2. SDN-Definition
SDN is a network architecture that decouples the
control and data planes, moving the control plane
(network intelligence and policy making) to an
application called a controller.
This migration of control, formerly tightly bound in
individual network devices, into accessible
computing devices enables the underlying
infrastructure to be abstracted for applications and
network services, which can treat the network as a
logical or virtual entity
2
3. Today’s Networks are Defined by the
“Box”
• Hardware, Operating System, and
Applications Built Into a “Box”.
• Too many RFC’s (above 6000rfc’s)
• Mainframe Mentality
• Operating a network is expensive
– More than half the cost of a network
– Yet, operator error causes most outages
3
4. Why SDN
• Compute, storage and server technology is virtualized
• Abstraction
• It make network more responsive to dynamic business
condition
• Centralized control
• It allows easy in developing new protocol and test it
• SDN allows you to specify “virtual topology” to cloud
• SDN’s ability to virtualize the network
4
5. Key drivers/use cases
– Network Abstraction and Operator control
– Automated provisioning of network bandwidth to
accommodate scheduled data transfers
– Load balancing
– Software based innovation
– Better utilization of network path
– Central configuration and intelligence provides –
faster convergence in case of failure
– Cloud computation -- Network Virtualization -- SDN
5
6. Software Defined Networking (SDN)
API to the data plane
(e.g., OpenFlow)
Logically-centralized control
Switches
Smart,
slow
Dumb,
fast
6
9. Two Key Definitions
• Data Plane: processing and delivery of packets
– Based on state in routers and endpoints
– E.g., IP, TCP, Ethernet, etc.
– Fwding state + packet header forwarding decision
• Control Plane: establishing the state in routers
– Determines how and where packets are forwarded
– Routing, traffic engineering, firewall state, …
– Centralized computation and configuration
9
10. Control Plane in details
• Control plane need to address operator goal
• Convey the configuration to network elements
• Control plane must compute forwarding state:
-Consistent with particular low-level hardware/software
-Based on entire network topology
• Control plane is implemented by controller
– Controller can be software running on general
purpose hardware
– Example Cisco One controller, Huawei SOX controller,
SNAC
10
11. Controller: Programmability
11
Network OS
Controller Application
Events from switches
Topology changes,
Traffic statistics,
Arriving packets
Commands to switches
(Un)install rules,
Query statistics,
Send packets
12. Network Operating system
• The device operating system handles device
operations like Boot, Flash, Memory
management, OpenFlow Protocol handler,
SNMP etc.
• Minimal source code, less resource and less
cost
• Collects information for global Network view
• Conveys configuration from controller to
switches
12
13. Packet Forwarder
Network OS
Global Network View
Abstract Network Model
Control Program
Network Virtualization
Software Defined Network - virtualization
Specifies
behavior
Compiles to
topology
Transmits
to switches
13
Packet Forwarder
Packet Forwarder
Packet Forwarder
Packet Forwarder
14. Network Virtualization
– Introduces new abstraction layer for virtual
topology
– Can have many virtual Networks – Solves VLAN
limitation
– allows operator to express requirements and
policies Via a set of logical switches and their
configuration without binding to physical network
– Translates requirements into network elements
14
15. Openflow
• OpenFlow is designed to support policy-based flow
management within a network.
• IP routers and Ethernet switches does initial forwarding
lookup using the devices CPU. After the initial lookup, the
forwarding information is cached, and every subsequent
packet utilizes the flow-cache for forwarding.
• OpenFlow makes a minor modification to above model by
simply moving the initial lookup to a central server; every
subsequent packet continues to use the local flow-cache for
forwarding, just like networking devices have always
worked.
