Software Defined Networking (SDN)

Questions and Answers

Which of the following is a primary motivation for the development of Software Defined Networking (SDN)?

• To reduce the number of network devices required in a traditional IP network
• To increase the complexity of network management for better security
• To promote vendor-specific network solutions
• To enable automatic response mechanisms to dynamic network environment changes (correct)

In traditional IP networks, what is a key characteristic of the architecture that SDN seeks to address?

• Tightly coupled architecture of control and data planes, limiting flexibility (correct)
• Logically centralized control for easier management
• Standardized interfaces for seamless interoperability
• Decoupled control and data planes for greater flexibility

What is the role of the SDN controller regarding the data plane elements?

• The SDN controller is bypassed by the data plane in order to achieve higher speeds.
• The SDN controller is only used during the initial setup, and has no effect at runtime.
• The SDN controller directly controls the data plane elements through a programming interface. (correct)
• The SDN controller acts only as a monitoring tool, without directly affecting the data plane.

In the context of network functionality, which plane is responsible for determining the path data should take?

Control plane (A)

What is the purpose of the management plane in computer networks?

To monitor and configure the control functionality (C)

What is a key advantage of software-defined networks (SDN) compared to conventional networks regarding middlebox functionality?

SDN decouples the control plane, allowing middlebox services to be viewed as SDN controller applications. (B)

Which of the following is a benefit of SDN due to its centralized control and shared abstractions?

Smoother integration of networking applications (B)

Which of the following best describes the infrastructure layer in SDN?

A layer comprised of networking equipment (routers, switches) performing simple forwarding tasks. (B)

What critical role do southbound interfaces play in Software Defined Networking (SDN)?

They represent the separating medium between the control and data plane functionality. (D)

Which of the following is the most widely accepted southbound standard for SDNs?

OpenFlow (C)

What is a key characteristic of centralized SDN controllers?

Management of all forwarding devices by a single entity (D)

Which characteristic is commonly associated with distributed SDN controllers?

Weak consistency semantics (A)

What is the role of ZooKeeper in the ONOS architecture?

To maintain the mastership between the switch and the controller (D)

What is the primary goal of P4 (Programming Protocol-independent Packet Processors) in the context of SDN?

To provide a high-level programming language for configuring switches (A)

How does P4 contrast with OpenFlow in terms of packet processing?

P4 uses a programmable parser and a set of match+action tables to forward packets. (C)

What is the purpose of Table Dependency Graphs (TDGs) in the context of P4 and SDN?

To help determine the order in which tables can be executed based on header field dependencies. (A)

What is a key focus area of SDN applications in the realm of traffic engineering?

Optimizing traffic flow to minimize power consumption and judiciously use resources (A)

How does the deployment of SDN-based wireless networks facilitate mobility for users?

By enabling users to move between APs without visible lag (D)

In the context of SDN, what is one approach to enhance network security?

Imposing security policies at the entry point to the network (D)

What is a limitation of traditional BGP routing that SDX aims to address?

Routing decisions based only on the destination IP prefix (C)

Flashcards

Software Defined Networking

SDN separates the control plane (handles traffic) from the data plane (forwards traffic), centralizing control logic.

Tightly Coupled Architecture

Traditional networks bundle control and data planes, leading to inflexibility and slow updates.

SDN Principles

SDN allows network control to be viewed as manageable pieces, enabling simplified management and innovation.

Control Plane

Enforces network policy and forwards data.

Data Plane

Directs data packets and frames.

Management Plane

Monitors and configures control functionality.

Software-defined networks

SDN decouples the control plane as an external entity (SDN controller).

Southbound interfaces

These are interfaces that connect networking and forwarding elements, crucial for separating control and data plane functionality.

Network operating systems

It eases network management and solves networking problems by using a logically centralized controller by way of a network operating system (NOS).

Network Applications

They are the way to implement the control plane logic and translate to commands in the data plane. SDNs can be deployed on traditional networks.

SDN infrastructure

It consists of routers, switches and appliance software performing simple forwarding tasks.

Controller

A controller is a critical element in an SDN architecture as it is the key supporting piece for control logic (applications) to generate network configuration based on the policies defined by the network operator.

