A survey on sdn technologies
-
Upload
anthony-chow -
Category
Technology
-
view
107 -
download
0
Transcript of A survey on sdn technologies
![Page 1: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/1.jpg)
A Survey on SDN TechnologiesVentura VMUGJuly 14, 2016
Anthony ChowTwitter: @vCloudernBeer
Blog: http://cloudn1n3.blogspot.com/
![Page 2: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/2.jpg)
Basic Networking Concept OSI 7-layer model Source and Destination (MAC or IP address) Forwarding Table Layer-2 bridging Layer-3 routing Broadcast Multicast Unicast North-south vs East-West traffic Northbound and southbound Interface/API
![Page 3: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/3.jpg)
OSI 7 Layers
![Page 4: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/4.jpg)
Layer and Protocol
![Page 5: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/5.jpg)
Broadcast/Multicast/Unicast
![Page 6: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/6.jpg)
What is SDN Different people has different definition. Every vendor said they have a SDN solution “Using software to abstract the networking layer with the
ability to automate” Separation of control and data plane Not necessary a pure software solution (Hint: Cisco)
![Page 7: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/7.jpg)
SDN terminologies The 3 pillars of networking
Management plane Control plane Data plane
Major types of SDN OpenFlow Network Overlay Vendor specific API driven network
![Page 8: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/8.jpg)
OpenFlowIt is a protocol and a set of APIOpenFlow components:
OpenFlow Controller (e.g. OpenDayLight, Brocade, Juniper) OpenFlow switch (e.g. OpenVswitch, pure or hybrid)
Flow table with flow entries: Matching field Counter Action
![Page 9: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/9.jpg)
VMware NSX
![Page 10: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/10.jpg)
NSX – core components
![Page 11: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/11.jpg)
NSX – networking functions Logical L2 Switch Logical L3 Router (distributed) Logical Firewall (distributed) Logical Load Balancer Logical VPN
![Page 12: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/12.jpg)
VXLAN terminologies
Encapsulation VTEP (VXLAN Tunnel End Point) VNI (VXLAN Network ID) IP Multicast
![Page 13: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/13.jpg)
Encapsulation
![Page 14: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/14.jpg)
NSX - VXLAN
![Page 15: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/15.jpg)
NSX - security
Isolation and multi-tenancy Segmentation Service insertion, chaining and steering
![Page 16: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/16.jpg)
Micro-segmentionSegmentation is a security principle used to group
entities within a network into one unit and to apply rules/polices to control the traffic in and out of the segment
Traditional 5-tuple IP based ACL rules is good for perimeter protection
East-west traffic protection is limited with traditional firewall An important principle – zero trust Major components of effective Microsegmentation
Network independent policy definition Centralized policy definition repository Distributed policy enforcement
![Page 17: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/17.jpg)
Cisco ACI
![Page 18: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/18.jpg)
ACI - terminologies
![Page 19: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/19.jpg)
NSX and ACI
• Some similarity• VXLAN• Micro-segmentation• Able to work with other vendors.
• Some differences• ACI need hardware support• NSX will run on any fabric that can provide a reliable IP
infrastructure
![Page 20: A survey on sdn technologies](https://reader035.fdocuments.us/reader035/viewer/2022062904/5875ac8f1a28ab8b618b4fbd/html5/thumbnails/20.jpg)
NSX and ACI Resources• Books:• Networking for VMware Administrators (VMware Press Technology)• Policy Driven Data Center with ACI, The: Architecture, Concepts, and
Methodology (Cisco Press)
• Blogs:• http://www.vmware.com/radius/evolution-vmware-nsx-timeline/• http://blog.scottlowe.org/learning-nvp-nsx/• http://
www.virtualizationadmin.com/blogs/malhoit/what-im-reading/resources-learning-cisco-aci.html
• Hands-on-Lab:• NSX hands on lab - https://www.vmware.com/products/nsx/nsx-hol
• OpenFlow lab - http://networkstatic.net/openflow-openvswitch-lab/