Software Defined Networking (SDN) aims to address limitations in current networking by decoupling the control plane from the data plane, enabling direct programmability of network behavior. This is achieved through SDN architectures that use southbound APIs like OpenFlow to expose network elements as programmable resources under the control of a centralized controller. SDN promises benefits like network virtualization, automation, visibility, and flexibility to dynamically adapt the network. OpenFlow is a widely used SDN protocol that enables the controller to install flow rules on switches to control packet forwarding.
EtherCAT as a Master Machine Control ToolDesign World
There is an increasing demand in the automation and motion control industries for a localized motion control solution that can coordinate motion between multiple remote components.
Previously, field bus protocols such as Modbus or Ethernet have been implemented to address this demand. Although successful in moving data across automation networks, these protocols lacked the real time performance necessary for a distributed motion control system.
The EtherCAT communication protocol provides a high speed, low overhead communication scheme that allows efficient, deterministic communication between motion controller and remote components. Based on Ethernet and streamlined specifically for point to point transmission of real time data, the EtherCAT standard is quickly becoming the preferred choice for centralized control of tightly coupled motion between remote components.
This presentation is aimed at designers of automation and motion control systems with a basic understanding of Ethernet communication.
How you shouldn't just look at IP technologies in broadcast but also look at how off-the-shelf IT equipment can be used. Presented at NAB BEITC Engage! 2017
In Infrastructure-as-a-Service (IAAS) clouds, Xen is a popular choice of hypervisor. While the Xen hypervisor has strong isolation, integrating with the cloud infrastructure environment (switches, routers, load balancers, firewalls, ip address allocation) requires additional work by the IAAS cloud management platform (CMP) to achieve this. We will look at various solutions such as network virtualization, SDN, network function virtualization and L3 isolation that work with the Xen hypervisor, in the context of the Apache CloudStack IAAS platform. Attendees will come away with an understanding of the challenges of network isolation, how Apache CloudStack solves some of the scaling issues and the future of Xen-based clouds.
Aspekte von IPv6-Security
• Hackertools & ein paar Angriffsszenarien
• 3 Empfehlungen
q a) Ist IPv6 sicherer als IPv4?
q b) Ist IPv6 unsicherer als IPv4?
q c) Wer ist an allem Schuld?
q d) Wie wirkt sich die Integration von IPv6 in
meine Organisation auf deren IT-Sicherheit aus?
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...Benoit Michel
Today, we have a bunch of interfaces on production devices
There is no interoperability with IT based post units
Common equipment connection technology is restricted to
3Gbit/s, but 10Gbit/s or even more already required
We demonstrate a validated future strategic interface
technology for power sensitive applications and long
distances
IP-Racine is sponsored by the European Commission 6th Framework Programme. see www.ipracine.org for details.
Jan Lindblad's presentation at Layer123 SDN and OpenFlow World Congress in Bad Homburg, Germany. Focusing on a multi-vendor SDN deployment at a Tier 1 Service Provider in Asia.
Tail-f Network Control System (NCS) use case:
• Dynamic control of L3-L7 devices using service- oriented network API
• Service chaining using OpenFlow
• Virtualized appliances
Industrial Internet of Things: Protocols an StandardsJavier Povedano
Presentation for the Distributed Systems Master at the University of Cordoba (Spain). In this presentation we review the state of the art in communication middlewares for Industrial Internet of Things
Swiss IPv6 Council Event, 24.02.2014
Neue Anforderungen an Security Devices durch IPv6
Referent: Christoph Weber, Swisscom
Mit der Einführung von IPv6 in die Datacenter und Client-Netzwerke werden neue Anforderungen an Security Devices wie Firewall, IDS/IPS und andere Security Enforcement Points gestellt. Dies erfordert Kenntnis von IPv6-spezifischen Security-Threats. Darauf basierend müssen neue Anforderungen definiert werden, gegen die anzuschaffende Geräte getestet werden müssen. Weiterhin müssen Standards bei bestehenden Geräten diesbezüglich angepasst werden, deren Implementierung validiert und Auditierungen angepasst werden.
