Outline

What is SDN?

OpenFlow basics

Why is SDN happening now?

4D discussion

1
What is SDN?

2
 Software Defined Network
A network in which the control plane is
physically separate from the data plane.

and

A single (logically centralized) control plane

controls several forwarding devices.

3
Software Defined Network (SDN)

Control Control Control

Program Program Program

Global Network Map

Control Plane

Control
Packet
Forwarding Control
Packet
Forwarding
Control
Packet
Control Forwarding
Packet
Forwarding Control
Packet
Forwarding 4
 What You Said
“Overall, the idea of SDN feels a little bit unsettling
to me because it is proposing to change one of the
main reasons for the success of computer
networks: fully decentralized control. Once we
introduce a centralized entity to control the network
we have to make sure that it doesn’t fail, which I
think is very difficult.”

5
A Major Trend in Networking

Entire backbone

runs on SDN
Bought for $1.2 billion
(mostly cash) 6
 The Networking “Planes”
Data plane: processing and delivery of packets with local
forwarding state
– Forwarding state + packet header  forwarding decision
– Filtering, buffering, scheduling

Control plane: computing the forwarding state in routers

– Determines how and where packets are forwarded
– Routing, traffic engineering, failure detection/recovery, …

Management plane: configuring and tuning the network

– Traffic engineering, ACL config, device provisioning, …

7
 Timescales

Data Control Manageme

nt
Time- Packet Event (10 Human
scale (nsec) msec to (min to
sec) hours)
Locatio Linecard Router Humans or
n hardware software scripts

8
 Data and Control Planes
control plane
data plane Processor

Line card Line card

Line card
Switching
Line card
Fabric

Line card Line card

9
 Data Plane
Streaming algorithms on packets
– Matching on some header bits
– Perform some actions

Example: IP Forwarding

1.2.3.4 1.2.3.7 1.2.3.156 5.6.7.8 5.6.7.9

host host ... host host host ... host

LAN 1 LAN 2
router router router
WAN WAN

1.2.3.0/24
5.6.7.0/24
10
forwarding table
 Control Plane
Compute paths the packets will follow
– Populate forwarding tables
– Traditionally, a distributed protocol

Example: Link-state routing (OSPF, IS-IS)

– Flood the entire topology to all nodes
– Each node computes shortest paths
– Dijkstra’s algorithm

11
12
 1. Figure out which routers and links are present.
B 2. Run Dijkstra’s algorithm to find shortest paths.

“If a packet is going to B,

then send it to output 3”

Data B 2
1 “If B , send to 3”

3 B

13
 Management Plane
Traffic Engineering: setting the weights
– Inversely proportional to link capacity?
– Proportional to propagation delay?
– Network-wide optimization based on traffic?

2
3 1
1
3
2 3
1 5

4 3
14
 Challenges
(Too) many task-specific control mechanisms
– No modularity, limited functionality

Indirect control
The network is
– Must invert protocol behavior, “coax” it to do what you want
• Hard
– Ex. Changing to instead
weights reason about
of paths for TE
• Hard to evolve
Uncoordinated control
• Expensive
– Cannot control which router updates first

Interacting protocols and mechanisms

– Routing, addressing, access control, QoS 15
 Example 1: Inter-domain Routing
Today’s inter-domain routing protocol, BGP, artificially
constrains routes
- Routing only on destination IP address blocks
- Can only influence immediate neighbors
- Very difficult to incorporate other information

Application-specific peering
– Route video traffic one way, and non-video another
Blocking denial-of-service traffic
– Dropping unwanted traffic further upstream
Inbound traffic engineering
– Splitting incoming traffic over multiple peering links 16
 Example 2: Access Control

R1 Chicago (chi) R2

Data Center New York (nyc) Front Office

R5

R3 R4

Two locations, each with data center &

front office
All routers exchange routes over all links
17
 Example 2: Access Control

