Scribd
Upload
22 views

CEC354

Software defined networks for study sylabus

Uploaded by

kingkingston565
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views

CEC354

Software defined networks for study sylabus

Uploaded by

kingkingston565
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

UG3 Computer Communications & Networks (COMN)

Network Layer Control Plane: SDN,


Generalized Forwarding, OpenFlow,
Network Management & SNMP

MAHESH MARINA
[email protected]

Slides copyright of Kurose and Ross


Software defined networking (SDN)

§ Internet network layer: historically has been


implemented via distributed, per-router approach
• monolithic router contains switching hardware, runs
proprietary implementation of Internet standard
protocols (IP, RIP, IS-IS, OSPF, BGP) in proprietary
router OS (e.g., Cisco IOS)
• different “middleboxes” for different network layer
functions: firewalls, load balancers, NAT boxes, ..

§ ~2005: renewed interest in rethinking network


control plane

Network Layer: Control Plane 5-2


Recall: per-router control plane
Individual routing algorithm components in each and every
router interact with each other in control plane to compute
forwarding tables

4.1 • OVERVIEW OF NETWORK LAYER 309

Routing
Algorithm
Routing algorithm control
Control plane plane
Data plane

Local forwarding data


table
header output
plane
0100 3
0110 2
0111 2
1001 1

Values in arriving
packet’s header
1
1101

2
3

Network Layer: Control Plane 5-3


Figure 4.2 ♦ Routing algorithms determine values in forward tables
Recall: logically centralized control plane
A distinct (typically remote) controller interacts with local
control agents (CAs) in routers to compute forwarding tables

Remote Controller

control
plane

data
plane

CA
CA CA CA CA

Network Layer: Control Plane 5-4


Software defined networking (SDN)

Why a logically centralized control plane?


§ easier network management: avoid router
misconfigurations, greater flexibility of traffic flows
§ table-based forwarding (OpenFlow API discussed
shortly) allows “programming” routers
• centralized “programming” easier: compute tables
centrally and distribute
• distributed “programming” more difficult: compute
tables as result of distributed algorithm (protocol)
implemented in each and every router
§ open (non-proprietary) implementation of control
plane

Network Layer: Control Plane 5-5


Analogy: mainframe to PC evolution*
Ap Ap Ap Ap Ap Ap Ap Ap Ap Ap
App
Specialized p p p p p p p p p p
Applications Open Interface

Specialized Windows Mac


Operating (OS)
or Linux or OS
System
Open Interface
Specialized
Hardware
Microprocessor

Vertically integrated Horizontal


Closed, proprietary Open interfaces
Slow innovation Rapid innovation
Small industry Huge industry
* Slide courtesy: N. McKeown Network Layer: Control Plane 5-6
Traffic engineering: difficult traditional routing

5
3
2 v w 5

u 2
3
1 z
1
2
x 1 y

Q: what if network operator wants u-to-z traffic to flow along


uvwz, x-to-z traffic to flow xwyz?
A: need to define link weights so traffic routing algorithm
computes routes accordingly (or need a new routing algorithm)!

Link weights are only control “knobs”: wrong!


Network Layer: Control Plane 5-7
Traffic engineering: difficult
5
3
2 v w 5

u 2
3
1 z
1
2
x 1 y

Q: what if network operator wants to split u-to-z


traffic along uvwz and uxyz (load balancing)?
A: can’t do it (or need a new routing algorithm)

Network Layer: Control Plane 5-8


Networking 401
Traffic engineering: difficult
5
3
v
v
w
w
2 5

zz
u 2 1
3
1
2
xx yy
1

Q: what if w wants to route blue and red traffic


differently?

A: can’t do it (with destination based forwarding, and LS,


DV routing)

Network Layer: Control Plane 5-9


Software defined networking (SDN)
4. programmable 3. control plane
control routing access
control
… load
balance functions
applications external to data-
plane switches
Remote Controller

control
plane

data
plane

CA 2. control,
data plane
CA CA CA CA separation

1: generalized“ flow-
based” forwarding
(e.g., OpenFlow)
Network Layer: Control Plane 5-10
Generalized Forwarding and SDN
Each router contains a flow table that is computed and
distributed by a logically centralized routing controller
logically-centralized routing controller

control plane

data plane
local flow table
headers counters actions

1
0100 1101

3 2
values in arriving
packet s header
OpenFlow data plane abstraction
§ flow: defined by header fields
§ generalized forwarding: simple packet-handling rules
• Pattern: match values in packet header fields
• Actions: for matched packet: drop, forward, modify,
matched packet or send matched packet to controller
• Priority: disambiguate overlapping patterns
• Counters: #bytes and #packets

Flow table in a router (computed and distributed by


controller) define router’s match+action rules
OpenFlow data plane abstraction
§ flow: defined by header fields
§ generalized forwarding: simple packet-handling rules
• Pattern: match values in packet header fields
• Actions: for matched packet: drop, forward, modify,
matched packet or send matched packet to controller
• Priority: disambiguate overlapping patterns
• Counters: #bytes and #packets

