Scribd
Upload
75 views80 pages

90440-Introduction To SDN - Part 1

This document provides an introduction to software defined networking (SDN). It begins with an overview of SDN and how it separates the control plane and data plane in network devices, unlike the traditional networking paradigm. It then discusses the origins of SDN from the Stanford Clean Slate project and how this led to the development of OpenFlow. OpenFlow is described as a communications protocol that gives access to the forwarding plane of a network switch or router. The key components of OpenFlow and SDN are the OpenFlow controller and its northbound API to enable applications to request services from the network.

Uploaded by

Harry Wijaya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views80 pages

90440-Introduction To SDN - Part 1

This document provides an introduction to software defined networking (SDN). It begins with an overview of SDN and how it separates the control plane and data plane in network devices, unlike the traditional networking paradigm. It then discusses the origins of SDN from the Stanford Clean Slate project and how this led to the development of OpenFlow. OpenFlow is described as a communications protocol that gives access to the forwarding plane of a network switch or router. The key components of OpenFlow and SDN are the OpenFlow controller and its northbound API to enable applications to request services from the network.

Uploaded by

Harry Wijaya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 80

Introduc+on

 to  So8ware  Defined  Networking  


Robert  Yee,  CCIE  11716  
Cisco  Systems  Engineer  
October  2013  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Spoiler  Alert  
This  presenta,on  presumes  NO  knowledge  of  SDN  on  behalf  of  the  reader  and  wil
provide  both  a  high  level  overview  and  (in  certain  cases)  a  detailed  level  of  differen
SDN  concepts,  technologies  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


SDN  Focus  
This  presenta,on  focuses  predominantly  on  the  Enterprise  customer  set,  both  for
Campus  and  Data  Center  networks.    
 
It  does  not  take  into  considera,on  the  SDN  technologies  or  companies  that  are  
driving  the  Service  Provider  market.  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Agenda  
Broad  Overview  of  SDN  
A  quick  look  at  the  Industry  
Cisco’s  SDN  Strategy  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


e  network  paradigm  as  we  know  it…  

Control  and  Data  Plane  resides  within  Physical  Device  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Control  Plane  and  Data  Plane  
Two  fundamental  terms  to  begin  understanding  the  concepts  around  SDN  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Over  the  years…  
this  network  paradigm  has  
remained  mostly  intact…    

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Something  
happened,  thoug
on  July  23,  2012
that  challenged  th
paradigm…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


$1.05  Billion  Cash  
+  $210  Million  in  stock  

+  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
and  since  then…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


SDN  gained  massive  industry  mindshare  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
What  is  SDN?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


WORKWORLD
revolution or Google  revamps  networks
ution: Impact
e IT manager SDN with  OpenFlow  

a Networks Evolving SDN:


poses yet tackling strategic,
ther software- technology, and
ned option for operational
data center” challenges
Deutsche  Bank  Research  Note  
We share a more pragmatic view, noting Cisco (for
example) is likely to view SDN as a TAM expansion
opportunity…

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


What  is  SDN?   (per  Wikipedia  defini+on)  

o=ware  defined  networking  (SDN)  is  an  approac


to  building  computer  networks  that  separates  and
abstracts  elements  of  these  systems  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
In  other  words…  
 
In  the  SDN  paradigm,  not  all  
processing  happens  inside  the  sam
device  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Where  did  this  SDN  “thing”  come  from?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Stanford  University  –  Clean  Slate  Project  
 

“…explore  what  kind  of  Internet  we  would  design  if  we  were  to  start  with  a  clean  
slate  and  20-­‐30  years  of  hindsight.”  
hbp://cleanslate.stanford.edu/  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
You  might  have  no+ced  the  Cisco  Logo  on  the  web  page  
 

Cisco  provided  some  equipment  early  in  the  cycle  to  the  research  team  
Namely  a  Catalyst  6500  and  3750  upon  which  some  of  the  early  work  was  done…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


…  Clean  Slate  led  to  the  development  of…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


