SlideShare a Scribd company logo

Software-Defined Networking Changes for the Paradigm for Mission-Critical Opeational Technology Networks

W
Wheeler Flemming

SDN offers advantages over traditional Ethernet for OT networks by providing microsecond failover times, predictable network behavior through application-specific traffic engineering, stronger security through a deny-by-default approach, and simplified network design, testing and monitoring through centralized control and configuration of network switches. SDN resolves limitations of traditional Ethernet including slow healing times, forced behavior, lack of security, difficult testing and lack of network visibility in OT networks managing critical infrastructure systems.

Technology
1 of 8
Download to read offline
Software-Defined Networking Changes the Paradigm for Mission-Critical Operational Technology Networks Paul Robertson
© 2017 by Schweitzer Engineering Laboratories, Inc. All rights reserved. All brand or product names appearing in this document are the trademark or registered trademark of their respective holders. No SEL trademarks may be used without written permission. SEL products appearing in this document may be covered by US and Foreign patents. 20170125
3 Introduction While software-defined networking (SDN) was developed primarily to solve an information technology (IT) problem by providing a more efficient approach to managing dynamic high-traffic networks, SDN also offers significant advantages for operational technology (OT) networks. While both OT and IT networks manage the transfer of data, OT networks support process- oriented applications. They manage the process and automation systems that control power systems, industrial plants, transportation infrastructure, and other critical systems. Unlike IT networks that deal primarily with the movement of data, OT networks are focused on the real-time decision making necessary for the operation of mission-critical systems. They carry information from sensors, transducers, intelligent electronic devices, and automation controllers. Ethernet has become an established technology for data networking, based largely on its success in creating a common interface and protocols to enable interoperable communications between devices and applications from multiple manufacturers. Ethernet’s convenience has led to its widespread use in OT networks. However, for managing real-time processes, traditional Ethernet has several limitations: slow healing times, forced behavior, no inherent security, difficult testing, and no network visibility. This white paper originally appeared as an article in [1]. SDN Explained SDN is a new approach for managing the forwarding of Ethernet packets through a network. It is revolutionizing the management and operation of large-scale IT enterprise networks, cloud infrastructures, and data center systems. SDN provides better support for the highly dynamic characteristics of these networks. SDN is ideally suited for OT networking as well because it resolves the limitations of applying Ethernet to real-time OT systems. Before explaining how SDN addresses the unique challenges of OT systems and how OT-focused SDN offers a different value proposition than IT-focused SDN solutions, it is helpful to review the technology. A basic SDN architecture is shown in Figure 1. Application Layer Control Plane Data Plane OpenFlow® Operation, Administration, and Maintenance Applications Configuration Programming Network Visualization Simple Packet-Forwarding Hardware Simple Packet-Forwarding Hardware Simple Packet-Forwarding Hardware Network Operating System Figure 1 SDN Architecture In SDN, the control plane—which determines what to do with each Ethernet packet by making forwarding decisions—is separated from the data plane, which physically forwards the Ethernet data packets.
4 In traditional Ethernet, the control plane is located in network appliance hardware (i.e., switches). In SDN, however, the control plane is located in software called a flow controller. This allows the switching hardware to be simpler and optimized for packet forwarding. At the same time, the flow controller is able to take advantage of a software-oriented architecture to program and configure all of the switches in the network. The combination provides a programmatic approach to implementing networking functions that results in enormous flexibility, greater speed, and increased security. Several protocols have been defined to provide an interface between the control plane and the data plane. OpenFlow, for example, is an interface specification developed by the Open Networking Foundation to promote the adoption of SDN and enable interoperability between different flow controller implementations and different manufacturer’s switch hardware. In addition to the control plane, SDN defines an application layer that provides a method for supporting operation, administration, and maintenance tasks. The application layer provides a mechanism to extract meaning from and interact with the complexity of the low-level programming rules and actions that control how each packet is forwarded. This simplifies the network configuration process and enables users to configure their networks using a higher level of abstraction. How SDN Works SDN uses the following terminology: • Match criteria specify Ethernet frame header information attributes that each ingress packet is compared against. • An instruction defines a specific action or set of actions that is applied to all packets that meet specified match criteria. Instructions define which port to forward a packet out of and what path the packet takes across the network. • A flow is a group of attributes that defines a single communications session. Each flow is defined by a set of match criteria and corresponding instructions that are applied to each packet that ingresses a switch. • A flow table contains all of the flows