The document discusses the evolution and fundamental concepts of Software Defined Networking (SDN), emphasizing its separation of control and data planes to enhance network management. It details the architecture involving OpenFlow, the roles of controllers, agents, and various applications, as well as the implementation of Network Functions Virtualization (NFV). Additionally, it explores future trends such as intent-based networking and the adoption of cloud, automation, and analytics in SDN transformation.

1. WELCOME TO SDN NATION

2. SDN TECHNOLOGY EVOLVEMENT
Telkom University, August 2017

3. Stanford University – Clean Slate Project
“…explore what kind of Internet we would design if we were to start with a
clean slate and 20-30 years of hindsight.”
http://cleanslate.stanford.edu

4. With SDN, Control
Plane is separated
from the physical
device
NOT ALL PROCESSING HAPPENS INSIDE DEVICE
In “traditional” network
Control Plane and Data
Plane reside in the
same physical device

5. Software defined networking (SDN) is an approach to computer
networking that allows network administrators to manage network
services through abstraction of lower-level functionality
What is SDN?
(per Wikipedia definition)
SDN is not (only) OpenFlow, but for most people that’s how it started

6. FOUR PARTS OF OPENFLOW
• Controller – resides on a server
and provides control plane
function for the network
• OpenFlow Agent – resides on a
network devices and fulfill
requests from the Controller
• Northbound APIs – enable
applications to interface with the
Controller
• OpenFlow Protocol – the Layer 2
protocol that the Controller and
Agents use to communicate

7. ONF Board Members
Deutsche Telekom : Facebook :
Goldman Sachs : Yahoo
Google : Microsoft : NTT
Communications : Verizon

8. OPENDAYLIGHT SDN CONTROLLER
OpenFlow-enabled
devices that are
configured to this
controller
automatically show
up in the topology

9. SDN CONTROLLER PROVIDES ABSTRACTION

10. Preinstalled Apps
• BGPLS Manager - Visualizes
network topology from BGP
database
• Inventory – Augmented
OpenDaylight “nodes” app
identifies all connected devices
• (YANG) Model Explorer –
Exposes system models and
previews JSON API body
• OpenFlow Manager – Manages,
visualizes, and troubleshoots
flows + previews JSON API body
• PCEP Manager – Creates,
modifies, and deletes MPLS LSPs
Centralized OA&M
• Robust user, application,
and feature administration
• Status monitoring; system,
cluster, node
• Event logging
• Real-time CPU, memory,
disk, heap size, load, and
network utilization metrics
“One-Click” Install
• VMware ESXi and Oracle
Virtual Box hypervisor ready
SDN APPLICATIONS ARE THE INNOVATIONS

11. Urs Holzle, Senior Vice President of Technology Infrastructure at Google
speaking in a keynote at the
second annual Open Networking Summit (April 2012)
http://www.eetimes.com/electronics-news/4371179/Google-describes-its-OpenFlow-network

12. Amin Vahdat, Fellow and Technical
Lead for Networking at Google
speaking in a keynote at Open
Networking Summit (March 2014)

13. Controller
Data Plane
Applications
Open APIs
OpenFlow,
PCEP,
I2RS,
Netconf
2a Pure SDN
Vendor
Specific
(e.g. Nexus
API)
Applications
Virtual Switch
Overlays
Overlay
Protocols
(e.g. VXLAN)
Open APIs
3 Overlays Networks
Control Plane
Data Plane
Overlays
Vendor-
specific APIs
Applications
1 Programmable APIs
Control Plane
Data Plane
Vendor
Specific
(e.g. Nexus
API)
Controller
Data Plane
Applications
Open APIs
OpenFlow,
PCEP,
I2RS,
Netconf
Control Plane
2b Hybrid SDN
Vendor
Specific
(e.g. Nexus
API)
Control Plane
Data Plane
CLI,
SNMP,
Netflow,
…
Applications
(Network Mgmt,
Monitoring, …)
SDN IMPLEMENTATION OPTIONS

14. Logical “switch” devices overlay the
physical network
Underlying physical network carries data
traffic for overlay network
They define their own topology
OVERLAY 101