* : wildcard
1. src=1.2.*.*, dest=3.4.5.* à drop
2. src = *.*.*.*, dest=3.4.*.* à forward(2)
3. src=10.1.2.3, dest=*.*.*.* à send to controller
OpenFlow: Flow Table Entries

Rule Action Stats

Packet + byte counters


1. Forward packet to port(s)
2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline
5. Modify Fields

Switch VLAN MAC MAC Eth IP IP IP TCP TCP


Port ID src dst type Src Dst Prot sport dport

Link layer Network layer Transport layer


Examples
Destination-based forwarding:
Switch MAC MAC Eth VLAN IP IP IP TCP TCP
Action
Port src dst type ID Src Dst Prot sport dport
* * * * * * 51.6.0.8 * * * port6
IP datagrams destined to IP address 51.6.0.8 should
be forwarded to router output port 6
Firewall:
Switch MAC MAC Eth VLAN IP IP IP TCP TCP
Forward
Port src dst type ID Src Dst Prot sport dport
* * * * * * * * * 22 drop
do not forward (block) all datagrams destined to TCP port 22

Switch MAC MAC Eth VLAN IP IP IP TCP TCP


Forward
Port src dst type ID Src Dst Prot sport dport
* * * * * 128.119.1.1
* * * * drop
do not forward (block) all datagrams sent by host 128.119.1.1
Examples
Destination-based layer 2 (switch) forwarding:
Switch MAC MAC Eth VLAN IP IP IP TCP TCP
Action
Port src dst type ID Src Dst Prot sport dport
22:A7:23:
* 11:E1:02 * * * * * * * * port3
layer 2 frames from MAC address 22:A7:23:11:E1:02
should be forwarded to output port 3
OpenFlow abstraction
§ match+action: unifies different kinds of devices
§ Router § Firewall
• match: longest • match: IP addresses
destination IP prefix and TCP/UDP port
• action: forward out numbers
a link • action: permit or
§ Switch deny
• match: destination § NAT
MAC address • match: IP address
• action: forward or and port
flood • action: rewrite
address and port
OpenFlow example Example: datagrams from
hosts h5 and h6 should
be sent to h3 or h4, via s1
match action and from there to s2
IP Src = 10.3.*.* Host h6
forward(3)
IP Dst = 10.2.*.* 10.3.0.6
1 s3 controller
2

3 4

Host h5
10.3.0.5

1 s1 1 s2
2 Host h4
4 2 4
Host h1 10.2.0.4
3 3
10.1.0.1
Host h2
10.1.0.2 match action
match action Host h3
ingress port = 2
10.2.0.3 forward(3)
ingress port = 1 IP Dst = 10.2.0.3
IP Src = 10.3.*.* forward(4) ingress port = 2
forward(4)
IP Dst = 10.2.*.* IP Dst = 10.2.0.4
SDN perspective: data plane switches
Data plane switches network-control applications

§ fast, simple, commodity


routing

switches implementing
generalized data-plane access load
control balance
forwarding (Section 4.4) in
hardware control
plane
northbound API
§ switch flow table computed,
installed by controller SDN Controller
§ API for table-based switch (network operating system)
control (e.g., OpenFlow)
• defines what is controllable and southbound API
what is not
§ protocol for communicating data
with controller (e.g., OpenFlow) plane

SDN-controlled switches
Network Layer: Control Plane 5-19
OpenFlow protocol
§ operates between
OpenFlow Controller controller, switch
§ TCP used to exchange
messages
• optional encryption
§ three classes of
OpenFlow messages:
• controller-to-switch
• asynchronous (switch
to controller)
• symmetric (misc)

Network Layer: Control Plane 5-20


OpenFlow: controller-to-switch messages

Key controller-to-switch messages


OpenFlow Controller
§ features: controller queries
switch features, switch replies
§ configure: controller
queries/sets switch
configuration parameters
§ modify-state: add, delete, modify
flow entries in the OpenFlow
tables
§ packet-out: controller can send
this packet out of specific
switch port
Network Layer: Control Plane 5-21
OpenFlow: switch-to-controller messages
Key switch-to-controller messages
OpenFlow Controller
§ packet-in: transfer packet (and its
control) to controller. See packet-
out message from controller
§ flow-removed: flow table entry
deleted at switch
§ port status: inform controller of a
change on a port.

