Software Defined Networks
description
Transcript of Software Defined Networks
![Page 1: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/1.jpg)
Today 1
Software Defined Networks
A quick overview Based primarily on the presentations of Prof.
Scott Shenker of UC Berkeley “The Future of Networking, and the Past of Protocols”
Please watch the YouTube video of Shenker’s talk
with a short intro to Openflow basics at the end
![Page 2: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/2.jpg)
Two Key Definitions
• Data Plane: processing and delivery of packets– Based on state in routers and endpoints– E.g., IP, TCP, Ethernet, etc.– Fast timescales (per-packet)
• Control Plane: establishing the state in routers– Determines how and where packets are forwarded– Routing, traffic engineering, firewall state, …– Slow time-scales (per control event)
• These different planes require different abstractions
2
![Page 3: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/3.jpg)
Limitations of Current Networks
3
http://www.excitingip.net/27/a-basic-enterprise-lan-network-architecture-block-diagram-and-components/
Switches
![Page 4: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/4.jpg)
Limitations of Current Networks• Enterprise networks are difficult to manage
• “New control requirements have arisen”:–Greater scale–Migration of VMS
• How to easily configure huge networks?
4
![Page 5: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/5.jpg)
• Old ways to configure a network Limitations of Current Networks
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
App App App
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
App App App
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
5
![Page 6: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/6.jpg)
Limitations of Current Networks
6
Million of linesof source code
Billions of gates
Many complex functions baked into infrastructure
OSPF, BGP, multicast, differentiated services,Traffic Engineering, NAT, firewalls, …
Specialized Packet Forwarding Hardware
OperatingSystem
Feature Feature
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
Cannot dynamically change according to network conditions
![Page 7: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/7.jpg)
• No control plane abstraction for the whole network!
• It’s like old times – when there was no OS…
Limitations of Current Networks
Wilkes with the EDSAC, 1949
7
![Page 8: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/8.jpg)
Idea: An OS for Networks
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System
Control Programs
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
8
![Page 9: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/9.jpg)
Idea: An OS for Networks
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware
Simple Packet Forwarding Hardware Simple Packet
Forwarding Hardware
Network Operating System
Control Programs
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
9
![Page 10: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/10.jpg)
Idea: An OS for Networks
• “NOX: Towards an Operating System for Networks”
Global Network View
Protocols Protocols
Control via forwarding interface
Network Operating System
Control Programs
Software-Defined Networking (SDN)
The Future of Networking, and the Past of Protocols, Scott Shenker, with Martin Casado, Teemu Koponen, Nick McKeown
10
![Page 11: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/11.jpg)
Software Defined Networking• No longer designing distributed control
protocols• Much easier to write, verify, maintain, …
–An interface for programming• NOS serves as fundamental control block
–With a global view of network
11
![Page 12: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/12.jpg)
Software Defined Networking• Questions:
–How to obtain global information?–What are the configurations? –How to implement? –How is the scalability?–How does it really work?
12
![Page 13: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/13.jpg)
A Short History of SDN ~2004: Research on new management paradigms
• RCP, 4D [Princeton, CMU,….] • SANE, Ethane [Stanford/Berkeley]
2008: Software-Defined Networking (SDN) NOX Network Operating System [Nicira] OpenFlow switch interface [Stanford/Nicira]
2011: Open Networking Foundation (~69 members)• Board: Google, Yahoo, Verizon, DT, Msoft, F’book, NTT• Members: Cisco, Juniper, HP, Dell, Broadcom, IBM,…..
2012: Latest Open Networking Summit • Almost 1000 attendees, Google: SDN used for their WAN• Commercialized, in production use (few places)
13
![Page 14: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/14.jpg)
14
The Future of Networking,
and the Past of Protocols
Scott Shenker
![Page 15: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/15.jpg)
15
Key to Internet Success: Layers
Applications
…built on…
…built on…
…built on…
…built on…
Reliable (or unreliable) transport
Best-effort global packet delivery
Best-effort local packet delivery
Physical transfer of bits
![Page 16: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/16.jpg)
16
Why Is Layering So Important?
• Decomposed delivery into fundamental components
• Independent but compatible innovation at each layer
• A practical success of unprecedented proportions…
• …but an academic failure
![Page 17: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/17.jpg)
17
Built an Artifact, Not a Discipline
• Other fields in “systems”: OS, DB, DS, etc.- Teach basic principles- Are easily managed- Continue to evolve
• Networking:- Teach big bag of protocols- Notoriously difficult to manage- Evolves very slowly
![Page 18: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/18.jpg)
18
Why Does Networking Lag Behind?
• Networks used to be simple: Ethernet, IP, TCP….
• New control requirements led to great complexity- Isolation VLANs, ACLs- Traffic engineering MPLS, ECMP, Weights- Packet processing Firewalls, NATs, middleboxes- Payload analysis Deep packet inspection (DPI)- …..
• Mechanisms designed and deployed independently- Complicated “control plane” design, primitive functionality- Stark contrast to the elegantly modular “data plane”
![Page 19: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/19.jpg)
19
Infrastructure Still Works!