defined within a switch. • The flow controller is the centralized controller that programs the rules and flow tables in each switch. The flow controller gives each switch a set of rules containing match criteria and instructions to determine the operations that should be performed on each packet the switch receives. These rules are stored in a flow table. The switch matches the packet header information against each rule contained in the flow table. If a matching flow table entry is found for a packet, the actions associated with that flow table entry are executed, such as sending the packet out a specific port number, modifying a field, or dropping the packet. Instructions can be predefined for a situation in which an SDN switch receives a packet it has never seen before (i.e., for which it has no matching flow table entries). One very powerful attribute of SDN is that it allows a deny-by-default security profile that can instruct each switch to drop every packet that does not meet a predefined rule. Counters are maintained for each flow table entry and used to maintain statistics on traffic by flow, port, queue, and so on. Each switch has the ability to look deep into an Ethernet frame and use that information to determine a rule and an associated action. This makes SDN switches true multilayer devices that can operate across Layer 1 to Layer 4 of the Ethernet frame (see Figure 2).
5 SDN Flow Match Rule Layer 1 Layer 2 Layer 3 Layer 4 Ethernet Frame PayloadIP HeaderEthernet Header TCP/UDP Header PayloadIP HeaderEthernet Header TCP/UDP Header Ingress Port Figure 2 Multilayer Match Rules Forward Approved Packets Layer 1 is the physical layer that defines the physical port and media that data are received and transmitted over. Layer 2 is the data link layer that establishes and terminates connections between physically connected devices. It uses media access control (MAC) addresses to uniquely identify each device. Layer 3 is the network layer. It provides the mechanism to transfer variable-length data from one node to another. It is responsible for packet forwarding between routers using Internet Protocol (IP) address information. Layer 4 is the transport layer. It is responsible for establishing connectivity between applications on host devices. It uses sockets to define the end points in the network. A socket address is a combination of the IP address and the port number. The port number defines the communications protocol and associated application. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are the most commonly used protocols. In the following example, TCP Port 20000 is used, which defines Distributed Network Protocol (DNP3) for supervisory control and data acquisition (SCADA) applications. Because each SDN switch can operate as a multilayer device, it is possible to create complex match and action rules that are application-aware. In the example shown in Figure 3, the switch has been configured to only forward SCADA traffic between two specific devices. A rule has been created to only forward DNP3 packets on TCP Port 20000 that are received through Port 1 and meet the following criteria: • Source MAC address: 00:30:A7:06:29:01. • Destination MAC address: 00:30:A7:06:13:29. • Source IP address: 1.1.1.2. • Destination IP address: 2.2.2.2. • Destination TCP port: 20000. If the packet matches these criteria, the switch forwards the packet out Port 3. Action Output Forward Port 3 Physical Port ID Source MAC Address Destination MAC Address EtherType VLAN ID IPv4 Source IPv4 Destination TCP/UDP Source TCP/UDP Destination 1 00:30:A7:06:29:01 00:30:A7:06:13:29 * * 1.1.1.2 2.2.2.2 * 20000 Packet OpenFlow Switch 1 3 4 2 PacketPacket OpenFlow Switch 1 3 4 2 Packet Figure 3 OpenFlow Match and Action Example
6 This multilayer rule example demonstrates several powerful concepts. SDN allows application- specific network paths to be engineered; it enables each network device to operate as a Layer 2, 3, and 4 device; and it supports the ability of each switch to operate as a deny-by-default gateway. Applying SDN to OT To date, SDN’s success has been attributed to its ability to solve challenges associated with managing the large, dynamic IT networks with high and variable traffic loads primarily found in data centers. These IT networks have changing usage patterns, unpredictable application demand, and varying traffic volumes. In contrast, OT networks are static. In an OT network, all applications and services are known at the design stage, and a rule set can be predefined for each switch to support the application and connectivity requirements of the network. Typically, very few changes are required to the network over time, and traffic volume remains predictable. Microsecond Failover Times By optimizing switching hardware to efficiently execute the match rules within the flow tables, it is possible to achieve microsecond-speed packet inspection, decision, and forwarding times. In addition, by predetermining each primary and failover path, it is possible to perform path healing in tens of microseconds, which is two orders of magnitude faster than the spanning-tree algorithms (STAs) used by traditional Ethernet. Networks can heal quickly enough that the only data loss is that of the packet being transferred during the link failure. In many cases, zero packets are lost during failover events. Predictable Behavior With SDN, it is possible to define different forwarding paths for different applications. In the example shown in Figure 4, engineering access, SCADA, and Generic Object-Oriented Substation Event (GOOSE) traffic have each been given different forwarding paths across the network. There are two paths defined for GOOSE, a primary path (GOOSE 1) and a failover path (GOOSE 2). The GOOSE 2 path is on a dedicated port and cable that are separate from the engineering access path. Flow Controller Engineering AccessSCADA Combined Traffic GOOSE 1 SDN Switch SDN Switch SDN Switch Automation Controller IED IED SDN Switch PC GOOSE 2 Figure 4 Control Packet Forwarding by Application
