Software Defined Networking (SDN) Motivation

Questions and Answers

What is a primary motivation behind the development of Software Defined Networking (SDN)?

• To overcome the limitations of traditional IP networks. (correct)
• To eliminate the need for network security.
• To increase the cost of network hardware.
• To decrease the speed of data forwarding.

In traditional IP networks, the control plane and data plane are tightly coupled.

True (A)

What is the role of the SDN controller?

The logically centralized controller implements the control logic by separating it from the data plane.

Which of the following best describes the function of the data plane in a computer network?

Forwarding data packets or frames. (B)

In SDN, the separation of the control and data plane is often achieved using a programming interface, such as ________.

OpenFlow

Match the SDN plane with its function:

Data Plane = Forwards data packets. Control Plane = Determines the path to use by using protocols to populate forwarding tables of data plane elements. Management Plane = Monitors and configures the control functionality.

What is a key advantage of SDN over traditional networks in terms of network feature updates?

SDN allows for new features to be implemented without modifying all control plane devices. (B)

Middleboxes in SDN are viewed as SDN controller applications.

True (A)

What are the shared abstractions in SDN?

Middlebox services (or network functionalities) that can be programmed easily now that the abstractions provided by the control platform and network programming languages can be shared.

Which of the following is an advantage of SDN regarding the consistency of network information?

All network applications have the same global network information view, leading to consistent policy decisions. (B)

In SDN, the location of middlebox applications can be implemented from __________ in the network.

anywhere

Match the SDN layer with its description:

Infrastructure = Networking equipment that forwards packets based on instructions from the controller. Southbound Interfaces = APIs that connect the control plane and data plane. Network Operating Systems = Logically centralized controllers that ease network management. Northbound Interfaces = Interfaces that abstract the network for applications and services.

What is the primary function of the SDN infrastructure layer?

Performing simple packet forwarding tasks. (D)

Northbound interfaces in SDN have a widely accepted standard, similar to OpenFlow in southbound interfaces.

False (B)

Name an example of a Network Operating System.

OpenDayLight

Which of the following best describes the role of Southbound Interfaces in SDN?

They act as a bridge between the control and forwarding elements. (A)

The two core abstractions of an SDN ecosystem are the Southbound and ________ interfaces.

Northbound

Match the following technologies with their respective layers in the SDN architecture:

OpenFlow = Southbound Interfaces OpenDaylight = Network Operating Systems Pyretic = Network Programming Languages SwitchLight = Infrastructure

What problem does vendor-agnostic development solve?

All of the above. (D)

Centralized controllers can scale to meet any environmental requirements in a network.

False (B)

Name two core controller functions.

Topology and Statistics

Which characteristic is typical of enterprise class networks and data centers, such as Maestro, Beacon, NOX-MT?

Centralized Controllers. (D)

Unlike single controller architectures that cannot scale in practice, a __________ network operating system (controller) can be scaled to meet the requirements of potentially any environment - small or large networks.

distributed

Match the description to the controller type.

Centralized Controllers = Manage all forwarding devices in the network, single point of failure. Distributed Controllers = Can be scaled to meet the requirements of potentially any environment - small or large networks.

What is a primary advantage of the ONOS distributed architecture?

Provides scale-out performance and fault tolerance. (C)

In ONOS, each switch connects to only one ONOS instance to simplify management.

False (B)

What component is used to maintain the mastership between the switch and the controller in ONOS?

Zookeeper

What is a fundamental goal of P4 (Programming Protocol-independent Packet Processors)?

To configure switches programmatically and act as a general interface between switches and controllers. (B)

The switches using P4 use a programmable ________ and a set of match+action tables to forward packets.

parser

Match the P4 operation with its function:

Configure = Programs the parser and specifies header fields to be processed. Populate = Alters the entries in the match+action tables.

What does the use of Table Dependency Graphs (TDGs) help determine in the context of P4?

The order in which tables can be executed based on header field dependencies. (A)

P4 directly provides programmers with Table Dependency Graphs (TDGs) to manage dependencies.

False (B)

In SDN traffic engineering, what is the main focus?