• Only because of “our” ability to master complexity
• This ability to master complexity is both a blessing…- …and a curse!
![Page 20: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/20.jpg)
20
A Better Example: Programming
• Machine languages: no abstractions- Mastering complexity was crucial
• Higher-level languages: OS and other abstractions- File system, virtual memory, abstract data types, ...
• Modern languages: even more abstractions- Object orientation, garbage collection,…
Abstractions key to extracting simplicity
![Page 21: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/21.jpg)
21
“The Power of Abstraction”
“Modularity based on abstraction is the way things get done”
− Barbara Liskov
Abstractions Interfaces Modularity
What abstractions do we have in networking?
![Page 22: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/22.jpg)
22
Abstractions ~ Problem DecompositionDecompose problem into basic components
(tasks)
Define an abstraction for each component
Implementation of abstraction can focus on one task
If tasks still too hard to implement, return to step 1
![Page 23: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/23.jpg)
23
Layers are Great Abstractions
• Layers only deal with the data plane
• We have no powerful control plane abstractions!
• How do we find those control plane abstractions?
• Two steps: define problem, and then decompose it.
![Page 24: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/24.jpg)
24
The Network Control Problem
• Compute the configuration of each physical device- E.g., Forwarding tables, ACLs,…
• Operate without communication guarantees
• Operate within given network-level protocol
Only people who love complexity would find this a reasonable request
![Page 25: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/25.jpg)
25
Programming Analogy
• What if programmers had to:- Specify where each bit was stored- Explicitly deal with all internal communication errors- Within a programming language with limited expressability
• Programmers would redefine problem:- Define a higher level abstraction for memory- Build on reliable communication abstractions- Use a more general language
• Abstractions divide problem into tractable pieces- And make programmer’s task easier
![Page 26: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/26.jpg)
26
From Requirements to Abstractions
1. Operate without communication guarantees Need an abstraction for distributed state
2. Compute the configuration of each physical device Need an abstraction that simplifies configuration
3. Operate within given network-level protocol Need an abstraction for general forwarding model
Once these abstractions are in place, control mechanism has a much easier job!
![Page 27: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/27.jpg)
27
1. Distributed State Abstraction
• Shield control mechanisms from state distribution - While allowing access to this state
• Natural abstraction: global network view- Annotated network graph provided through an API
• Implemented with “Network Operating System”
• Control mechanism is now program using API- No longer a distributed protocol, now just a graph algorithm- E.g. Use Dijkstra rather than Bellman-Ford
![Page 28: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/28.jpg)
28
Control Program
Software Defined Network (SDN)
Network OS
Global Network View
Traditional Control MechanismsNetwork of Switches and/or Routers
Distributed algorithm running between neighbors
e.g. routing, access control
![Page 29: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/29.jpg)
29
Major Change in Paradigm
• No longer designing distributed control protocols- Design one distributed system (NOS)- Use for all control functions
• Now just defining a centralized control function
Configuration = Function(view)
• If you understand this, raise your hand.
![Page 30: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/30.jpg)
30
2. Specification Abstraction
• Control program should express desired behavior
• It should not be responsible for implementing that behavior on physical network infrastructure
• Natural abstraction: simplified model of network- Simple model with only enough detail to specify goals
• Requires a new shared control layer:- Map abstract configuration to physical configuration
• This is “network virtualization”
![Page 31: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/31.jpg)
31
Simple Example: Access Control
GlobalNetwork View
Abstract NetworkModel
How
What
![Page 32: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/32.jpg)
32
Network OS
Global Network View
Abstract Network Model
Control ProgramNetwork Virtualization
Software Defined Network: Take 2
![Page 33: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/33.jpg)
33
What Does This Picture Mean?
