Software Defined Networking
Welcome back to the course on Computer Networks and Internet Protocols. So, till thelast class we have looked into the detailed design of IP routing mechanism and thestructure of IP router. Now we will go to a little advanced topic which we call as theSoftware Defined Networking.So, this concept of software defined networking is an recent and upcoming standard andall the traditional routers are expected to be replaced by SDN enabled router. So, we willbriefly discuss about what is SDN? What is the utility of SDN? How SDN differs from atraditional router architecture that we have discussed earlier.And then we will look into certain topics in SDN that how we can program a router withthe concept of SDN technology. And how we are gradually migrating from a traditionaldistributed router architecture to the SDN supported router architecture. So, the conceptof SDN is something like this.(Refer Slide Time: 01:27)A software defined networking architecture it is a network framework which involves inseparating a network’s control function from its data forwarding function, andcentralizing its intelligence, and abstracting its underlying architecture from applicationsand services. So, that is the kind of formal definition of software defined networking.Now the broad keywords inside these definitions are as follows, first of all we are tryingto separate out the control functionalities and the data functionalities inside a router.What is mean by separating out the control functionalities and data functionalities?So, in the last few lectures we have seen that well inside a router you have two differentlevels of abstraction. You have the control plane which is implemented as a part of thesoftware which implements the routing functionalities and the construction of the routingtable and its management, and we have our data functionalities.In the data functionalities your task is to forward a packet by looking into the destinationIP field in the IP header, and making a match with the routing table the local copy of therouting table inside the interface that is the forwarding information base, and thenforward the packet to the outgoing interface. Now, these control functionalities and thedata functionalities traditionally they are implemented in a single router. Now wheneveryou are implementing the control functionalities and the data functionalities in a singlerouter, then the complexity of the control functionality becomes higher. Why it becomeshigher?Because now you have multiple routers with their control planes and those control planesneed to coordinate with each other to generate the global routing table, or to manage theglobal routing table. And, these control need to be performed in a distributed waybecause of its architectural limitation or the way we have designed this traditional routerarchitecture.And with this distributed control architecture, first of all your routing protocol getsproblematic as we have seen that both distance vector and the link state routings havesignificant limitation in terms of their scalability, distance vector routing cannot getscalable because of this count to infinity problem, where as the link state routing protocolthat cannot get scalable. Because of its size of the link state packets or the size of the linkstate information that you need to maintain if you implement it over a large network.So, because of such limitations we have restricted this link state routing and the distancevector routing within a local internet, or within a subnet. And from network to networkwe have this border gateway protocol which implements the policy. Now this maydifficult for the network managers because, if there is a policy change then you need toupdate every individual router. And, all the routing protocols in all the routers controlplane they need to get coordinated with each other to make an policy update at theindividual routers, and obviously, in a distributed architecture it will take time.And because of this time requirement there can be inconsistencies across the routers andthese inconsistencies can get significant in a large network. So, that is why managing arouter, managing a subnet with some say 1000 routers is a very difficult task. And youare deploying these routers not in a single day gradually you are expanding your networkand you do not know that what was the configuration of the earlier routers and you needto make a match of the configuration from these two different routers. Then comes offthe compatibility among the vendors, it is not like that all the routers of an organizationthey will come from Cisco, or even if they come from Cisco they will have the samemodel as you make a gradual deployment that routers may come from different vendors.The routers may have different models their configuration options may be different ifyou just look into the Cisco IOS manual you will see that it is a some 5000 pagedocument. So, the management functionalities are very complex.And with this distributed architecture, maintaining consistency across the configurationof the routers at the control planes are different level did that become difficult and that iswhy we gradually try to move from a distributed control plane architecture to acentralized control plane architecture. And that is the basic motivation behind the designof a software defined networking concept.So, let us go to a little details about this SDN abstraction here the idea is that youseparate out these control planes from the routers and make a centralized control plane.So, you take out the brains from the router. So, this control planes you can say that itwork like a brain of the router because, it makes the decisions and that TCAM hardwarejust making a forwarding processing. So, you are taking this brains out of this individualrouters and putting a centralized, putting the brains in a centralized place which is yourentire route controller.(Refer Slide Time: 07:19)So, as you have looked earlier that the control plane and the data plane. The control planeis the module which takes all the decisions; basically it is an instructor the routingalgorithms implemented in the control plane. And the data plane is the module whichcarries out the tasks given by the control plane - the forwarding on the packets.