Optimizing the traffic flow.

Which of the following challenges in existing wireless networks does SDN aim to address?

Management of the limited spectrum, allocation of radio resources and load-balancing. (C)

By using SDN to impose ________ policies on the entry point to the network is one way to enhance security.

security

Match the SDN application area with its focus:

Traffic Engineering = Optimizing traffic flow to minimize power consumption and balance load. Mobility and Wireless = Managing limited spectrum and allocating radio resources in wireless networks. Measurement and Monitoring = Adding new features to networking services and improving existing SDN features. Security and Dependability = Improving network security and detecting anomalies.

How does SDN overcome the limitations of BGP in Internet routing at IXPs?

By matching over various header fields, not only destination prefix. (A)

In a traditional IXP, the layer-2 network is used for exchanging routing information.

False (B)

What programming language does SDX use to write policies to match header fields of the packets and to express actions on the packets?

Pyretic

What does the fwd() function do, according to the text?

Modifies the location of the packet to the location of the corresponding switch. (D)

________ prefer dedicated ASes to handle the high volume of traffic flowing from high bandwidth applications such as YouTube, Netflix.

ISPs

Match the wide area traffic delivery application with its description:

Application specific peering = Directing traffic for specific applications through different paths. Inbound traffic engineering = Controlling how traffic enters a network based on source IP or port. Wide-area server load balancing = Modifying packet headers to balance load across multiple servers. Redirection through middle boxes = Identifying and redirecting desired traffic through a sequence of middleboxes.

Flashcards

Software Defined Networking (SDN)

A networking paradigm that separates the control and data planes to overcome limitations of legacy IP networks.

Control Plane

Handles network traffic and decision-making.

Data Plane

Forwards traffic based on the control plane's decisions.

Network OS (SDN Controller)

Logically centralized controller that implements control logic in SDN

OpenFlow

A programming interface between the SDN controller and the switches, enabling control of data plane elements.

Data Plane (Traditional Networks)

Functions and processes that forward data as packets or frames.

Control Plane (Traditional Networks)

Functions determining the path to use by populating forwarding tables.

Management Plane

Services to monitor and configure control functionality.

SDN Infrastructure

Networking equipment that only forwards packets.

Southbound Interfaces

Interfaces connecting control and forwarding elements in SDN.

Network Virtualization

Aims to provide support for arbitrary network topologies and addressing schemes using existing virtualization constructs.

Network Operating System (NOS)

Logically centralized controller that eases network management and solves networking problems.

Northbound Interfaces

Interfaces mostly defined by software ecosystems.

SDN Infrastructure

Networking equipment forwarding packets in SDN.

Southbound Interfaces

The separating medium between control and data plane functionality.

Core Controller Functions

Essential functionality that all controllers should provide.

Centralized Controllers

Single entity managing all forwarding devices; may have scaling issues.

Distributed Controllers

A scalable network operating system (controller).

ONOS (Open Networking Operating System)

A distributed SDN control platform that provides a global view of the network to the applications, offers scale-out performance and fault tolerance.

ONOS Network View

A global network view built using network topology and state information.

P4 (Programming Protocol-Independent Packet Processors)

A high-level language for configuring switches, working with SDN control protocols.

P4 - Reconfigurability

The parsing and processing of packets.

P4 - Protocol independence

Switches independent of any particular protocol.

P4 - Target Independence

Packet processing programs independent of the underlying devices.

P4 Forwarding Model

Switches using P4.

P4 - Configure

Operations used to program the P4 parser.

P4 - Populate

Operations used to alter entries in the match+action tables.

Traffic engineering

A measurement application focusing on optimizing the traffic flow so as to minimize power consumption, judiciously use network resources, perform load balancing, etc

Mobility and Wireless

SDN eases the deployment and management of wireless networks.

Measurement and Monitoring

Measurement applications that aims to add features to other networking services or improve the existing feature of SDNs using OpenFlow

Security and Dependability

Focus on improving the security of networks.

Data Center Networking

Applications for offering services such as live migration of networks, troubleshooting, real-time monitoring of networks among various other features

Internet Exchange Point (IXP)

A physical location that facilitates interconnection between networks so that they can exchange traffic and BGP routes.

