Loading

Module 1: Routers and Networking

Notes
Study Reminders
Support
Text Version

Set your study reminders

We will email you at these times to remind you to study.
  • Monday

    -

    7am

    +

    Tuesday

    -

    7am

    +

    Wednesday

    -

    7am

    +

    Thursday

    -

    7am

    +

    Friday

    -

    7am

    +

    Saturday

    -

    7am

    +

    Sunday

    -

    7am

    +

SDN: OpenFlow
Welcome back to the course on Computer Network and Internet Protocols. So, in the lastclass, we were discussing about the concept of software defined networking and we havelooked into the basic architecture for the software defined networking and the broadconcepts around that. So today, we will gradually go towards an implementationperspective of the software defined networking and the software component of it, wherethe routers are the network devices or software controls.So, we look into that what type of software or which software will actually control thisentire networking architecture. So, in this context, we will look into a specific opensource protocol implementation, which is called OpenFlow and in subsequent classes, welook into a demonstration of SDN network by utilizing OpenFlow protocol stack.(Refer Slide Time: 01:16)So, let us go to the details of that. So, as you are discussing that traditionally, in thenetwork community, the innovation is a closed innovation. So, closed innovation meansin a single box, we have the individual components or individual networkingcomponents, which should be there like here, if you just follow this diagram you havethe packet forwarding hardware, the network operating system and the different kind ofnetworking application everything is bounded on the single bounding box. So, thiscontains the router hardware so, you can talk it as a router.So, this contains the router hardware and inside the router, you have the hardwarecomponent, which is implemented in TCAM or in traditional router, it is CAM. So, oneof this type of hardwares on top of that, we have the network operating system thatactually implements the different kind of networking protocols and routing controlprotocols. And on the top of that we have different kind of applications like the firewallapplication, the packet forwarding applications, which are there inside a router. Nowwhenever you purchase a single router, this entire bounding box that comes from avendor and that is why, we call it as a closed innovation.So, closed innovation basically says that well both the hardware as well as softwarealong with the applications which are associated with your network functionalities,everything is coming from the same vendor as the same packets. As a result, the problemcomes in terms of first interoperability, the second is the network manageability. So, ifyou purchase a Cisco router and a Netgear router or a HP router. In general, it is theburden of the network operator to look into the individual configurations of the routersand then configure them in such a way so that, these routers can talk with each other orforward packets from one router to another router.And these operating systems, they being the vendor specific like whenever, you arepurchasing a router from Cisco, the network operating system is coming from Cisco,Cisco internet operating system, IOS or any other operating system, whenever you arepurchasing a router from Netgear, the operating system is coming from them.So, because the operating system and the farmer are hardware dependent and it is vendorspecific and that is why, the configuration or handling the operating system for a networkadministrator, who will actually give the input of the networking policy, for them thisentire architecture becomes difficult to handle. So, because of that we gradually movefrom this kind of closed innovation network to a open innovation network.(Refer Slide Time: 04:24)So, the open innovation network basically talks about something like this, now, thevendors will only supply the packet forwarding hardware, which at the dumb switches orwe call it as the open switches or blind switches. So, there are different terminologies,which are being used in the networking community. So, you are getting this packetforwarding hardwares from different vendors and then you have a central network wideoperating system, this network operating system, which is a open operating system.So now, we are basically, segregating the hardware from the software or in routingfunctionalities as we are discussing in the last class, we are separating out the datafunctionalities or the data part functionalities from the control functionalities. So, thedata part part functionalities are still implemented inside the hardware inside this packetforwarding engine, where you have this TCAM implementation. So, it is still in thehardware side, but on the software side, you can choose your own software, which youcan utilize to configure all these hardwares all together and then on top of that you canwrite your own network applications and the advantage is that now, you do not need tobother about, whether your routers are coming from Cisco or from Netgear. You canpurchase the hardwares from any vendors in the world and then you can connect it inyour network and all these hardwares should be programmable with the help of thisnetwork operating system. So, the only modification in the hardware side is that. Nowthis hardwares the packet forwarding hardwares are programmable hardware.So, these are programmable hardware, that means, with the help of this networkoperating system, you can dynamically program the hardware so, that you can install theforwarding rules or you can install the configurations dynamically, based on the networkoperating system that you are using. So, the question comes that with this kind of SDNarchitecture, where we are gradually moving from a closed innovation network to a openinnovation network, what are the requirements and how will you fulfill thoserequirements?