P4

P4 is used to configure the switch programmatically and acts as a general interface between the switches and the controller with its main aim of allowing the controller to define how the switches operate.

SDN

SDN can perform multiple actions on the traffic by matching over various header fields, not only by matching on the destination prefix.

IXP

It's were participant ASes connect their BGP-speaking border router to a shared layer-two network and a BGP route server.

SDX

SDX uses the Pyretic language to match header fields of the packets and to express actions on the packets.

Application specific peering

Custom peering rules can be installed for certain applications, such as high-bandwidth video applications like Netflix or Youtube which constitute a significant amount of traffic volume.

Inbound traffic rules

Controlling the inbound traffic based on source IP or port numbers can be achieved by setting forwarding rules.

Wide area load balancing

The destination IP address can be rewritten based on any field in the packet header to balance the load

Middle boxes

Targeted subsets of traffic can be redirected to middleboxes.

Study Notes

• Several challenges became pronounced as IP networks became more adopted:
• Handling complexity and the dynamic nature of networks
• Tightly coupled architecture, making flexibility difficult
• Software Defined Networking (SDN) attempts to overcome the limitations of the legacy IP networking paradigm.
• Separation of control logic from the data plane is key.
• Network switches simply forward, and control logic is in a logically centralized controller.
• Allows innovation in network reconfiguration and policy enforcement.
• Production-level SDNs need a physically distributed control plane for performance, reliability, and scalability.
• Achieved by using a programming interface between the SDN controller and the switches.
• SDN principles allow separation of concerns between networking policies, their hardware implementation, and traffic forwarding.
• Newer networking abstractions & simplifying network management enable innovation.
• Traditional computer networks have three abstract logical planes of functionality:
• Data plane: Forwards data in packets or frames.
• Control plane: Determines which path to use.
• Management plane: Monitors and configures the control functionality via tools like SNMP.
• Conventional networks have tightly coupled data and control planes.
• New features require modifying all control plane devices like installing new firmware/hardware.
• Specialized equipment called "middleboxes" for functions like load balancers, intrusion detection, and firewalls but are hard to reconfigure.
• Since SDN decouples the control plane, middle box services can be viewed as an SDN controller application with several advantages:
• Shared abstractions.
• Consistency of network information.
• Locality of functionality placement.
• Simpler integration.
• The SDN landscape can be decomposed into layers. Each layer has its own functions through different technologies.
• SDN Infrastructure consists of networking equipment (routers, switches, middlebox hardware).
• Equipment are merely forwarding elements, operated by a centralized control system.
• OpenFlow (software) switches are examples include SwitchLight, Open vSwitch, and Pica8.
• Southbound interfaces act as connecting bridges between connecting and forwarding elements also control and data planes.
• They are coupled with the forwarding elements of the underlying physical or virtual infrastructure.
• Most popular is OpenFlow, with others like ForCES, OVSDB, POF, OpFlex, OpenState, etc.
• For complete network virtualization, network infrastructure needs to support arbitrary network topologies and addressing schemes.
• New advancements in SDN network virtualization such as VXLAN, NVGRE, FlowVisor, FlowN, and NVP.
• Network operating systems (NOS) ease network management and solve problems with a logically centralized controller.

Network Operating Systems (NOS)

