1

Customer Driven Innovation

1

Do not distribute/edit/copy without the written consent of A10 Networks

SDN: an Introduction Luca Profico lprofico@a10networks.com

2

Who am I

�  Luca Profico

�  RSE@a10networks

�  A10 Networks ¿  Networking company based in San Jose (CA) ¿  10 years developing its own solutions ¿  3# worldwide marketshare in ADC Market; #1 in Japan ¿  Leader in CGN and IPv6 Migration solutions

3

Software-defined Networking

•  SDN concept has been around for almost 9 years now but the concept is not yet clear

•  Marketing is riding SDN with bigger and bigger promises

•  What will we do with SDN?

•  US ICT Event survey: •  SDN, I don’t understand it but I want it. •  All this fuss for old concepts remixed. •  Will I lose my job because of SDN?

4

What is, What is Not

�  SDN is not a protocol

�  SDN is not a suite of protocols

�  SDN is not a technology

�  SDN is a concept, a methodology, an architecture that aims at making network implementation, scalability and management easier by separating planes

5

Network Devices and Planes

Build  and  exchange  informa2on  

ARP   MAC  Learning   STP   …  

Rou2ng  protocols   Neighbors   …  

Build  and  store  local  L2/L3  info  tables  

Packet  processing/forwarding  decisions  

Forwarding  table  

Control  plane  

 Data  plane  

fwd  tbl  

p1

p3

p2

6

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Network Devices and Planes

7

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

Network Devices and Planes

8

 Data  plane  

fwd  tbl  

 Data  plane  

fwd  tbl  

 Data  plane  

fwd  tbl  

 Data  plane  

fwd  tbl  

Control  plane  

 Data  plane  

fwd  tbl  

 Data  

plane  vendor  B  

fwd  tbl  

 Data  

plane  vendor  C  

fwd  tbl  

Network Devices and Planes

9

Network

Network operating system

Middleware

vSwitch  Switch   Switch   Switch   Switch   vSwitch   vSwitch  

SDN  Controller  

Network  Applica2on  

Network  Applica2on  

Network  Applica2on  

Network  Applica2on  

Northbound  API  

Southbound  API  

SDN Implementation

10

Open Networking Foundation

�  Members-only organization

�  Milestones ¿  Founded in 2011 ¿  More than 50 members in 1st yr. ¿  Over 100 members in 2013 (Vendors, SPs, Telcos)

11

OpenFlow

�  Standard communication interface between control and forwarding layer

�  OpenFlow specs ¿  OF Switch specs 1.3.2 published 2013 ¿  OF Switch specs 1.4 approved 2013 ¿  OF-Config (conf & mgmt protocol) 1.1.1 published 2013

�  Simple traffic processing ¿  Flow tables ¿  Pipeline concept ¿  OpenFlow Switches ¿  Hybrid OpenFlow Switches

12

OpenFlow Tables

Flow Table Group Table Meter Table

Match fields Priority Counters Instructions Timeout Cookie

Group Identifier Group Type Counters Action Buckets

Meter Identifier Meter Bands Counters

MAC src MAC dst IP src IP dst TCP dport … Action Count

* 10:20:. * * * * Port 1 99

* * 217.99.* * * * Table 6 18

* .:38:aa:. * * * * drop 4

* * * 7.7.9.4 25 * drop 172

* * * * 69 * local 19

* * * * * * controller 2993

13

switch

Example: Life of a Packet

Flow Table

Group Table

Group Table

Meter Table

Next table

Action 1 Action 2 Action 3 Next table

Action 4 Next table

Action 5 Output

Action set

14

OpenFlow Challenges

�  Protocol status. OF is simple. Maybe *too* simple

�  Which functionalities should stay resident?

�  Large networks flow programming

�  Hi-rate flow table update

�  Vendors proprietary protocols

15

Overlays

�  VLAN on traditional networks has limitations ¿  Number of instances ¿  Transport ¿  Overlapping

�  Some solutions have been tried ¿  HVLAN, QinQ, PBT, PBB-TE, Mac-in-mac, …

�  With SDN we talk about Overlay networks ¿  Used to create virtual network containers logically isolated from the

others, while sharing the underlying physical network ¿  Always based on encapsulation. Usually tunnels are terminated on

softswitch

16

VXLAN

�  Virtual Extensible LAN ¿  Broadest industry support

�  VXLAN ¿  Layer 2 frames in UDP packets ¿  VLAN frames are preserved – multiple Layer 3 networks inside a VXLAN

segment ¿  Uses multicast to transport broadcasts (openflow may avoid that) ¿  Tenants see their own “normal” network ¿  Underlying network sees UDP VXLAN traffic with a segment ID ¿  VXLAN ID is 24 bits = 16 Million tenants sharing the same infrastructure

17

50 Bytes More. Jumbo Frames!

14 bytes Outer MAC Header

20 bytes Outer IP Header

8 bytes Outer UDP Header

8 bytes VXLAN Header

Original L2 frame (VLAN tag included)

18

Multi-tenant SDN Network

Switch Switch Switch Switch Switch Switch Switch Switch

Server Server Server Server Server Server

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSwitch vSwitch vSwitch vSwitch vSwitch vSwitch

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

vSer

ver

SDN Controller

Network Apps/UI/…

19

NVGRE, STT, NVO3

�  NVGRE ¿  Similar to VXLAN ¿  Microsoft pushes it ¿  Overlay of choice in Hyper-V ¿  Does not require multicast to carry broadcast, unknown unicast, multicast

°  Hyper-V embedded switch (Windows Network Virtualization Module) is pre-populated with all host-to-tunnel mappings by powershell CMDlets

°  No flooding, as there is no unknown node

�  STT ¿  Stateless Transport Tunneling ¿  Encapsulation leverages some specific network card capabilities, like

TSO (TCP segmentation offload) ¿  Nicira developed it. Nicira has been acquired by VMware

�  NVO3 ¿  Network Virtualization Overlays 3 - Developed by a group in IETF

20

SDN Actual Use Cases

�  Link usage optimization

�  Distributed packet filtering

�  NAC for devices that do not support 802.1x

�  Service insertion, service chaining

�  Network traffic analysis, TAP aggregation

�  Basic link/service load balancing

21

SDN Challenges

�  Southbound API is uncertain and will be fragmented

�  Scalability issues ¿  Number of flows

�  Performance issues ¿  Rate of flow-table updates

�  Redundancy

�  Vendors’ SDN controllers (OpenDaylight project?)

�  Know-how

�  Security

22

Conclusions

�  SDN future is uncertain, at the moment most of the development is being done on large data centers, backbones, virtualization spaces

�  So far there is no real use for the enterprise

�  The southbound API will most probably be fragmented

�  It will take some time: as some analysts point out, it took server virtualization 10 years to become mainstream, while openflow 1° release was born in 2009

�  SDN will add up to $400M within the networking market in 2014 (Doyle Research)

�  In the end, the market will decide what SDN will be, where it will be used, what applications we’ll write on it

23 23 Do not distribute/edit/copy without the written consent of A10 Networks

Thank You

www.a10networks.com