(Refer Slide Time: 06:48)So, the things come from here. So, this was the broad SDN architecture as we arediscussing. So, we have the infrastructure layer at the bottom. So, this infrastructure layerhave different kind of hardwares like, you have the servers, you can have the openswitches, you can have the top of rack switches, you can have edge routers or datacentergateways. Then, we have a control layer in between and that control layer has all thecontrol functionalities, which are inbuilt inside that. And on top of that, you havedifferent kind of networking application. The application layer, where you can writedown the network application like, the flow optimizer, the network topology viewer,network management application, policy enforcement application, load balancernetwork, automation network, bandwidth management, whatever application you canthink of and you can design on top of that.So, this control layer, which works like a brain of this entire network, we are making itlogically centralized. So now, the architecture is that we have multiple hardwarecomponents, which are there and all these hardware components are connected to acentral controller. And this controller actually contains the control layer. So, thesehardwares are connected over the network as they are there in the normal network. So,because these are just a blanket hardware or this does not have any kind of softwareinbuilt, we call it as the blind hardware or the open hardware and in case of normalnetworking terminology rather than calling it as a router, we call it just like dumb switch.So, this dumb switch does not have any knowledge about what to do. Neither layer 2knowledge, non layer 3 knowledge and this controller, whenever you are programmingthis controller, this controller will actually configure this dumb switches dynamically, putthe intelligence inside the switch. Now this controller has all these different kind ofmodule, which can be there like you can have a GUI module, the cluster module to forma cluster, the layer 2, layer 3 module to implement the layer 2 and layer 3 functionalitiesof the network protocol stack, the VPN module to create a virtual private network. Thequality of service module or access control list module to implement access control listor quality of service, DHCP module to implement DHCP protocol and the plug-ins,which he called normally as the southbound plug-ins to interact with the programmableinfrastructure layer.So here, you have 2 different interfaces from the control layer. From the control layerone interface that talk with the applications different kind of applications that, we call asthe northbound interface and then with the control layer to the infrastructure layer, werequire another interface, which is called a southbound in process. Now the task of thenorthbound interface is to understand this individual application layer program, and theseapplication layers programs are implemented by utilizing your favorite programminglanguage. So, you can use Python, you can use Java accordingly, you have to choose thecontroller.So, for example, in a typical SDN network if you are familiar with Python, you canchoose the POX or Ryu kind of controller, if you are familiar with Java programminglanguage, if you want to implement your application using Java programming language,you can use OpenDaylight controller with support Java programming language. So, youcan write down this application with your favorite programming language and the task ofthis northbound interface is to understand, what is written inside the application, compilethe application to the corresponding network protocol. And then map it to one of thesemodules, which are there inside the controller.So, you can utilize this module to write your own program say for example with the helpof you can write a load balancer application, where you can utilize the layer 2, layer 3forwarding module to forward the packet to a specific destination. Now this control layerfrom these individual network functionalities, they have to convert it to the rules, therules that will be programmed to the router and whenever incoming packet comes thatrule will be executed.So, from this individual network protocol to the rule conversion, that is done by thesouthbound interface. So, we look into the details about, how these rules are beingimplemented, and how you convert a particular protocol to a corresponding rules in theSDN terminology or in the OpenFlow terminology.(Refer Slide Time: 11:52)So, what we require in summary? So, to talk between the network operating system andthe corresponding infrastructure, we require an open interface to the hardware.So that you do not depend on the corresponding vendors to program your network werequire a open interface to the hardware for that. The second thing is that we require anopen API for the application development so, that any application developer can developa network application. And the third thing is that, we require an extensible operatingsystem to convert the programs to the routes. So, these applications they are nothing buta program from that program, we need to map it to the corresponding rule, which will beexecuted at that TCAM hardware of the packet forwarding engine, which is there insidethe switches.