• A NOS provides abstractions, essential services, and common APIs.
• Examples of NOSs are OpenDayLight, OpenContrail, Onix, Beacon and HP VAN SDN.
• Northbound interfaces are the other core abstraction to Southbound interfaces.
• Standard for Northbound interface is still an open problem and so are its use cases.
• Requires abstraction that guarantees programming language and controller independence.
• Examples are Floodlight, Trema, NOX, Onix and SFNet.
• Language-Based virtualization expresses modularity and many levels of abstraction.
• Takes complexity away from application developers without compromising security.
• Examples are Pyretic, libNetVirt, AutoSlice, RadioVisor, OpenVirteX, etc.
• Network programmability can be achieved using low-level or high-level programming languages.
• Higher-level languages provide abstractions, are more modular, code, more reusable in control plane.
• Examples are Pyretic, Frenetic, Merlin, Nettle, Procera, and FML.
• Network applications implement control plane logic and translate to commands in the data plane.
• SDN applications are routing, load balancing, security enforcement, end-to-end QoS power consumption reduction.
• Some well-known solutions are Hedera, Aster*x, OSP, OpenQoS, Pronto, Plug-N-Serve, SIMPLE, FAMS, FlowSense, OpenTCP, NetGraph, FortNOX, FlowNAC, and VAVE.
• SDN infrastructure includes networking equipment, physical devices that do not have embedded intelligence or control.
• Networks are built on top of open/standard interfaces that ensure configuration.
• The SDN architecture device forwards packets and a controller is a software stack.
• A model derived from OpenFlow is widely accepted for SDN data plane devices including:
  • A matching rule.
  • Actions to be executed.
  • Counters.
• Other SDN-enabled forwarding include Protocol-Oblivious Forwarding (POF) and Negotiable Datapath Models (NDMs).
• In an OpenFlow device, when a packet arrives, the process starts in the first table until it either matches or misses. Some actions include:
• Forward the packet.
• Encapsulate the packet and forward it to controller
• Drop the packet
• Send the packet to normal processing pipeline
• Send the packet to next flow table
• Southbound interfaces or APIs provide the medium the control and data plane work.
• An API, proposals like OpenFlow have received reception, because they promote interoperability of vendor-agnostic devices.
• Currently, OpenFlow is widely accepted for SDNs and provides specification to implement devices, along with communication channel between data and control plane.
• There are three information sources from OpenFlow protocol.
• Event-based messages sent by forwarding devices to controller when there is a link or port change.
• Flow statistics are generated by forwarding devices and collected by controller.
• Packet messages are sent by forwarding devices to controller when they do not know what to do with a new flow.

Southbound Interfaces and SDN

• Despite OpenFlow, there are API proposals such as ForCES, OVSDB, POF, OpFlex, OpenState, etc.
• ForCES provides flexible approach to traditional network management while not needing a logically centralized controller and the control and data planes can be kept on the same network element.
• OVSDB is a complement to OpenFlow or Open vSwitch and allows control elements to create multiple vSwitch instances and set QoS.
• Controllers solve the challenge of device-agnostic developments and abstraction through means of a logically centralized control.
• SDN Controllers can be categorized based on centralized or distributed architecture.
• Centralized controllers use a single entity to manage all forwarding devices in the network. However these have issues.
• Some enterprise networks and data centers use architectures, such as Maestro, Beacon, and NOX-MT. Additionally, Multi-threaded designs are used to explore how multi-core computer architectures handle the load.
• Single controller architectures such as Trema, and Ryu NOS target environments such as data centers, cloud infras.
• Single controller Rosemary offer specific functionality, guarantees security and application isolation by using a container based architecture called micro-NOS.
• Unlike single controller architectures a distributed network controller can be scaled to meet network requirements of small or large networks.
• Distribution has two forms:
• Centralized cluster of nodes or physically distributed set of elements.
• Cloud providers which run multiple data centers interconnected by a WAN may require a hybrid approach.
• Properties of distributed controllers:
• Weak consistency semantics
• Fault tolerance
• Open Networking System (ONOS) aims to provide a global view, scale-out performance and fault tolerance.
• Was built on Floodlight, an open-source single-instance SDN controller.
• Several ONOS instances run in a cluster, which share network state for a global network view.
• OpenFlow managers receive changes the applications make to the view, and the switches are programmed.
• Titan (graph database) and Cassandra (distributed key value store) is used to implement the view using a Blueprints graph API.
• Each ONOS instance serves as the master OpenFlow controller and in case of failure, ONOS redistributes any other remaining instances.
• Each switch connect to multiple ONOS instances and upon failure an election is held to choose a master for each of the switches.
• Zoopkeeper is used to maintain the mastership between the switch and the controller.
• P4 (Programming Protocol-independent Packet Processors) is a high-level programming language to configure switches in conjunction with SDN control protocols to better expose a switch's functionalities to the controller.
• P4 is used to configure the switch programmatically and acts as a general interface between the switches & controller.
• Primary goals of P4:
• Reconfigurability: The way parsing and processing of packets in the switches should be modifiable by the controller.
• Protocol independence: Enables switches to be independent of protocols & the controller defines a packet parser.
• Target independence: Programs written in P4 should be converted into target-dependent programs by a compiler.