7 With SDN, it is possible to have multiple physical connections between the same switches to provide physical redundancy and traffic segregation. This is not possible with traditional Ethernet because STAs prevent multiple physical connections by blocking ports. By taking this traffic engineering approach, predictable delivery and failover performance can be achieved, and network performance can be validated under all contingencies prior to commissioning. Stronger Network Security Within an OT environment, new applications should not start communicating across the network to meet changing end user needs. As a consequence, the network does not rely on constant participation with the flow controller to manage updates to flow tables. After the initial configuration of each switch by the flow controller, the network can be locked down with a rule set that only allows predefined application traffic to be forwarded. This provides a significant security advantage over traditional Ethernet. Each switch provides a deny-by-default function on every incoming packet. If the packet does not match a predefined rule, it is dropped by default. Alternatively, it can be forwarded to a dedicated Intrusion Detection System (IDS) for further analysis. SDN offers significant network security advantages to help address concerns about the vulnerability of critical infrastructure systems, such as the power grid, to cyberattacks. Simplified Design and Test One of the biggest challenges with designing and implementing Ethernet networks is verifying that the network will behave as designed, particularly during failover scenarios. There is no easy way to perform contingency testing other than pulling cables and using a protocol analyzer to verify that the STA being used has converged as expected based on the root switch and network topology. SDN changes the paradigm for network design and testing. Using software to abstract the implementation of each rule, the network designer can specify the path each application should take through a network and predefine each failover path. The network can then be validated for each contingency using a programmatic approach that ensures all failure scenarios are tested and validated. Interoperability SDN is based on Ethernet and does not require the modification of the Ethernet packet in order to be implemented, so it is interoperable with standard Ethernet. Care should be taken when establishing the boundaries between SDN and traditional managed Ethernet networks that rely on protocols to operate. Protocols, such as Border Gateway Protocol (BGP), Rapid Spanning Tree Protocol (RSTP), and Open Shortest Path First (OSPF), are in constant conversation in a traditional managed Ethernet network. SDN does not use these protocols to manage network operation, and therefore, SDN cannot be mixed with managed Ethernet switches across a single topology. Distinct boundaries between an SDN and a managed Ethernet network should be created, and rules should be implemented to instruct an SDN switch on how to appropriately deal with managed Ethernet protocol packets. Network Visibility Lack of network management capability has always been a limitation of traditional Ethernet. By putting the control plane in a centralized entity, the flow controller can monitor the configuration, health, and status of the complete network.
8 Conclusion SDN offers a fundamental change to the way Ethernet networks determine how to forward packets and to how they are managed by the network administrators. SDN removes the control plane from the physical switching hardware and locates it in a centralized flow controller. By doing so, switches change from being distributed, intelligent, autonomous devices to being simpler entities that perform a set of instructions provided by the flow controller. A suite of protocols communicating in the background is no longer needed to manage how each switch discovers neighbors, prevents loops, and recovers from link failures. The primary benefit of SDN is its ability to support rapid changes to network operation and topology to address fast-changing user needs. Many view SDN primarily as a solution for dynamic IT networks. However, the principles of SDN offer significant benefits to time-critical OT networking by addressing the limitations that traditional managed Ethernet has in terms of slow healing, forced behavior, lack of security, difficult testing, and lack of network visibility. Table 1 provides a summary of the key advantages that SDN provides over traditional Ethernet. SDN offers a performance breakthrough in all of these areas and promises to redefine Ethernet for mission-critical applications. Table 1 Comparison of SDN and Ethernet Performance Attribute SDN Traditional Ethernet Healing <0.1 ms >10 ms Predictability Yes No Security Deny-by-default Based on trust Design and testing Simple Difficult Interoperability Yes Yes Network visibility Yes No Reference [1] P. Robertson, “Software-Defined Networking for Mission-Critical Operations,” Industrial Ethernet Book, Issue 98, February 2017. Available: http://www.iebmedia.com. Biography Paul Robertson is a senior marketing program manager for the communications product lines at Schweitzer Engineering Laboratories, Inc. (SEL). He has over 25 years of experience developing and marketing products for the telecommunications industry, spanning cellular wireless and wire line communications systems. Paul worked in various technical and marketing roles for Motorola, Hewlett-Packard, and Agilent Technologies before joining SEL. He has a B.Eng. in electrical and electronic engineering from the University of Strathclyde and an M.B.A. from Edinburgh Business School. Schweitzer Engineering Laboratories, Inc. Tel: +1.509.332.1890 | Email: info@selinc.com | Web: www.selinc.com *LWP0016-01*