Fortunately, network operators don’t “program” switches by


creating/sending OpenFlow messages directly. Instead use
higher-level abstraction at controller
Network Layer: Control Plane 5-22
SDN perspective: SDN controller
SDN controller (network OS): network-control applications

§ maintain network state


routing

information
access load
§ interacts with network control balance
control applications “above”
via northbound API northbound API
control
plane
§ interacts with network
switches “below” via SDN Controller
southbound API (network operating system)
§ implemented as distributed
system for performance, southbound API

scalability, fault-tolerance,
robustness data
plane

SDN-controlled switches
Network Layer: Control Plane 5-23
SDN perspective: control applications
network-control apps: network-control applications

§ “brains” of control:
routing

implement control functions
using lower-level services, API access load
control balance
provided by SDN controller
§ unbundled: can be provided by northbound API
control
plane
3rd party: distinct from routing
vendor, or SDN controller SDN Controller
(network operating system)

southbound API

data
plane

SDN-controlled switches
Network Layer: Control Plane 5-24
Components of SDN controller

routing access load


control balance
Interface layer to
network control Interface, abstractions for network control apps
apps: abstractions
API
network
graph
RESTful
API
… intent

Network-wide state
management layer: statistics … flow tables
state of networks
Network-wide distributed, robust state management
SDN
links, switches,
controller
services: a distributed
database
Link-state info host info … switch info

communication layer: OpenFlow … SNMP


communicate Communication to/from controlled devices
between SDN
controller and
controlled switches

Network Layer: Control Plane 5-25


SDN: control/data plane interaction example
Dijkstra’s link-state 1 S1, experiencing link failure
Routing using OpenFlow port status
message to notify controller
4 5
network
graph
RESTful
API
… intent 2 SDN controller receives
OpenFlow message, updates
statistics
3
… flow tables
link status info
3 Dijkstra’s routing algorithm
Link-state info host info … switch info application has previously
2 registered to be called when
OpenFlow
… SNMP
ever link status changes. It is
called.
4 Dijkstra’s routing algorithm
6 access network graph info, link
1
state info in controller,
s2 computes new routes
s1
s4
s3
Network Layer: Control Plane 5-26
SDN: control/data plane interaction example
Dijkstra’s link-state
Routing
4 5
network
graph
RESTful
API
… intent 5 link state routing app interacts
with flow-table-computation
statistics
3
… flow tables
component in SDN controller,
which computes new flow
Link-state info host info … switch info
tables needed

2 6 Controller uses OpenFlow to


OpenFlow
… SNMP
install new tables in switches
that need updating
6
1

s2
s1
s4
s3
Network Layer: Control Plane 5-27
OpenDaylight (ODL) controller
Traffic …
Engineering § ODL Lithium
controller
REST API
§ network apps may
Network Basic Network Service Functions
be contained within,
service apps or be external to
Access
topology
manager
switch
manager
stats
manager
SDN controller
Control
forwarding host
§ Service Abstraction
manager manager Layer: interconnects
internal, external
Service Abstraction Layer (SAL) applications and
services
OpenFlow 1.0
… SNMP OVSDB

Network Layer: Control Plane 5-28


ONOS controller
Network …
control apps
§ control apps
northbound separate from
abstractions,
REST API Intent
protocols controller
§ intent framework:
hosts paths flow rules topology high-level
ONOS
specification of
devices links statistics distributed service: what rather
core than how
§ considerable
device link host flow packet southbound emphasis on
abstractions,
OpenFlow Netconf OVSDB protocols distributed core:
service reliability,
replication
performance scaling
Network Layer: Control Plane 5-29
SDN: selected challenges
§ hardening the control plane: dependable, reliable,
performance-scalable, secure distributed system
• robustness to failures: leverage strong theory of
reliable distributed system for control plane
• dependability, security: “baked in” from day one?
§ networks, protocols meeting mission-specific
requirements
• e.g., real-time, ultra-reliable, ultra-secure
§ Internet-scaling

Network Layer: Control Plane 5-30


What is network management?
§ autonomous systems (aka network ): 1000s of interacting
hardware/software components
§ other complex systems requiring monitoring, control:
• jet airplane
• nuclear power plant
• others?

"Network management includes the deployment, integration


and coordination of the hardware, software, and human
elements to monitor, test, poll, configure, analyze, evaluate,
and control the network and element resources to meet the
real-time, operational performance, and Quality of Service
requirements at a reasonable cost."

Network Layer: Control Plane 5-31


Infrastructure for network management
definitions:
managing entity
agent data
managing
data managed device
managed devices
entity
contain managed
agent data
objects whose data is
network gathered into a
management
protocol agent data
managed device Management
managed device
Information Base (MIB)

agent data
agent data
managed device
managed device

Network Layer: Control Plane 5-32


SNMP protocol
Two ways to convey MIB info, commands:

managing managing
entity entity

request
trap msg
response

agent data agent data

managed device managed device

request/response mode trap mode


Network Layer: Control Plane 5-33
SNMP protocol: message types
Message type Function
GetRequest
manager-to-agent: get me data
GetNextRequest
GetBulkRequest (data instance, next data in list, block of data)

InformRequest manager-to-manager: here’s MIB value

SetRequest manager-to-agent: set MIB value

Response Agent-to-manager: value, response to


Request

Trap Agent-to-manager: inform manager


of exceptional event

Network Layer: Control Plane 5-34


SNMP protocol: message formats
Get/set header Variables to get/set
PDU Error
Request Error
type Status Name Value Name Value ….
ID Index
(0-3) (0-5)

PDU Trap
type Enterprise Agent Type
Specific Time
Name Value ….
4 Addr code stamp
(0-7)
Trap header Trap info

SNMP PDU

More on network management: see earlier editions of text!

Network Layer: Control Plane 5-35

You might also like