SDX

An SDN-based architecture at IXPs.

Application-Specific Peering

Custom peering rules for certain applications, such as high-bandwidth video applications like Netflix or YouTube which constitute a significant amount of traffic volume.

Traffic Engineering

Controlling the inbound traffic based on source IP or port numbers by setting forwarding rules

Traffic Load Balancing

The destination IP address can be rewritten based on any field in the packet header to balance the load.

Traffic Redirection

Targeted subsets of traffic can be redirected to middleboxes.

Study Notes

Motivation for SDN

• Traditional IP networks faced challenges with increasing complexity and the dynamic nature of networks.
• Network policy implementations necessitated changes down to individual network devices, often via vendor-specific commands and manual configurations.
• Traditional IP networks lacked automatic response mechanisms to dynamic network environment changes.
• Traditional IP networks tightly coupled the control and data planes, making them inflexible.
• Protocol updates in traditional IP networks could take up to 10 years due to the need for changes to propagate to every device across an IP network.
• Software Defined Networking (SDN) aims to overcome legacy IP networking limitations.
• SDN separates the control plane logic from the data plane.
• With SDN, network switches primarily forward traffic, while control logic is in a logically centralized controller or network OS.
• SDN allows for innovation in network reconfiguration policy enforcement.
• Production-level SDNs require a physically distributed control plane for performance, reliability, and scalability, despite the centralized nature of control logic.
• The separation of control and data planes uses a programming interface between the SDN controller and the switches.
• The SDN controller uses an API to control data plane elements; OpenFlow is an example of such an API.
• An OpenFlow switch contains packet handling rules
• Each rule directs how to handle a subset of network traffic (dropping, forwarding, modifying, etc.).
• An OpenFlow switch can act as a firewall, switch, router, load balancer, or traffic shaper, as determined by the controller.
• SDN allows for a separation of concerns between defining networking policies, hardware implementation, and traffic forwarding.
• This separation simplifies networking management and enables innovation through newer networking abstractions.

SDN Advantages

• Traditional computer networks have three planes of functionality:

  • Data plane: Forwards data packets or frames.
  • Control plane: Determines paths using protocols to populate forwarding tables.
  • Management plane: Monitors and configures control functionality (e.g., using SNMP-based tools).

• A network policy defined in the management plane is enforced by the control plane, and executed by the data plane.

• Conventional networks tightly couple the data and control planes, embedding the networking components

• Adding new networking features to conventional networks requires modifying all control plane devices (firmware/hardware upgrades).

• Specialized equipment (middleboxes) such as load balancers, intrusion detection systems and firewalls were introduced to avoid modifying all control plane devices.

• Middleboxes need strategic placement in the network topology, making them difficult to reconfigure.

• SDN decouples the control plane, isolating it as an external entity (SDN controller).

• With SDN, middlebox services can be viewed as SDN controller applications, offering advantages such as:

  • Shared abstractions: Easy programming due to shared abstractions provided by the control platform and network programming languages.
  • Consistent information: All network applications have the same global network view, leading to consistent policy decisions and control plane module reuse.
  • Locality of placement: Middlebox applications can take actions from anywhere in the network.
  • Simpler integration: Networking applications integrate more smoothly (e.g., load balancing and routing).

The SDN Landscape

• The SDN architecture can be decomposed into layers.
• Each layer performs its own functions through different technologies.
• The SDN landscape can be viewed from plane-oriented, SDN layers, and system design perspectives.

