Software-defined networks (SDN) PA 160: Net-Centric Computing II. --> Luděk Matýska (based on slides by Tomáš Rebok, rebok@ics.muni.cz) Traditional Computing vs Modern Computing Vertically integrated Closed, proprietary Slow innovation Small industry SDN • 5/9/2022 App Open Interface — Windows (OS) or jor J Open Interface — Microprocessor I Virilization layer Horizontal Open interfaces Rapid innovation Huge industry xse (Computer) Traditional vs Modern Computing Provisioning Methods 1996 H 2013 Source: Adopted from Transforming the Network With Open SDN by Big Switch Network SDN • 5/9/2022 4 Modern Networking Complexity rll NETWORK COMMUNICATION PROTOCOLS MAP Specialized Features Specialized Control Plane ■ M _ - Vertically integrated Closed, proprietary Slow innovation HnMN tU DM Ref: Jawir SDN • 5/9/2022 5 The Ossified Network m Operating System Specialized Packet Forwarding Hardware Routing, management, mobility management access control, VPNs,... I Million of lines of source code 6000+ RFCs Barrier to entry Billions of gates Bloated Power Hungry Many complex functions baked into the infrastructure OSPF, BGP, multicast, differentiated services, Traffic Engineering, NAT, firewalls, MPLS, redundant layers,... An industry with a "mainframe-mentality", reluctant to change SDN • 5/9/2022 6 Traditional vs Modern Networking Provisioning Methods 1996 2013 Router> enable Rauter* configure terminal Router (config) t enable secret cisco Router(config)t ip route 0.0,0.0 0.0.0.0 20.2.2.3 Router(config)# Interface ethernetO Router (conf iij-if) # ip address 10.1.1.1 255.0.0.0 Rqute r (c oil f i g- i f } # no shut down Router (ca-nfig-* i f} # exit Routertconfig)t interface aerlalO Router(config-if)1 ip address 20.2*2.2 £55.0.0.0 Router (ccmfig—i f) * no shutdown Router(config-if}# exit Router(config}# ranter rip Router(config-router)# network 10.0.0.0 Router(config-router) # network 20.0.0.0 Router(config-router)# exit Router (conf iq} # exit Router* copy running-ccnfij starfjp-config Router* disable Router> Terminal Protocol: Telnet Rout«i> enable Router* configure terminal RoutertconfigJ 4 enable secret Cisco Router(config)i ip route 0.0.0.0 0.0.3.0 20.2.2.3 Router(config)* Interface ethernetO Router(config-if)f ip address 10.1,1.1 255.0,0.0 Router (con fig—if> f no shutdown Router(config-if)f exit Router(config)+ interface aerialD Router (conf lg-iO* ip address 20.2.£.2 255.0,0.0 Router(config—i£)# no shutdcwn Router(config-if)t exit Router(config)router rip Router (config-router 14 network 10.0.0.0 Router(conflg-routerJ * network 2 0.0.0.0 Router (conf lg-routerH exit Router(config)4 exit Router* copy running-config startup-config Router* disable Router> Terminal Protocol: SSH Source: Adopted from Transforming the Network With Open SDN by Big Switch Network SDN • 5/9/2022 7 Computing vs Networking COMPUTE EVOLUTION MAX NETWORKING EVOLUTION Source: Adopted from Transforming the Network With Open SDN by Big Switch Network SDN • 5/9/2022 8 Problems in Networking SDN Essentials Networks must keep up with exponential increases in traffic and more and more individually managed networked devices The result is more networking devices and strain on operations teams (who struggle to provide business value) We need twice as many engineers for that! Management ß Network Engineers switch switch Now we need to double the size our network! ßß jßßßfi ßß switch switch switch J L switch L switch switch switch _l L J L switch J L switch J L switch © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 .2: SDN Definitions 2-03 Problems in Networking SDN Essentials Networking is highly prescriptive yet networks are consumed in intents There are few (if any) abstractions in traditional networking to hide prescriptive details Network details must be exposed to and understood by consumers Network Engineer Network Consumer © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 e 2: SDN Definitions 2-04 10 Problems in Networking SDN Essentials „„..., „ "Oh! And the app Still broken. "We need our new tenant deployed." requirements changed!" Network Users Network Engineer "The tenant is still not working/' Network Gear Reconfigur VRF's/Vlans © 2015 SDN Essentials, LLC. All rights reserved .2: SDN Definitions 2-06 SDN Essentials Problems in Networking • All elements of the traditional networking stack are tightly coupled (read glued together) • Customers have little choice in selecting elements/ hardware/software for their specific use cases ■ 2. New feature sets (applications) are directly coupled with thefu I network OS stack. Element Manageme System 4. External device program inability is achieved only via vendor specific EMSs. Network OS Network OS Management ntrOi Network OS Management Traditional Forwarding Elements 1. Historically, the network 05 is tied to the hardware and lacks well known interfaces. 3. Upgrading speeds requires full fork lifts. © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 .2: SDN Definitions 2-05 12 Problems in Networking SDN Essentials Optimal resource utilization is a challenge in networking which typically leads to overprovisioning • QoS - Difficult to manage across disparate devices • Traffic Engineering - Requires MPLS/RSVP-TE or BGP and static configuration • Non-Best Path Forwarding - Requires either RSVP-TE or policy based routing both of which require static configuration which is difficult to scale Internet I Jti I izing rarnmodity —^ \ which is managed on a box-by-box basis. Router-l Router-2 1 ' WAN bandwidth is expensive! © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 .2: SDN Definitions 2-07 13 Software-Defined Networking (SDN) The answer to necessary networking evolution - making them able to react to current requirements better (i.e., more flexible, faster,...) The basic idea: Management of network services through abstraction of lower -level functionality decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane) - centralized management Current Internet Closed