controller Node 5 Node 4 WebService API Persistent Storage Logical Network Transport Network Node 1 Node 2 Node 3 Controller Cluster
Summary Definition of SDN A network in which the control plane is physically separate from the forwarding plane, and a single control plane controls several forwarding devices. – Nick McKeown (2013) Dimensions • Disaggregated Control and Data planes • Centralized vs Decentralized Control Plane • Fixed-Function vs Programmable Data Plane Phases of SDN • Phase 1: Network operators took ownership of the control plane. • Phase 1a: Non-traditional entrants to the networking business (via disaggregation) • Phase 2: Network operators are taking ownership of the data plane.
• Network Virtualization • SD-WAN • Traffic Engineering • Bare Metal Switching • Inband Network Telemetry Use Cases
Physical Compute & Memory Hypervisor Requirement: x86 Virtual Machine Virtual Machine Virtual Machine Application Application Application x86 Environment Physical Network Network Virtualization Platform Requirement: IP Transport Virtual Network Virtual Network Virtual Network Workload Workload Workload L2, L3, L4-7 Network Services Decoupled Network Virtualization – An Analogy
2009 22
2012 23
Network, storage, compute Virtualization layer Virtual Machines to Virtual Networks
Network, storage, compute Virtualization layer “Network hypervisor” Virtual Data Centers Virtual Machines to Virtual Networks
Cloud Consumption Manager Controller Data Plane • Self Service Portal • OpenStack, Kubernetes, etc • High–Performance Data Plane • Scale-out Distributed Forwarding Model • Single configuration portal • REST API entry-point • Manages Logical networks • Run-time state • Scale out, HA • Separation of Control and Data Plane Distributed Services • Logical Switch • Distributed Logical Router • Firewall • Load Balancer Virtual Edge 26 Network Virtualization Components
MANAGEMENT PLANE CONTROL PLANE DATA PLANE Translated State Discovered State Network topology request Request stored and acknowledged Calculate data plane state Identify data plane resources Desired State Realized State Management, Control and Data Planes
Perimeter-centric network security has proven insufficient Internet Today’s security model focuses on perimeter defense IT Spend Security Spend Security Breaches But continued security breaches show this model is not enough Problem: Data Center Network Security
App VLAN DMZ VLAN Services VLAN DB VLAN Perimeter firewall Inside firewall Finance Finance Finance HR HR HR IT IT IT AD NTP DHCP DNS CERT Microsegmentation and Zero Trust
 Historically challenging to troubleshoot connectivity between VMs • Is the problem in vswitch or physical network? • What’s the path through the physical network? • Is there a (misconfigured) middlebox in the path?  Network virtualization gives us tools to handle this: • Decomposition: separate the physical from the virtual • Global view: see all the logical network state (port stats, drops, etc.) and tunnel health from the controller API • Synthetic traffic: insert packets at vswitch as if the VM generated them Visibility: changing the laws of physics
• 90% of Fortune 100 have deployed network virtualization • Foundational to hyperscale data centers • Network configuration no longer the “long pole” • A key step towards better network security (but much work remains) • Increasingly important for microservices, kubernetes etc. • Commodifying effect on physical networking • Service Mesh can be viewed as a form of Network Virtualization Network Virtualization – Discussion
SD-WAN Cloud Services Corporate Datacenter Branch SD-WAN Controller Main Office SD-WAN Edge Overlay Tunnel Network Policies
Datacenter Datacenter Datacenter Traffic Engineering Controller Network Policies
Leaf Leaf Leaf Leaf Spine Spine Spine Datacenter Switching Fabric Leaf-Spine Topology • Leaf Switches = Top-of-Rack (ToR) • Optimized for East-West Traffic • Built-in Redundancy (not shown) • Scale with additional layers Well-Established in Commodity Clouds • Bare-Metal Switches • Control Plane running in the cloud Internet
Leaf-Spine Switching Fabric Trellis Design • Intra-Rack: L2 Domain within L3 Subnet • Inter-Rack: L3 Routing between Subnets • Segment Routing across Fabric Trellis Features • VLANs / QinQ • End-to-End L2 Tunnels • IPv4 / IPv6 Routing • Multicast (with IGMP) • ARP (IPv4) / NDP (IPv6) • DHCPv4 / DHCPv6 • High Availability Leaf Leaf Leaf Leaf Spine Spine Spine
S1 Add Switch ID, arrival time, departure, queue delay, etc. Log, analyze, replay, visualize Generate report with switch metadata Header Metadata S1 Payload Header Payload Header Payload Header Metadata S1 Payload Metadata S2 Metadata S1 Metadata S2 Metadata S5 S2 S3 S4 S5 Inband Network Telemetry (INT) Fine-Grain Telemetry • Flow Rule(s) that matched • Queuing delays of individual packets • Other flows being buffered • … Uses • Verify correct behavior • Identify micro-bursts • …
• Scale • Stability & Correctness • Timeliness • Inter-domain SDN Challenges
Discussion