(Refer Slide Time: 12:51)Well. So, what is OpenFlow? So, OpenFlow is a protocol for controlling the forwardingbehavior of Ethernet switches in SDN network. Initially, this concept of OpenFlow wasreleased by clean slate program at Stanford and currently the specifications aremaintained by open networking forum. So, the interesting fact is here that now this,entire networking architecture, they are becoming open, they are moving from a closedcommunity or from a vendor specific community to a open networking community,where every vendors join altogether.So, the vendors are building their hardwares and the community is building the opensource operating system and the interface to interact with the corresponding hardware.So, this helps in 2 ways: first of all, it makes the innovation specific or it makes theinnovation rapid because now this entire software is open to the community, you candesign your own network protocol and test on a hardware for that, you do not need tosearch for an hardware of where, you can implement your own protocol, you canpurchase any SDN supported switch, open switch. And then you can do your protocolimplementation on top of this open source operating system and the second advantagecomes from the network management perspective, where the network administrator, theydo not bother about reading the 1000 page manuals for from 3 different vendors.So, they can just concentrate on a specific operating system and then try to write theirown rules on top of that specific network operating system.(Refer Slide Time: 14:43)So, in terms of SDN messaging interface as we are mentioning that from networkingoperating system to the hardware, we have the southbound interface. Then from thenetwork operating system to the application, we have the northbound interface thatprovides the programming API. And then this network operating system can beimplemented in any open source operating system, there are multiple standard industry,specific operating systems, which are available nowadays.You can explore that there are this ONOS operating system, which is very popularnowadays. There is this Ryu controller, which is a lightweight controller currently manyindustries, they are utilizing Ryu controller to write network programs and then othercontrollers like Maestro or OpenDaylight.(Refer Slide Time: 15:36)So, as we are mentioning at the application layer site, you have a programming API inyour preferred programming language at the control layer, you have one of the networkcontroller ONOS, Maestro, Ryu or OpenDaylight and at the infrastructure layer. Youhave this OpenFlow in supported hardware and this southbound interface is controlled bythis open interfacing with the hardware that is the OpenFlow specification that we aretalking right now.(Refer Slide Time: 16:11)Now, let us look into that how OpenFlow works? So, we have a switch, the entire switchas we are discussing in the last class, we have the control path, which is implemented inthe software and the data path, which is implemented in the hardware or in small specificTCAM type of hardware. Now at the control path, we are having a part of the networkoperating system to interact the client version of the network operating system you cantalk it, if it is there in this software implementation in the switch that is a kind of veryminimal implementation of the control functionality just a client version of it.So, that you can talk with the switches and then you have this OpenFlow protocol,OpenFlow client, which is their inside the switch. So, you can call it as the client versionof the OpenFlow and then you have a OpenFlow controller, which is implemented in alogical centralized machine and then this OpenFlow messaging API, which normallyuses SSL and a TCP kind of message, which talk with this OpenFlow controller. Now thething is that, at the software side inside switch, you have a very minimal implementation,the client version of the implementation.So, that you can just receive a message from the controller parse the message and thenconfigure the switch accordingly, remaining protocols the routing protocols; and all thesethings that, you do not need to implement inside the switch anymore.
SDN: OpenFlow- Part 2
So here, is an example of OpenFlow. So, at the switch side you have this OpenFlowclient at the hardware layer, we are maintaining a simple TCAM table.So, this TCAM table has multiple fields like source MAC, destination MAC, source IP,destination IP, source port, TCP source port, for destiny disappeared estimation port andthe corresponding action that, you want to execute. Now a simple rule looks like this,from the hardware layer side that, your source MAC is star; that means, it is a wild cardcharacter. That means, you can accept any source MAC field, you can accept anydestination MAC, you can accept any source IP your destination IP should be 128 dot 9dot 1 dot 10, the source TCP port and the destination TCP port can be anything and ifthat is the case then, your corresponding action will be forward the packet to eth3.So, this entire thing entire target forwarding behavior, we can write it as a match andaction pair. So, we have a rule we this entire rule, that has a component of match. So, wehave certain entries in the tables and then if there is a match then, you execute thecorresponding action. So here, this is one entry in the TCAM hardware table. So, youwhenever you are receiving a packet, you extract the headers at different layers extract,the source MAC, destination MAC, source IP, destination IP, source TCP port,destination TCP port, all these fields from the packet header and then make a match withthis rule. So, if there is a match with a specific rule, then you execute the correspondingaction.So, the action is to forward it to eth3. So, it eth3 means this particular router, where youwant to forward the packet. So here, the message that I want to convey to you is that anysuch network protocol or better to say most of the networking protocol, we canimplement in the form of a match action pair, where we will see some examples of thatas well.