to Innovations in the Infrastructure Software Defined Networking" approach to open it App Network Operating System ■ Operating Specialized Packet Forwarding Hardware SDN • 5/9/2022 I ■ ■ ■ J i Operating Specialized Packet Forwarding Hardware 1 \"\ Operating Specialized Packet Forwarding Hardware Specialized Packet Forwarding Hardware 1 Specialized Packet Forwarding Hardware The "Software-defined Network" 3. Well-defined open API Simple Packet Forwarding Hardware 2. At least one good operating system Extensible, possibly open-source \_ Network Operating System 1. Open interface to hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware Simple Packet Forwarding Hardware SDN • 5/9/2022 Simple Packet Forwarding Hardware 17 Software-defined network (SDN) -s SDN - Basic Concepts Software-Defined Networking = a modern buzzword © - like Software-Defined Anything ... Several SDN concepts have been proposed - all of them follow the basic ideas centralized control, programmability, flexibility,... - could be based on: uniform configuration of (more or less) traditional devices - RESTconf, NETconf, specialized protocols,... novel networking paradigm (requiring novel devices) - OpenFlow SDN Definition □ SDN is a framework to allow network administrators to automatically and dynamically manage and control a large number of network devices, services, topology, traffic paths, and packet handling (quality of service) policies using high-level languages and APIs, Management includes provisioning, operating, monitoring, optimizing, and managing FCAPS (faults, configuration, accounting, performance, and security) in a multi-tenant environment □ Key: Dynamic ^> Quick Legacy approaches such as CLI were not quick particularly for large networks Washington University in St. Louis_lmp://n u w.lsl-.^ Li*iUduHitJTifcse570-] V_£2013 Rai Jain 16-9 SDN • 5/9/2022 20 SDN - benefits Reducing overhead costs (easier management) - centralized management Easier and faster deployment of new services - from weeks/months to days/hours/minutes Higher flexibility - allowing to support applications with specific needs Higher usage efficiency - lowering over-provisioning Support of new features and applications - including e.g. virtualization/slicing of the network etc. etc. SDN - Why we need it? Virtualization - Define what you need, map to physical fabrics Orchestration - Thousands of devices on one go Programmable - Controlled through API (machine fast) Dynamic scale - From small to large without paradigm change Automation - FCAPS (NetConf instead of SNMP, APIs instead of CLI) SDN - Why we need it? Visibility - See what you need Performance - Optimize network use (traffic shaping, load balancing, dynamic re-routing, error handling,...) Multi -tenacy - Hierarchy supported, tenants with full control through virtualization Service integration - "Programmable" network (i.e., you can program what you want/need; load balancers, firewalls, IDS,... as, when, and where needed) Openness - Abstraction, "what" instead of "how" Open Flow protocol _j What is OpenFlow? (SDNEssentials Typical Multi-Slot Chassis Control Plane + Fabric Card Control Plane + Fabric Card LI U U Backplane Secret Sauce! © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 OpenFlow 3-06 25 What is OpenFlow? Full Network SDN Essentials SDN Controller > < SDN Controller I__l / / arding Element Forwarding Ele OpenFlow! © 2015 SDN Essentials, LLC. All rights reserved SDN • 5/9/2022 OpenFlow 3-07 26 SDN/ OpenFlow - introduction A novel networking paradigm - first standard communication interface between the control and forwarding layers vendor-independent - forwarding HW has to comply with the OpenFlow specification - allows direct access to and manipulation of the forwarding plane of network devices - besides basic OpenFlow SW client, the devices contain packet forwarding tables (flow tables) define packet matching rules and packet actions Components of OpenFlow Network Controller 5^W£|iire From OpenFlow Switch Specification OpenFlow Example Controlle Software Layer Hardware Layer OpenFlow Client Flow Table MAC MAC IP IP TCP TCP src dst Src Dst sport dport action 5.6.7.8 port 1 OpenFlow usage a _ 2: Alice's Rule ] Controller .........................„, ......* * * • Decision? OpenFlow m b a Real-life deployment SDN/ OpenFlow approach Physical network separation - allows to divide OpenFlow HW switches into separate (SDN) worlds controller by own SDN Controllers Separate VTNs and L2/L3 networks in BLUE SDN network e.g. production, experimental controller and control network Separate VTNs and L2/L3 networks in YELLOW SDN network In case of hybrid switches, part of the HW may serve as control network (traditional approach) i OpenFlow Switch P i i 1 N i OpenFlow sw itc _H OpenFlow switch 1 Shared control network (traditional approach) SDN/ OpenFlow Demo sven FTP client and FTP server Two physical paths through the network exist one path is congested (allows for a lower speed) - emulated using increased packet drop & delay the other one is free (thus faster) Two users: ondra & sven user "sven" is privileged his transmission speed is monitored and - if too Low - the FTP server contacts SDN controller, which forces his flows to use the free/faster Link (monitoring in 2sec. interval) - all the other users remain on the congested Link SDN/ OpenFlow Demo - VTN representation ondra 8 sven VTN representation: host SDN/ OpenFlow Demo ondra 8 sven Video running B Further examples of real-life use-cases Further use-case examples related to university usage - prioritize traffic / enforce lower priority (backups) - security applications centralized monitoring probes (monitoring just specific traffic) - e.g. HTTP traffic through DPI, FTP through common probes isolation of infected nodes and monitoring the attacker distribution of filtering rules - in cooperation with stateful firewall - connection redundancy, high -capacity links deployment,... - etc. etc. Thank you for your attention!