What  is  Openflow? (per  Wikipedia  defini+on)  

penFlow  is  a  Layer  2  communica+ons  protocol  th


gives  access  to  the  forwarding  plane  of  a  network
switch  or  router  over  the  network  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Four  parts  
to  Openflow  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Central  Administra,on
and  Opera,ons  
point  for  
Network  Elements  

penflow  Controller  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Northbound  API  
Integral  part  of  Controll
 
“Network  enabled”  applica,on  c
make  use  of  Northbound  API  t
request  services  from  the  networ

penflow  Controller  |  Northbound  API  


Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Agent  runs  on  the  netwo
device  
 
Agent  receives  instruc,o
from  Controller  
 
Agent  programs  device
tables  
penflow  Device  Agent  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Openflow  Protocol  is…
 
“A  mechanism  for  the  Openfl
Controller  to  communicate  w
Openflow  Agents…”  

penflow  Protocol  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
First  lesson  for  today…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Openflow  does  not  equal  SDN  

Openflow  

So8ware  
Defined  
Networking  

Openflow  is  one  flavor  of  SDN  


Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Google  have  been  using  Openflow  to  drive  their  
Wide  Area  Network  since  January  2011  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Urs  Holzle,  Senior  Vice  President  of  Technology  Infrastructure  at  Google  
speaking  in  a  keynote  at  the    
second  annual  Open  Networking  Summit  (April  2012)  
hWp://www.ee,mes.com/electronics-­‐news/4371179/Google-­‐describes-­‐its-­‐OpenFlow-­‐network  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Now  for  more  on…  
Openflow  Controller
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
xamples  of  Openflow  Open  Source  Controller
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Openflow  Protoco
in  more  detail  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Openflow  Protocol  Versions  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Openflow  1.0  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


ming  packet  arrive  at  Switch  

OPENFLOW  CONTROLLER  

Switch   FLOW  
CPU  
TABLE  **  

Data   Data   Data   SWITCH  FORWARDING  


ENGINE  

**Openflow  1.0  supports  a  lookup  into  a  single  flow  table  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


ds  from  packet  header  used  for  lookup  key  

Header  fields  used  to  build  lookup  key  


Lookup  Key  

Switch   FLOW  
CPU  
TABLE  **  

Data   Data   Data   SWITCH  FORWARDING  


ENGINE  

**Openflow  1.0  supports  a  lookup  into  a  single  flow  table  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


o  match,  Controller  programs  switch  flow  table  

OPENFLOW  CONTROLLER  

Switch   FLOW  
CPU  
TABLE  

Data   Data   Data   SWITCH  FORWARDING  


ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


warding  Engine  forwards  packets  

OPENFLOW  CONTROLLER  

Switch   FLOW  
CPU  
TABLE  **  

SWITCH  FORWARDING   Data  


ENGINE  

**Openflow  1.0  supports  a  lookup  into  a  single  flow  table  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


w  Table  in  more  detail…    

FLOW  TABLE  
HEADER  FIELDS   COUNTERS   ACTIONS  

…   …   …   FLOW  ENT

…   …   …  

Flow  “Entry”  consists  of  one  row  in  the  Flow  Table  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


w  Table  in  more  detail…    

FLOW  TABLE  
HEADER  FIELDS   COUNTERS   ACTIONS  

…   …   …  

…   …   …  

HEADER  FIELDS  

Ingress   Source   Dest   Ether   VLAN   VLAN   IP   IP   IP   IP   TCP/UDP   TCP/UDP  


Port   MAC   MAC   Type   ID   Priority   SRC   DEST   Protocol   TOS   SRC   DEST  

1   2   3   4   5   6   7   8   9   10   11   12  

This  is  the  “Famous”  Openflow  12  Tuple  


Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
w  Table  in  more  detail…    

FLOW  TABLE  
HEADER  FIELDS   COUNTERS   ACTIONS   Per  Port
Received  Packets  
…   …   …  
Transmit  Packets  