(Refer Slide Time: 20:13)So, there is a tremendous power of this entire OpenFlow protocol or OpenFlowarchitecture. So, let us see one interesting use case of OpenFlow. So, assume that Bobwants his own set of network rules to forward his packet.So, we have a network controller here. So, this is the controller and these are the SDNswitches, which are the dumb switches as we have mentioned.(Refer Slide Time: 20:56)Now Bob wants his own forwarding application, say Bob wants to forward a packet fromthis router.Say router 1, I am naming the routers as router 1, router 2, router 3 and router 4. Nowbob wants to forward a packet from a machine, which is connected with router 1 to amachine which is connected with router 4, this is the destination. And Bob wants that thepackets need to be forwarded from R 1 to R 2 to R 4.(Refer Slide Time: 21:36)Now, what Bob does? He basically write that this entire thing in a application programinside the controller. So, the controller combines that program, compiles that programand after compiling the program, the controller simply deploys Bob’s forwarding rule inthe required hardwares. So, whenever Bob want to forward the packet these forwardingrules, which are there in the respective switches, they get executed and the packet getsforwarded.(Refer Slide Time: 21:53)Now, when Alice wants our own set of network rules to forward a packet, Alice alsoprogram the same controller, write her own application on top of the controller and thenthe forwarding rules are installed in the routers on through which Alice wants to forwardthe packet. Now here, you can see the interesting things that, all the routers do not needto have all the rules. So, Bob wants to use this router 1, router 2 and router 3.So this router or let us not use the term router, let us use the term open switch. So, Bobwants to use these 3 switches. So, the rules are installed on that 3 switches and whenAlice wants to forward the packet, Alice wants the packet to be forwarded from R1 to R4to R3. So, the rules are installed in those switches.(Refer Slide Time: 22:57)So, if we look into the OpenFlow flow table, the OpenFlow flow table has 4 differentcomponent, you have the rule, the corresponding action, certain statistics about packets,the execution of a particular rule and a priority value, which is associated with a rule.So, the idea is something that. So, you have a rule. So, the rule is nothing but a set offields and that field basically, says that in which particular field of an IP packet or hereactually, in SDN you can look into MAC, IP, TCP, all the headers. So, in your packetheader which particular field to look into. Theoretically you can look into any fieldinside the packet header. So, you can look into the packet header and our rule basicallyspecifies what should be or what is you are interested value for a specific field inside thepacket header? Like the switch port, VLAN ID, MAC source, MAC destination, Ethernettype, IP source, IP destination, IP type of service for quality of service, TCP source port,TCP destination port.Now if there is a match with this rule; that means, with certain fields that, you arespecifying then, there can be a set of actions and the actions can be designed by youbased on your choice. So, the action can be forward the packets to 0 or more (ReferTime: 24:27) ports in the switch encapsulate the packet and then forward the packetmodifies certain fields in the packet and in forward the packet, drop the packets, if youwant to implement the firewall rule or you can add up your own extension, whatever youcan think of. The statistics fields, it have it maintains certain statistics like the packetcounter, the byte counter, number of packets that have been matched with a particularrule and so on. So, that it becomes easier for you to get the information from the networkand then there is a priority value associated, which is the priority of a corresponding rule.So, in case of a OpenFlow, whenever you have a set of rules, if there is a match withmultiple rules then the high priority rule is executed in general.(Refer Slide Time: 25:16)Here are certain examples of OpenFlow tables; if you want to do a switching you have tolook into the MAC destination field. Because you have to look into the MAC destinationfield, so you just make a match with the MAC destination, you can ignore other fields.So, we put it as a star as a wildcard character, if there is a match with this particularMAC address, you forward it to Ethernet 2, it behaves like a normal layer 2 switchingmechanism. If you want to implement a firewall, you look into that TCP destination port,if TCP destination port is 22, then you drop the packet.So, that is the corresponding firewall rule. So, you can design your own firewall rule likethat. So, look into certain fields in the packet header, if there is a match with those fieldsof the packet header then you drop the packet.