SDN Demystified, by Dean Pemberton [APNIC 38]

SDN Demystified
Dean Pemberton – NSRC

Who am I
• Dean Pemberton
– NSRC
• Trainer/Network Engineer
– Victoria University of Wellington
• SDN Research Associate
– InternetNZ
• Technical Policy Advisor

You probably have questions
• What is SDN?
• What's wrong with the network I have
now?
• What can an SDN do?

Software Defined Networking
is…
• The stupidest name ever invented.

is…
• SDN allows network administrators to
manage network services through
abstraction of lower level functionality.
• This is done by decoupling the system that
makes decisions about where traffic is
sent (the control plane) from the
underlying systems that forward traffic to
the selected destination (the data plane).

• You’ve probably had Software Defined
Networking for years?
• Anyone own a Juniper M-Series?
• It was just that you were never allowed to
define or control the software.

Remember when…
• If the features you wanted were supplied
by the operating system you were in luck.
• =)
• If the features you wanted were not
supplied by the operating system, there
were limited opportunities to expand it to
include those features.
• =(

End User Innovation
• With Open Source Operating System
Software control over the development
and deployment of OS features is placed
in the hands of the users.
• If you need a feature, even if you are the
only one on the planet who wants it, you
have a way to develop and deploy it.

A world without…
• Facebook
– http://www.developer.com/open/article.php/3894566/Inside-Facebooks-Open-Source-Infrastructure.htm
• Google
– https://developers.google.com/open-source/
• Android
• etc.

Now think about current network
equipment…
• Do we currently live in a world more like
the closed source OS past?
• Or the current OS world where end users
can innovate.

Current Network Feature
Roadmap
• You have a good idea
• You go to your network vendor and pitch
the idea
• Your network vendor asks how many units
you’re going to buy
• That number is not enough
• Nothing happens regarding your good idea

Current Example
• “Hi Mr Load Balancing Vendor, I’m a
ccTLD in a small country, we face a set of
unique challenges with regard to
managing bandwidth and protecting
against DDoS attacks. We own 2 of your
units and were wondering if you might be
able to develop some features to assist us
in these unique challenges”
• *CLICK* brrrrrrrrrrrrrrrr

Another Example
• “We are pleased to announce that after
months of development the new version of
our networking software will support
<feature X which you don’t need>. The
price for the next software upgrade with be
double to re-coup this development cost”

What if we lived in a world
where…
• You could start an open source project
where people could develop the features
you actually needed your platform to
support.
• You didn’t need to pay for features that
you were never going to use.
• You didn’t need to worry about bugs in
code you were never going to use.

This works today for OSs
• If you need a new extension to
Apache/BIND/MySQL/etc. then you can
have someone develop them for you.
• What if you could do the same thing for all
the features in your:
– Switches
– Routers
– Load Balancers
– Firewalls

• Allows you to do just that.
• It allows you to take back control of the
software that controls your network
• It allows you to drive the speed and
direction of the innovation of features
within that software.

Software defined networking
(SDN)
• Separates control and data plane:
– Open interface between control and data
plane (OpenFlow)
– Network control and management features in
software

Lessons from history 
• "If you know what you're doing, 3 layers is
enough; if you don't, 17 layers won't help
you.”
• [B]eware of the panacea peddlers: just
because you wind up naked doesn't make
you an emperor.
– Michael A Padlipsky

Openflow overview
• One of the key technologies to realize SDN
• Open interface between control and data plane

SDN Demystified, by Dean Pemberton [APNIC 38]

Layer 2 – Switches
• Network Virtualisation
• Data Centre
• Multi Tennant
• FlowVisor
• Each customer not only gets their own
‘network’ they can control it with their own
controller.

Layer 3 – Routers
• RouteFlow
• What if you were able to take any number
of ports throughout you network and draw
them together into a router?

Layer 3 – Routers
• Being able to add new features without
waiting for vendor support
• RPKI

Layer 4 – Load Balancers
• Load Balancers need to take into account not
only complex information about network latency,
congestion and performance, but also the load
on each of the servers that they are balancing
traffic across.
• They also need to know how the balanced
application deals with certain situations
• The best person to know that is YOU

Layer 4 – Load Balancers
• Wang, Richard, Dana Butnariu, and Jennifer Rexford.
"OpenFlow-based server load balancing gone wild."
Proceedings of the 11th USENIX conference on Hot
topics in management of internet, cloud, and enterprise
networks and services. USENIX Association, 2011.
• Handigol, Nikhil, et al. "Plug-n-Serve: Load-balancing
web traffic using OpenFlow." ACM SIGCOMM Demo
(2009).
• Koerner, Marc, and Odej Kao. "Multiple service load-balancing
with OpenFlow." High Performance Switching
and Routing (HPSR), 2012 IEEE 13th International
Conference on. IEEE, 2012.

