Network layer: “data plane” roadmap

▪ Network layer: overview

• data plane
• control plane
▪ What’s inside a router
• input ports, switching, output ports
• buffer management, scheduling
▪ IP: the Internet Protocol
• datagram format ▪ Generalized Forwarding, SDN
• addressing • Match+action
• network address translation • OpenFlow: match+action in action
• IPv6 ▪ Middleboxes
Network Layer: 4-78
Generalized forwarding: match plus action
Review: each router contains a forwarding table (aka: flow table)
▪ “match plus action” abstraction: match bits in arriving packet, take action
• destination-based forwarding: forward based on dest. IP address
• generalized forwarding:
• many header fields can determine action
• many action possible: drop/copy/modify/log packet

forwarding table
(aka: flow table)

values in arriving
packet header
0111 1
2
3

Network Layer: 4-79

Flow table abstraction
▪ flow: defined by header field values (in link-, network-, transport-layer fields)
▪ generalized forwarding: simple packet-handling rules
• match: pattern values in packet header fields
• actions: for matched packet, drop, forward, modify matched packet or send
matched packet to controller
• priority: disambiguate overlapping patterns
• counters: #bytes and #packets

Flow table Router’s flow table define

match action router’s match+action rules

Network Layer: 4-80

Flow table abstraction
▪ flow: defined by header field values (in link-, network-, transport-layer fields)
▪ generalized forwarding: simple packet-handling rules
• match: pattern values in packet header fields
• actions: for matched packet, drop, forward, modify matched packet or send
matched packet to controller
• priority: disambiguate overlapping patterns
• counters: #bytes and #packets

Flow table src=*.*.*.*, dest=3.4.*.* forward(2)

match action src=1.2.*.*, dest=*.*.*.* drop
src=10.1.2.3, dest=*.*.*.* send to controller
* : wildcard
1 4
3
2 Network Layer: 4-81
 Ingress Port # (e.g., 1, 2, 3)
Source MAC Addr. (e.g., 00:1A:2B:3C:4D:5E)
OpenFlow: flow table entries Dest. MAC Addr. (e.g., FF:FF:FF:FF:FF:FF)
Ethernet Type (e.g., IPv4, IPv6)
VLAN ID (e.g., 100, 200)
VLAN Priority (e.g., 0, 1, …, 7)
Match Action Statistics Source IP Addr. (e.g., 192.168.1.1)
Dest. IP Addr. (e.g., 192.168.1.100)
IP Protocol (e.g., TCP, UDP, ICMP)
IP Type of Service (e.g., 0x00, 0x20)
Packet + byte counters Source Port # (e.g., 80, 443, 12345)
Dest. Port # (e.g., 80, 53, 22)
1. Forward packet to port(s)
2. Drop packet
3. Modify fields in header(s)
4. Encapsulate and forward to controller

Header fields to match:

Ingress Src Dst Eth VLAN VLAN IP IP IP IP TCP/UDP TCP/UDP
Port MAC MAC Type ID Pri Src Dst Proto ToS Src Port Dst Port

Link layer Network layer Transport layer

Network Layer: 4-82
OpenFlow: examples
Destination-based forwarding:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * * 51.6.0.8 * * * * port6
IP datagrams destined to IP address 51.6.0.8 should be forwarded to router output port 6

Firewall:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * * * * * * 22 drop
Block (do not forward) all datagrams destined to TCP port 22 (ssh port #)

Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP

Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
* * * * * * 128.119.1.1 * * * * * drop
Block (do not forward) all datagrams sent by host 128.119.1.1
Network Layer: 4-83
OpenFlow: examples
Layer 2 destination-based forwarding:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
22:A7:23:
* * 11:E1:02 * * * * * * * * * port3
Layer 2 frames with destination MAC address 22:A7:23:11:E1:02 should be forwarded
to output port 3

Load balancing:
Switch MAC MAC Eth VLAN VLAN IP IP IP IP TCP TCP
Port src dst type ID Pri Src Dst Prot ToS s-port d-port Action
3 * * * * * * 10.1.*.* * * * * port3
4 * * * * * * 10.1.*.* * * * * port1
IP datagrams ingressing through port 3/port 4 and destined to IP address 10.1.*.*
should be forwarded to router output port 3/port 1

Network Layer: 4-84

OpenFlow abstraction
▪ match+action: abstraction unifies different kinds of devices

Router Firewall
• match: longest • match: IP addresses and
destination IP prefix TCP/UDP port numbers
• action: forward out a • action: permit or deny
link
Switch NAT
• match: destination MAC • match: IP address and port
address • action: rewrite address and
• action: forward or flood port

Network Layer: 4-85

OpenFlow example
Host h6 Orchestrated tables can create
10.3.0.6
1 s3 controller
network-wide behavior, e.g.,:
2
4
▪ datagrams from hosts h5 and
Host h5
3
h6 should be sent to h3 or h4,
10.3.0.5 via s1 and from there to s2

1 s1 1 s2
Host h1 2 Host h4
10.1.0.1 4 2 4
10.2.0.4
3 3

Host h3
Host h2
10.2.0.3
10.1.0.2

Network Layer: 4-86

OpenFlow example
match action
IP Src = 10.3.*.* Host h6 Orchestrated tables can create
forward(3) 10.3.0.6
IP Dst = 10.2.*.*
1 s3 controller
network-wide behavior, e.g.,:
2
4
▪ datagrams from hosts h5 and
Host h5
3
h6 should be sent to h3 or h4,
10.3.0.5 via s1 and from there to s2