(Refer Slide Time: 07:40)Now, the traditional networking devices they are proprietary. The vendors they decidethe software and the hardware. Both the control plane and the data plane and there is nosuch standardization that there should be this kind of match. Every vendor apply theirown optimization. And because of that it is very difficult to purchase the hardware fromCisco, and then take another operating system and load it on a Cisco router. Although,there are certain routers which can support open source network IOS or router OS.But they also have their own restrictions in terms of performance and manageability. Butfor the commercial routers in general the hardware and the software both comes from thesame vendor and it is difficult for interoperability, managing interoperable.Interoperability is possible, but managing interoperability among products from differentvendors as the kind of difficulty in a large network.(Refer Slide Time: 08:47)So, the idea is to separating out the control plane and the data plane. So, the idea is thatthe vendor will only provide the hardware that is the data plane and we decide thecontrol plane by writing the custom logic that is the software.So, the control plane will be decided by the application designer, or the network manageror the network support team whereas, the data plane will only come from the vendors. Sothat now the vendors they will just deliver a dumb switch it just have the TCAM, just hasthe TCAM hardware along with the forwarding engine, the control logic is not there. Wewill implement our control logic ourselves.(Refer Slide Time: 09:30)So, the vendors will only provide the hardware and we will decide the control plane bywriting custom logic. The advantage is that first of all the features are no longer limitedto what the vendor provides. You can always write your own network application as apart of the controller.Or the community development in our open source movement people can come togetherand design a new network protocol and implement it on a control plane itself. And youdo not require a vendor support for that and it obviously, increases the product lifetime.(Refer Slide Time: 10:13)So, here is a brief idea about how does SDN work? So, compared to the traditionalnetwork a software defined network has two type of devices. The controller which is thebrain of the network and the switches that is the hardware devices they are kind of dumbswitches that they do not have any logic in built inside them. So, the switches in SDN arekind of blind switches. So, they do not have any built in features and that needs to beinstructed by the controller. So, the switches so here is an example of an SDN switchzodiac effects switch which is a tiny SDN switch, it has 4 interfaces and TCAMhardware.So, this is the TCAM hardware and this is the microcontroller; microcontroller for theswitch. So, it just comes with this much of hardware and whatever routing logic thatwould be there that will be instructed by the controller itself, and the controller cancomes from different open source standard. For SDN we have this protocol calledOpenFlow. OpenFlow is a open source standard for making controller to switchcommunication and based on this OpenFlow standard, there are multiple open sourcecontrollers which are available there is controller like Ryu, and many others SDNcontroller like the old controller was something called POX which is a Python basedcontroller then NOX.So, this kind of controller are there OpenDaylight then I can name a few othercontrollers. So, there are different such open source controllers, whatever controller youprefer you can use it in a standard computer. Now this entire brain can be put on astandard computer. You do not require specialized hardware for that because routeprocessor is nothing but a general purpose processor. So, that is why you can put thisentire control logic on a single computer.So, you can install this controller one of the controller Ryu, POX, NOX open daylightanything whatever is your personal choice. You can install it on a personal computer andfrom that personal computer you can make the things communicate with each other.
Software Defined Networking-Part 2
So, this is the architecture the we have a controller which is nothing but computergeneral purpose computer that works like the brain of the inter network and then we canhave multiple switches. These switches are the kind of dumb policies. Controller actuallydecide and teaches the switches how to forward a packet and then you can have multiplehosts.Now let us so this is a very simplified architecture. I am trying to explain you the basicconcept with this simplified architecture. So, let us look into an example that how theentire thing works in an SDN environment. So, in a traditional networking environmentyou do not have this controller. So, you only have this switch and the host, and theswitch has the entire routing logic. Now here the routing logic is taken out from theswitch an it is put on controller. Now note that you can have multiple switches which areconnected to this controller. Indeed all the switches in our organization they can beconnected to a single controller.The controller will actually perform this routing logic in a centralized way, that way weare actually avoiding the problems associated with a distributed routing logic and we arealso reducing the overhead which comes from the distributed routing protocols. And weare putting this entire information in a controller which will dynamically teach theswitches about how to forward the packet. So, let us look into the example.(Refer Slide Time: 14:17)So, you want to forward a packet from h1 to h3, your source is h1 and the destination ish3. So, the host forwards the packet to switch s1. Now whenever the packet comes toswitch s1, initially this switch does not have any information. It just have a TCAMhardware, and switch fabric, so it does not know how to forward the packet.So, what the switch does? The switch sent an packet in event to the controller; thatmeans, the switch informs the controller that I have received a packet. With this packet inmessage, it sends the packet information, the packet metadata to the controller. And thenthe controller actually decides that what to do with that packet and return back theinformation to the switch in a packet out event. And till that time the packet is buffered ats1, buffered at the switch.(Refer Slide Time: 15:16)Now, the controller sends the rule to the switch then this rule is installed in that TCAMhardware of the switch. So, we’ll discuss the OpenFlow protocol in details in the nextclass. During that time, I will show you that how we actually write the rules and how arule looks like. And this rule is actually a very simple thing the rule is just kind of matchaction pair right. So, a switch rule is nothing but you have a match data and then actiondata. So, the match data says that say if your destination IP is some 10 dot 2 slash 16then you, your action is say forward, forward to say interface eth0 forward it to interfaceeth0, so that can be a simple rule. So, this rule is now generated by the controller. So,earlier this rule was actually inside the routing table. Now this rule is generated by thecontroller and then the controller actually sends this to the switch and it is installed in theTCAM hardware of the switch.