• Write a simple program to configure a simple model- Configuration merely a way to specify what you want
• Examples- ACLs: who can talk to who- Isolation: who can hear my broadcasts- Routing: only specify routing to the degree you care
• Some flows over satellite, others over landline- TE: specify in terms of quality of service, not routes
• Virtualization layer “compiles” these requirements- Produces suitable configuration of actual network devices
• NOS then transmits these settings to physical boxes
![Page 34: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/34.jpg)
34
Network OS
Global Network View
Abstract Network Model
Control Program
Network Virtualization
Software Defined Network: Take 2Specifies behavior
Compiles to topology
Transmits to switches
![Page 35: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/35.jpg)
35
Two Examples Uses
• Scale-out router:- Abstract view is single router- Physical network is collection of interconnected switches- Allows routers to “scale out, not up”- Use standard routing protocols on top
• Multi-tenant networks:- Each tenant has control over their “private” network- Network virtualization layer compiles all of these individual
control requests into a single physical configuration
• Hard to do without SDN, easy (in principle) with SDN
![Page 36: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/36.jpg)
36
3. Forwarding Abstraction• Switches have two “brains”
- Management CPU (smart but slow)- Forwarding ASIC (fast but dumb)
• Need a forwarding abstraction for both- CPU abstraction can be almost anything
• ASIC abstraction is much more subtle: OpenFlow
• OpenFlow:- Control switch by inserting <header;action> entries- Essentially gives NOS remote access to forwarding table- Instantiated in OpenvSwitch
![Page 37: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/37.jpg)
37
A Quick Detour:
OpenFlow Basics
![Page 38: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/38.jpg)
38
OpenFlow Protocol
Data Path (Hardware)
Control Path OpenFlow
Controller(Server Software)
App App App
Ethernet Switch
![Page 39: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/39.jpg)
39
OpenFlow Switching
39
The Stanford Clean Slate Program, http://cleanslate.stanford.edu
Controller
PC
HardwareLayer
SoftwareLayer
OpenFlow Table
MACsrc
MACdst
IPSrc
IPDst
TCPsport
TCPdport Action
OpenFlow Client
**5.6.7.8*** port 1
port 4port 3port 2port 1
1.2.3.45.6.7.8 39
![Page 40: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/40.jpg)
40
Research Experiments
Step 1: Separate Control from Datapath
![Page 41: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/41.jpg)
41
Step 2: Cache flow decisions in datapath
“If header = x, send to port 4”
“If header = ?, send to me”“If header = y, overwrite header with z, send to ports 5,6”
FlowTable
![Page 42: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/42.jpg)
42
Plumbing Primitives<Match, Action>
Match arbitrary bits in headers:
- Match on any header, or new header
- Allows any flow granularityAction
- Forward to port(s), drop, send to controller- Overwrite header with mask, push or pop- Forward at specific bit-rate
42
Header Data
Match: 1000x01xx0101001x
![Page 43: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/43.jpg)
43
OpenFlow Table Entry
43
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport
Rule Action Stats
+ mask
Packet + byte counters
The Stanford Clean Slate Program, http://cleanslate.stanford.edu
1.Forward packet to port(s)2.Encapsulate and forward to controller3.Drop packet4.Send to normal processing pipeline5.…
![Page 44: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/44.jpg)
44
OpenFlow Examples
44
Switching
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* 00:1f:.. * * * * * * * port6
Firewall
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * * * * 22 drop
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
Routing
*
SwitchPort
MACsrc
MACdst
Ethtype
VLANID
IPSrc
IPDst
IPProt
TCPsport
TCPdport Action
* * * * * 5.6.7.8 * * * port6
![Page 45: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/45.jpg)
45
OpenFlow Usage
Controller
PCOpenFlow Switch
OpenFlow Switch
OpenFlow Switch
Alice’s code
Decision?OpenFlowProtocol
Alice’s Rule
Alice’s Rule
Alice’s Rule
45
OpenFlow/SDN tutorial, Srini Seetharaman, Deutsche Telekom, Silicon Valley Innovation Center
» Alice’s code:˃ Simple learning switch ˃ Per Flow switching˃ Network access
control/firewall˃ Static “VLANs”˃ Her own new routing
protocol: unicast, multicast, multipath
˃ Home network manager˃ Packet processor (in
controller)˃ IPvAlice
![Page 46: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/46.jpg)
46
OpenFlow Standardization
Version 1.0: Most widely used versionVersion 1.1: Released in February 2011.
OpenFlow transferred to ONF in March 2011.
![Page 47: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/47.jpg)
47
Specialized Packet Forwarding Hardware
Feature Feature
Specialized Packet Forwarding Hardware
Specialized Packet Forwarding Hardware
Specialized Packet Forwarding Hardware
Specialized Packet Forwarding Hardware
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
OperatingSystem
Network OS
Feature Feature
Feature Feature
Feature Feature
Feature Feature
Feature Feature
Restructured Network
![Page 48: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/48.jpg)
48
Feature Feature
Network OS
1. Open interface to packet forwarding
3. Well-defined open API2. At least one Network OS
probably many.Open- and closed-source
Software-Defined Network
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
PacketForwarding
![Page 49: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/49.jpg)
49
Does SDN Work?
• Is it scalable? Yes
• Is it less responsive? No
• Does it create a single point of failure? No
• Is it inherently less secure? No
• Is it incrementally deployable? Yes
![Page 50: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/50.jpg)
50
SDN: Clean Separation of Concerns
• Control prgm: specify behavior on abstract model- Driven by Operator Requirements
• Net Virt’n: map abstract model to global view- Driven by Specification Abstraction
• NOS: map global view to physical switches- API: driven by Distributed State Abstraction- Switch/fabric interface: driven by Forwarding Abstraction
![Page 51: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/51.jpg)
51
We Have Achieved Modularity!
• Modularity enables independent innovation- Gives rise to a thriving ecosystem
• Innovation is the true value proposition of SDN- SDN doesn’t allow you to do the impossible- It just allows you to do the possible much more easily
• This is why SDN is the future of networking…
![Page 52: Software Defined Networks](https://reader036.fdocuments.us/reader036/viewer/2022062520/56816371550346895dd44dc7/html5/thumbnails/52.jpg)
52
SDN Architecture Overview (ONF v1.0)