Recommended

Networking issues for distributed systems
Networking issues for distributed systemsNetworking issues for distributed systems
Networking issues for distributed systemskingGovindi
 
Networks
Networks Networks
Networks pavishkumarsingh
 
Unit 2
Unit 2Unit 2
Unit 2APARNA P
 
Network layer u3
Network layer u3Network layer u3
Network layer u3IndrajaMeghavathula
 
Networking Technologies Basic's complete notes
Networking Technologies Basic's complete notesNetworking Technologies Basic's complete notes
Networking Technologies Basic's complete notesIndrajaMeghavathula
 
Network programmability: an Overview
Network programmability: an Overview Network programmability: an Overview
Network programmability: an Overview Aymen AlAwadi
 
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...IRJET Journal
 
Data link layer
Data link layerData link layer
Data link layerIndrajaMeghavathula
 

Recommended

Networking issues for distributed systems
Networking issues for distributed systemsNetworking issues for distributed systems
Networking issues for distributed systemskingGovindi
 
Networks
Networks Networks
Networks pavishkumarsingh
 
Unit 2
Unit 2Unit 2
Unit 2APARNA P
 
Network layer u3
Network layer u3Network layer u3
Network layer u3IndrajaMeghavathula
 
Networking Technologies Basic's complete notes
Networking Technologies Basic's complete notesNetworking Technologies Basic's complete notes
Networking Technologies Basic's complete notesIndrajaMeghavathula
 
Network programmability: an Overview
Network programmability: an Overview Network programmability: an Overview
Network programmability: an Overview Aymen AlAwadi
 
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...Understanding Network Routing Problem and Study of Routing Algorithms and Heu...
Understanding Network Routing Problem and Study of Routing Algorithms and Heu...IRJET Journal
 
Data link layer
Data link layerData link layer
Data link layerIndrajaMeghavathula
 
Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Sachin Morya
 
Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01Sachin Morya
 
03 internetworking
03 internetworking03 internetworking
03 internetworkingbajulusiraj
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceresearchinventy
 
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2IAEME Publication
 
Experimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSNExperimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSNidescitation
 
Performance analysis on multihop transmission using
Performance analysis on multihop transmission usingPerformance analysis on multihop transmission using
Performance analysis on multihop transmission usingeSAT Publishing House
 
Network layer
Network layerNetwork layer
Network layerTharuniDiddekunta
 
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...AIRCC Publishing Corporation
 
Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...eSAT Journals
 
Data Link Layer
Data Link LayerData Link Layer
Data Link LayerSachii Dosti
 
It2402 mobile communication unit 4
It2402 mobile communication unit 4It2402 mobile communication unit 4
It2402 mobile communication unit 4RMK ENGINEERING COLLEGE, CHENNAI
 
Studying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdfStudying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdfIUA
 
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdfPerformance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdfIUA
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGKathirvel Ayyaswamy
 
Implementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdfImplementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdfIUA
 
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...IOSR Journals
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocolVarsha Anandani
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA Aiman Hud
 
A Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN ProgrammabilityA Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN ProgrammabilityFelipe Alencar
 
Software defined network-- SDN
Software defined network-- SDNSoftware defined network-- SDN
Software defined network-- SDNAadarsh Sharma
 
Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1MARIO JAIME ANDIA
 

More Related Content

What's hot

Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Sachin Morya
 
Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01Sachin Morya
 
03 internetworking
03 internetworking03 internetworking
03 internetworkingbajulusiraj
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceresearchinventy
 
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2IAEME Publication
 
Experimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSNExperimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSNidescitation
 
Performance analysis on multihop transmission using
Performance analysis on multihop transmission usingPerformance analysis on multihop transmission using
Performance analysis on multihop transmission usingeSAT Publishing House
 
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...AIRCC Publishing Corporation
 
Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...eSAT Journals
 
Studying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdfStudying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdfIUA
 
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdfPerformance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdfIUA
 
Implementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdfImplementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdfIUA
 
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...IOSR Journals
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA Aiman Hud
 

What's hot (19)

Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01Ccna day3-140715152337-phpapp01
Ccna day3-140715152337-phpapp01
 
Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01Ccna day5-140715152501-phpapp01
Ccna day5-140715152501-phpapp01
 
03 internetworking
03 internetworking03 internetworking
03 internetworking
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
PERFORMANCE ANALYSIS OF AODV, DSDV AND AOMDV USING WIMAX IN NS-2
 
Experimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSNExperimental Analysis of an Energy-Efficient WSN
Experimental Analysis of an Energy-Efficient WSN
 
Performance analysis on multihop transmission using
Performance analysis on multihop transmission usingPerformance analysis on multihop transmission using
Performance analysis on multihop transmission using
 
Network layer
Network layerNetwork layer
Network layer
 
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
SIMULATION OF SOFTWARE DEFINED NETWORKS WITH OPEN NETWORK OPERATING SYSTEM AN...
 
Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...Performance analysis on multihop transmission using arp routing protocol in i...
Performance analysis on multihop transmission using arp routing protocol in i...
 
Data Link Layer
Data Link LayerData Link Layer
Data Link Layer
 
It2402 mobile communication unit 4
It2402 mobile communication unit 4It2402 mobile communication unit 4
It2402 mobile communication unit 4
 
Studying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdfStudying_the_TCP_Flow_and_Congestion_Con.pdf
Studying_the_TCP_Flow_and_Congestion_Con.pdf
 
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdfPerformance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
Performance-Evaluation-of-RPL-Routes-and-DODAG-Construction-for-IoTs .pdf
 
IT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTINGIT6601 MOBILE COMPUTING
IT6601 MOBILE COMPUTING
 
Implementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdfImplementation_and_Analysis_of_the_6LoWPAN.pdf
Implementation_and_Analysis_of_the_6LoWPAN.pdf
 
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
Analyzing the Effect of Varying CBR on AODV, DSR, IERP Routing Protocols in M...
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
 
POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA POLITEKNIK MALAYSIA
POLITEKNIK MALAYSIA
 

Viewers also liked

A Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN ProgrammabilityA Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN ProgrammabilityFelipe Alencar
 
Software defined network-- SDN
Software defined network-- SDNSoftware defined network-- SDN
Software defined network-- SDNAadarsh Sharma
 
Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1MARIO JAIME ANDIA
 
PHP - O que, porquê e como
PHP - O que, porquê e comoPHP - O que, porquê e como
PHP - O que, porquê e comoAugusto Pascutti
 