(Refer Slide Time: 16:39)Now the switch has this rule; so, once the switch has this ruled in the switch forwards thepacket to extreme. Now the rule is already installed in the TCAM hardware of theswitch.(Refer Slide Time: 16:45)So, that is why for the subsequent packet you do not require to communicate with thecontroller the communication in the controller is only required for one type. So, youforward it to s1 and then send it back to h3 and that is the rule which is being installed ins1. And for all the subsequent packet there would be a TCAM hit and the cache hit. So,whenever there is a cache hit, you directly forward it to h3.Now this is this entire SDN architecture and before going to the SDN architecture, let metell you the power of SDN. Now with the help of this dynamic configuration you canactually support lots of new things along with a simple forwarding.So, now with this match action pair kind of rules, with this match action pair kind ofrules, you can also implement a firewall. How you’ll implement a firewall? You canimplement the firewall is something like this say if your destination IP is 172 dot 16 dot20 slash 24 then you drop the packet that can be a firewall rule which you can alwaysinstall inside s1, inside the switch inside the TCAM hardware of the switch.So, that way you can design a wide class of rules. So, we will discuss in the next classthe different OpenFlow supported rules which are there in the OpenFlow standard. Andyou can actually support a large pool of such rules to implement different kind ofnetwork application at the controller. You can implement the firewall, you can implementa NAT, you can implement a forwarding gateway, you can implement a packet gateway.Even you can process because the controller is working at the application level, you canalso process at the level of virtual LAN, or at the level of even at the transport layer. Youcan look into the port and based on the port you can decide what to do.So, for example, if you just want to ensure that you should not send any packet to port80. So, you can just write a rule like this say if your port is equal to 80, then you drop thepacket well. So, you can also write the rule in this way at the controller side. So, that wayyou can implement the wide class of network application at the controller and it is notlimited only to forwarding and routing behavior.So, ultimately most of the network functionalities you can map it to a forwardingbehavior. So, you are deciding how to forward a packet, or you are deciding whether atall to forward the packet or not. So, all these things can be handled by a single controllerand that is having a centralized logic. Because it has a centralized logic, managing thisentire thing is very easy because, nowadays now you do not require this distributedconfiguration of the control plane of individual routers. Just sitting on a single computerwhich has a controller software installed, you can implement all these networkapplications.(Refer Slide Time: 20:06)So, this is the board SDN architecture. At the infrastructure layer you have theprogrammable switches, the different programmable switches which are the dumbswitches. But they can be programmed dynamically then you have a network controllerat the control layer. And finally, you are running you can run multiple applications on topof this network controller you can implement a firewall, you can implement a customforwarding engine, you can implement a packet gateway, whatever application you wantto implement on top of this controller.(Refer Slide Time: 20:42)So, here is the difference between the traditional network and SDN. So, in case of atraditional network you have the control plane and the data plane inside every individualswitches. And this control plane they will talk with each other, work in a distributed wayand on top of that you have the network applications which are running. And nowbecause these network applications say one network application is interacting with thisparticular router, another network application is interacting with this router.So, there can also be consistency problem not the configuration problem, it may happenthat this network application is having a conflict with the another network application,and deciding that conflict in a distributed architecture is very difficult. But whenever weare moving to a centralized SDN architecture, or logically centralized architecture, thedata planes are distributed well they just implement a forwarding logic, but the controlplane is centralized and all the application are actually talking with a single controlplane.Now what you can do, this is another power of SDN that you can implement a compilerkind of software here, or an interpreter or a compiler, or a compiler inside this controlplane which will generate the rules from individual programs. And then it will also checkwhether two rules are having a conflicting behavior with each other or not. So, that wayyou will be able to identify the conflicting rules or you will be able to also manuallycheck whether the rule is actually conforming to the network policy which you want tobuild inside your network. So, that way this internet work management procedurebecomes simplified.And it provides you a flexible and cost effective architecture to manage a large scale ofnetwork. So, that is a brief introduction about software defined networking concept; inthe subsequent classes we’ll go to the little details about the software defined networkingconcept. We look into the OpenFlow standard in detail. So, the OpenFlow standard is aset of protocol or a set of messages which help you to communicate between controlcontroller, a centralized controller and a router, or SDN switch in SDN term we do notcall it as a router. Because now the routing functionalities are not implemented inside thedevice we just call it as a SDN switch.So or sometime it is called open switch. So, we just this OpenFlow controller, it designeda set of messages to interact between the controller and a OpenFlow switches, or theSDN switches. So, you look into the OpenFlow protocol in details as well as we lookinto certain aspects of SDN in further details. So, thank you all for attending this class.
Log in to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Sign up to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Please enter you email address and we will mail you a link to reset your password.