SDN Technologies

• Infrastructure: Consists of networking equipment (routers, switches, middlebox hardware).
  • Physical networking equipment are forwarding elements that perform simple forwarding, directed by a centralized control system.
  • Examples: OpenFlow switches like SwitchLight, Open vSwitch, Pica8, etc.
• Southbound interfaces: Act as connecting bridges between control and forwarding elements.
  • These APIs are tightly coupled with the forwarding elements of the underlying physical or virtual infrastructure.
  • Examples: OpenFlow, ForCES, OVSDB, POF, OpFlex, OpenStack, etc.
• Network virtualization: Provides support for arbitrary network topologies and addressing schemes.
  • Existing virtualization constructs (VLAN, NAT, MPLS) require box-by-box configuration without a unifying abstraction.
  • Advancements: VxLAN, NVGRE, FlowVisor, FlowN, NVP.
• Network operating systems (NOS): Ease network management by using a logically centralized controller.
  • Provide abstractions, essential services, and common APIs to developers.
  • Examples: OpenDayLight, OpenContrail, Onix, Beacon, HP VAN SDN.
• Northbound interfaces: Software ecosystems that guarantee programming language and controller independence.
  • Examples: Floodlight, Trema, NOX, Onix, SFNet.
• Language-based virtualization: Expresses modularity and abstraction, allowing different views of a single physical device.
  • Examples: Pyretic, libNetVirt, AutoSlice, RadioVisor, OpenVirteX, etc.
• Network programming languages: Achieve network programmability using low-level or high-level languages.
  • High-level languages offer abstractions, modularity, reusable code, and faster development.
  • Examples: Pyretic, Frenetic, Merlin, Nettle, Procera, FML, etc.
• Network applications: Implement control plane logic and translate to commands in the data plane.
  • Wide variety of applications include routing, load balancing, security enforcement, QoS enforcement, power consumption reduction, network virtualization, mobility management, etc.
  • Examples: Hedera, Aster*x, OSP, OpenQoS, Pronto, Plug-N-Serve, SIMPLE, FAMS, FlowSense, OpenTCP, NetGraph, FortNOX, FlowNAC, VAVE, etc.

SDN Infrastructure Layer

• SDN infrastructure includes networking equipment performing simple forwarding tasks, without embedded intelligence or control.

• Network intelligence is delegated to a logically centralized Network Operating System (NOS).

• SDN networks are built on open and standard interfaces for configuration and communication compatibility.

• These networks dynamically program heterogeneous devices as forwarding devices.

• A data plane device forwards packets, while a controller is software running on commodity hardware.

• OpenFlow is the most widely accepted design of SDN data plane devices.

• An OpenFlow device uses a pipeline of flow tables, where each entry includes:

  • Matching rule
  • Actions to be executed on matching packets
  • Counters for statistics of matching packets

• Other specifications: Protocol-Oblivious Forwarding (POF) and Negotiable Datapath Models (NDMs).

• In an OpenFlow device, packet lookup starts in the first table and ends with a match or a miss.

• Possible actions for a packet include:

  • Forwarding to outgoing port
  • Encapsulating and forwarding to controller
  • Dropping the packet
  • Sending to normal processing pipeline
  • Sending to next flow table

SDN Southbound Interfaces

• Southbound interfaces (APIs) separate the control plane and data plane functionality.

• API proposals like OpenFlow promote interoperability and vendor-agnostic devices.

• OpenFlow is the most widely accepted southbound standard for SDNs.

• OpenFlow provides specifications for OpenFlow-enabled forwarding devices and communication between data and control plane devices.

• OpenFlow protocol provides three information sources:

  • Event-based messages from forwarding devices to the controller for link or port changes
  • Flow statistics generated by forwarding devices and collected by the controller
  • Packet messages sent to the controller when the forwarding device doesn't know how to handle a new flow

• These channels provide flow-level information to the Network Operating System (NOS).

• Other API proposals: ForCES, OVSDB, POF, OpFlex, OpenState, etc.

• ForCES provides a flexible approach to network management without a logically centralized controller.

• OVSDB acts complementary to OpenFlow or Open vSwitch.

• It allows control elements to create vSwitch instances, set QoS policies, attach interfaces, configure tunnel interfaces, manage queues, and collect statistics.

SDN Controllers: Centralized vs Distributed

• Traditional networks use low-level, device-specific instruction sets and proprietary network operating systems, challenging device-agnostic developments.
• SDN offers a logically centralized control through a controller.
• A controller is a key element in SDN, supporting control logic to generate network configurations based on operator-defined policies.
• Base network service functions are essential for all controllers:
  • Topology
  • Statistics
  • Notifications
  • Device management
  • Shortest path forwarding
  • Security mechanisms
• SDN Controllers can be categorized based on centralized or distributed architecture:
  • Centralized controllers:
    • Typically a single entity that manages all forwarding devices in the network
    • Can have issues with scaling and single point of failure
    • Architectures like Maestro, Beacon, NOX-MT use multi-threaded designs
    • Controllers such as Rosemary offer specific functionality and guarantees security and isolation of applications via a container based architecture called micro-NOS
  • Distributed controllers:
    • Can be scaled to meet the requirements of any environment
    • Distribution can occur in two ways: a centralized cluster of nodes or a physically distributed set of elements
    • Properties of distributed controllers include weak consistency semantics and fault tolerance

An Example Controller: ONOS

• ONOS (Open Networking Operating System) is a distributed SDN control platform.
• Aims to provide a global view of the network to applications, scale-out performance, and fault tolerance.
• The prototype was built based on Floodlight, an open-source single-instance SDN controller.
• With ONOS' distributed architecture, multiple ONOS instances run in a cluster.
• Management and sharing of the network state are achieved by maintaining a global network view.
• This view is built using network topology and state information discovered by each instance.
• Applications consume information from the view and update decisions back to the view.
• An OpenFlow manager receives the changes from the applications and programs appropriate switches.
• Titan (graph database) and Cassandra (distributed key value store) are used to implement the view.
• Applications interact with the network view using the Blueprints graph API.
• ONOS redistributes the work of a failed instance to other remaining instances when an instances fails.
• Each switch in the network connects to multiple ONOS instances, with only one acting as its master.
• Each ONOS instance acts as a master for a subset of switches.
• Upon failure of an ONOS instance, an election is held on a consensus basis to choose a master.
• Zookeeper is used to maintain mastership between the switch and the controller.

Programming the Data Plane: The Motivation

• P4 (Programming Protocol-independent Packet Processors) is a high-level programming language to configure switches, working with SDN control protocols.

• P4 enables the control plane to manage devices from different vendors.

• P4 provides an extensible, flexible approach to parse packets and match header fields, while exposing an open interface to controllers.

• P4 acts as a general interface between switches and the controller, allowing the controller to define how switches operate.

• The primary goals of P4 are:

  • Reconfigurability: The controller should be able to modify how packets are parsed and processed in switches.
  • Protocol independence: The controller defines a packet parser and match+action tables, enabling switches to be independent of any particular protocol.
  • Target independence: Packet processing programs should be independent of underlying target devices.

• Generalized programs written in P4 should be converted into target-dependent programs by a compiler.

Programming the Data Plane: P4's Forwarding Model

• Switches using P4 use a programmable parser and match+action tables to forward packets.

• The tables can be accessed in multiple stages in a series or parallel manner.

• The P4 model allows generalization of packet processing across various forwarding devices (routers, load balancers, etc.).

• A compiler maps these programs to different forwarding devices.

• Two main operations of the P4 forwarding model are:

  • Configure: Programming the parser, specifying header fields, and defining the order of stages.
  • Populate: Altering entries in the match+action tables specified during configuration, including adding and deleting entries.

• Configuration determines packet processing and supported protocols, while population decides policies applied to packets.

An Introduction To The P4 Programming Language

• P4 is a packet processing language that defines the configuration of a switch and the processing of a packet.
• P4 characteristics include:
  • Legal header types are declared for the parser to be aware of possible packet formats.
  • A control flow program uses declared header types and a set of actions to specify how headers are processed.
  • Table Dependency Graphs (TDGs) identify dependencies between header fields.
  • Tables with no dependencies may be executed in parallel.
• The control flow logic to process packets is written using P4, transformed to TDGs using a compiler and mapped to a specific target switch.

SDN Applications: Overview

• Traffic Engineering
  • Optimizing traffic flow to minimize power consumption, use network resources judiciously, and perform load balancing.
  • Power consumption can be reduced with optimization algorithms and monitoring of the data plane load.
  • ElasticTree identifies and shuts down specific links and devices depending on traffic load.
  • Load balancing applications (Plug-n-Serve, Aster*x) achieve scalability using wildcard patterns.
  • SDN automates router configuration to reduce routing table growth.
  • Providers use SDN to scale traffic optimization dynamically (e.g., ALTO VPN enables provision of VPNs in cloud infrastructure).
• Mobility and Wireless
  • Wireless networks face challenges including management of the limited spectrum, allocation of radio resources, and load-balancing.
  • SDN simplifies the deployment and management of various wireless networks (WLANS, cellular networks).
  • SDN-based wireless networks offer on-demand virtual access points (VAPs), dynamic spectrum usage, wireless infrastructure sharing, etc.
  • OpenRadio decouples wireless protocols from underlying hardware by providing an abstraction layer.
  • Light virtual access points (LVAPs) offer one-to-one mapping between LVAPs and clients.
  • Applications, such as Odin, provide features such as mobility management, channel selection algorithms, etc.
  • A user can move between APs without lag as the mobility manager automatically moves the client LVAP to a different AP.
• Measurement and Monitoring
  • Applications add features to other networking services.
  • SDN-based broadband connections enable systems to respond to network conditions.
  • Applications improve existing SDN features using OpenFlow
  • Sampling and estimation techniques are used to reduce the control plane load from data plane statistics.
  • OpenSketch is a southbound API for flexible network measurements.
  • OpenSample and PayLess are examples of monitoring frameworks.
• Security and Dependability
  • Applications focus on improving network security.
  • Security policies are can be imposed on network entry points.
  • Programmable devices enforce security policies on a wider network.
  • An SDN application named, DDoS detection, identifies and mitigates DDoS flooding attacks by leveraging timely network information.
  • SDN also detects traffic anomalies, mutates IP addresses of hosts to fake dynamic IPs (OF-RHM), and monitors cloud infrastructures (CloudWatcher).
• Data Center Networking
  • SDN offers services such as live migration of networks, troubleshooting, real-time monitoring, etc.
  • SDN applications can help detect anomalous behavior in data centers.
  • SDN can create different models build application signatures from network device information.
  • Anomalies are identified, and measures can be taken.
  • SDN performs dynamic reconfigurations of virtual networks during live virtual network migrations.
  • LIME provides live migration.
  • FlowDiff detects abnormalities.

SDN Applications: Internet Exchange Points (IXPs)

• SDN improves IXP operation.

• Internet routing is handled through Border Gateway Protocol (BGP).

• BGP's limitations include routing only on destination IP prefix and limited control over end-to-end paths.

• SDN can perform multiple actions on traffic by matching over various header fields.

• An Internet Exchange Point (IXP) facilitates interconnection between networks for traffic exchange and BGP routes.

• SDX enables multiple applications:

  • Application specific peering
  • Traffic engineering
  • Traffic load balancing
  • Traffic redirection through middleboxes

• In SDX architecture, each AS has a virtual SDN switch that connects its border router to every other participant AS.

• Each AS defines forwarding policies without influencing how others forward packets.

• Each AS can drop, modify, or forward traffic using SDN applications.

• Policies can differ based on traffic direction (inbound or outbound).

• SDX combines policies from multiple participants into a single policy for the physical switch.

• SDX uses the Pyretic language to match packet header fields and express actions.

• In application-specific peering, a network can forward HTTP traffic to one AS and HTTPS traffic to another

• This is expressed using the match statement.

SDN Applications: Wide Area Traffic Delivery

• Application specific peering: ISPs can direct high application traffic flows (YouTube, Netflix) to dedicated ASes.
• Inbound traffic engineering: SDN enables forwarding rules based on the source IP address and source port of the packets, enabling an AS to control how traffic enters its network.
• Wide-area server load balancing: Can be achieved via the SDX, as it supports the modification of packet headers. An IP address can be assigned to a service, and the destination IP addresses of packets can be modified at the exchange point to balance the request load amongst the backend servers.
• Redirection through middle boxes can be achieved via SDX to overcome challenges in existing approaches to using middleboxes (firewalls, load balancers, etc):
  • SDX can identify and redirect desired traffic through a sequence of middleboxes.