15. OVERLAY NETWORK WITH VIRTUAL SWITCH

16. VXLAN TUNNELS CONNECT VIRTUAL MACHINES

17. OpenStack Neutron is
used to help manage
the overlay (virtual)
networks
This is one linkage
between
SDN and Virtual
Infrastructure Manager
(VIM) like OpenStack

18. NETWORK FUNCTIONS VIRTUALIZATION:
WHY, HOW, WHEN?
Disaggregation of
Network Functions from
the underlying Hardware
Network Functions running inside VM on
x86 Server Platform (Virtual Network Functions)
NAT
VM
Firewall
VM
SBC
VM
dDOS
VM
Virus
Scan
VM
IPS
VM
DPI
VM
CGN
VM
Portal
VM
PCRF
VM
DNS
VM
DHCP
VM
BRAS
VM
SDN
Control
VM
RaaS
VM
WLC
VM
WAAS
VM
CDN
VM
Caching
VM
NMS
VM
Hardware
(x86 Server)
Cloud Operating
System
Virtual Network
Functions
Existing Hardware / Appliance
based Network Functions (PNFs)
Hardware
(ASIC/NPU/GPU)
Operating System
Apps
(e.g. Routing)
How?Why?
• Hypervisor & cloud technology
• Improving x86 h/w performance
• SDN based orchestration
• Speed and Agility
• Monetization with new services
• Reduced total cost of ownership
When?
• Performance Requirements
• Physical Design Requirements
• Economics of on-boarding
Depends On
18

19. • e.g. IPv6/v4, MPLS, VPNs, Optical
• High throughput / BW
• Stateless functions
• Mostly predictable traffic
• Many flows needing isolation, significant traffic
management needed
• Interface-specific functions (2-stage forwarding)
Network
Forwarding (L0-
3)
• e.g. DPI, FW, CGN, BNG, Mobility S/PGW, AAA, DNS,
DDOS
• Low to Med Throughput
• Stateful functions
• Unpredictable traffic
• # of flows (traffic management) – varies
• No interface-specific functions
Network
Services
(L4+)
Better fit for NPU
Compute
Bandwidth
Better fit for x86
(Virtualization)
Compute
Bandwidth
VIRTUALIZING NETWORK FUNCTIONS
X86 VS. CUSTOM CPU

20. (MANO)
Virtualized Network
Function, actual NF
application (ex. vFR,
vCPE,vLB)
Traditional Element
Manager
Virtualisation layer,
Server (hypervisor),
Network, Storage
Physical
hardware
Resource Mgr,
Operations
Lifecycle mgmt for VNFs
(upgrade, scale,
termination, etc.)
Orchestration of overall
solution
Deployment templates,
forwarding graph, service-related
information
OSS (CMDB, Montoring,
Alarming, IPAM/DNS/DHCP)
BSS (CRM, Billing, Order
Mgmt)
ETSI NFV REFERENCE ARCHITECTURE

21. Jawdat Juragan
SAMPLE PRODUCTS MAPPED TO ETSI NFV
VMware Big
Switch
VNF Manager
Service, VNF and
Infrastructure
Description
Service Catalog
Cisco Network Services Orchestrator (Based on Tail-F NCS)
VNF Library (sample list)
SP’s Existing
OSS/Catalog
OpenStack
CSR1kvCSR1kv
CSR1kv
NFF
3rd Party
vNFASAvASAv
ASAv
QvPC SIQvPC SI
vWAAS
QvPC DIQvPC DI
vWSA
Virtual Infra.
Managers (VIM)
NFV
Orchestrator
Service Lifecycle Management Service Provisioning
ODLCisco APIC, VTC
(Compute and Storage VIMs)
Jawdat JongOS
Cisco VNF Manager
REST API
Physical &
Virtual
Network
(Network VIMs)
Service Lifecycle Management
(ESC)
OVS
Cisco VTF, VPP, AVS
Software Defined Network