(Refer Slide Time: 26:12)Then forwarding, to forward a packet rather than looking into the MAC destination, youlook into the IP destination, if your IP belongs to this subnet (Refer Time: 26:22) 202 dot2 dot star dot star, you forward the packet to Ethernet 2, you can make a flow switching,which is interesting. That means, this flow switching with the help of flow switching,you can make a convergence between the packet switching network and a circuitswitching network. So, the idea of the circuit switching network was to use specific pathfor a specific flow.Now, by looking into multiple fields in the packet header like the MAC source, MACdestination, Ethernet type, IP source, IP destination, TCP source port, TCP destinationport by looking all these individual fields, you can actually uniquely identify a process toprocess flow, because you are also associating the TCP source port and the destinationport. Now for that particular flow, you can make action that forward the packet for thisparticular flow to this switch. So that means, you can make flow specific forwarding orflow specific routing of the data. So, that is a huge power of SDN based network.(Refer Slide Time: 27:27)Then you can do the source routing, source routing, where if the packet is coming from aspecific source and it is destined to a specific destination then you use a specific part. So,you put source IP, the destination IP, if the packet is coming from a subnet at 16 dot 2 dot3 dot star and if the destination is 202 dot 2 dot star dot star, the action is forward thepacket to Ethernet 2. You can do the VLAN switching although, till now we have notdiscussed about, what is VLAN, virtual LAN. Virtual LAN is basically given a packet aset of packets. If you want to send a set of packets or a packet to a specific destination,you can forward the packets into multiple ports of the switch, which constructs virtualLAN.So, later on we will look into the virtual LAN in details, but with the help of theseOpenFlow rules, you can specify the virtual LAN ID, the corresponding MACdestination and the action is forwarding the packet to 2 different port eth 2 and eth 3; thatmeans, eth 2 and eth 3 are actually connected to virtual LAN 2. So, the packets will beforwarded to those interface only.(Refer Slide Time: 28:48)Now these are the examples of some of the OpenFlow rules, you can design your ownOpenFlow rules and the corresponding action, the entire innovation is open. So, anyonecan contribute there, let us look into the messages, which are there in general OpenFlowthe messages, which is shared between the controller and corresponding switches. So,this communication, as you are mentioning they are done via TCP. So once, you havemade a TCP connection between the client version of the switch and the controller, theOpenFlow, hello messages are exchanged between the controller and the switch.So, they negotiate the OpenFlow version, the higher version is used and this here, certainparameters like what are the different configuration parameters you want to share? Thenthe controller sends a OpenFlow featured equation message, the feature request messageto get the data part idea of the switch and determine, what features are supported by theswitch? Say for example, whether the suite supports QoS space forwarding or not. Nowbased on the application program, you can send certain OpenFlow messages for switchconfigurations to update the flow to increase to modify the flow entries or to install anew flow entries.(Refer Slide Time: 30:12)There are some other messages like to check the connection aliveness, whether theconnection is alive or not, OpenFlow can send an echo request. An echo reply messages,they can be sent from the controller to switch to check the aliveness of the switch or theswitch can send it to the controller to check the aliveness of the controller. Now to groupthe flow entries, if you want to group multiple flow entries together, these groups areconfigured by the controller to this group configuration messages that can be stored intogroup tables inside switch. So, OpenFlow has the power that, you can combine multiplerules all together and create a group of rules.So, this is a very brief introduction of OpenFlow. We will go for certain demo ofOpenFlow in the next class. Before going to that, so I am just giving you certain pointersthat, you can explore yourself to look more details of this entire open innovation in thenetworking community. This is a kind of advanced topic in network and you should learnthat because, people predict that our future network is going to be SDN controlled.So, there is a link for open networking foundation, where you can find out the differentstandards, different agendas which are there under the open networking foundation, theOpenFlow specification the current version is stable version is 1.5.1. You can look intothe different messages, their messages type, their functionality, all these thing. TheONOS, ONOS is an popular network controller, you can look into the ONOS details, it isopen source thing again, you can just install it in a single machine and start using it, thereis another SDN controller called Ryu, I suggest you to look into the Ryu controller aswell.So, these are all open source tools, you are free to download them, free to use them. So,explore them. That’s all about the course today.Thank you all for attending the course. Happy learning.