15
17. RIB and FIB
• Routing Table at control Plane has many route
to destination
• Forwarding table at Data Plane has best /valid
route
• Open flow client at device level update FIB
with help of firmware
• Table population- RIB FIB, Open Flow FIB
17
18. Data-Plane: Simple Packet Handling
• Simple packet-handling rules
– Pattern: match packet header bits
– Actions: drop, forward, modify, send to controller
– Counters: #bytes and #packets
1. src=1.2.*.*, dest=3.4.5.* drop
2. src = *.*.*.*, dest=3.4.*.* forward(2)
3. src=10.1.2.3, dest=*.*.*.* send to controller
18
20. Networking Becomes Software-
Oriented
• All complicated forwarding decision done in software
• And control plane is a program (on a server)… , not a
protocol
• We are programming the network, not designing it
• Focus on modularity and abstractions
• Innovation at software, not hardware, speeds
• Software lends itself to clean abstractions
20
22. Network Virtualization Platform
• Network Virtualization Platform (NVP) is software that
operates at the edge of any existing IP network and
faithfully reproduces the entire networking environment in
the virtual space.
• NVP transforms a physical network into a generalized pool
of network capacity
• Virtual networks decouple from underlying network
hardware
• NVP creates an intelligent network edge managed by a
control cluster that transforms existing physical network
into an IP backplane and enables the programmatic
creation of 10s of thousands of agile virtual networks to
connect workloads anywhere in your cloud
22
26. Data Plane
• The NSX Data plane consists of the NSX
vSwitch. The vSwitch in NSX for vSphere is
based on the vSphere Distributed Switch
(VDS) (or Open vSwitch for non-ESXi
hypervisors)
• The NSX vSwitch (VDS or OVS-based) abstracts
the physical network
26
27. Control Plane
• The NSX control plane runs in the NSX
controller. In multihypervisor environment the
controller nodes program the vSwitch
forwarding plane.
27
28. Management Plane
• The NSX management plane is built by the NSX
manager.
• The NSX manager provides the single point of
configuration and the REST API entry-points in a
vSphere environment for NSX
• Configure logical switches and connect virtual
machines to these logical switches.
• It also provides API interface, which helps
automate deployment and management of these
switches through a Cloud management platform.
28
29. Consumption Platform
• The consumption of NSX can be driven directly
via the NSX manager UI.
• The end-users tie in network virtualization to
their cloud management platform for deploying
applications.
• NSX provides a rich set of integration into
virtually any CMP via the REST API. Out of the box
integration is also available through VMware
vCloud Automation Center, vCloud Director and
OpenStack.
29
31. • Virtual Networks enables network services to
be programmatically provisioned and
accounted for on a per-port, per-hour basis.
• This allows network services to be
dynamically provisioned on demand, and
charged for on a pay-as-you-go basis.
• These layer4-7 services is used as building
blocks for cloud service
31
33. Controller cluster
• The NVP Controller is a highly available
clustered controller running on servers that
manages all virtualized network components
and connections.
• The controller cluster exposes the web
services API and defines virtual networks.
• Capable of controlling and managing
thousands of OVS edge devices(switching and
routing modules)
33
34. Logical switching
• Open vSwitch (OVS) is the core component on
the intelligent edge.
• Each logical switch created is a separate L2
broadcast domain that can be associated with
a separate subnet using a private IP space or
public IP space(depending on logical
networks).
34
36. • Logical routing supports both distributed and
centralized routing
• In case of distributed router the NSX manager
deploys the logical router control VM and pushes
the Logical Interface configurations to each host
through the controller cluster
• In the case of centralized routing, NSX manager
just deploys the NSX Edge services router VM.
• Logical Router Control VM supports dynamic
routing(OSPF/BGP) and pushes the learned
routes to the Hypervisors through the controller
cluster
36
39. SDN final notes
• Express intent independent of implementation
-Hardware (e.g., ASIC structure and capabilities)
-Software (e.g., vendor-independent)
•OpenFlow is current proposal for forwarding
-Standardized interface to switch
-Configuration in terms of flow entries: <header,
action>
•Design details concern exact nature of:
-Header matching
-Allowed actions
39
40. Control Program
Software Defined Network -Basic
Packet forwarder
Packet forwarder
Packet forwarder
Packet forwarder
Packet forwarder
Network OS
Global Network View
Distributed algorithm running between neighbors
e.g. routing, access control
40
Editor's Notes
Nicira enables network services to be programmatically provisioned and accounted for on a per-port, per-hour basis. This allows network services to be dynamically provisioned on demand, and charged for on a pay-as-you-go basis. (layer 4-7 services)
If virtual machines(servers) running on a hypervisor, and they are connected to different subnets,
the communication between these servers has to go through a router