More Related Content

PPTX
Dave Chandler Presents SDN at World Wide Technology's TECday - St. Louis
byWorld Wide Technology
 
PPTX
Software Defined networking (SDN)
byMilson Munakami
 
PPTX
Cis sem sdn
byLino Quivén
 
PPTX
Raga_SDN_NSX_1
byRanjith Kumar
 
PPTX
SDN & NFV.pptx
byRUKESHK1
 
PPTX
SDN - a new security paradigm?
bySophos Benelux
 
PDF
SDN Software Defined Networks 1st Edition Thomas Nadeau D.
byhierljowdyc7
 
PDF
DTS Solution - Software Defined Security v1.0
byShah Sheikh
 
Dave Chandler Presents SDN at World Wide Technology's TECday - St. Louis
byWorld Wide Technology
 
Software Defined networking (SDN)
byMilson Munakami
 
Cis sem sdn
byLino Quivén
 
Raga_SDN_NSX_1
byRanjith Kumar
 
SDN & NFV.pptx
byRUKESHK1
 
SDN - a new security paradigm?
bySophos Benelux
 
SDN Software Defined Networks 1st Edition Thomas Nadeau D.
byhierljowdyc7
 
DTS Solution - Software Defined Security v1.0
byShah Sheikh
 

Similar to 10. Lec X- SDN.pptx

PDF
Introduction to Software Defined Networking (SDN)
byBangladesh Network Operators Group
 
PPTX
Software defined networking
byProf. Dr. Noman Islam
 
PPTX
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
PPTX
The Juniper SDN Landscape
byChris Jones
 
PDF
SDN Security Talk - (ISC)2_3
byWen-Pai Lu
 
PPTX
Software-Defined Networking(SDN):A New Approach to Networking
byAnju Ann
 
PPTX
Software Defined Networking (SDN)
byAalok Shah
 
PPTX
lect1_intro_SDN introductionpptnew1.pptx
byanchitaa1
 
PDF
Understanding network and service virtualization
bySDN Hub
 
PPTX
Icccn 1.0
byGary Berger
 
PDF
Sdn primer pdf
byPooja Patel
 
PPTX
Software Define Network, a new security paradigm ?
byJean-Marc ANDRE
 
PDF
SDN Software Defined Networks 1st Edition Thomas Nadeau D.
byaneyaromiel8
 
PDF
Sdn Software Defined Networks 1st Edition Thomas Nadeau D Ken Gray
byninhhzhkal622
 
PDF
Introductionto SDN
byMd. Shariful Islam Robin
 
PPTX
Understanding and deploying Network Virtualization
bySDN Hub
 
PPTX
Research Challenges and Opportunities in the Era of the Internet of Everythin...
byStenio Fernandes
 
PPTX
443029825 cloud-computing-week8-9-pptx
byAbdulqader Al-kaboudei
 
PPTX
SDN: an introduction
byLuca Profico
 
PDF
Introduzione a Software Define Networking
byfestival ICT 2016
 
Introduction to Software Defined Networking (SDN)
byBangladesh Network Operators Group
 
Software defined networking
byProf. Dr. Noman Islam
 
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014
bySAMeh Zaghloul
 
The Juniper SDN Landscape
byChris Jones
 
SDN Security Talk - (ISC)2_3
byWen-Pai Lu
 
Software-Defined Networking(SDN):A New Approach to Networking
byAnju Ann
 
Software Defined Networking (SDN)
byAalok Shah
 
lect1_intro_SDN introductionpptnew1.pptx
byanchitaa1
 
Understanding network and service virtualization
bySDN Hub
 
Icccn 1.0
byGary Berger
 
Sdn primer pdf
byPooja Patel
 
Software Define Network, a new security paradigm ?
byJean-Marc ANDRE
 
SDN Software Defined Networks 1st Edition Thomas Nadeau D.
byaneyaromiel8
 
Sdn Software Defined Networks 1st Edition Thomas Nadeau D Ken Gray
byninhhzhkal622
 
Introductionto SDN
byMd. Shariful Islam Robin
 
Understanding and deploying Network Virtualization
bySDN Hub
 
Research Challenges and Opportunities in the Era of the Internet of Everythin...
byStenio Fernandes
 
443029825 cloud-computing-week8-9-pptx
byAbdulqader Al-kaboudei
 
SDN: an introduction
byLuca Profico
 
Introduzione a Software Define Networking
byfestival ICT 2016
 

More from DanishMahmood23

PPTX
IoT architecture.pptx
byDanishMahmood23
 
PPTX
Topic 5- Communications v1.pptx
byDanishMahmood23
 
PDF
IoT_IO1_1 Introduction to the IoT-1.pdf
byDanishMahmood23
 
PPTX
Topic 4- processes.pptx
byDanishMahmood23
 
PPTX
Topic 9a-Hadoop Storage- HDFS.pptx
byDanishMahmood23
 
PPTX
L1-intro(2).pptx
byDanishMahmood23
 
PDF
IoT_IO1_2 Getting familiar with Hardware - Development Boards.pdf
byDanishMahmood23
 
PDF
IoT_IO1_3 Getting familiar with Hardware - Sensors.pdf
byDanishMahmood23
 
IoT architecture.pptx
byDanishMahmood23
 
Topic 5- Communications v1.pptx
byDanishMahmood23
 
IoT_IO1_1 Introduction to the IoT-1.pdf
byDanishMahmood23
 
Topic 4- processes.pptx
byDanishMahmood23
 
Topic 9a-Hadoop Storage- HDFS.pptx
byDanishMahmood23
 
L1-intro(2).pptx
byDanishMahmood23
 
IoT_IO1_2 Getting familiar with Hardware - Development Boards.pdf
byDanishMahmood23
 
IoT_IO1_3 Getting familiar with Hardware - Sensors.pdf
byDanishMahmood23
 

Recently uploaded

PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PDF
The voice of the rain poem class 11th.pdf
byReeta Baral
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PDF
Analyzing the data of your initial survey
byThelma Villaflores
 
PPTX
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PPTX
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
PPTX
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PDF
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
PPTX
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
PDF
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
PPTX
UNIT 1: COMMUNICATION SKILLS, BARRIERS TO COMMUNICATION, PERSPECTIVES IN COMM...
byPOOJA KARVANDE
 
PPTX
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
PPTX
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
PPTX
Partial Correlation - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂ r₁₂, r₁₃ and r₂₃
bySundar B N
 
PDF
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
PPTX
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
PPTX
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
The voice of the rain poem class 11th.pdf
byReeta Baral
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Analyzing the data of your initial survey
byThelma Villaflores
 
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
Repeat Orders_ Use Odoo Blanket Agreement
byCeline George
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
UNIT 1: COMMUNICATION SKILLS, BARRIERS TO COMMUNICATION, PERSPECTIVES IN COMM...
byPOOJA KARVANDE
 
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
Partial Correlation - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂ r₁₂, r₁₃ and r₂₃
bySundar B N
 