…   …   …   Received  Bytes  
Transmit  Bytes  
Received  Drops  
Transmit  Drops  
Received  Errors  
Per  Table   Per  Flow   Per  Queue  
Transmit  Errors  
Ac+ve  Entries   32  Bits   Received  Packets   64  Bits   Transmit  Packets   64  Bits  
Received  Frame  
Packet  Lookups   64  Bits   Received  Bytes   64  Bits   Transmit  Bytes   64  Bits   Alignment  Errors  
Packet  Matches   64  Bits   Dura+on  (seconds)   32  Bits   TX  Overrun  Errors   64  Bits   RX  Overrun  Errors  
Dura+on  (nanoseconds)   32  Bits   RX  CRC  Errors  
Collisions  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


w  Table  in  more  detail…    

FLOW  TABLE  
HEADER  FIELDS   COUNTERS   ACTIONS  

…   …   …  

…   …   …  

Mul+ple  Ac+ons  available  to  be  


programmed  
Let  us  explore  those  in  more  detail…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Forward  out  all  po


Packet   except  input  por
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

2
FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Redirect  to  Openfl


Packet   Controller  
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Forward  to  local  C


3
Packet  
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Perform  ac+on  in  F


4
Packet   Table  
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Forward  to  Input  P


Packet  
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Forward  to  Des+na+


Packet   Port  
SWITCH  FORWARDING  
ENGINE   6

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER  

FLOW  
Required  Ac+on  #
CPU  
TABLE    
Switch  

Drop  Packet  
Packet  
SWITCH  FORWARDING  
ENGINE  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


uired  Ac+ons  Supported  by  “Openflow  1.0”  Switch  

OPENFLOW  CONTROLLER   Required  Ac+ons


Forward  out  all  p
1  
except  input  po

2 Redirect  to  Open


2  
Controller  
FLOW  
CPU   Forward  to  loc
TABLE   3  
Switch  

Forwarding  Stack  
Perform  ac+on  in
4  
4 3 table  

5   Forward  to  input


SWITCH  FORWARDING  
5 ENGINE   6 Forward  to  des+n
6  
port  

7   Drop  Packet

1 7

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Openflow  1.1  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Provides  addi+onal  
methods  for  
forwarding  
i.e.  broadcast/ OPENFLOW  CONTROLLER  
mul+cast  

GROUP  
TABLE  
Switch  
FLOW   FLOW   FLOW  
CPU  
TABLE  1   TABLE  2   TABLE  n  

Data   Data   Data   SWITCH  FORWARDING  


ENGINE  

Openflow  1.1  Switch  consists  of  one  of  more  flow  tab
and  a  group  table  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Match  Fields  
Flow   Match  Fields  
ingress  port  +   Table   ingress  port  +  
metadata  +   metadata  +  
pkt  headers   pkt  headers  

Ac+on  Set   Ac+on  Set  

Table  0   packet  +   Table  1   Table  n  


…   input  port  +   …   …  
Ingress  packet   …   metadata   …   …   packet  
Execute  
…   …   …   Ac+on  Set  
Ac+on   Ac+on   Ac+on  
Set  =  {}   Set   Set  

Matching  starts  at  Table  0  and  “may”  con+nue  to  next  table  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Second  lesson  for  today…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


TCAM  and  OpenFlow  
Openflow  is  basically  a  mechanism  to  exploit  TCAM  tables  in  
exis+ng  hardware  to  create  and  maintain  flows  
This  is  PBR  on  steriods  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


TCAM  populated  by  Openflow  
Reac+ve  flow  (new  flow  sent  to  controller)  
–  CPU  intensive  
Proac+ve  flow  (controller  lays  down  flows  ahead  of  +me)  
–  Line  rate  TCAM  lookup  
Hybrid  flow  
–  Proac+ve:  low  latency  financial  transac+ons  
–  Reac+ve:  granular  security  checking  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Things  I  can  match  on:  (the  tuple)  

Keep  in  mind  the  TCAM’s  in  most  switches  on  the  market  today  are  built  to  match  on  basic  layer  3  and  
some  layer  4  func+ons.    If  I  match  on  everything  I’ll  burn  up  all  my  TCAM  entry  space.  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Current  Limita+ons  
Flow  table  capacity  will  depend  on  how  many  tuples  you  wan
to  match  on.  
If  you  want  to  match  on  all  tuples,  then  you  will  limit  the  
number  of  flows  
TCAM  is  expensive  and  power  hungry  
However,  work  is  being  done  to  address  this  current  limita+o
with  OF  1.1  and  dipping  into  RAM  vs  TCAM  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