R1 Chicago (chi) R2

Data Center New York (nyc) Front Office

R5

R3 DC FO -DC -FO R4
i- i- c c
ch ch ny ny
chi-DC
chi-FO
nyc-DC
nyc-FO
18
 Example 2: Access Control

R1 Packet filter: R2
Drop nyc-FO -> * chi
Permit *
Data Center Front Office
Packet filter: R5
Drop chi-FO -> * nyc
Permit *

R3 DC FO -DC -FO R4
i- i- c c
ch ch ny ny
chi-DC
chi-FO
nyc-DC
nyc-FO
19
 Example 2: Access Control

R1 Packet filter: R2
Drop nyc-FO -> * chi
Permit *
Data Center Front Office
Packet filter: R5
Drop chi-FO -> * nyc
Permit *

R3 R4

A new short-cut link added between data centers

Intended for backup traffic between centers

20
 Example 2: Access Control

R1 Packet filter: R2
Drop nyc-FO -> * chi
Permit *
Data Center Front Office
Packet filter: R5
Drop chi-FO -> * nyc
Permit *

R3 R4

Oops – new link lets packets violate access control policy!

Routing changed, but
Packet filters don’t update automatically

21
 How SDN Changes the Network

Feature Feature
Network OS

Feature Feature

OS
Feature Feature
Custom Hardware
OS
Feature Feature
Custom Hardware
OS
Feature Feature
Custom Hardware
OS

Feature Feature Custom Hardware

OS
Custom Hardware 22
22
 Software Defined Network (SDN)
3. Consistent, up-to-date global network view 2. At least one Network OS
probably many.
Control Program 1 Control Program 2 Open- and closed-source

Network OS
1. Open interface to packet forwarding

Packet
Forwarding Packet
Forwarding

Packet
Packet Forwarding
Forwarding
Packet
Forwarding
23
23
 Network OS
Network OS: distributed system that creates a
consistent, up-to-date network view
– Runs on servers (controllers) in the network
– NOX, ONIX, Floodlight, Trema, OpenDaylight, HyperFlow,
Kandoo, Beehive, Beacon, Maestro, … + more

Uses forwarding abstraction to:

– Get state information from forwarding elements
– Give control directives to forwarding elements

24
 Software Defined Network (SDN)

Control Program A Control Program B

Network OS

Packet
Forwarding Packet
Forwarding

Packet
Packet Forwarding
Forwarding
Packet
Forwarding
25
 Control Program
Control program operates on view of network
– Input: global network view (graph/database)
– Output: configuration of each network device

Control program is not a distributed system

– Abstraction hides details of distributed state

26
 Forwarding Abstraction
Purpose: Standard way of defining forwarding state
– Flexible
• Behavior specified by control plane
• Built from basic set of forwarding primitives
– Minimal
• Streamlined for speed and low-power
• Control program not vendor-specific

OpenFlow is an example of such an abstraction

27
Software Defined Network

Virtual Topology

Network
ControlHypervisor
Program
Global Network View

Network OS

28
Virtualization Simplifies Control Program
Abstract Network View
A
AB drop

B
Hypervisor then inserts flow entries as needed

A AB drop
Global Network View

AB drop

B 29
Does SDN Simplify the Network?

30
 What You Said
“However, I remain skeptical that such an
approach will actually simplify much in the long
run. That is, the basic paradigm in networks
(layers) is in fact a simple model. However, the
ever-changing performance and functionality goals
have forced more complexity into network design.
I'm not sure if SDN will be able to maintain its
simplified model as goals continue to evolve.”

31
 Does SDN Simplify the Network?

Abstraction doesn’t eliminate complexity

- NOS, Hypervisor are still complicated pieces of code

SDN main achievements

- Simplifies interface for control program (user-specific)
- Pushes complexity into reusable code (SDN platform)

Just like compilers….