23. TRADITIONAL NETWORK HAS BECOME COMPLEX

24. Web
Servers
vLAN 666
L3
FW
SLB
SSL
DB
Servers
vLAN 111
vLAN 222
www www www
vLAN 444
App
Servers
FW
SLB
app app
FW
db db
switch1(config)#
switch1(config)# int eth 1/1
switch1(config)# switch mode acc
switch1(config)# switch acc vlan 666
switch1(config)# no shut
router(config)#
router(config)# int eth 1
router(config)# ip add 6.6.6.1 255.255.255.0
router(config)# not shut
router(config)# int eth 2
router(config)# ip addr 1.1.1.1 255.255.255.0
router(config)# no shut
router(config)# router eigrp 100
router(config)# network 6.6.6.0 mask 255.255.255.0
router(config)# network 1.1.1.0 mask 255.255.255.0
router(config)# ip route 0.0.0.0 0.0.0.0 6.6.6.254
switch2(config)#
switch2(config)# int eth 1/2 - 3
switch2(config)# switch mode acc
switch2(config)# switch acc vlan 111
switch2(config)# no shut
fw1(config)#
fw1(config)# int eth 0/1
fw1(config)# nameif outside 0
fw1(config)# int eth 0/2
fw1(config)# nameif webfront 20
fw1(config)# object network webfront_vip
fw1(config)# host 6.6.6.6
fw1(config)# static (webfront,outside) 1.1.1.6
fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 80
fw1(config)# access-list outside_web permit tcp any host 6.6.6.6 eq 443
fw1(config)# access-group outside_web in interface outside
switch3(config)#
switch3(config)# int eth 1/4 - 5
switch3(config)# switch mode acc
switch3(config)# switch acc vlan 222
switch3(config)# no shut
vLAN 333
switch4(config)#
switch4(config)# int eth 1/6
switch4(config)# switch mode acc
switch4(config)# switch acc vlan 333
switch4(config)# no shut
switch4(config)# int eth 1/7 - 9
switch4(config)# switch mode acc
switch4(config)# switch acc vlan 333
switch4(config)# no shut
IDS/IPS
vLAN 555
IDS/IPS
vLAN 777
switch5(config)#
switch5(config)# int eth 1/10 - 11
switch5(config)# switch mode acc
switch5(config)# switch acc vlan 444
switch5(config)# no shut
switch5(config)# int eth 1/11 - 15
switch5(config)# switch mode acc
switch5(config)# switch acc vlan 555
switch5(config)# no shut
switch5(config)# monitor session 1 source vlan 555
switch5(config)# monitor session 1 dest eth 1/16
switch6(config)#
switch6(config)# int eth 1/16 - 19
switch6(config)# switch mode acc
switch6(config)# switch acc vlan 777
switch6(config)# no shut
switch6(config)# monitor session 1 source vlan 777
switch6(config)# monitor session 1 dest eth 1/20
slb1 (CONFIG)
probe http http-probe
interval 30
expect status 200 200
rserver host websrvr1
description foo web server
ip address 3.3.3.1
inservice
rserver host websrvr2
description foo web server
ip address 3.3.3.2
inservice
rserver host websrvr3
description foo web server
ip address 3.3.3.3
inservice
serverfarm host FOOWEBFARM
probe http-probe
rserver websrvr1 80
inservice
rserver websrvr2 80
inservice
rserver websrvr3 80
inservice
crypto generate key 1024 fooyou.key
crypto csr-params testparms
country US
state California
locality San Jose
organization-name foo
organization-unit you
common-name www.fooyou.com
serial-number crisco123
crypto generate csr testparms fooyou.key
crypto import ftp 12.13.14.15 anonymous fooyou.cer
parameter-map type ssl SSL_PARAMETERS
cipher RSA_WITH_RC4_128_MD5
version TLS1
ssl-proxy service FOOWEB_SSL
key fooyou.key
cert fooyou.cer
class-map match-all FOOSSL_VIP_CLASS
2 match virtual-address 2.2.2.22 tcp eq https
policy-map type loadbalance first-match L7-SSL-MATCH
class L7_WEB
sticky-serverfarm sn_cookie
policy-map multi-match FOOWEB-VIP
class FOOWEB_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOOWEB-MATCH
loadbalance vip icmp-reply
loadbalance vip advertise active
class FOOSSL_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOOSSL-MATCH
loadbalance vip icmp-reply
fw2(config)#
fw2(config)# int eth 0/1
fw2(config)# nameif webfront 20
fw2(config)# int eth 0/2
fw2(config)# nameif appfront 50
fw2(config)# object network appfarm_vip
fw2(config)# host 5.5.5.5
fw2(config)# nat (appfront,webfront) static 4.4.4.4
fw2(config)# access-list web_to_app permit tcp any host 4.4.4.4 eq 8081
slb2 (CONFIG)
rserver host appsrvr1
description foo app server
ip address 5.5.5.1
inservice
rserver host appsrvr2
description foo app server
ip address 5.5.5.2
inservice
rserver host appsrvr3
description foo app server
ip address 5.5.5.3
inservice
serverfarm host FOOAPPFARM
probe http-probe
rserver appsrvr1 8081
inservice
rserver appsrvr2 8081
inservice
rserver appsrvr3 8081
inservice
class-map type http loadbalance match-any FOO_APP
2 match http virtual-address 4.4.4.44 tcp eq 8081
class-map match-all FOO_APP_VIP_CLASS
policy-map type loadbalance first-match FOO_APP-MATCH
class FOO_APP
sticky-serverfarm sn_cookie
policy-map multi-match FOO_APP-VIP
class FOO_APP_VIP_CLASS
loadbalance vip inservice
loadbalance policy FOO_APP-MATCH
loadbalance vip icmp-reply
fw3(config)#
fw3(config)# int eth 0/1
fw3(config)# nameif appfront 70
fw3(config)# int eth 0/2
fw3(config)# nameif dbfront 90
fw3(config)# object network db_cluster
fw3(config)# host 7.7.7.7
fw3(config)# nat (dbfront,appfront) static 5.5.5.50
fw3(config)# access-list web_to_app permit tcp any host 5.5.5.50 eq 1433
HOW WE DEPLOY
MULTI-TIER
APPLICATIONS
TODAY