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 

10. Lec X- SDN.pptx

  • 1.
    Bruce Davie Systems Approach,LLC Software-Defined Networks A Systems Approach
  • 2.
    • There’s asimple answer: • SDN (software-defined networking) is the separation of control and data planes • The separation allows control topology to be independent of physical network topology • The more interesting question is: • Why would anyone want to do this? • That question has a lot of answers… Logically centralized control plane Data Plane e.g. OpenFlow What is SDN?
  • 3.
    • History ofSDN • Challenges faced by IP networks • SDN architecture • Case Studies: • Network Virtualization • Traffic Engineering • SD-WAN • Bare metal switching Outline
  • 4.
    A Revolution inNetworking
  • 5.
    • 4D, Greenberget al. – part of a broader set of “Clean Slate” initiatives • Ipsilon General Switch Management Protocol – RFC 2297 (1996) • IETF Forces WG (2001-2015!!) • Ethane (2007) Foundations of SDN
  • 6.
    • Lack ofabstractions • Inability to express intent • Unpredictable outcome from complex distributed algorithms • Interactions among protocols (e.g. IGP & EGP) • Can’t manage a device unless it’s properly configured • bootstrap issue – control & management plane dependent on correct data plane • Fragility, risk of change • Glacial pace of innovation Challenges with IP networks
  • 7.
    Terminal Protocol: TelnetTerminal Protocol: SSH 1996 2016 Evolution of network provisioning: 1996-2016
  • 8.
    • Centralizing thecontrol plane enables more powerful abstractions • E.g. X and Y should be able to communicate • Express intent network-wide • Distributed systems techniques to make central control scalable and fault tolerant • Central control means a single API for the network, rather than an API per box • Networks provisioned by software, not humans • Disaggregation → innovation • Network-wide intent → better security Key SDN Insights
  • 9.
  • 10.
    Specialized OS Specialized Hardware App App App App App App Specialized Applications Open Interface Open Interface MerchantSilicon Switching Chips Network OS or or Network OS Network OS Disaggregation of networking Industry
  • 11.
    • Just becausean idea has been tried before without success doesn’t mean it’s a bad idea Random side observation
  • 12.
  • 13.
    Routing Table (RIB) Forwarding Table (FIB) DataPlane Control Plane Traditional Control and Data Planes Control Plane • Protocols: BGP, OSPF, RIP • RIB: Collection of Link/Path Attributes • Northbound Configuration Interface − e.g., Cisco CLI Data Plane • Protocols: IP • FIB: Optimized for Fast Lookup • Northbound Control Interface − Historically Private/Internal
  • 14.
    Control App . .. Control Plane Data Plane Flow Rules Control App Control App Control App Network OS Global Network Map SDN Control and Data Planes
  • 15.
    OpenFlow Switch Table 0 Table 1 Table n Execute Action Set . .. Packet In Packet Out Action Set = {} Action Set Packet + Metadata Action Set Packet OpenFlow-style data plane (MAC) (VLAN) (IP) MAC Header … Payload … IP Header TCP/UDP Header Src Addr Dst Addr Type Src Addr Dst Addr Proto … … … Src Port Dst Port … VLAN ID Ctl Type Optional 802.1Q VLAN Tag
  • 16.
  • 17.
    Programmable Switch API Merchant Silicon Stratum+ ONL gNMI + gNOI + P4Runtime/OpenFlow Tofino (Barefoot), Tomahawk (Broadcom) forward.p4 arch.p4 P4 Compiler Control App Control App Control App gRPC Trellis Network Operating System gRPC API Switch OS ONOS gNMI + gNOI + FlowObjectives SDN Software Stack
  • 18.
    Scaling the CentralControl Plane Controller Controller Controller Controller Controller Node 5 Node 4 WebService API Persistent Storage Logical Network Transport Network Node 1 Node 2 Node 3 Controller Cluster
  • 19.
    Summary Definition of SDN Anetwork in which the control plane is physically separate from the forwarding plane, and a single control plane controls several forwarding devices. – Nick McKeown (2013) Dimensions • Disaggregated Control and Data planes • Centralized vs Decentralized Control Plane • Fixed-Function vs Programmable Data Plane Phases of SDN • Phase 1: Network operators took ownership of the control plane. • Phase 1a: Non-traditional entrants to the networking business (via disaggregation) • Phase 2: Network operators are taking ownership of the data plane.
  • 20.
    • Network Virtualization •SD-WAN • Traffic Engineering • Bare Metal Switching • Inband Network Telemetry Use Cases
  • 21.
    Physical Compute &Memory Hypervisor Requirement: x86 Virtual Machine Virtual Machine Virtual Machine Application Application Application x86 Environment Physical Network Network Virtualization Platform Requirement: IP Transport Virtual Network Virtual Network Virtual Network Workload Workload Workload L2, L3, L4-7 Network Services Decoupled Network Virtualization – An Analogy