SDN  Use  cases  

Use  Case   DescripCon  


Matrix  Switch   Using  off  the  shelf  switches  to  forward  monitor  traffic  (SPAN,
RSPAN,  etc)  from  produc+on  network  to  network  analysis  tool
Latency  Op+mized  Forwarding   With  Financial  geographically  dispersed  networks  –  distribute
latency  sensi+ve  traffic  across  network  dynamically  
Firewall  Accelera+on   Bypass  firewall  to  forward  trusted  packets    
BYOD  Network  Access  Control   Controller  applica+on  to  enforce  access  control  policy  across
network  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Who  controls  Openflow?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


OPEN  NETWORK  FOUNDATION  

Non  Profit  Consor+um  


Dedicated  to  “the  transforma,on  of  networks  through  SDN”  
 
Mission  to  “commercialize  and  promote  SDN…as  a  disrup,ve  approach  
networking…”  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Which  companies  make  up  the  ONF?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


utsche  Telekom  :  Facebook  :  Goldman  Sachs  :  Yah
Google  :  Microso8  :  NTT  Communica+ons  :  Verizon
ONF  Board  Members  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
D   ETRI   Level  3  Communica+ons   Radware  
etworks   Extreme  Networks   LineRate  Systems   Riverbed  Technology  
 Op+cal  Networking   EZchip   LSI   Samsung  
l-­‐Lucent   F5   Luxo8   SK  Telecom  
nt  Group   France  Telecom  Orange   Marvell   Spirent  
witch  Networks   Freescale   Mellanox   Sunbay  
com   Fujitsu   Metaswitch  Networks   Swisscom  
de   Gigamon   Midokura   Tail-­‐f  Systems  
c  Networks   Hitachi   NCL  Communica+ons   Telecom  Italia  
Mobile     HP   NEC   Telefónica  
Huawei   Netgear   Tencent  
IBM   Netronome   Texas  Instruments  
Infinera   NetScout  Systems   Thales  
iveFT   Infoblox   Nokia  Siemens  Networks   Transmode  
Intel   NoviFlow   Turk  Telekom  /  Argela
TIA   IP  Infusion   Oracle   Vello  Systems  
Ixia   Overture  Networks   Verisign  
orce10   Juniper  Networks   PICA8   VMware/Nicira  
  KDDI   Plexxi  Inc.   Xpliant  
on   Korea  Telecom   Qosmos   ZTE  Corpora+on  

ONF  Members  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
That’s  a  serious  list  of  companies  !!!  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


The  moral  of  this  story  is  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


The  “Network  Paradigm”…  
…is  being  challenged  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


How  does  Nicira  fit  in  with  Openflow?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
What  SDN  Protocol/Method  is  Nicira  Using?  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


The  answer  is…  
 
Overlay  Networks  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


You  start  with  a  
Physical  Switch  
Network  

Physical  Devices  and


Physical  Connec+on

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


Then  you  add  an  
overlay  

Overlay  provides  bas


for  logical  network

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


ical  “switch”  devices   They  define  their  o
verlay  the  physical   topology  
network  

Underlying  physical  
network  carries  data  traffi
for  overlay  network  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
ul+ple  “overlay”  
works  can  co-­‐exist  
t  the  same  +me  

Overlays  provides  logica


network  constructs  for  diffe
tenants  (customers)  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Main  Benefit  of  Overlays?  
 
Overlay  Network  can  be  created  and  torn  down  without  
changing  underlying  physical  network  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


…hopefully  you  now  understand  some  of  the  
technologies  and  players  in  the  SDN  market…  

Note  :  This  is  only  the  ,p  of  the  iceberg  


Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Be  warned  though…  

Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  


hWp://www.crn.com/slide-­‐shows/networking/240145409/13-­‐sdn-­‐startups-­‐to-­‐keep-­‐an-­‐eye-­‐on-­‐in-­‐2013.htm  

There  are  more  SDN  


companies  on  the  way…  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  
Cisco  Confiden+al  –  Strictly  for  Internal  Cisco  Use  Only  

You might also like