The document discusses software defined networking (SDN) and network virtualization. It explains that SDN separates the control plane and data plane, allowing network control through external systems rather than individual device configuration. Network virtualization decouples applications from hardware and allows for logical network topologies on the same physical infrastructure through resource isolation. OpenFlow is presented as a standard for SDN implementation, and tools like Open vSwitch, Mininet and OpenDaylight are discussed. Challenges around scalability, reliability and consistency with the separation of planes are also covered.

1. www.dts-solution.com
Software Defined Security

2. DTS Solution

3. Overview
Software Defined Networking

4. SDN – Introduction
SDN separates the data and control planes of the network
and provides interfaces/APIs to provision services
collectively in the network using external systems rather
than configuring individual device.
•Control Plane:
•Logic for controlling forwarding behavior.
•Examples: routing protocols, network, middlebox, configuration.
•Data Plane:
–Forward traffic according to control plane logic Examples: IP forwarding,Layer 2 switching

5. SDN - Introduction
www.dts-solution.com
Controller
Switch
1
Switch
2
Switch
3
S-1 S-2 S-3
Path to Reach Controller
Packet Forwarding Path

6. Network Virtualization
• Network Virtualization
o Decouple the application from the underlying hardware
o Representation of one or more logical
network topologies on the same infrastructure. e.g, VLANs
Multiple logical routers on a single platform
Resource isolation in CPU, memory, bandwidth, forwarding tables,...
o Customizable routing and forwarding software
o Separate logical network from the infrastructure
o General purpose CPUs for the control plane
o Network processors and FPGAs for data plan
• Network Programmability
o "The first step in creating an improved future is developing the ability to envision it.“
o Implementaition: mininet (open source, Linux based)

7. Network Virtualization
• SDN separates data plane and control plane
• Virtual networks separate logical and physical networks
• SDN can be a useful tool for implementing virtual
networks

8. Network Virtualization

9. SDN - Separation
● Independent evolution and development independently of the hardware
● Control from high-level software program
● Data centers: VM migration, Layer 2 routing
● Routing: More control over decision logic
● Enterprise networks: Security applications
● Example: Data Centers (Yahoo!)
○ 20,000 servers/cluster = 400,000 VMs
■ Any-to-any, 1024 distinct inter-host links
■ Sub-second migration, guaranteed consistency
■ Solution: Program switch from a central database.
Scalability:
■ Control elements responsible for many forwarding elements (often, thousands)
Reliability/Security:
■ What happens when a controller fails or is compromised?

10. SDN - Opportunities
● Dynamic Access Control
● Seamless Mobility/Migration
● Centralized Network State
● Server Load Balancing
● Network Virtualization
● Usingmultiple wireless access points
● Energy efficient networking
● Adaptive traffic monitoring
● Denial of Service attack detection

11. SDN - Challenges in separation
• Control and data plane separation
o Scalability:Routing decisions for many routers
o Reliability: Correct operation under failure
o Consistency: Ensuring consistency across multiple control
replicas
• Hierarchy, aggregation, clever state mangement and distribution

12. SDN & Security
● The flow paradigm is ideal for security processing because it offers an end-to-end,
service-oriented connectivity model that is not bound by traditional routing
constraints.
● Logically centralized control allows for effective performance and threat monitoring
across the entire network.
● Granular policy management can be based on application, service, organization, and
geographical criteria rather than physical configuration.
● Resource-based security policies enable consolidated management of diverse devices
with various threat risks, from highly secure firewalls and security appliances to access
devices.
● Dynamic and flexible adjustment of security policy is provided under programmatic
control.
● Flexible path management achieves rapid containment and isolation of intrusions
without impacting other network users

13. SDN - Implementation
● OpenFlow: SDN and OpenFlow are often
used (incorrectly) interchangeably
○ opendaylight (java)
○ NOX, POX (python implementation)
○ Beacon
● Juniper Contrail
● Cisco One

14. SDN - OpenFlow
OpenStandard and OpenSource
OpenFlow controller:
A software which runs on a standard hardware
OpenFlow enabled switch: openvswitch, hp,
ibm and now juniper

15. SDN - OpenFlow

16. SDN - OpenFlow

17. SDN - OpenFlow
Forwarding Decisions
● Layer 2 (srcmac,dstmac, vlans)
● Layer3 (srcip,srcport,dstip,dstport)
● Or any of the layers (even 7)
● Push,Pop MPLS labels,VLAN-IDs (v 1.3)

18. SDN - Mininet
• Network virtualization tool that works on Linux
• Emulate your network before going to
production (multiple DP, MPLS L2,3 VPNs)

19. SDN - OVS (OpenVSwitch)
o OpenSource virtual switch, can be used as control plane
on real switches or between VMs same as VMware
switch.
o has its own controller which behaves like a hub
o Can connect to a separate OpenFlow controller.
o Used in mininet to emulate Network Virtualization and
KVM for switching between VMs

20. SDN - OpenFlow Applications
• Load balancer: A simple switch can be
used for server and/or link load balancing
• Packet Filter: A simple switch can be used
to filter traffic.
• Policy routing: