School of Computing Science

Simon Fraser University

​

​

CMPT 471: Networking II

​

Software Defined Networking (SDN)

​

Instructor: Mohamed Hefeeda

1

Control Plane

Control Plane

Routing algorithm

Routing algorithm

Control Plane

Routing algorithm

Routers exchange messages with each other to calculate tables

• Examples: OSPF, ISIS, BGP
• Traditional, still used in many places

Control Plane: Distributed

3

Agent

Agent

Agent

Routers exchange messages with a remote/centralized controller

• Software-defined networking (SDN)
• Becoming popular in different networks, e.g., datacenter and enterprise networks

Control Plane

Control Plane: Centralized

SDN: Basic Concepts

• Control plane is separate from forwarding plane
• Control plane (software) typically runs on commodity servers
• 🡺 separation allows moving complex logic (intelligence) to servers, making switches much simpler and less expensive

​

• Control plane is centralized
• A single entity controls many/all devices in the network
• 🡺 centralization gives us a ‘global’ view of the network as well as one place to control the whole network
• 🡺 allows us to perform functions that were not possible before

​

​

4

SDN: Basic Concepts

• SDN accelerates innovations in networking, by :
• defining open standards and thus allowing more companies to enter the networking market (business)
• separating data and control planes, which allows developing and experimenting with new ideas faster (technical)

​

• Let us see an analogy from the computer industry
• Mainframe 🡺 PC
• Traditional Router 🡺 SDN Switch

5

Mainframe 🡺 PC

6

Vertically integrated

Closed, proprietary 🡺

Slow innovation

Small industry

Horizontal

Open interfaces 🡺

Rapid innovation

Huge industry

Traditional Router 🡺 SDN Switch

7

Vertically integrated

Closed, proprietary 🡺

Slow innovation

Small industry

Horizontal

Open interfaces 🡺

Rapid innovation

Huge industry

SDN: Architecture Overview

8

a.k.a SDN Controller

SDN Switches

e.g., OSPF, load balancer, ...

Open Interfaces

(a.k.a Bare-metal, merchant-silicon switches)

SDN: Data Plane (Switches)

• SDN Switches run a local Operating System
• Common switch OS examples include:
• SONiC (developed at Microsoft for their cloud services)
• Open Network Linux (ONL)
• Stratum (developed at Google, built on top of ONL, referred to as ‘Thin Switch OS’)

9

SDN: Data Plane (Switches)

• SDN Switches can be …
• Fixed Function
• Switch offers a fixed set of actions (e.g., forward, drop, …)
• Implements the match – action abstraction
• Currently deployed in networks
• A.k.a OpenFlow Switches
• Programmable
• Switch runs ‘programs’ at line rate
• Programs are written using the P4 language
• Relatively new, being deployed
• (Discussed later)

​

10

OpenFlow Switch

SDN Data Plane

• SDN Switches (fixed function) are …
• Fast, simple, commodity switches implementing generalized data-plane forwarding in hardware
• Switch has flow table computed and installed by controller
• Flow table has multiple Flow Rules (in the form of match—action)
• A protocol is used to communicate with and control switch
• E.g., OpenFlow (most common)

​

11

Generalized Forwarding

• Process packets based on multiple header fields
• Not just destination IP as before
• Any combination of fields can be used
• Originally defined by the OpenFlow Specifications

​

12

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dport

Link layer

Network layer

Transport layer

Payload …

Generalized Forwarding: Flow Rule

13

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dport

Match

Action

Stats

Can be …

• Forward packet to port(s)
• Encapsulate and forward to controller
• Drop packet
• Send to normal processing pipeline
• Modify Fields

Packet + byte counters

Link layer

Network layer

Transport layer

Match pkt against fields

Perform action(s)

Keep stats

Generalized Forwarding: Examples

14

Destination-based forwarding:

(as a special case of generalized forwarding)

*

*

*

*

*

*

51.6.0.8

*

*

*

Forward(6)

Forward datagrams destined to 51.6.0.8 to output port 6

Generalized Forwarding: Examples

15

Firewall

*

*

*

*

*

*

*

*

*

22

Drop

Block datagrams destined to TCP port 22

*

*

*

*

*

128.19.1.1

*

*

*

*

Drop

Block datagrams originated from host 128.19.1.1

OpenFlow Match-Action Abstraction

• Match + action abstraction: unifies different kinds of devices
• That is, the same abstraction can be used with various devices
• And, a ‘bare-metal’ switch can be configured to perform various functions

16

• Layer 3 Router
• match: longest dst IP prefix
• action: forward to a link

​

• Layer 2 Switch
• match: dst MAC address
• action: forward or flood

• Firewall
• match: IP addresses and TCP/UDP port numbers
• action: permit or deny
• NAT
• match: IP address and port
• action: rewrite address and port

​

Flow Table: Contains Multiple Entries

17

Switch

Port

MAC

src

MAC

dst

Eth

type

VLAN

ID

IP

Src

IP

Dst

IP

Prot

TCP

sport

TCP

dport

1. Forward packet to port(s)
2. Encapsulate and forward to controller
3. Drop packet
4. Send to normal processing pipeline
5. Modify Fields

Packet + byte counters

Link layer

Network layer

Transport layer

Matching is typically performed using TCAM

SDN: Control Plane

• SDN Control Plane contains
• SDN Controller (or Network Operating System, NOS)
• Network Control Apps

​

18

Control Plane

Data Plane

Notice: the figure shows an e2e example where the controller manages all components including virtual switches (vS) on end hosts 🡺 great flexibility