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCION
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCIONARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCION
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCIONPoder Supremo DEL Pueblo
 
Streaming XXI
Streaming XXIStreaming XXI
Streaming XXICLADC
 
Software defined storage rev. 2.0
Software defined storage rev. 2.0 Software defined storage rev. 2.0
Software defined storage rev. 2.0 TTEC
 
señalizacion y seguridad vial
señalizacion y seguridad vial señalizacion y seguridad vial
señalizacion y seguridad vial luis_pol
 
InstantPowerPoints default form
InstantPowerPoints default formInstantPowerPoints default form
InstantPowerPoints default formInstantPowerPoints
 
Nimble tools for new product development
Nimble tools for new product developmentNimble tools for new product development
Nimble tools for new product developmentLois Lewis
 
Beltech food november 2015
Beltech food november 2015Beltech food november 2015
Beltech food november 2015Ron van Dooren
 
Arte de vaguardia
Arte de vaguardiaArte de vaguardia
Arte de vaguardiaLauritacant
 
Hiit - Análise Fisiológica
Hiit - Análise Fisiológica Hiit - Análise Fisiológica
Hiit - Análise Fisiológica Luana Dias
 
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간전 윤희
 
Interesting case orthokorat clavical fracture
Interesting case orthokorat clavical fractureInteresting case orthokorat clavical fracture
Interesting case orthokorat clavical fractureyod bhu
 

Viewers also liked (20)

A Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN ProgrammabilityA Software Engineering Perspective on SDN Programmability
A Software Engineering Perspective on SDN Programmability
 
Software defined network-- SDN
Software defined network-- SDNSoftware defined network-- SDN
Software defined network-- SDN
 
Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1Pei formulacionpei-ugel 04-22-02-16 revisado1
Pei formulacionpei-ugel 04-22-02-16 revisado1
 
Manual de periodismo radiofónico
Manual de periodismo radiofónicoManual de periodismo radiofónico
Manual de periodismo radiofónico
 
PHP - O que, porquê e como
PHP - O que, porquê e comoPHP - O que, porquê e como
PHP - O que, porquê e como
 
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCION
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCIONARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCION
ARTÍCULOS IMPORTANTES DEL PROYECTO DE CONSTITUCION
 
Streaming XXI
Streaming XXIStreaming XXI
Streaming XXI
 
Software defined storage rev. 2.0
Software defined storage rev. 2.0 Software defined storage rev. 2.0
Software defined storage rev. 2.0
 
señalizacion y seguridad vial
señalizacion y seguridad vial señalizacion y seguridad vial
señalizacion y seguridad vial
 
Ets colegio
Ets colegioEts colegio
Ets colegio
 
Software defined network
Software defined networkSoftware defined network
Software defined network
 
InstantPowerPoints default form
InstantPowerPoints default formInstantPowerPoints default form
InstantPowerPoints default form
 
Modolo 3 cuadro s.
Modolo 3 cuadro s.Modolo 3 cuadro s.
Modolo 3 cuadro s.
 
Nimble tools for new product development
Nimble tools for new product developmentNimble tools for new product development
Nimble tools for new product development
 
Beltech food november 2015
Beltech food november 2015Beltech food november 2015
Beltech food november 2015
 
Arte de vaguardia
Arte de vaguardiaArte de vaguardia
Arte de vaguardia
 
Hiit - Análise Fisiológica
Hiit - Análise Fisiológica Hiit - Análise Fisiológica
Hiit - Análise Fisiológica
 
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간
비그알엑스『 W3.ow.to 』 톡 w2015 ♡ 비그알엑스판매, 비그알엑스효과,비그알엑스정품구입,비그알엑스부작용,비그알엑스지속시간
 
Interesting case orthokorat clavical fracture
Interesting case orthokorat clavical fractureInteresting case orthokorat clavical fracture
Interesting case orthokorat clavical fracture
 
Ley resorte
Ley resorteLey resorte
Ley resorte
 

Similar to Software-Defined Networking Changes for the Paradigm for Mission-Critical Opeational Technology Networks

Study materials for software defined networks
Study materials for software defined networksStudy materials for software defined networks
Study materials for software defined networkstguna21
 
Multi port network ethernet performance improvement techniques
Multi port network ethernet performance improvement techniquesMulti port network ethernet performance improvement techniques
Multi port network ethernet performance improvement techniquesIJARIIT
 
Introduction to Networks_v0.2
Introduction to Networks_v0.2Introduction to Networks_v0.2
Introduction to Networks_v0.2Sohail Gohir
 
Unit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelUnit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelJacqueline Thomas
 
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...IJNSA Journal
 
Reference models in Networks: OSI & TCP/IP
Reference models in Networks: OSI & TCP/IPReference models in Networks: OSI & TCP/IP
Reference models in Networks: OSI & TCP/IPMukesh Chinta
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPTAIRTEL
 

Similar to Software-Defined Networking Changes for the Paradigm for Mission-Critical Opeational Technology Networks (20)