1 s1 1 s2
Host h1 2 Host h4
10.1.0.1 4 2 4
10.2.0.4
3 3

match match action

action Host h3
Host h2 ingress port = 2
ingress port = 1 10.1.0.2
10.2.0.3 forward(3)
IP Src = 10.3.*.* forward(4) IP Dst = 10.2.0.3
IP Dst = 10.2.*.* ingress port = 2
forward(4)
IP Dst = 10.2.0.4
Network Layer: 4-87
Generalized forwarding: summary
▪ “match plus action” abstraction: match bits in arriving packet header(s) in
any layers, take action
• matching over many fields (link-, network-, transport-layer)
• local actions: drop, forward, modify, or send matched packet to
controller
• “program” network-wide behaviors
▪ simple form of “network programmability”
• programmable, per-packet “processing”
• historical roots: active networking
• today: more generalized programming: P4 (see p4.org).

Network Layer: 4-88

Network layer: “data plane” roadmap

▪ Network layer: overview

▪ What’s inside a router
▪ IP: the Internet Protocol
▪ Generalized Forwarding
▪ Middleboxes
• middlebox functions
• evolution, architectural principles of
the Internet

Network Layer: 4-89

Middleboxes
Middlebox (RFC 3234)

“any intermediary box performing functions apart

from normal, standard functions of an IP router on
the data path between a source host and
destination host”

traffic filtering, packet inspection, NAT,

QoS enforcement, proxying, load
balancing, firewalling,
encryption/decryption, tunneling,
compression/decompression, etc.
Network Layer: 4-90
 IDS: Intrusion Detection System
CDN: Content Delivery Network
Middleboxes everywhere!
Firewalls, IDS:
corporate, institutional,
national or global ISP service providers, ISPs
NAT:
home, cellular,
institutional Load balancers:
corporate, service provider,
data center, mobile nets

Application-specific: datacenter
network

service providers, Caches:

institutional, CDN service provider,
enterprise mobile, CDNs
network

Network Layer: 4-91

Middleboxes
▪ initially: proprietary (closed) hardware solutions
▪ move towards “whitebox” hardware implementing open API
▪ move away from proprietary hardware solutions
▪ programmable local actions via match+action
▪ move towards innovation/differentiation in software
▪ SDN: (logically) centralized control and configuration management
often in private/public cloud
▪ network functions virtualization (NFV): programmable services over
white box networking, computation, storage

Network Layer: 4-92

Architectural Principles of the Internet
RFC 1958
“Many members of the Internet community would argue that there is no architecture, but only a tradition,
which was not written down for the first 25 years (or at least not by the IAB). However, in very general terms,
the community believes that the goal is connectivity, the tool is the Internet
Protocol, and the intelligence is end to end rather than hidden in the
network.”

Three cornerstone beliefs:

▪ simple connectivity
▪ IP protocol: that narrow waist
▪ intelligence, complexity at network edge
Network Layer: 4-93
The IP hourglass

HTTP SMTP RTP …

QUIC DASH
Internet’s “thin waist”: many protocols
▪ one network layer TCP UDP
protocol: IP
in physical, link,
▪ must be implemented IP transport, and
by every (billions) of application
Ethernet PPP …
Internet-connected PDCP WiFi Bluetooth layers
devices
copper radio fiber

Network Layer: 4-94

The IP hourglass, at middle age

HTTP SMTP RTP …

QUIC DASH

Internet’s middle age TCP UDP

“love handles”? caching
▪ middleboxes, IP
Firewalls
operating inside the
Ethernet PPP …
network PDCP WiFi Bluetooth

copper radio fiber

Network Layer: 4-95

The end-end argument
▪ some network functionality (e.g., reliable data transfer, congestion)
can be implemented in network, or at network edge

application end-end implementation of reliable data transfer application

transport transport
network network
data link data link
physical physical

application
application
transport
transport
network hop-by-hop (in-network) implementation of reliable data transfer network
data link
data link
physical network
physical
network network network network network link
link link link link link physical
physical physical physical physical physical

Network Layer: 4-96

The end-end argument
▪ some network functionality (e.g., reliable data transfer, congestion)
can be implemented in network, or at network edge

“The function in question can completely and correctly be implemented only

with the knowledge and help of the application standing at the end points of the
communication system. Therefore, providing that questioned function as a
feature of the communication system itself is not possible. (Sometimes an
incomplete version of the function provided by the communication system may
be useful as a performance enhancement.)

We call this line of reasoning against low-level function implementation the “end-
to-end argument.”
Saltzer, Reed, Clark 1981
Network Layer: 4-97
 Where’s the intelligence?

20th century phone net: Internet (pre-2005) Internet (post-2005)

• intelligence/computing at • intelligence, computing at • programmable network devices
network switches edge • intelligence, computing, massive
application-level infrastructure at edge

Network Layer: 4-98

Chapter 4: done!
▪ Network layer: overview
▪ What’s inside a router
▪ IP: the Internet Protocol
▪ Generalized Forwarding, SDN
▪ Middleboxes

Question: how are forwarding tables (destination-based forwarding)

or flow tables (generalized forwarding) computed?
Answer: by the control plane (next chapter)

Network Layer: 4-99