SDN Controller (or Network OS)

• SDN controller (or NOS)
• Maintains network state information
• Interacts with network control applications “above” via northbound API
• Interacts with network switches “below” via southbound API

19

Network-wide distributed, robust state management

Communication to/from controlled devices

…

…

…

…

Interface, abstractions for network control apps

SDN

controller

Communication layer: communicate between controller and switches

Network-wide state management layer: state of networks links, switches, services

Interface layer to network control apps: APIs

SDN Controller (or Network OS)

• Common examples of Network OS:
• ONOS (Open Network Operating System)
• OpenDaylight

20

SDN: Control Plane

Network-control apps:

• “brains” of control: implement control functions using lower-level services, API provided by SND controller
• E.g., routing, load balancing

​

• unbundled: can be provided by 3^rd party: distinct from switch vendor or SDN controller

21

SDN: High-level Operation

• Illustrative example (in following slides)
• Explains the interaction between data plane and control plane when a link fails and how the routing protocol handles this event

​

• Important to understand what happens and where

​

• Also important to notice the difference between the SDN approach and the traditional one

​

22

23

…

…

…

…

Dijkstra’s link-state

Routing

SDN: control/data plane interaction example

24

…

…

…

…

Dijkstra’s link-state

Routing

SDN: control/data plane interaction example

SDN vs Traditional Approach

• If we were using OSPF on individual routers (not SDN), what would be the steps?

​

• Work it out and compare both approaches

​

25

Why SDN?

• Now, we understand the basics of SDN. Let us see what it can offer, in contrast to current approach

​

• Recall first that SDN accelerates innovations by introducing open interfaces and disaggregating the market

​

​

26

SDN: Cost of Switches

• SDN moves logic to central entities (servers)
• 🡺 switches simpler to design and implement
• 🡺 commodity 🡺 cost a fraction of traditional switches
• Example
• Datacenter with 100,000 hosts using a tree-based topology
• Rough estimates: 5,000 switches (with fanout of 20)
• Traditional switch ~$5+K
• SDN Switch: ~$1K
• Savings: $25M - $5M = $20M

​

• In addition to the flexibility �of SDN

27

SDN Supports Traffic Engineering

• Network operators need to carefully direct various traffic flows through their networks
• This is usually referred to as Traffic Engineering (TE)

​

• In TE, network paths are chosen (engineered) to meet the requirements of applications or customers
• These paths may not necessarily be the shortest paths computed by the routing protocols

28

SDN: Traffic Engineering

• For specific customer, network operator wants:
• x-to-z traffic go through x-w-y-z (not the shortest path)
• Traditional approach: would need to define link weights so that routing algorithm computes routes accordingly
• But that would affect all traffic going through w and y!
• In contrast, SDN can enforce TE for specific traffic flows

29

2

2

1

3

1

1

2

5

3

5

Example 1:

SDN: Traffic Engineering

Example 2:

• latency-sensitive applications require passing through low-delay network paths, and
• high-volume content distribution applications may need to go through paths with large available bandwidth

30

2

2

1

3

1

1

2

5

3

5

App 1

App 2

Can this be achieved by OSPF (or siblings)?

SDN: Traffic Engineering

• A network operator wants to:
• split u-to-z traffic along u-v-w-z and u-x-y-z (load balancing)
• Hard do this using traditional routing algorithms
• Much simpler to do using SDN

​

31

Example 3:

SDN Supports Network Functions

• Network operators deploy many network functions
• Also called middle boxes, network devices
• Current trend is to virtualize these functions on general-purpose servers 🡺 referred to as Network Function Virtualization (NFV)

32

Firewall

IDS

Video Encoder

Parental control

Monitoring

Network Functions

Virtualized on Servers

SDN: Network Functions

• Large-scale networks are complex
• They have routers, and
• FW, IDS, …, and many other devices

​

• Network management becomes a hard task

​

• SDN offers a unified way to manage all of network devices
• SDN also enables TE in presence of devices

​

​

33

Firewall

IDS

Video Encoder

Monitoring

SDN: Network Functions

• Traffic may need to traverse a specific order of services
• Before reaching a destination

34

Need for SDN: Summary

• SDN achieves Traffic Engineering (TE) objectives that are difficult or impossible using current routing protocols

​

​

​

​

​

​

• SDN unifies the management of network devices
• SDN enables innovations and new network apps
• Through open interfaces

​

35

TE Examples:

• Min Latency
• Load balancing
• NFV routing
• Min Max Link Util. (MLU)
• Min Router State
• …

Need for SDN: Summary

36

• SDN also supports
• Faster reaction to Denial of Service Attacks
• Network virtualization
• Faster failure recovery
• Adaptive traffic monitoring
• Dynamic access control

​

​

​

​

37

Example Contribution from SFU Researchers

• SDN:
• Separates control and data planes and centralizes control plan
• Enables faster innovation and flexible control of the network
• SDN architecture:
• Data plane: fixed-function or programmable switches:
• Fixed function: match-action abstraction (generalized forwarding)
• Programmable: runs code written in P4
• SDN controller (aka network OS):
• Maintains state about the devices in the network
• Exposes API to network applications
• Controls and manages switches
• Applications (e.g., routing, load balancing):
• use APIs of SDN controller to realize network functions

38

Summary

Reading

• Chapter 1 and Sections 3.1-3.4 from:

Software-Defined Networks: A Systems Approach, Peterson, Cascone, O’Connor, Vachuska, and Davie.

​

39