25. COMPARE TO DEPLOYMENT USING CONTROLLER

26. Big Cloud Fabric
Controller
RACK NRACK N-1RACK 2RACK 1
INGRESS/
EGRESS
Source: Big Switch Network

27. Source: Gartner (July 2015)
SDWAN AND
VCPE (X86)
FROM 2%
TODAY
40%
BY END OF
2018

28. IOT NEED CLOUD, AUTOMATION AND ANALYTICS
Source: Google Cloud for IoT

29. WHERE ARE WE GOING FROM HERE?
29

30. EVERYTHING STARTS WITH INTENT
Source: Big Switch Network

31. NEXT BIG THING: INTENT BASED NETWORKING
Translation and Validation– Converts higher-
level business policy (what) to the necessary
network configuration (how)
Automated Implementation – Uses
orchestration to configure the changes (how)
across network infrastructure
Awareness of Network State – Monitor real-
time network status for the systems
Assurance and Dynamic
Optimization/Remediation– Continuously
validates in real time that the original business
intent is being met, and can take corrective
actions automatically when it is not met
- Andrew Lerner, VP of Gartner Research

32. IS INTENT-
BASED
NETWORK
JUST
ANOTHER
NAME FOR
NETWORK
AUTOMATION
?

33. HOW GOOGLE DOES IT: MODEL DRIVEN
Source: Google, SDN in Management Plane

34. HOW GOOGLE DOES IT: STREAMING TELEMETRY
• Stream data continuously – with
incremental updates
• Telemetry sent based on subscriptions
• Observer network state through a time-
series or event-driven data stream
• Device data follows a common model
• Use efficient, secure transport protocols
(gRPC)
Source: Google, SDN in Management Plane

35. HOW GOOGLE DOES IT: CONFIG WORKFLOW
Source: Google, SDN in Management Plane

36. NETWORK TRANSFORMATION IS INEVITABLE

37. TODAY: RUNNING NETWORK IN SILOS

38. TOMORROW: DEVOPS, INTENT BASED,
POLICY-DRIVEN AND ZERO TOUCH

39. THANK YOU