Study materials for software defined networks
Study materials for software defined networksStudy materials for software defined networks
Study materials for software defined networks
 
Multi port network ethernet performance improvement techniques
Multi port network ethernet performance improvement techniquesMulti port network ethernet performance improvement techniques
Multi port network ethernet performance improvement techniques
 
Introduction to Networks_v0.2
Introduction to Networks_v0.2Introduction to Networks_v0.2
Introduction to Networks_v0.2
 
Unit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi ModelUnit 3 Assignment 1 Osi Model
Unit 3 Assignment 1 Osi Model
 
CCNA Report
CCNA ReportCCNA Report
CCNA Report
 
Software Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic EngineeringSoftware Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic Engineering
 
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
 
nv.ppt
nv.pptnv.ppt
nv.ppt
 
networking1.ppt
networking1.pptnetworking1.ppt
networking1.ppt
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPER
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Final_Report
Final_ReportFinal_Report
Final_Report
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ccna day1-130802165909-phpapp01
Ccna day1-130802165909-phpapp01Ccna day1-130802165909-phpapp01
Ccna day1-130802165909-phpapp01
 
Ccna day1
Ccna day1Ccna day1
Ccna day1
 
Ccna day 1
Ccna day 1Ccna day 1
Ccna day 1
 
Reference models in Networks: OSI & TCP/IP
Reference models in Networks: OSI & TCP/IPReference models in Networks: OSI & TCP/IP
Reference models in Networks: OSI & TCP/IP
 
Ccna PPT
Ccna PPTCcna PPT
Ccna PPT
 
IFD30104 Chapter 1
IFD30104 Chapter 1IFD30104 Chapter 1
IFD30104 Chapter 1
 

Recently uploaded

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Software-Defined Networking Changes for the Paradigm for Mission-Critical Opeational Technology Networks