Layer 4+ - Firewalls
• We install firewalls everywhere
• They are expensive
• What if we could somehow virtualise them and deploy
them only where needed.

Layer 4+ - Firewalls
• Porras, Philip, et al. "A security enforcement kernel for
OpenFlow networks." Proceedings of the first workshop
on Hot topics in software defined networks. ACM, 2012.
• Stabler, Greg, et al. "Elastic IP and security groups
implementation using OpenFlow." Proceedings of the 6th
international workshop on Virtualization Technologies in
Distributed Computing Date. ACM, 2012.
• Gamayunov, Dennis, Ivan Platonov, and Ruslan
Smeliansky. "Toward Network Access Control With
Software-Defined Networking."

Current Work in NZ on SDN
• Parallel REANNZ backbone
• VSD (Victoria Standard Distribution)
• RPKI on CARDIGAN
• NZIX2 at Citylink
• SDN being taught to undergrads in
Q3/2014 at VUW

NZNOG SDN Install Tutorial
• SDN Intro
• Ryu – OpenFlow Controler
• Open vSwitch
• RouteFlow
• Building a L2 Switch
• Building a L3 Router

Takeaways
• SDN separates the control of the network
from the elements involved in actually
forwarding the packets
• This allows us to have a holistic view of
the network not available before
• SDN allows you to control the direction
and speed on innovation.
• Active area of development
• Watch this space

Questions
Do you have any questions?
?

VM
• Going to do this as a demo. I’ll make the
VM and instructions available online later.

Topology
+---------------------------+
| |
| C0 - Controller |
| |
+-------------+-------------+
|
+-------------+-------------+
| |
| S1 - OpenFlow |
| Switch |
| |
+-+----------+----------+---+
s1-eth0 s1-eth1 s1-eth2
+ + +
| | |
| | |
v v v
h1-eth0 h2-eth0 h3-eth0
+-+--+ +-+--+ +-+--+
| H1 | | H2 | | H3 |
+----+ +----+ +----+

Connecting
• Open a terminal window on your machine.
If you don't know how to do this ask an
instructor for help.
• At the prompt type:
• ssh mininet@192.168.56.101
• This IP might be different but you can view
it on the VM console

Starting the RYU Openflow
controller
• Start the ryu controller with the Simple
Switch application
• # ryu-manager --verbose ./simple_switch_13.py

Housekeeping
• Make sure that things are in a clean state
before we start
• root@mininet-vm:~# killall controller
• root@mininet-vm:~# mn -c

Become root
• All of the actions in this exercise are done
as the root user, so if you are not root
already type the following in both windows:
mininet@mininet-vm:~$ sudo bash
root@mininet-vm:~#

Open Two SSH windows
• We will use two windows for this demo.
One for the Control Plane (ryu) and the
other for the Data Plane (mininet)

Simple Switch
Create a table called mac_to_port ;
If {packet_in to switch}
{ Parse packet to reveal src and dst MAC addr;
Store in the dictionary the mapping between src_mac and the in_port;
Lookup dst_mac in mac_to_port dict of switch s1 to find next hop;
If { next hop is found}
{ create flow_mod ;
send;
}
else
flood all ports ≠ in_port;

Starting Mininet
• Start mininet with 3 hosts connected to 1
switch
# mn --topo=tree,1,3 --mac
--controller=remote
--switch ovsk,protocols=OpenFlow13

Passing Packets
• mininet> h1 ping h2
• mininet> dpctl dump-flows -O OpenFlow13

Increase Network Size
#mn --topo=tree,1,10 --mac
--controller=remote
--switch ovsk,protocols=OpenFlow13

Running a high bandwidth flow
mininet> iperf

SDN Demystified, by Dean Pemberton [APNIC 38]

More Related Content

What's hot (20)

Viewers also liked (10)

Similar to SDN Demystified, by Dean Pemberton [APNIC 38] (20)

More from APNIC (20)

Recently uploaded (20)

SDN Demystified, by Dean Pemberton [APNIC 38]