32
OpenFlow Basics

33
 OpenFlow Basics

Control Program A Control Program B

Network OS

OpenFlow Protocol

Ethernet Switch
Control Path OpenFlow

Data Path (Hardware)

34
 OpenFlow Basics

Control Program A Control Program B

Network OS
“If header = p, send to port 4”
Packet “If header = q, overwrite header with r,
Forwarding add header s, and send to ports 5,6”
“If header = ?, send to me”

Flow
Packet Table(s)
Forwarding Packet
Forwarding
35
 Primitives <Match, Action>
Match arbitrary bits in headers:
Header Data

Match: 1000x01xx0101001x
– Match on any header, or new header
– Allows any flow granularity

Action
– Forward to port(s), drop, send to controller
– Overwrite header with mask, push or pop
– Forward at specific bit-rate
 OpenFlow Rules

Exploit the flow table in switches, routers, and chipsets

Flow 1. Rule
Action Statistics
(exact & wildcard)

Flow 2. Rule
Action Statistics
(exact & wildcard)

Flow 3. Rule
Action Statistics
(exact & wildcard)

Rule
Flow N. Default Action Statistics
(exact & wildcard)
Why is SDN happening now?

38
 The Road to SDN
Active Networking: 1990s
- First attempt make networks programmable
- Demultiplexing packets to software programs, network
virtualization, …

Control/Dataplane Separation: 2003-2007

- ForCes [IETF], RCP, 4D
[Princeton, CMU], SANE/Ethane
[Stanford/Berkeley]
- Open interfaces between data and control plane, logically
centralized control

OpenFlow API & Network Oses: 2008

- OpenFlow switch interface [Stanford]
- NOX
N. Feamster et al., “The Network OS
Road to SDN: An[Nicira]
Intellectual History of Programmable Networks”, ACM
39
SIGCOMM CCR 2014.
 SDN Drivers
Rise of merchant switching silicon
- Democratized switching
- Vendors eager to unseat incumbents

Cloud / Data centers

- Operators face real network management problems
- Extremely cost conscious; desire a lot of control

The right balance between vision & pragmatism

- OpenFlow compatible with existing hardware

A “killer app”: Network virtualization

40
 Virtualization is Killer App for SDN
Consider a multi-tenant datacenter
- Want to allow each tenant to specify virtual topology
- This defines their individual policies and requirements

Datacenter’s network hypervisor compiles these

virtual topologies into set of switch configurations
- Takes 1000s of individual tenant virtual topologies
- Computes configurations to implement all simultaneously

This is what people are paying money for….

- Enabled by SDN’s ability to virtualize the network
4D

42
 4D
Network-level
objectives
Decision

Network- Dissemination Direct

wide views Discovery control

Data

Decision: all management and control logic

Dissemination: communicating with routers
Discovery: topology and traffic monitoring
Data: packet handling
routers
 What You Said
“The paper reads more like a thought-exercise or
meta discussion of the future SDN field than a
presentation of research. I am surprised sigcomm
published it.”

“some good things about the way the paper was

structured was that it mentioned that it had a lot of
future work to do and didn't think it was a final
solution. By at least addressing that it needs to
continue to expand, the authors acknowledge they
don't know the merits behind their solution…”
44
 What You Said
“The most compelling aspect of SDN and of the 4D
Approach proposed, in my opinion, is the ability to
enable innovation. However, SDN taken to the
extreme proposed in the 4D approach seems to
me to significantly limit scalability and increase
complexity.”

45
 What You Said
“My concern is that, previous designs that is aware
of the delay of updating network view, take the
consideration right on their control (they have
control rules and protocol that touch this directly).
But SDN tries to hide this nature from the
programmers. I am not sure if the design of the
software, in the absence of these concerns, will
end up with expected results.”

46
 Practical Challenges
Scalability
– Decision elements responsible for many routers
Reliability
– Surviving failures of decision elements and routers
Response time
– Delays between decision elements and routers
Consistency
– Ensuring multiple decision elements behave consistently
Security
– Network vulnerable to attacks on decision elements
Interoperability
– Legacy routers and neighboring domains
47