  • 1. Software-Defined Networking Changes the Paradigm for Mission-Critical Operational Technology Networks Paul Robertson
  • 2. © 2017 by Schweitzer Engineering Laboratories, Inc. All rights reserved. All brand or product names appearing in this document are the trademark or registered trademark of their respective holders. No SEL trademarks may be used without written permission. SEL products appearing in this document may be covered by US and Foreign patents. 20170125
  • 3. 3 Introduction While software-defined networking (SDN) was developed primarily to solve an information technology (IT) problem by providing a more efficient approach to managing dynamic high-traffic networks, SDN also offers significant advantages for operational technology (OT) networks. While both OT and IT networks manage the transfer of data, OT networks support process- oriented applications. They manage the process and automation systems that control power systems, industrial plants, transportation infrastructure, and other critical systems. Unlike IT networks that deal primarily with the movement of data, OT networks are focused on the real-time decision making necessary for the operation of mission-critical systems. They carry information from sensors, transducers, intelligent electronic devices, and automation controllers. Ethernet has become an established technology for data networking, based largely on its success in creating a common interface and protocols to enable interoperable communications between devices and applications from multiple manufacturers. Ethernet’s convenience has led to its widespread use in OT networks. However, for managing real-time processes, traditional Ethernet has several limitations: slow healing times, forced behavior, no inherent security, difficult testing, and no network visibility. This white paper originally appeared as an article in [1]. SDN Explained SDN is a new approach for managing the forwarding of Ethernet packets through a network. It is revolutionizing the management and operation of large-scale IT enterprise networks, cloud infrastructures, and data center systems. SDN provides better support for the highly dynamic characteristics of these networks. SDN is ideally suited for OT networking as well because it resolves the limitations of applying Ethernet to real-time OT systems. Before explaining how SDN addresses the unique challenges of OT systems and how OT-focused SDN offers a different value proposition than IT-focused SDN solutions, it is helpful to review the technology. A basic SDN architecture is shown in Figure 1. Application Layer Control Plane Data Plane OpenFlow® Operation, Administration, and Maintenance Applications Configuration Programming Network Visualization Simple Packet-Forwarding Hardware Simple Packet-Forwarding Hardware Simple Packet-Forwarding Hardware Network Operating System Figure 1 SDN Architecture In SDN, the control plane—which determines what to do with each Ethernet packet by making forwarding decisions—is separated from the data plane, which physically forwards the Ethernet data packets.
  • 4. 4 In traditional Ethernet, the control plane is located in network appliance hardware (i.e., switches). In SDN, however, the control plane is located in software called a flow controller. This allows the switching hardware to be simpler and optimized for packet forwarding. At the same time, the flow controller is able to take advantage of a software-oriented architecture to program and configure all of the switches in the network. The combination provides a programmatic approach to implementing networking functions that results in enormous flexibility, greater speed, and increased security. Several protocols have been defined to provide an interface between the control plane and the data plane. OpenFlow, for example, is an interface specification developed by the Open Networking Foundation to promote the adoption of SDN and enable interoperability between different flow controller implementations and different manufacturer’s switch hardware. In addition to the control plane, SDN defines an application layer that provides a method for supporting operation, administration, and maintenance tasks. The application layer provides a mechanism to extract meaning from and interact with the complexity of the low-level programming rules and actions that control how each packet is forwarded. This simplifies the network configuration process and enables users to configure their networks using a higher level of abstraction. How SDN Works SDN uses the following terminology: • Match criteria specify Ethernet frame header information attributes that each ingress packet is compared against. • An instruction defines a specific action or set of actions that is applied to all packets that meet specified match criteria. Instructions define which port to forward a packet out of and what path the packet takes across the network. • A flow is a group of attributes that defines a single communications session. Each flow is defined by a set of match criteria and corresponding instructions that are applied to each packet that ingresses a switch. • A flow table contains all of the flows defined within a switch. • The flow controller is the centralized controller that programs the rules and flow tables in each switch. The flow controller gives each switch a set of rules containing match criteria and instructions to determine the operations that should be performed on each packet the switch receives. These rules are stored in a flow table. The switch matches the packet header information against each rule contained in the flow table. If a matching flow table entry is found for a packet, the actions associated with that flow table entry are executed, such as sending the packet out a specific port number, modifying a field, or dropping the packet. Instructions can be predefined for a situation in which an SDN switch receives a packet it has never seen before (i.e., for which it has no matching flow table entries). One very powerful attribute of SDN is that it allows a deny-by-default security profile that can instruct each switch to drop every packet that does not meet a predefined rule. Counters are maintained for each flow table entry and used to maintain statistics on traffic by flow, port, queue, and so on. Each switch has the ability to look deep into an Ethernet frame and use that information to determine a rule and an associated action. This makes SDN switches true multilayer devices that can operate across Layer 1 to Layer 4 of the Ethernet frame (see Figure 2).
  • 5. 5 SDN Flow Match Rule Layer 1 Layer 2 Layer 3 Layer 4 Ethernet Frame PayloadIP HeaderEthernet Header TCP/UDP Header PayloadIP HeaderEthernet Header TCP/UDP Header Ingress Port Figure 2 Multilayer Match Rules Forward Approved Packets Layer 1 is the physical layer that defines the physical port and media that data are received and transmitted over. Layer 2 is the data link layer that establishes and terminates connections between physically connected devices. It uses media access control (MAC) addresses to uniquely identify each device. Layer 3 is the network layer. It provides the mechanism to transfer variable-length data from one node to another. It is responsible for packet forwarding between routers using Internet Protocol (IP) address information. Layer 4 is the transport layer. It is responsible for establishing connectivity between applications on host devices. It uses sockets to define the end points in the network. A socket address is a combination of the IP address and the port number. The port number defines the communications protocol and associated application. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are the most commonly used protocols. In the following example, TCP Port 20000 is used, which defines Distributed Network Protocol (DNP3) for supervisory control and data acquisition (SCADA) applications. Because each SDN switch can operate as a multilayer device, it is possible to create complex match and action rules that are application-aware. In the example shown in Figure 3, the switch has been configured to only forward SCADA traffic between two specific devices. A rule has been created to only forward DNP3 packets on TCP Port 20000 that are received through Port 1 and meet the following criteria: • Source MAC address: 00:30:A7:06:29:01. • Destination MAC address: 00:30:A7:06:13:29. • Source IP address: 1.1.1.2. • Destination IP address: 2.2.2.2. • Destination TCP port: 20000. If the packet matches these criteria, the switch forwards the packet out Port 3. Action Output Forward Port 3 Physical Port ID Source MAC Address Destination MAC Address EtherType VLAN ID IPv4 Source IPv4 Destination TCP/UDP Source TCP/UDP Destination 1 00:30:A7:06:29:01 00:30:A7:06:13:29 * * 1.1.1.2 2.2.2.2 * 20000 Packet OpenFlow Switch 1 3 4 2 PacketPacket OpenFlow Switch 1 3 4 2 Packet Figure 3 OpenFlow Match and Action Example