In der Präsentation durch Christoph Weber von Swisscom werden die Ansätze, Ideen und Tools anhand von Firewall-Tests aufgezeigt und dargestellt, wie diese praktisch durchgeführt werden können und wie Ergebnisse bewertet werden müssen.
MIPI DevCon 2016: Testing of MIPI High Speed PHY Standard ImplementationsMIPI Alliance
Interoperability in mobile devices shall be achieved through a variety of protocol standards such as MIPI CSI, DSI, UniPro or JEDEC UFS and their underlying physical layer standards MIPI M-PHY, D-PHY or C-PHY. Integration of different vendors' designs into a working system is simplified using standard conformant parts. Testing them according to the procedures outlined in the applicable Conformance Test Suite guarantees their conformance. However, increasing data rates, lower power dissipation and modularity of mobile devices create challenges for debugging and conformance verification of the affected components. In this presentation, Joel Birch of Keysight Technologies discusses these challenges and offers possible solutions to address them.
The transformation of the car into a connected mobile device is occurring from the inside out, and is a perfect setting for leveraging the work done in the MIPI Alliance. The intimate (vendor controlled) system interfaces of a smartphone supplier mirror those developing to serve the auto industry. Mixel Inc.'s Ashraf Takla discusses this transformation, and how MIPI Alliance and its member companies are helping to make it happen.
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
This IPv6 basic and advanced lab will provide you an opportunity to configure, troubleshoot, design and implement IPv6 network using IPv6 technologies and features such as; IPv6 addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and BGPv6. You will be provided with a scenario made up with an IPv4 network where you will get the opportunity to configure and implement IPv6 based on the requirements and needs on the network. For e.g where would you deploy dual stack, where it make sense to do tunneling and how to deploy an IPv6 routing protocols without impacting your existing Network infrastructure.
EtherCAT as a Master Machine Control ToolDesign World
There is an increasing demand in the automation and motion control industries for a localized motion control solution that can coordinate motion between multiple remote components.
Previously, field bus protocols such as Modbus or Ethernet have been implemented to address this demand. Although successful in moving data across automation networks, these protocols lacked the real time performance necessary for a distributed motion control system.
The EtherCAT communication protocol provides a high speed, low overhead communication scheme that allows efficient, deterministic communication between motion controller and remote components. Based on Ethernet and streamlined specifically for point to point transmission of real time data, the EtherCAT standard is quickly becoming the preferred choice for centralized control of tightly coupled motion between remote components.
This presentation is aimed at designers of automation and motion control systems with a basic understanding of Ethernet communication.
How you shouldn't just look at IP technologies in broadcast but also look at how off-the-shelf IT equipment can be used. Presented at NAB BEITC Engage! 2017
In Infrastructure-as-a-Service (IAAS) clouds, Xen is a popular choice of hypervisor. While the Xen hypervisor has strong isolation, integrating with the cloud infrastructure environment (switches, routers, load balancers, firewalls, ip address allocation) requires additional work by the IAAS cloud management platform (CMP) to achieve this. We will look at various solutions such as network virtualization, SDN, network function virtualization and L3 isolation that work with the Xen hypervisor, in the context of the Apache CloudStack IAAS platform. Attendees will come away with an understanding of the challenges of network isolation, how Apache CloudStack solves some of the scaling issues and the future of Xen-based clouds.
Aspekte von IPv6-Security
• Hackertools & ein paar Angriffsszenarien
• 3 Empfehlungen
q a) Ist IPv6 sicherer als IPv4?
q b) Ist IPv6 unsicherer als IPv4?
q c) Wer ist an allem Schuld?
q d) Wie wirkt sich die Integration von IPv6 in
meine Organisation auf deren IT-Sicherheit aus?
iDiff 2008 conference #01 IP-Racine : Cinema production infrastructure on 10G...Benoit Michel
Today, we have a bunch of interfaces on production devices
There is no interoperability with IT based post units
Common equipment connection technology is restricted to
3Gbit/s, but 10Gbit/s or even more already required
We demonstrate a validated future strategic interface
technology for power sensitive applications and long
distances
IP-Racine is sponsored by the European Commission 6th Framework Programme. see www.ipracine.org for details.