P4 Packet Programming Overview

• The switches using P4 use a programmable parser and a set of match+action tables to forward packets.
• Tables can be accessed in multiple stages contrasting OpenFlow, which supports only fixed parsers.
• The P4 model enables packet processing across various forwarding devices such as routers, load balancers, NPUs, etc.
• Operations of the P4 forwarding model:
• Configure: Program the parser by specifying the header fields to be processed in each match+action stage, and defining the order of these stages.
• Populate: Alter the entries in the match+action tables specified during configuration.
• Configuration determines packet processing and the supported protocols, population decides the policies to be applied.
• P4 is one such packet processing language where:
• Legal header types are declared and allow the parser is aware of the possible packet formats.
• A control flow program uses the declared header types and a set of actions to specify processing of the headers.
• Table Dependency Graphs (TDGs) are used to identify the dependencies between the header fields and help determine the order in which the tables can be executed.
• P4 programming language is used to address the dependency issues and it is fed into a compiler for dependency analysis by translating those results in TDG logic.

Traffic Engineering

• The major applications areas of SDN are overviewed.
• Interest in optimizing traffic flow to reduce power consumption, use network resources and perform load balancing.
• Monitoring plane load via southbound interfaces.
• ElasticTree (identifies and shuts down links and devices).
• Plug-n-Serve and Aster*x (achieves scalability by handling of large numbers of requests).
• Automate management of router configuration to reduce the growth with reducing routing tables so information does not duplicate.
• SDN optimizes traffic at scale using dynamic provisioning of VPNs in cloud infrastructure (ALTO VPN)
• Existing wireless networks face challenges and some wireless networks (WLANS, cellular networks) and management are made easier using SDN.
• Wireless networks give on-demand virtual access points (VAPs), dynamic usage of spectrum and sharing of wireless infrastructure.
• OpenRadio enables decoupling of the wireless protocols from the underlying hardware by providing an abstraction layer.
• Virtual access points (LVAPs) give managing wireless networks by mapping of LVAPs and clients and the Odin framework uses these functions to allow users to seamlessly move between APs.
• Application aims to add features to other networking services. New functions can be added to systems such as BISmark which enables detection/response in network conditions.
• These applications improve the existing features of SDNs using OpenFlow which reduces the load arising from collection of data plane statistics.
• OpenSketch (southbound API). Some examples include:
• OpenSample and PayLess (monitoring frameworks).
• Improves the security of networks.
• Uses devices and enforcement policies on networks and DDoS mitigation from information collected.
• Detection of anomalies and monitor traffic through the cloud.

Data Center Networking and SDX Infrastructure

• SDN is for detecting anomalies and has many applications for live migrations etc.
• Example of "Software Defined Internet Exchange"
• SDN improve the operation of an IXP.
• Used for the routing of packets across the Internet through the Boarder Gateway Protocol (BGP).
• The main limitations of the BGP are:
• Routing on destination IP prefix - The route is the destination of the incoming packet and can not be customized for the traffic.
• Networks have control end-to-end with indirect mechanisms.
• Using SDN Researchers propose addressing BGP.
• Conduct actions by matching over various header fields.
• SDN, physical location. Facilitates exchanges where researchers have proposed an SDN. SDX applications were proposed to implement including:
• Custom Peering
• Traffic inbound is on source forward. Destination rewrites. Target traffic.

SDX infrastructure and Applications

• In SDX, Each AS can define forwarding policies by simply assuming it's the only participant at the SDX but it does not influence others virtual switches.
• Policies can also be different based on the direction of the traffic in and out to the virtual switch and also from the virtual switch data from other participants
• Example A and B's traffic as expressed in match statements
• Wide Application; Traffic Delivery addresses the need to improve application to multiple areas that need delivery improvements:
• ISPS prefer dedicated ASes.
• SDN enables packets to be defined to enable and control the traffic to its destination for custom reasons.
• The existing approaches using DNS is a lower server, but is caching responses are cases of failures can be improved by using SDN that supports the modification of DNS with a 100% success rate. Addressed the challenges and existing approaches use the placements of the middle boxes and is targeted to direct those services to a sequence of middle boxes.