  • 6. 6 This multilayer rule example demonstrates several powerful concepts. SDN allows application- specific network paths to be engineered; it enables each network device to operate as a Layer 2, 3, and 4 device; and it supports the ability of each switch to operate as a deny-by-default gateway. Applying SDN to OT To date, SDN’s success has been attributed to its ability to solve challenges associated with managing the large, dynamic IT networks with high and variable traffic loads primarily found in data centers. These IT networks have changing usage patterns, unpredictable application demand, and varying traffic volumes. In contrast, OT networks are static. In an OT network, all applications and services are known at the design stage, and a rule set can be predefined for each switch to support the application and connectivity requirements of the network. Typically, very few changes are required to the network over time, and traffic volume remains predictable. Microsecond Failover Times By optimizing switching hardware to efficiently execute the match rules within the flow tables, it is possible to achieve microsecond-speed packet inspection, decision, and forwarding times. In addition, by predetermining each primary and failover path, it is possible to perform path healing in tens of microseconds, which is two orders of magnitude faster than the spanning-tree algorithms (STAs) used by traditional Ethernet. Networks can heal quickly enough that the only data loss is that of the packet being transferred during the link failure. In many cases, zero packets are lost during failover events. Predictable Behavior With SDN, it is possible to define different forwarding paths for different applications. In the example shown in Figure 4, engineering access, SCADA, and Generic Object-Oriented Substation Event (GOOSE) traffic have each been given different forwarding paths across the network. There are two paths defined for GOOSE, a primary path (GOOSE 1) and a failover path (GOOSE 2). The GOOSE 2 path is on a dedicated port and cable that are separate from the engineering access path. Flow Controller Engineering AccessSCADA Combined Traffic GOOSE 1 SDN Switch SDN Switch SDN Switch Automation Controller IED IED SDN Switch PC GOOSE 2 Figure 4 Control Packet Forwarding by Application
  • 7. 7 With SDN, it is possible to have multiple physical connections between the same switches to provide physical redundancy and traffic segregation. This is not possible with traditional Ethernet because STAs prevent multiple physical connections by blocking ports. By taking this traffic engineering approach, predictable delivery and failover performance can be achieved, and network performance can be validated under all contingencies prior to commissioning. Stronger Network Security Within an OT environment, new applications should not start communicating across the network to meet changing end user needs. As a consequence, the network does not rely on constant participation with the flow controller to manage updates to flow tables. After the initial configuration of each switch by the flow controller, the network can be locked down with a rule set that only allows predefined application traffic to be forwarded. This provides a significant security advantage over traditional Ethernet. Each switch provides a deny-by-default function on every incoming packet. If the packet does not match a predefined rule, it is dropped by default. Alternatively, it can be forwarded to a dedicated Intrusion Detection System (IDS) for further analysis. SDN offers significant network security advantages to help address concerns about the vulnerability of critical infrastructure systems, such as the power grid, to cyberattacks. Simplified Design and Test One of the biggest challenges with designing and implementing Ethernet networks is verifying that the network will behave as designed, particularly during failover scenarios. There is no easy way to perform contingency testing other than pulling cables and using a protocol analyzer to verify that the STA being used has converged as expected based on the root switch and network topology. SDN changes the paradigm for network design and testing. Using software to abstract the implementation of each rule, the network designer can specify the path each application should take through a network and predefine each failover path. The network can then be validated for each contingency using a programmatic approach that ensures all failure scenarios are tested and validated. Interoperability SDN is based on Ethernet and does not require the modification of the Ethernet packet in order to be implemented, so it is interoperable with standard Ethernet. Care should be taken when establishing the boundaries between SDN and traditional managed Ethernet networks that rely on protocols to operate. Protocols, such as Border Gateway Protocol (BGP), Rapid Spanning Tree Protocol (RSTP), and Open Shortest Path First (OSPF), are in constant conversation in a traditional managed Ethernet network. SDN does not use these protocols to manage network operation, and therefore, SDN cannot be mixed with managed Ethernet switches across a single topology. Distinct boundaries between an SDN and a managed Ethernet network should be created, and rules should be implemented to instruct an SDN switch on how to appropriately deal with managed Ethernet protocol packets. Network Visibility Lack of network management capability has always been a limitation of traditional Ethernet. By putting the control plane in a centralized entity, the flow controller can monitor the configuration, health, and status of the complete network.
  • 8. 8 Conclusion SDN offers a fundamental change to the way Ethernet networks determine how to forward packets and to how they are managed by the network administrators. SDN removes the control plane from the physical switching hardware and locates it in a centralized flow controller. By doing so, switches change from being distributed, intelligent, autonomous devices to being simpler entities that perform a set of instructions provided by the flow controller. A suite of protocols communicating in the background is no longer needed to manage how each switch discovers neighbors, prevents loops, and recovers from link failures. The primary benefit of SDN is its ability to support rapid changes to network operation and topology to address fast-changing user needs. Many view SDN primarily as a solution for dynamic IT networks. However, the principles of SDN offer significant benefits to time-critical OT networking by addressing the limitations that traditional managed Ethernet has in terms of slow healing, forced behavior, lack of security, difficult testing, and lack of network visibility. Table 1 provides a summary of the key advantages that SDN provides over traditional Ethernet. SDN offers a performance breakthrough in all of these areas and promises to redefine Ethernet for mission-critical applications. Table 1 Comparison of SDN and Ethernet Performance Attribute SDN Traditional Ethernet Healing <0.1 ms >10 ms Predictability Yes No Security Deny-by-default Based on trust Design and testing Simple Difficult Interoperability Yes Yes Network visibility Yes No Reference [1] P. Robertson, “Software-Defined Networking for Mission-Critical Operations,” Industrial Ethernet Book, Issue 98, February 2017. Available: http://www.iebmedia.com. Biography Paul Robertson is a senior marketing program manager for the communications product lines at Schweitzer Engineering Laboratories, Inc. (SEL). He has over 25 years of experience developing and marketing products for the telecommunications industry, spanning cellular wireless and wire line communications systems. Paul worked in various technical and marketing roles for Motorola, Hewlett-Packard, and Agilent Technologies before joining SEL. He has a B.Eng. in electrical and electronic engineering from the University of Strathclyde and an M.B.A. from Edinburgh Business School. Schweitzer Engineering Laboratories, Inc. Tel: +1.509.332.1890 | Email: info@selinc.com | Web: www.selinc.com *LWP0016-01*