Jan Lindblad's presentation at Layer123 SDN and OpenFlow World Congress in Bad Homburg, Germany. Focusing on a multi-vendor SDN deployment at a Tier 1 Service Provider in Asia.
Tail-f Network Control System (NCS) use case:
• Dynamic control of L3-L7 devices using service- oriented network API
• Service chaining using OpenFlow
• Virtualized appliances
Industrial Internet of Things: Protocols an StandardsJavier Povedano
Presentation for the Distributed Systems Master at the University of Cordoba (Spain). In this presentation we review the state of the art in communication middlewares for Industrial Internet of Things
Swiss IPv6 Council Event, 24.02.2014
Neue Anforderungen an Security Devices durch IPv6
Referent: Christoph Weber, Swisscom
Mit der Einführung von IPv6 in die Datacenter und Client-Netzwerke werden neue Anforderungen an Security Devices wie Firewall, IDS/IPS und andere Security Enforcement Points gestellt. Dies erfordert Kenntnis von IPv6-spezifischen Security-Threats. Darauf basierend müssen neue Anforderungen definiert werden, gegen die anzuschaffende Geräte getestet werden müssen. Weiterhin müssen Standards bei bestehenden Geräten diesbezüglich angepasst werden, deren Implementierung validiert und Auditierungen angepasst werden.
In der Präsentation durch Christoph Weber von Swisscom werden die Ansätze, Ideen und Tools anhand von Firewall-Tests aufgezeigt und dargestellt, wie diese praktisch durchgeführt werden können und wie Ergebnisse bewertet werden müssen.
MIPI DevCon 2016: Testing of MIPI High Speed PHY Standard ImplementationsMIPI Alliance
Interoperability in mobile devices shall be achieved through a variety of protocol standards such as MIPI CSI, DSI, UniPro or JEDEC UFS and their underlying physical layer standards MIPI M-PHY, D-PHY or C-PHY. Integration of different vendors' designs into a working system is simplified using standard conformant parts. Testing them according to the procedures outlined in the applicable Conformance Test Suite guarantees their conformance. However, increasing data rates, lower power dissipation and modularity of mobile devices create challenges for debugging and conformance verification of the affected components. In this presentation, Joel Birch of Keysight Technologies discusses these challenges and offers possible solutions to address them.
The transformation of the car into a connected mobile device is occurring from the inside out, and is a perfect setting for leveraging the work done in the MIPI Alliance. The intimate (vendor controlled) system interfaces of a smartphone supplier mirror those developing to serve the auto industry. Mixel Inc.'s Ashraf Takla discusses this transformation, and how MIPI Alliance and its member companies are helping to make it happen.
Hands-on Experience with IPv6 Routing and ServicesCisco Canada
This IPv6 basic and advanced lab will provide you an opportunity to configure, troubleshoot, design and implement IPv6 network using IPv6 technologies and features such as; IPv6 addressing, IPv6 neighbor discovery, HSRPv6, static routing, OSPFv3, EIGRPv6 and BGPv6. You will be provided with a scenario made up with an IPv4 network where you will get the opportunity to configure and implement IPv6 based on the requirements and needs on the network. For e.g where would you deploy dual stack, where it make sense to do tunneling and how to deploy an IPv6 routing protocols without impacting your existing Network infrastructure.
Slides of a talk given to the Seattle Chapter of the Cloud Security Alliance. Looks briefly at Architectures, Sources of Log Data, and behavioral signatures in the data and issues and observations around using Big Data products for security.
Tech 2 tech low latency networking on Janet presentationJisc
This event took place on 27 October 2021.
In this Tech 2 Tech session, we considered questions such as:
- Which types of applications need low latency, and what are their specific requirements for both latency and jitter?
- What levels of latency might you expect across Janet?
- What can you do to optimise latency for your networked applications?
- How can we measure latency and jitter?