  • 22.
  • 23.
  • 24.
    Network, storage, compute Virtualizationlayer Virtual Machines to Virtual Networks
  • 25.
    Network, storage, compute Virtualizationlayer “Network hypervisor” Virtual Data Centers Virtual Machines to Virtual Networks
  • 26.
    Cloud Consumption Manager Controller Data Plane •Self Service Portal • OpenStack, Kubernetes, etc • High–Performance Data Plane • Scale-out Distributed Forwarding Model • Single configuration portal • REST API entry-point • Manages Logical networks • Run-time state • Scale out, HA • Separation of Control and Data Plane Distributed Services • Logical Switch • Distributed Logical Router • Firewall • Load Balancer Virtual Edge 26 Network Virtualization Components
  • 27.
    MANAGEMENT PLANE CONTROL PLANE DATA PLANE Translated State Discovered State Networktopology request Request stored and acknowledged Calculate data plane state Identify data plane resources Desired State Realized State Management, Control and Data Planes
  • 28.
    Perimeter-centric network securityhas proven insufficient Internet Today’s security model focuses on perimeter defense IT Spend Security Spend Security Breaches But continued security breaches show this model is not enough Problem: Data Center Network Security
  • 29.
    App VLAN DMZ VLAN ServicesVLAN DB VLAN Perimeter firewall Inside firewall Finance Finance Finance HR HR HR IT IT IT AD NTP DHCP DNS CERT Microsegmentation and Zero Trust
  • 30.
     Historically challengingto troubleshoot connectivity between VMs • Is the problem in vswitch or physical network? • What’s the path through the physical network? • Is there a (misconfigured) middlebox in the path?  Network virtualization gives us tools to handle this: • Decomposition: separate the physical from the virtual • Global view: see all the logical network state (port stats, drops, etc.) and tunnel health from the controller API • Synthetic traffic: insert packets at vswitch as if the VM generated them Visibility: changing the laws of physics
  • 31.
    • 90% ofFortune 100 have deployed network virtualization • Foundational to hyperscale data centers • Network configuration no longer the “long pole” • A key step towards better network security (but much work remains) • Increasingly important for microservices, kubernetes etc. • Commodifying effect on physical networking • Service Mesh can be viewed as a form of Network Virtualization Network Virtualization – Discussion
  • 32.
    SD-WAN Cloud Services Corporate Datacenter Branch SD-WAN Controller MainOffice SD-WAN Edge Overlay Tunnel Network Policies
  • 33.
  • 34.
    Leaf Leaf LeafLeaf Spine Spine Spine Datacenter Switching Fabric Leaf-Spine Topology • Leaf Switches = Top-of-Rack (ToR) • Optimized for East-West Traffic • Built-in Redundancy (not shown) • Scale with additional layers Well-Established in Commodity Clouds • Bare-Metal Switches • Control Plane running in the cloud Internet
  • 35.
    Leaf-Spine Switching Fabric TrellisDesign • Intra-Rack: L2 Domain within L3 Subnet • Inter-Rack: L3 Routing between Subnets • Segment Routing across Fabric Trellis Features • VLANs / QinQ • End-to-End L2 Tunnels • IPv4 / IPv6 Routing • Multicast (with IGMP) • ARP (IPv4) / NDP (IPv6) • DHCPv4 / DHCPv6 • High Availability Leaf Leaf Leaf Leaf Spine Spine Spine
  • 36.
    S1 Add Switch ID,arrival time, departure, queue delay, etc. Log, analyze, replay, visualize Generate report with switch metadata Header Metadata S1 Payload Header Payload Header Payload Header Metadata S1 Payload Metadata S2 Metadata S1 Metadata S2 Metadata S5 S2 S3 S4 S5 Inband Network Telemetry (INT) Fine-Grain Telemetry • Flow Rule(s) that matched • Queuing delays of individual packets • Other flows being buffered • … Uses • Verify correct behavior • Identify micro-bursts • …
  • 37.
    • Scale • Stability& Correctness • Timeliness • Inter-domain SDN Challenges
  • 38.

Editor's Notes

  • #3 CP is important; OF is a detail
  • #8 Could mention MPLS as example of how hard innovation was pre SDN
  • #16 Non intuitive: you need a model of the data plane to be able to separate it from control
  • #27 Hyperv possible
  • #28 Show a logical topology getting mapped from top to bottom with animation
  • #30 All Apps on a VLAN can communicate freely Once one App is compromised, lateral movement cannot be restricted Micro-segmentation can granularly control apps even on shared VLAN
  • #38 Scale example – from NSX-mh to NSX-T (fewer hosts etc), API scale for NSX-T
  • #39 What do you think is next? – Fully automated networks? Does the innovation argument hold up? How does BGP play into this? Interdomain still seems broken. Architecture papers are the exception. Networking people love protocols.