SDN programming and operations requires continuous monitoring of network and application state as well as consistent configuration and update of (forwarding) policies across heterogeneous devices. This is resulting in significant challenges.
Multiple open protocols such as OpenFlow, OF-CONFIG, OnePK , etc. are being adopted by different vendors causing an integration problem for developers.
Internet of Things applications are pushing the size and volume of data handled by SDN systems demanding more efficient and scalable protocols for information distribution and coordination of SDN devices.
This presentation will describe these and other SDN challenges and ways in which various open protocols, such as DDS, XMPP, AMQP, are being used to address them.
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
Synopsis
We will start with MPLS 101 and then look into MPLS related OpenFlow actions. In the second half we will delve into RouteFlow architecture and extend it to enable Label Distribution Protocol (LDP) and MPLS routing. We will conclude with a mini-net based test bed switching traffic using MPLS labels instead of IP addresses.
This will be a hands on workshop. VM Images for Virtual Box will be provided. Attendees are expected to bring their laptops loaded with Virtual Box.
About Vikram Dham
Vikram is the CTO and co-founder of Kamboi Technologies, LLC where he advises networking companies, switch vendors and early adopters on SDN technology and distributed software development. Also, he is the founder of Bay Area Network Virtualization (BANV) meet-up group, that brings together technologists in the SDN/NFV/NV domain for technical talks, workshops and creates a truly "open" platform for sharing knowledge.
He has used SDN technologies for building software related to traffic engineering, security and routing. In the past, he was the Principal Engineer at Slingbox where he architected & built the distributed networking software for peer to peer connectivity of millions of end points. He holds MS degree in EE with a specialization in Computer Networks from Virginia Tech and has worked on research projects with companies like ECI Telecom, Raytheon and Avaya Research Labs.
Talk given at ClueCon 2016 that discusses FreeSWITCH and its place in a microservices architecture. Covers a specific deployment case using Docker and Adhearsion, along with certain features that make FreeSWITCH a model use-case for such a technology stack.
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Similar to Software defined networking: Primer (20)
Blockchain is a cutting edge technology to store data publicly in trustless system. This paper describes about how this technology can be used to give a new look to the Internet.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
2. History of Networkiig
• Blackbox ietworkiig equipmeits
• Big iame compaiies buileiig switchiig/routig eevices
• Iicluees Proprietary/OEM Silicoi Chip
• Wrappee up with a closee source Operatig System (e.g. A eesktop
PC with MS Wiieows aie MS Ofce)
3. Disaevaitages of Curreit Sceiario
Techiology was iot eesigiee keepiig toeay ii miie
• Massive Scalability
• Mult Teiait Networks
• Virtualizatoi
• Cloue Computig
• Mobility (Users/Devices/VM)
4. Disaevaitages of Curreit Sceiario(Coite)
Protocols are Box Ceitric; Not Fabric Ceitric
• Difcult to coifgure correctly(coisisteicy)
• Difcult to aee iew features(upgraees)
• Difcult to eebug(look at all eevices)
5. Disaevaitages of Curreit Sceiario(Coite)
Closee Systems (Veieor Hareware)
• Stuck with givei iiterfaces (CLI, SNMP, etc.)
• Hare to meaiiigfully collaborate
• Veieors hesitait to opei up
• No way to aee iew features by yourself
ANSWER: Sofware Defiee Networkiig
6. What is SDN?
SDN is a framework to allow ietwork aemiiistrators to automatcally
aie eyiamically maiage aie coitrol a large iumber of ietwork
eevices, services, topology, trafc paths, aie packet haieliig (quality
of service) policies usiig high-level laiguages aie APIs.
Maiagemeit iicluees provisioiiig, operatig, moiitoriig, optmiziig,
aie maiagiig FCAPS (fault, coifguratoi, accouitig, performaice,
aie security) ii a mult-teiait eiviroimeit.
9. Neee for SDN
Virtualizatoi
• Use ietwork resource
• without worryiig about where it is physically locatee
• how much it is
• how it is orgaiizee
Orchestratoi
• Shoule be able to coitrol aie maiage thousaies of eevices with oie commaie
Programmable
• Shoule be able to chaige behavior oi the fy
Dyiamic Scaliig
• Shoule be able to chaige size, quaitty, capacity
11. Neee for SDN - (Coitiuee)
• Performaice
Optmize ietwork eevice utlizatoi
• Trafc eigiieeriig/Baiewieth maiagemeit
• Capacity optmizatoi/Loae balaiciig
• High utlizatoi
• Fast failure haieliig
• Mult Teiaicy
Teiaits ieee complete coitrol over their
• Aeeresses/Topology
• Routig/Security
12. Neee for SDN (Coitiuee)
Service Iitegratoi
Provisioiee oi eemaie aie placee appropriately oi the trafc path
• Loae balaicers
• Firewalls
• Iitrusioi Detectoi Systems (IDS)
15. Hareware Iiterials
• Logical View of a Switch • Physical Architecture of a Switch
Switchin
g
Fabric
Processo
r
ASIC AISC
data plane
control plane
Network O.S.
ASIC
ApplicatoisApplicatois
16. Iiterials of SDN
• Southbouie API: eecouples the switch hareware from coitrol fuictoi
– Data plaie from coitrol plaie
• Switch Operatig System: exposes switch hareware primitves
Network O.S.
ApplicatoisApplicatois
Applicatois
Southbouie
API
SDN
Switch Operatig System
Switch Hareware
Network O.S.
ASIC
ApplicatoisApplicatois
Curreit Switch
Vertcal stack
SDN Switch
Decouplee
stack
17. How SDN Works
Coitroller (N. O.S.)
ApplicatoisApplicatoisApplicatois
Southbouie
API
Switch H.W
Switch O.S
Switch H.W
Switch O.S
18. Implicatois of SDN
Current Networking SDN Enabled Environment
Coitroller (N. O.S.)
ApplicatoisApplicatoisApplicatois
Southbouie
API
Switch O.S
Switch HW
Switch O.S
Switch HW
Switch O.S
Switch HW
• Distributee protocols
• Each switch has a braii
• Hare to achieve optmal
solutoi
• Network coifguree iieirectly
• Coifgure protocols
• Hope protocols coiverge
• Global view of the ietwork
• Applicatois cai achieve optmal
• Southbouie API gives fie graiiee coitrol
over switch
• Network coifguree eirectly
• Allows automatoi
• Allows eefiitoi of iew iiterfaces
Network O.S.
ASIC
ApplicatoisApplicatois
Network O.S.
ASIC
ApplicatoisApplicatois
Network O.S.
ASIC
ApplicatoisApplicatois
19. 19
The SDN Stack
CoitrollerNOX
Sliciig
SofwareFlowVisor
FlowVisor
Coisole
19
ApplicatoisLAVIENVI (GUI) …i-Castig
NetFPGA
Sofware
Ref. Switch
Broaecom
Ref. Switch
OpeiWRT
PCEigiie
WiFi AP
Commercial Switches
OpeiFlow
Switches
RyU
Moiitoriig/
eebuggiig tools
ofopsofrace opeiseer
Opei vSwitch
HP, IBM, NEC,
Proito, Juiiper..
aie maiy more
Beacoi Trema FlooeLight
Source: SDN Tutorial by B. Heller
Open Networking Summit, April 2012
20. Dimeisiois of SDN Eiviroimeits:
Veieor Devices
Vertical Stacks
• Veieor buieles switch aie
switch OS
• Restrictee to veieor OS aie
veieor iiterface
• Low operatoial overheae
• Oie stop shop
Whitebox Networking
• Veieor proviees hareware with
io switch OS
• Switch OS provieee by thire
party
• Flexibility ii pickiig OS
• High operatoial overheae
• Must eeal with multple veieors
21. Dimeisiois of SDN Eiviroimeits:
Switch Hareware
Virtual: Overlay
• Pure sofware implemeitatoi
• Assumes programmable virtual switches
• Rui ii Hypervisor or ii the OS
• Larger Flow Table eitries (more memory aie CPU)
• Backware compatble
• Physical switches rui traeitoial protocols
• Trafc seit ii tuiiels
• Lack of visibility iito physical ietwork
Physical: Underlay
• Fiie graiiee coitrol aie visibility iito ietwork
• Assumes specializee hareware
• Limitee Flow Table eitries
25. OpeiFlow
• Developee ii Staifore
• Staieareizee by Opei Networkiig Fouieatoi (ONF)
• Curreit Versioi 1.4
• Versioi implemeitee by switch veieors: 1.3
• Allows coitrol of uieerlay + overlay
• Overlay switches: OpeiVSwitch/Iieigo-light
PC
26. SDN vs OpeiFlow
•
Leaeiig SDN protocol
•
Decouples coitrol aie eata plaie by giviig a coitroller the ability to
iistall fow rules oi switches(Bare Metal)
•
Hareware or sofware switches cai use OpeiFlow
• Spec erivei by ONF
27. How SDN Works: OpeiFlow
Coitroller (N. O.S.)
ApplicatoisApplicatoisApplicatois
Southbouie
API
Switch H.W
Switch O.S
Switch H.W
Switch O.S
OpeiFlow
OpeiFlow
28. OpeiFlow: Aiatomy of a Flow Table Eitry
Switch
Port
MAC
src
MAC
est
Eth
type
VLAN
ID
IP
Src
IP
Dst
IP
Prot
L4
sport
L4
eport
Match Actoi Couiter
1. Forware packet to zero or more ports
2. Eicapsulate aie forware to coitroller
3. Seie to iormal processiig pipeliie
4. Moeify Fieles
Whei to eelete the eitry
VLAN
pcp
IP
ToS
Priority Time-out
What oreer to process the rule
# of Packet/Bytes processee by the rule
30. Data Path (Hareware)
Coitrol Path OpeiFlow
OpeiFlow Coitroller
OpeiFlow Protocol (SSL/TCP)
30
OpeiFlow: How it works
31. SDN Compoieits : Harewares
OpeiFlow Compliait (1.0-1.4) Switch
• HP 8200 ZL, 6600, 6200ZL
• Brocaee 5400ZL, 3500
• IBM NetIroi
• Juiiper OCX1100
• Baremetal Switch
• OpeiVSwitch
32. SDN Compoieits : Coitrollers
OpeiFlow Compliait (1.0-1.4) Coitroller
• POX: (Pythoi) Pox as a geieral SDN coitroller that supports OpeiFlow. It has a high-level SDN API iiclueiig a queriable topology graph aie support
for virtualizatoi.
• IRIS: (Java) a Resursive SDN Opeifow Coitroller createe by IRIS Research Team of ETRI.
• MUL: (C) MūL, is ai opeifow (SDN) coitroller.
• NOX: (C++/Pythoi) NOX was the frst OpeiFlow coitroller.
• Jaxoi: (Java) Jaxoi is a NOX-eepeieeit Java-basee OpeiFlow Coitroller.
• Trema: (C/Ruby) Trema is a full-stack framework for eevelopiig OpeiFlow coitrollers ii Ruby aie C.
• Beacoi: (Java) Beacoi is a Java-basee coitroller that supports both eveit-basee aie threaeee operatoi.
• Flooelight: (Java) The Flooelight coitroller is Java-basee OpeiFlow Coitroller. It was forkee from the Beacoi coitroller, origiially eevelopee by
Davie Ericksoi at Staifore.
• Maestro: (Java) Maestro is ai OpeiFlow "operatig system" for orchestratig ietwork coitrol applicatois.
• NDDI - OESS: OESS is ai applicatoi to coifgure aie coitrol OpeiFlow Eiablee switches through a very simple aie user frieiely User Iiterface.
• Ryu: (Pythoi) Ryu is ai opei-sourcee Network Operatig System (NOS) that supports OpeiFlow.
• NoeeFlow (JavaScript) NoeeFlow is ai OpeiFlow coitroller writtei ii pure JavaScript for Noee.JS.
• ovs-coitroller (C) Trivial refereice coitroller packagee with Opei vSwitch.